SOS : allez au travail!! :S [Résolu]

Salut,


Télécharge HijackThis (outils de dignostic) ici :

-> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
-> ftp://ftp.commentcamarche.com/download/HJTInstall.exe

-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

-> Clique sur Install ensuite sur I Accept

-> Clique sur Do a scan system and save log file

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

salut voila le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:01:08, on 15/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\Packs\Crystal XP\YzToolbar\YzToolbar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Travaillez plus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Au travail !Arrêtez de surfer!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\antinul.vbe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Loud Idol Setup Grid] C:\Documents and Settings\All Users\Application Data\4 Curb Loud Idol\Bind Five.exe
O4 - HKLM\..\Run: [winudp64.exe] winudp64.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Security Suite Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\RunServices: [winudp64.exe] winudp64.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Acid okay] C:\DOCUME~1\HASNAOUI\APPLIC~1\ProxyWay\file grid.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Y'z Toolbar.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Outpost Security Suite Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Security Suite Pro\ie_bar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

réouvre hijackthis
fais scan only
coches ces lignes :

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system3­2\wscript.exe C:\WINDOWS\system32\antinul.vbe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab


tu les coches et tu clic sur fix checked



ensuite :

Telecharge UsbFix sur ton bureau

--> Lance l installation avec les parametres par default

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

--> Double clic sur le raccourci UsbFix sur ton bureau

-->choisis l option 1 (nettoyage)

--> Le pc va redémarer

-->Apres redémarrage post le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé a la racine du disque

salut
j'ai essayé com indiqué de faire le faire avec fix checked mais le pc me sort une fenetre du titre : editeur du registre
msg:la modification du registre a été désactivé par votre administrateur
pourtant j'y ai pa touché aux registrs moi :S
bref
est-ce que vous pouvez m'indiquer s'il vous pliat comment y remédier
merci déja pour vos réponses précédentes
merci

passe a usbfix direct

voila le rapport




-------------- UsbFix V2.407 ---------------

* User : HASNAOUI - ACER-573BC8005A
* Outils mis a jours le 14/11/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 14:07:24 le 15/11/2008
* Windows Xp - Internet Explorer 7.0.5730.13


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\WgaTray.exe
C:\DOCUME~1\HASNAOUI\LOCALS~1\Temp\1.tmp\b2e.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

E: - Lecteur amovible

F: - Lecteur amovible


+- Contenu de l'autorun : E:\autorun.inf



+- Contenu de l'autorun : F:\autorun.inf



--------------- [ Registre / Startup ] ----------------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
LaunchApp REG_SZ Alaunch
SoundMan REG_SZ SOUNDMAN.EXE
AGRSMMSG REG_SZ AGRSMMSG.exe
LtMoh REG_SZ C:\Program Files\ltmoh\Ltmoh.exe
SynTPLpr REG_SZ C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSPY2002 REG_SZ C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
ATIPTA REG_SZ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
WinampAgent REG_SZ "C:\Program Files\Winamp\winampa.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
Loud Idol Setup Grid REG_SZ C:\Documents and Settings\All Users\Application Data\4 Curb Loud Idol\Bind Five.exe
winudp64.exe REG_SZ winudp64.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
OutpostMonitor REG_SZ C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
OutpostFeedBack REG_SZ "C:\Program Files\Agnitum\Outpost Security Suite Pro\feedback.exe" /dump:os_startup

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
RocketDock REG_SZ "C:\Program Files\RocketDock\RocketDock.exe"
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Acid okay REG_SZ C:\DOCUME~1\HASNAOUI\APPLIC~1\ProxyWay\file grid.exe

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{317dd6fe-44ee-11dd-831f-000e9b804911}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{317dd6fe-44ee-11dd-831f-000e9b804911}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{317dd6fe-44ee-11dd-831f-000e9b804911}\Shell\open\Command

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - [13/11/2008 20:52] C:\WINDOWS\system32\antinul.vbe
E:\autorun.inf ~> fichier appelé : "E:\wscript.exe antinul.vbe" ( absent ! )
F:\autorun.inf ~> fichier appelé : "F:\wscript.exe antinul.vbe" ( absent ! )
Supprimé ! - [15/11/2008 14:07] E:\autorun.inf
Supprimé ! - [09/11/2008 13:51] E:\antinul.vbe
Supprimé ! - [24/01/2008 14:25] E:\RECYCLER\RECYCLER.exe
Supprimé ! - [29/10/2008 10:11] E:\xih9.cmd
Supprimé ! - [15/11/2008 14:07] F:\autorun.inf
Supprimé ! - [15/11/2008 14:01] F:\antinul.vbe
Supprimé ! - [28/12/2007 13:53] F:\explorer.exe
Supprimé ! - [24/01/2008 14:25] F:\RECYCLER\RECYCLER.exe
Supprimé ! - [26/11/2007 15:28] F:\Recycler\Recycler

--------------- [ Listing des fichiers présents ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[21/09/2004 13:23][--a------] C:\AUTOEXEC.BAT
[05/08/2004 04:00][-rahs----] C:\NTDETECT.COM
[23/06/2008 13:45][-rahs----] C:\boot.ini
[11/11/2008 09:08][-r-hs----] E:\whi.com
[24/01/2008 14:25][--a------] E:\Administrateur_Fichiers.exe
[11/11/2008 09:08][-r-hs----] F:\whi.com
[28/12/2007 13:52][-rahs----] F:\system32.exe
[28/12/2007 13:52][-rahs----] F:\mail.exe
[28/12/2007 13:52][-rahs----] F:\folder.exe
[28/12/2007 13:52][-rahs----] F:\Administrateur_Fichiers.exe
[09/04/2007 11:04][---hs----] F:\desktop.ini

--------------- ! Fin du rapport ! ----------------

Affiche tous les fichiers et dossiers :
Pour cela :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage

Cocher afficher les dossiers cacher

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décocher masquer les extensions dont le type est connu

Puis fais «appliquer» pour valider les changements.

Et OK

ensuite supprime ces fichiers :

E:\whi.com
E:\Administrateur_Fichiers.exe
F:\whi.com
F:\system32.exe
F:\mail.exe
F:\folder.exe
F:\Administrateur_Fichiers.exe


ensuite :



télécharge Lop S&D.exe sur ton Bureau.http://eric.71.mespages.googlepages.com/LopSD.exe

* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)

y'a pa de option de dossier sous le panneau de configuration ??!!

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir


---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :





:processes
explorer.exe

:files
E:\whi.com
E:\Administrateur_Fichiers.exe
F:\whi.com
F:\system32.exe
F:\mail.exe
F:\folder.exe
F:\Administrateur_Fichiers.exe


:commands
[emptytemp]
[start explorer]
[reboot]




---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File move failed. E:\whi.com scheduled to be moved on reboot.
File move failed. E:\Administrateur_Fichiers.exe scheduled to be moved on reboot.
File move failed. F:\whi.com scheduled to be moved on reboot.
File move failed. F:\system32.exe scheduled to be moved on reboot.
F:\mail.exe moved successfully.
F:\folder.exe moved successfully.
File move failed. F:\Administrateur_Fichiers.exe scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\HASNAOUI\LOCALS~1\Temp\etilqs_i4Yodin5wfoLPaTv8sjQ scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HASNAOUI\LOCALS~1\Temp\~DF663C.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HASNAOUI\LOCALS~1\Temp\~DF66C6.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HASNAOUI\LOCALS~1\Temp\~DF7AC5.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HASNAOUI\LOCALS~1\Temp\~DF7AFE.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\HASNAOUI\Local Settings\Application Data\Mozilla\Firefox\Profiles\cozl4sya.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HASNAOUI\Local Settings\Application Data\Mozilla\Firefox\Profiles\cozl4sya.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HASNAOUI\Local Settings\Application Data\Mozilla\Firefox\Profiles\cozl4sya.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HASNAOUI\Local Settings\Application Data\Mozilla\Firefox\Profiles\cozl4sya.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HASNAOUI\Local Settings\Application Data\Mozilla\Firefox\Profiles\cozl4sya.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HASNAOUI\Local Settings\Application Data\Mozilla\Firefox\Profiles\cozl4sya.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11152008_143715

Files moved on Reboot...
File E:\whi.com not found!
File E:\Administrateur_Fichiers.exe not found!
File F:\whi.com not found!
File F:\system32.exe not found!
File F:\Administrateur_Fichiers.exe not found!
File move failed. C:\DOCUME~1\HASNAOUI\LOCALS~1\Temp\etilqs_i4Yodin5wfoLPaTv8sjQ scheduled to be moved on reboot.
C:\DOCUME~1\HASNAOUI\LOCALS~1\Temp\~DF663C.tmp moved successfully.
C:\DOCUME~1\HASNAOUI\LOCALS~1\Temp\~DF66C6.tmp moved successfully.
C:\DOCUME~1\HASNAOUI\LOCALS~1\Temp\~DF7AC5.tmp moved successfully.
C:\DOCUME~1\HASNAOUI\LOCALS~1\Temp\~DF7AFE.tmp moved successfully.
File move failed. C:\Documents and Settings\HASNAOUI\Local Settings\Application Data\Mozilla\Firefox\Profiles\cozl4sya.default\Cache\_CACHE_001_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\HASNAOUI\Local Settings\Application Data\Mozilla\Firefox\Profiles\cozl4sya.default\Cache\_CACHE_002_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\HASNAOUI\Local Settings\Application Data\Mozilla\Firefox\Profiles\cozl4sya.default\Cache\_CACHE_003_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\HASNAOUI\Local Settings\Application Data\Mozilla\Firefox\Profiles\cozl4sya.default\Cache\_CACHE_MAP_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\HASNAOUI\Local Settings\Application Data\Mozilla\Firefox\Profiles\cozl4sya.default\urlclassifier3.sqlite scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\HASNAOUI\Local Settings\Application Data\Mozilla\Firefox\Profiles\cozl4sya.default\XUL.mfl scheduled to be moved on reboot.

















merci pour vos réponses.

télécharge Lop S&D.exe sur ton Bureau.http://eric.71.mespages.googlepages.com/LopSD.exe

* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)

voila le rapport:

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : HASNAOUI ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
Firewall : Outpost Security Suite Pro 6.5 (Activated)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:12 Go)
D:\ (CD or DVD)
E:\ (USB) - FAT32 - Total:962 Mo (Free:0 Go)
F:\ (USB) - FAT - Total:123 Mo (Free:0 Go)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 15/11/2008|15:09 )

--------------------\\ Listing des dossiers dans APPLIC~1

[21/09/2004|13:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[15/11/2008|01:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[31/10/2008|22:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\4 Curb Loud Idol
[29/06/2008|01:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[15/11/2008|02:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Agnitum
[18/07/2008|15:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[15/11/2008|01:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg8
[15/11/2008|02:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[19/09/2008|22:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[15/11/2008|01:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Innovative Solutions
[07/08/2008|16:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
[02/10/2008|19:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia
[06/07/2008|00:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[15/11/2008|03:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[30/06/2008|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[14/11/2008|15:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[29/06/2008|01:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[30/08/2008|19:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
[18/10/2008|10:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[21/09/2004|13:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[10/08/2008|15:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[29/06/2008|01:38] C:\DOCUME~1\HASNAOUI\APPLIC~1\Adobe
[28/06/2008|15:40] C:\DOCUME~1\HASNAOUI\APPLIC~1\AdobeUM
[18/07/2008|15:41] C:\DOCUME~1\HASNAOUI\APPLIC~1\Apple Computer
[24/08/2008|17:31] C:\DOCUME~1\HASNAOUI\APPLIC~1\ArcSoft
[21/09/2008|02:24] C:\DOCUME~1\HASNAOUI\APPLIC~1\Camfrog
[02/10/2008|11:57] C:\DOCUME~1\HASNAOUI\APPLIC~1\FileZilla
[18/09/2008|03:28] C:\DOCUME~1\HASNAOUI\APPLIC~1\GanymedeNet
[03/11/2008|20:44] C:\DOCUME~1\HASNAOUI\APPLIC~1\Help
[21/09/2004|13:30] C:\DOCUME~1\HASNAOUI\APPLIC~1\Identities
[02/10/2008|21:25] C:\DOCUME~1\HASNAOUI\APPLIC~1\Macromedia
[15/11/2008|01:39] C:\DOCUME~1\HASNAOUI\APPLIC~1\Microsoft
[22/09/2008|03:29] C:\DOCUME~1\HASNAOUI\APPLIC~1\Mozilla
[15/11/2008|07:53] C:\DOCUME~1\HASNAOUI\APPLIC~1\ProxyWay
[06/11/2008|13:44] C:\DOCUME~1\HASNAOUI\APPLIC~1\Skype
[06/11/2008|10:49] C:\DOCUME~1\HASNAOUI\APPLIC~1\skypePM
[06/07/2008|19:41] C:\DOCUME~1\HASNAOUI\APPLIC~1\Sun
[04/11/2008|01:27] C:\DOCUME~1\HASNAOUI\APPLIC~1\TeamViewer
[18/09/2008|02:27] C:\DOCUME~1\HASNAOUI\APPLIC~1\Thinstall
[22/09/2008|03:29] C:\DOCUME~1\HASNAOUI\APPLIC~1\Thunderbird
[27/09/2008|01:33] C:\DOCUME~1\HASNAOUI\APPLIC~1\URSoft
[15/11/2008|14:45] C:\DOCUME~1\HASNAOUI\APPLIC~1\uTorrent
[28/06/2008|21:52] C:\DOCUME~1\HASNAOUI\APPLIC~1\WinRAR

[15/11/2008|01:39] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[15/11/2008|01:39] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[04/11/2008 19:13][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[15/11/2008 14:06][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 04:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[21/09/2004|13:47] C:\Program Files\Acer Inc
[17/10/2008|17:27] C:\Program Files\Adobe
[15/11/2008|02:49] C:\Program Files\Agnitum
[19/09/2008|02:42] C:\Program Files\Alwil Software
[29/07/2008|18:28] C:\Program Files\Apple Software Update
[18/07/2008|14:51] C:\Program Files\ArcSoft
[30/06/2008|15:28] C:\Program Files\Ares
[23/06/2008|13:46] C:\Program Files\ATI Technologies
[10/08/2008|15:28] C:\Program Files\AVG
[15/11/2008|02:34] C:\Program Files\Avira
[21/09/2004|13:31] C:\Program Files\AvRack
[17/09/2008|14:17] C:\Program Files\BitComet
[15/11/2008|01:49] C:\Program Files\BitDefender
[21/09/2008|02:24] C:\Program Files\Camfrog
[15/11/2008|02:55] C:\Program Files\Circle Developement
[21/09/2004|13:19] C:\Program Files\ComPlus Applications
[02/10/2008|09:14] C:\Program Files\Conduit
[17/09/2008|14:25] C:\Program Files\CyberLink
[24/10/2008|18:41] C:\Program Files\EasyPHP1-8
[14/11/2008|23:58] C:\Program Files\eMule
[02/10/2008|09:13] C:\Program Files\EZ Boosters
[14/11/2008|21:15] C:\Program Files\Fichiers communs
[02/10/2008|08:36] C:\Program Files\FileZilla FTP Client
[01/10/2008|22:20] C:\Program Files\Ganymede
[15/11/2008|01:11] C:\Program Files\Innovative Solutions
[17/09/2008|16:29] C:\Program Files\InstallShield Installation Information
[14/11/2008|21:19] C:\Program Files\Internet Explorer
[17/09/2008|16:24] C:\Program Files\Java
[24/08/2008|11:28] C:\Program Files\Kazaa
[03/07/2008|14:25] C:\Program Files\K-Lite Codec Pack
[21/09/2004|13:33] C:\Program Files\ltmoh
[02/10/2008|19:47] C:\Program Files\Macromedia
[13/08/2008|23:17] C:\Program Files\Messenger
[19/10/2008|19:41] C:\Program Files\Messenger Plus! Live
[18/10/2008|00:07] C:\Program Files\Microsoft
[21/09/2004|13:23] C:\Program Files\microsoft frontpage
[18/10/2008|18:05] C:\Program Files\Microsoft Office
[28/06/2008|10:20] C:\Program Files\Microsoft SQL Server Compact Edition
[18/10/2008|18:07] C:\Program Files\Microsoft.NET
[21/09/2004|13:20] C:\Program Files\Movie Maker
[15/11/2008|14:08] C:\Program Files\Mozilla Firefox
[12/11/2008|22:16] C:\Program Files\Mozilla Thunderbird
[21/09/2004|13:18] C:\Program Files\MSN
[21/09/2004|13:19] C:\Program Files\MSN Gaming Zone
[21/09/2004|13:20] C:\Program Files\NetMeeting
[17/09/2008|16:29] C:\Program Files\NewTech Infosystems
[21/09/2004|13:19] C:\Program Files\Online Services
[30/06/2008|09:05] C:\Program Files\Outlook Express
[02/10/2008|09:14] C:\Program Files\P2P_Energy
[31/10/2008|22:30] C:\Program Files\ProxyWay
[21/09/2004|13:31] C:\Program Files\Realtek Sound Manager
[28/06/2008|14:25] C:\Program Files\RocketDock
[21/09/2004|13:21] C:\Program Files\Services en ligne
[30/06/2008|20:44] C:\Program Files\Skype
[21/09/2004|13:33] C:\Program Files\Synaptics
[15/11/2008|12:59] C:\Program Files\Trend Micro
[21/09/2004|13:30] C:\Program Files\Uninstall Information
[15/11/2008|14:07] C:\Program Files\UsbFix
[02/10/2008|13:27] C:\Program Files\uTorrent
[09/11/2008|03:55] C:\Program Files\VideoLAN
[18/10/2008|11:10] C:\Program Files\Windows Live
[01/10/2008|22:34] C:\Program Files\Windows Live Messenger Khalid Edition v5.5
[24/08/2008|17:35] C:\Program Files\Windows Live Toolbar
[29/06/2008|01:24] C:\Program Files\Windows Media Connect 2
[19/09/2008|22:39] C:\Program Files\Windows Media Player
[21/09/2004|13:18] C:\Program Files\Windows NT
[21/09/2004|13:21] C:\Program Files\WindowsUpdate
[28/06/2008|17:41] C:\Program Files\WinRAR
[28/08/2008|21:15] C:\Program Files\WinZip
[21/09/2004|13:23] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[29/06/2008|01:17] C:\Program Files\Fichiers communs\Adobe
[15/11/2008|01:49] C:\Program Files\Fichiers communs\BitDefender
[18/10/2008|18:05] C:\Program Files\Fichiers communs\DESIGNER
[24/08/2008|11:29] C:\Program Files\Fichiers communs\InstallShield
[06/07/2008|19:19] C:\Program Files\Fichiers communs\Java
[02/10/2008|19:49] C:\Program Files\Fichiers communs\Macromedia
[05/11/2008|13:12] C:\Program Files\Fichiers communs\Microsoft Shared
[21/09/2004|13:21] C:\Program Files\Fichiers communs\MSSoap
[21/09/2004|13:13] C:\Program Files\Fichiers communs\ODBC
[21/09/2004|13:21] C:\Program Files\Fichiers communs\Services
[30/06/2008|20:44] C:\Program Files\Fichiers communs\Skype
[21/09/2004|13:13] C:\Program Files\Fichiers communs\SpeechEngines
[18/10/2008|18:03] C:\Program Files\Fichiers communs\System
[17/10/2008|23:41] C:\Program Files\Fichiers communs\Windows Live
[28/06/2008|09:38] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 27 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\4 Curb Loud Idol
C:\DOCUME~1\ALLUSE~1\APPLIC~1\4 Curb Loud Idol\Bind Five.exe
C:\Program Files\Circle Developement

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Loud Idol Setup Grid"="C:\\Documents and Settings\\All Users\\Application Data\\4 Curb Loud Idol\\Bind Five.exe"

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 15:12:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 205

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\HASNAOUI\Bureau\www.softarchive.net_Serv-U_FTP_Server_7.3.0.0\Serv-U FTP Server 7.3.0.0\Crack
C:\DOCUME~1\HASNAOUI\Bureau\www.softarchive.net_Serv-U_FTP_Server_7.3.0.0\Serv-U FTP Server 7.3.0.0\Crack\INSTRUCTION.txt
C:\DOCUME~1\HASNAOUI\Bureau\www.softarchive.net_Serv-U_FTP_Server_7.3.0.0\Serv-U FTP Server 7.3.0.0\Crack\Serv-U.dll
C:\DOCUME~1\HASNAOUI\Bureau\www.softarchive.net_Serv-U_FTP_Server_7.3.0.0\Serv-U FTP Server 7.3.0.0\Crack\Serv-UID.txt
C:\DOCUME~1\HASNAOUI\Local Settings\Application Data\Microsoft\Messenger\menelbrinsi@hotmail.fr\Sharing Folders\momoisg@hotmail.fr\Mark Brown ft Sarah Cracknell - The Journey Continues (Vocal Club Mix).mp3
C:\DOCUME~1\HASNAOUI\Mes documents\Log\Dreamweaver 8\Dreamweaver 8\Macromedia.Studio.8.0.Keygen-Team.ZWT.exe
C:\DOCUME~1\HASNAOUI\Mes documents\Ma musique\MoMo\Mark Brown ft Sarah Cracknell - The Journey Continues (Vocal Club Mix).mp3


[F:1][D:2]-> C:\DOCUME~1\HASNAOUI\LOCALS~1\Temp
[F:10][D:0]-> C:\DOCUME~1\HASNAOUI\Cookies
[F:2300][D:19]-> C:\DOCUME~1\HASNAOUI\LOCALS~1\TEMPOR~1\content.IE5
[F:8][D:0]-> C:\Recycled

1 - "C:\Lop SD\LopR_1.txt" - 15/11/2008|15:16 - Option : [1]

--------------------\\ Fin du rapport a 15:16:43

Relance Lop S&D


* Choisis cette fois ci l'Option 2 (Suppression)
* Ne ferme pas la fenêtre lors de la suppression !
* Poste le rapport généré (C:\lopR.txt)

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : PhoenixBIOS 4.0 Release 6.1
USER : HASNAOUI ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
Firewall : Outpost Security Suite Pro 6.5 (Activated)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:12 Go)
D:\ (CD or DVD)
E:\ (USB) - FAT32 - Total:962 Mo (Free:0 Go)
F:\ (USB) - FAT - Total:123 Mo (Free:0 Go)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 15/11/2008|15:35 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\4 Curb Loud Idol\Bind Five.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\4 Curb Loud Idol
Supprime! - C:\Program Files\Circle Developement

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[21/09/2004|13:30] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[15/11/2008|01:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[29/06/2008|01:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[15/11/2008|02:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Agnitum
[18/07/2008|15:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[15/11/2008|01:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg8
[15/11/2008|02:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[19/09/2008|22:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
[15/11/2008|01:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Innovative Solutions
[07/08/2008|16:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
[02/10/2008|19:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macromedia
[06/07/2008|00:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[15/11/2008|03:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[30/06/2008|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[14/11/2008|15:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[29/06/2008|01:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[30/08/2008|19:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
[18/10/2008|10:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[21/09/2004|13:30] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[10/08/2008|15:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[29/06/2008|01:38] C:\DOCUME~1\HASNAOUI\APPLIC~1\Adobe
[28/06/2008|15:40] C:\DOCUME~1\HASNAOUI\APPLIC~1\AdobeUM
[18/07/2008|15:41] C:\DOCUME~1\HASNAOUI\APPLIC~1\Apple Computer
[24/08/2008|17:31] C:\DOCUME~1\HASNAOUI\APPLIC~1\ArcSoft
[21/09/2008|02:24] C:\DOCUME~1\HASNAOUI\APPLIC~1\Camfrog
[02/10/2008|11:57] C:\DOCUME~1\HASNAOUI\APPLIC~1\FileZilla
[18/09/2008|03:28] C:\DOCUME~1\HASNAOUI\APPLIC~1\GanymedeNet
[03/11/2008|20:44] C:\DOCUME~1\HASNAOUI\APPLIC~1\Help
[21/09/2004|13:30] C:\DOCUME~1\HASNAOUI\APPLIC~1\Identities
[02/10/2008|21:25] C:\DOCUME~1\HASNAOUI\APPLIC~1\Macromedia
[15/11/2008|01:39] C:\DOCUME~1\HASNAOUI\APPLIC~1\Microsoft
[22/09/2008|03:29] C:\DOCUME~1\HASNAOUI\APPLIC~1\Mozilla
[15/11/2008|07:53] C:\DOCUME~1\HASNAOUI\APPLIC~1\ProxyWay
[06/11/2008|13:44] C:\DOCUME~1\HASNAOUI\APPLIC~1\Skype
[06/11/2008|10:49] C:\DOCUME~1\HASNAOUI\APPLIC~1\skypePM
[06/07/2008|19:41] C:\DOCUME~1\HASNAOUI\APPLIC~1\Sun
[04/11/2008|01:27] C:\DOCUME~1\HASNAOUI\APPLIC~1\TeamViewer
[18/09/2008|02:27] C:\DOCUME~1\HASNAOUI\APPLIC~1\Thinstall
[22/09/2008|03:29] C:\DOCUME~1\HASNAOUI\APPLIC~1\Thunderbird
[27/09/2008|01:33] C:\DOCUME~1\HASNAOUI\APPLIC~1\URSoft
[15/11/2008|14:45] C:\DOCUME~1\HASNAOUI\APPLIC~1\uTorrent
[28/06/2008|21:52] C:\DOCUME~1\HASNAOUI\APPLIC~1\WinRAR

[15/11/2008|01:39] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[15/11/2008|01:39] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[04/11/2008 19:13][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[15/11/2008 14:06][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 04:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[21/09/2004|13:47] C:\Program Files\Acer Inc
[17/10/2008|17:27] C:\Program Files\Adobe
[15/11/2008|02:49] C:\Program Files\Agnitum
[19/09/2008|02:42] C:\Program Files\Alwil Software
[29/07/2008|18:28] C:\Program Files\Apple Software Update
[18/07/2008|14:51] C:\Program Files\ArcSoft
[30/06/2008|15:28] C:\Program Files\Ares
[23/06/2008|13:46] C:\Program Files\ATI Technologies
[10/08/2008|15:28] C:\Program Files\AVG
[15/11/2008|02:34] C:\Program Files\Avira
[21/09/2004|13:31] C:\Program Files\AvRack
[17/09/2008|14:17] C:\Program Files\BitComet
[15/11/2008|01:49] C:\Program Files\BitDefender
[21/09/2008|02:24] C:\Program Files\Camfrog
[21/09/2004|13:19] C:\Program Files\ComPlus Applications
[02/10/2008|09:14] C:\Program Files\Conduit
[17/09/2008|14:25] C:\Program Files\CyberLink
[24/10/2008|18:41] C:\Program Files\EasyPHP1-8
[14/11/2008|23:58] C:\Program Files\eMule
[02/10/2008|09:13] C:\Program Files\EZ Boosters
[14/11/2008|21:15] C:\Program Files\Fichiers communs
[02/10/2008|08:36] C:\Program Files\FileZilla FTP Client
[01/10/2008|22:20] C:\Program Files\Ganymede
[15/11/2008|01:11] C:\Program Files\Innovative Solutions
[17/09/2008|16:29] C:\Program Files\InstallShield Installation Information
[14/11/2008|21:19] C:\Program Files\Internet Explorer
[17/09/2008|16:24] C:\Program Files\Java
[24/08/2008|11:28] C:\Program Files\Kazaa
[03/07/2008|14:25] C:\Program Files\K-Lite Codec Pack
[21/09/2004|13:33] C:\Program Files\ltmoh
[02/10/2008|19:47] C:\Program Files\Macromedia
[13/08/2008|23:17] C:\Program Files\Messenger
[19/10/2008|19:41] C:\Program Files\Messenger Plus! Live
[18/10/2008|00:07] C:\Program Files\Microsoft
[21/09/2004|13:23] C:\Program Files\microsoft frontpage
[18/10/2008|18:05] C:\Program Files\Microsoft Office
[28/06/2008|10:20] C:\Program Files\Microsoft SQL Server Compact Edition
[18/10/2008|18:07] C:\Program Files\Microsoft.NET
[21/09/2004|13:20] C:\Program Files\Movie Maker
[15/11/2008|15:17] C:\Program Files\Mozilla Firefox
[12/11/2008|22:16] C:\Program Files\Mozilla Thunderbird
[21/09/2004|13:18] C:\Program Files\MSN
[21/09/2004|13:19] C:\Program Files\MSN Gaming Zone
[21/09/2004|13:20] C:\Program Files\NetMeeting
[17/09/2008|16:29] C:\Program Files\NewTech Infosystems
[21/09/2004|13:19] C:\Program Files\Online Services
[30/06/2008|09:05] C:\Program Files\Outlook Express
[02/10/2008|09:14] C:\Program Files\P2P_Energy
[31/10/2008|22:30] C:\Program Files\ProxyWay
[21/09/2004|13:31] C:\Program Files\Realtek Sound Manager
[28/06/2008|14:25] C:\Program Files\RocketDock
[21/09/2004|13:21] C:\Program Files\Services en ligne
[30/06/2008|20:44] C:\Program Files\Skype
[21/09/2004|13:33] C:\Program Files\Synaptics
[15/11/2008|12:59] C:\Program Files\Trend Micro
[21/09/2004|13:30] C:\Program Files\Uninstall Information
[15/11/2008|14:07] C:\Program Files\UsbFix
[02/10/2008|13:27] C:\Program Files\uTorrent
[09/11/2008|03:55] C:\Program Files\VideoLAN
[18/10/2008|11:10] C:\Program Files\Windows Live
[01/10/2008|22:34] C:\Program Files\Windows Live Messenger Khalid Edition v5.5
[24/08/2008|17:35] C:\Program Files\Windows Live Toolbar
[29/06/2008|01:24] C:\Program Files\Windows Media Connect 2
[19/09/2008|22:39] C:\Program Files\Windows Media Player
[21/09/2004|13:18] C:\Program Files\Windows NT
[21/09/2004|13:21] C:\Program Files\WindowsUpdate
[28/06/2008|17:41] C:\Program Files\WinRAR
[28/08/2008|21:15] C:\Program Files\WinZip
[21/09/2004|13:23] C:\Program Files\xerox

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[29/06/2008|01:17] C:\Program Files\Fichiers communs\Adobe
[15/11/2008|01:49] C:\Program Files\Fichiers communs\BitDefender
[18/10/2008|18:05] C:\Program Files\Fichiers communs\DESIGNER
[24/08/2008|11:29] C:\Program Files\Fichiers communs\InstallShield
[06/07/2008|19:19] C:\Program Files\Fichiers communs\Java
[02/10/2008|19:49] C:\Program Files\Fichiers communs\Macromedia
[05/11/2008|13:12] C:\Program Files\Fichiers communs\Microsoft Shared
[21/09/2004|13:21] C:\Program Files\Fichiers communs\MSSoap
[21/09/2004|13:13] C:\Program Files\Fichiers communs\ODBC
[21/09/2004|13:21] C:\Program Files\Fichiers communs\Services
[30/06/2008|20:44] C:\Program Files\Fichiers communs\Skype
[21/09/2004|13:13] C:\Program Files\Fichiers communs\SpeechEngines
[18/10/2008|18:03] C:\Program Files\Fichiers communs\System
[17/10/2008|23:41] C:\Program Files\Fichiers communs\Windows Live
[28/06/2008|09:38] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 26 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 15:38:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 205

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\HASNAOUI\Bureau\www.softarchive.net_Serv-U_FTP_Server_7.3.0.0\Serv-U FTP Server 7.3.0.0\Crack
C:\DOCUME~1\HASNAOUI\Bureau\www.softarchive.net_Serv-U_FTP_Server_7.3.0.0\Serv-U FTP Server 7.3.0.0\Crack\INSTRUCTION.txt
C:\DOCUME~1\HASNAOUI\Bureau\www.softarchive.net_Serv-U_FTP_Server_7.3.0.0\Serv-U FTP Server 7.3.0.0\Crack\Serv-U.dll
C:\DOCUME~1\HASNAOUI\Bureau\www.softarchive.net_Serv-U_FTP_Server_7.3.0.0\Serv-U FTP Server 7.3.0.0\Crack\Serv-UID.txt
C:\DOCUME~1\HASNAOUI\Local Settings\Application Data\Microsoft\Messenger\menelbrinsi@hotmail.fr\Sharing Folders\momoisg@hotmail.fr\Mark Brown ft Sarah Cracknell - The Journey Continues (Vocal Club Mix).mp3
C:\DOCUME~1\HASNAOUI\Mes documents\Log\Dreamweaver 8\Dreamweaver 8\Macromedia.Studio.8.0.Keygen-Team.ZWT.exe
C:\DOCUME~1\HASNAOUI\Mes documents\Ma musique\MoMo\Mark Brown ft Sarah Cracknell - The Journey Continues (Vocal Club Mix).mp3


[F:2][D:2]-> C:\DOCUME~1\HASNAOUI\LOCALS~1\Temp
[F:10][D:0]-> C:\DOCUME~1\HASNAOUI\Cookies
[F:2300][D:19]-> C:\DOCUME~1\HASNAOUI\LOCALS~1\TEMPOR~1\content.IE5
[F:8][D:0]-> C:\Recycled

1 - "C:\Lop SD\LopR_1.txt" - 15/11/2008|15:16 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 15/11/2008|15:41 - Option : [2]

--------------------\\ Fin du rapport a 15:41:19

Telecharge malwarebytes

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log

après redémarrage du pc, a l'ouverture j'ai reçu un ms ayant comme titre : Windows Script Host et comme message:
Impossible de trouver le fichier script"C:\Windows\system32\antinul.vbe

et voila le rapport:
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1400
Windows 5.1.2600 Service Pack 2

15/11/2008 16:03:25
mbam-log-2008-11-15 (16-03-25).txt

Type de recherche: Examen rapide
Eléments examinés: 50958
Temps écoulé: 8 minute(s), 13 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


merci pour votre attention :))

re oui c est normal

refais un scan hijackthis et post le rapport stp

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:23:28, on 15/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\Packs\Crystal XP\YzToolbar\YzToolbar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Travaillez plus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\antinul.vbe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [winudp64.exe] winudp64.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Security Suite Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\RunServices: [winudp64.exe] winudp64.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Acid okay] C:\DOCUME~1\HASNAOUI\APPLIC~1\ProxyWay\file grid.exe
O4 - Startup: Y'z Toolbar.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Outpost Security Suite Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Security Suite Pro\ie_bar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe




-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

re
voila le rapport:
ComboFix 08-11-13.01 - HASNAOUI 2008-11-15 16:39:09.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.193 [GMT 1:00]
Lancé depuis: c:\documents and settings\HASNAOUI\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/B/COLOR
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-15 au 2008-11-15 ))))))))))))))))))))))))))))))))))))
.

2008-11-15 15:53 . 2008-11-15 15:53 <REP> d-------- c:\documents and settings\HASNAOUI\Application Data\Malwarebytes
2008-11-15 15:53 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-15 15:53 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-15 15:52 . 2008-11-15 15:53 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-15 15:52 . 2008-11-15 15:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-15 15:08 . 2008-11-15 15:41 <REP> d-------- C:\Lop SD
2008-11-15 14:37 . 2008-11-15 14:37 <REP> d-------- C:\_OTMoveIt
2008-11-15 14:00 . 2008-11-15 14:07 <REP> d-------- c:\program files\UsbFix
2008-11-15 12:59 . 2008-11-15 12:59 <REP> d-------- c:\program files\Trend Micro
2008-11-15 02:51 . 2008-06-30 17:16 234,640 --a------ c:\windows\system32\drivers\afwcore.sys
2008-11-15 02:50 . 2008-06-04 17:36 1,072,722 --a------ c:\windows\system32\drivers\VBEngNT.sys
2008-11-15 02:50 . 2008-07-11 15:41 673,920 --a------ c:\windows\system32\drivers\SandBox.sys
2008-11-15 02:50 . 2008-06-30 17:16 30,864 --a------ c:\windows\system32\drivers\afw.sys
2008-11-15 02:50 . 2007-09-07 17:45 49 --a------ c:\windows\transp.gif
2008-11-15 02:49 . 2008-11-15 03:12 <REP> d-------- c:\windows\system32\Filt
2008-11-15 02:49 . 2008-11-15 02:49 <REP> d-------- c:\program files\Agnitum
2008-11-15 02:48 . 2008-11-15 02:48 <REP> d-------- c:\documents and settings\All Users\Application Data\Agnitum
2008-11-15 02:34 . 2008-11-15 02:34 <REP> d-------- c:\program files\Avira
2008-11-15 02:34 . 2008-11-15 02:34 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-11-15 01:39 . 2008-11-15 01:39 <REP> d-------- c:\documents and settings\All Users\Application Data\Avg8
2008-11-15 01:13 . 2008-11-15 01:13 <REP> d-------- c:\documents and settings\All Users\Application Data\Innovative Solutions
2008-11-15 01:11 . 2008-11-15 01:11 <REP> d-------- c:\program files\Innovative Solutions
2008-11-15 01:11 . 2006-11-22 11:35 42,496 --a------ c:\windows\system32\AdvUninstCPL.cpl
2008-11-14 21:46 . 2008-11-14 21:46 850 --a------ c:\windows\system32\ProductTweaks.xml
2008-11-14 21:46 . 2008-11-14 21:46 385 --a------ c:\windows\system32\user_gensett.xml
2008-11-14 21:30 . 2008-11-14 21:30 <REP> d-------- c:\windows\system32\logs
2008-11-14 21:25 . 2008-11-15 01:49 <REP> d-------- c:\program files\BitDefender
2008-11-14 21:17 . 2008-11-14 21:19 <REP> d-------- c:\windows\system32\URTTemp
2008-11-14 21:15 . 2008-11-15 01:49 <REP> d-------- c:\program files\Fichiers communs\BitDefender
2008-11-14 18:10 . 2008-11-14 18:10 <REP> d--h----- C:\$AVG8.VAULT$
2008-11-09 03:55 . 2008-11-09 03:55 <REP> d-------- c:\program files\VideoLAN
2008-11-08 20:34 . 2008-11-08 20:34 <REP> d-------- C:\essai2
2008-10-31 22:30 . 2008-10-31 22:30 <REP> d-------- c:\program files\ProxyWay
2008-10-29 20:09 . 2008-10-29 20:09 <REP> d-------- C:\My Downloads
2008-10-24 19:04 . 2008-10-24 19:06 <REP> d-------- C:\web
2008-10-23 22:23 . 2008-10-23 22:23 268 --ah----- C:\sqmdata04.sqm
2008-10-23 22:23 . 2008-10-23 22:23 244 --ah----- C:\sqmnoopt04.sqm
2008-10-19 19:41 . 2008-11-15 07:53 <REP> d-------- c:\documents and settings\HASNAOUI\Application Data\ProxyWay
2008-10-18 18:10 . 2007-04-09 13:23 28,040 --a------ c:\windows\system32\mdimon.dll
2008-10-18 18:10 . 2008-10-18 18:10 385 --a------ c:\windows\ODBC.INI
2008-10-18 18:07 . 2008-10-18 18:07 <REP> d-------- c:\program files\Microsoft.NET
2008-10-18 18:03 . 2008-10-18 18:06 <REP> d-------- c:\windows\SHELLNEW
2008-10-18 17:27 . 2008-10-24 18:41 <REP> d-------- c:\program files\EasyPHP1-8
2008-10-18 07:32 . 2008-10-18 07:32 236 --a------ C:\sqmdata03.sqm
2008-10-18 07:32 . 2008-10-18 07:32 200 --a------ C:\sqmnoopt03.sqm
2008-10-18 00:11 . 2008-10-18 07:32 <REP> d-------- c:\documents and settings\HASNAOUI\Tracing
2008-10-18 00:07 . 2008-10-18 00:07 <REP> d-------- c:\program files\Microsoft
2008-10-17 23:41 . 2008-10-17 23:41 <REP> d-------- c:\program files\Fichiers communs\Windows Live

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-15 13:45 --------- d-----w c:\documents and settings\HASNAOUI\Application Data\uTorrent
2008-11-14 22:58 --------- d-----w c:\program files\eMule
2008-11-14 14:20 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-12 21:16 --------- d-----w c:\program files\Mozilla Thunderbird
2008-11-06 12:44 --------- d-----w c:\documents and settings\HASNAOUI\Application Data\Skype
2008-11-06 09:49 --------- d-----w c:\documents and settings\HASNAOUI\Application Data\skypePM
2008-11-04 00:27 --------- d-----w c:\documents and settings\HASNAOUI\Application Data\TeamViewer
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 18:41 --------- d-----w c:\program files\Messenger Plus! Live
2008-10-18 10:10 --------- d-----w c:\program files\Windows Live
2008-10-18 09:51 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-02 18:49 --------- d-----w c:\program files\Fichiers communs\Macromedia
2008-10-02 18:47 --------- d-----w c:\program files\Macromedia
2008-10-02 12:27 --------- d-----w c:\program files\uTorrent
2008-10-02 10:57 --------- d-----w c:\documents and settings\HASNAOUI\Application Data\FileZilla
2008-10-02 08:14 --------- d-----w c:\program files\P2P_Energy
2008-10-02 08:14 --------- d-----w c:\program files\Conduit
2008-10-02 08:13 --------- d-----w c:\program files\EZ Boosters
2008-10-02 07:36 --------- d-----w c:\program files\FileZilla FTP Client
2008-10-01 21:34 --------- d-----w c:\program files\Windows Live Messenger Khalid Edition v5.5
2008-10-01 21:20 --------- d-----w c:\program files\Ganymede
2008-09-27 00:33 --------- d-----w c:\documents and settings\HASNAOUI\Application Data\URSoft
2008-09-22 02:29 --------- d-----w c:\documents and settings\HASNAOUI\Application Data\Thunderbird
2008-09-21 01:24 --------- d-----w c:\program files\Camfrog
2008-09-21 01:24 --------- d-----w c:\documents and settings\HASNAOUI\Application Data\Camfrog
2008-09-19 21:47 --------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations
2008-09-19 01:42 --------- d-----w c:\program files\Alwil Software
2008-09-18 02:28 --------- d-----w c:\documents and settings\HASNAOUI\Application Data\GanymedeNet
2008-09-18 01:27 --------- d-----w c:\documents and settings\HASNAOUI\Application Data\Thinstall
2008-09-17 15:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-09-17 15:29 --------- d-----w c:\program files\NewTech Infosystems
2008-09-17 15:24 --------- d-----w c:\program files\Java
2008-09-17 13:25 --------- d-----w c:\program files\CyberLink
2008-09-17 13:17 --------- d-----w c:\program files\BitComet
2008-06-28 13:24 2,788,800 ----a-w c:\program files\FLV PlayerFCSetup.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2008-09-15 05:47 1784856 --a------ c:\program files\P2P_Energy\tbP2P_.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2008-09-15 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "c:\program files\P2P_Energy\tbP2P_.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-03-18 184320]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-07 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-07 536576]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2008-08-22 1211224]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Security Suite Pro\feedback.exe" [2008-08-05 435544]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 c:\windows\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-07 c:\windows\AGRSMMSG.exe]

c:\documents and settings\HASNAOUI\Menu D‚marrer\Programmes\D‚marrage\
Y'z Toolbar.lnk - c:\windows\Packs\Crystal XP\YzToolbar\YzToolbar.exe [2008-06-28 90112]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\english\\setup.exe"=
"c:\\Documents and Settings\\HASNAOUI\\Mes documents\\Log\\TeamViewer\\TeamViewer.exe"=
"c:\\Program Files\\Camfrog\\Camfrog Video Chat\\Camfrog Video Chat.exe"=
"c:\\Documents and Settings\\HASNAOUI\\Bureau\\TeamViewer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18125:TCP"= 18125:TCP:BitComet 18125 TCP
"18125:UDP"= 18125:UDP:BitComet 18125 UDP

R0 atiide;atiide;c:\windows\system32\DRIVERS\atiide.sys [2004-04-14 5632]
R1 SandBox;SandBox;c:\windows\system32\DRIVERS\SandBox.sys [2008-07-11 673920]
R3 afw;Agnitum firewall driver;c:\windows\system32\DRIVERS\afw.sys [2008-06-30 30864]
R3 IPN2220;acer IPN2220 Wireless LAN Card Driver;c:\windows\system32\DRIVERS\i2220ntx.sys [2004-08-16 160896]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [2008-08-05 1570136]
S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2008-06-30 234640]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [2008-07-11 33408]
S3 VBEngNT;VBEngNT;c:\windows\system32\DRIVERS\VBEngNT.sys [2008-06-04 1072722]
S3 VBFilt;VBFilt;c:\windows\system32\Filt\VBFilt.dll [2008-07-11 158816]
.
Contenu du dossier 'Tâches planifiées'

2008-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-Acid okay - c:\docume~1\HASNAOUI\APPLIC~1\ProxyWay\file grid.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-winudp64.exe - winudp64.exe
HKLM-RunServices-winudp64.exe - winudp64.exe


.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\HASNAOUI\Application Data\Mozilla\Firefox\Profiles\cozl4sya.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://funnylogo.info/engines/Google/Red/menel.aspx
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 16:45:58
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: c:\windows\explorer.exe
-> c:\program files\RocketDock\RocketDock.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\acer\eManager\anbmServ.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\fxssvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-11-15 16:59:31 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-15 15:59:18

Avant-CF: 13 670 785 024 octets libres
Après-CF: 13,612,048,384 octets libres

209 --- E O F --- 2008-11-15 08:02:06