Mises a Jour automatiques defaillance sur windowsXP

Système d'exploitation Microsoft Windows
41

Voila jai fait comme demander,

Mais tout a l’heure il ma dit que y en avait 6 qu’il ne pouvait pas mettre en quarantaine et quil le ferqit en redemarrant;
Voila ci dessous le rapport hijackthis comme demande:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:45:31, on 20/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = fr.yahoo.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = fr.rd.yahoo.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM…\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe”
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM…\Run: [IntelZeroConfig] “C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe”
O4 - HKLM…\Run: [IntelWireless] “C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless
O4 - HKLM…\Run: [EOUApp] “C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe”
O4 - HKLM…\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM…\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM…\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe”
O4 - HKLM…\Run: [Symantec PIF AlertEng] “C:\Program Files\Fichiers communs\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” /a /m “C:\Program Files\Fichiers communs\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll”
O4 - HKLM…\Run: [YMailAdvisor] “C:\Program Files\Yahoo!\Common\YMailAdvisor.exe”
O4 - HKCU…\Run: [MessengerPlus3] “C:\Program Files\MessengerPlus! 3\MsgPlus.exe” /WinStart
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - kiw.imgag.com…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe


End of file - 10320 bytes

42

As-tu bien lancé l’analyse et le nettoyage en mode sans échec ?

43

Voila jai fait comme demander,

Mais tout a l’heure il ma dit que y en avait 6 qu’il ne pouvait pas mettre en quarantaine et quil le ferqit en redemarrant;
Voila ci dessous le rapport hijackthis comme demande:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:45:31, on 20/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = fr.yahoo.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = fr.rd.yahoo.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM…\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe”
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM…\Run: [IntelZeroConfig] “C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe”
O4 - HKLM…\Run: [IntelWireless] “C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless
O4 - HKLM…\Run: [EOUApp] “C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe”
O4 - HKLM…\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM…\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM…\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe”
O4 - HKLM…\Run: [Symantec PIF AlertEng] “C:\Program Files\Fichiers communs\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” /a /m “C:\Program Files\Fichiers communs\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll”
O4 - HKLM…\Run: [YMailAdvisor] “C:\Program Files\Yahoo!\Common\YMailAdvisor.exe”
O4 - HKCU…\Run: [MessengerPlus3] “C:\Program Files\MessengerPlus! 3\MsgPlus.exe” /WinStart
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - kiw.imgag.com…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe


End of file - 10320 bytes

non j'ai pas fai en mode sans echec; c t marquer? je recommence si il fo, dites moi et si je doi le faire en sans echec doit je redemarrer er presser F8 pour ca c ca?

Merci davance

44

Oui, en pressant F8.

45

Re,

C’est bon ton hijackthis et propre .

mais bon on va voir sa plus en profondeur.

A mioi que tu desire continuer avec un autres?

@+

46

???

Jusqu’à preuve du contraire, nous sommes sur un forum où toute une communauté participe. Tu n’as pas le monopole de l’aide sur ce sujet.

Merci aussi de te calmer, comme je te l’ai dit ailleurs, avec les liens vers ton forum qui, comme c’est indiqué dans la charte, sont interdits si abusivement utilisés.

pierrot04 -> il est en général conseillé d’utiliser les nettoyeurs de spywares ou malwares (Malwarebytes et autres) en mode sans échec afin qu’ils puissent nettoyer correctement tout cela, certains spywares ou malwares ne pouvant pas être supprimés s’ils sont activés sous Windows.
Edité le 20/11/2008 à 21:55

47

Merci pour le conseil Hyperion, je neveut pas rentrer dqns vos conflits j’en est deja assez dans mon boulot :MDR
Je pense qu’il faut vous mettre d’accord tout les 2 et travailler en equipe plutot que de se battre mais bon voila ce ne sont pas mes affaires et mon probleme doit etre resolu,

Goldorak,

STP Peu tu menvoyer la suite qu’on detruise ce qui misere mon jolie ordi et prevoire les prochqines attaques,
(j’ai des pubs qui s’affichent tout le temps sur internet aussi (la je peu pas te dire si ca le fai encore vu aue je sui sur internet securiser), est ce que cela fait parti de mon virus?).

Voila Merci pour votre comprehension et votre importante aide,:oui:

Pierrot.

48

Re,

Fais un scan en ligne avec Kaspersky : [http://webscanner.kaspersky.fr/ Kaspersky]

N.B. : Le scan ne marche que sous Internet Explorer.

  • Commence par connecter tout ton matériel de stockage à ton PC (clés USB, DD amovible…). Allume les si necessaire.

  • Sous Démonstration en ligne, on t’explique la marche à suivre, et pour lancer le scan il faut sélectionner < Exécuter l’analyse en ligne >.

  • On va te demander de télécharger un contrôle active x, accepte .

  • Dans le menu < Choisissez la cible de l’analyse >, sélectionne < Poste de travail >. Le scan va commencer.

  • Poste le rapport qui sera généré stp. (clique sur puis sauvegarde-le sur ton bureau en choisissant “fichier texte (*.txt)” pour l’extension).
    S’il y a un problème, assure toi que les contrôles active x sont bien configurés dans les options internet comme décrit sur ce lien : [http://www.inoculer.com/activex.php3 clic ici]

Rappel : le scan est à faire sous Internet Explorer
[http://www.vista-xp.fr/forum/topic109.html Tuto ici si problème]

NOTE : Si tu reçois le message “La licence de Kaspersky On-line Scanner est périmée”, va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
Pour le rapport Kaspersky il faut que tu choisisses “Afficher le rapport” puis que tu l’enregistres sur ton bureau sous forme de fichier texte (type de fichier “tous les fichiers”).

@+

49

Salut,

Dsl, pour mon retard, bon jai mis le activeX et tout et il maffiche le message suivant (j’ai aussi effacer le on-line scanner):

Certains composants sont endommages ou ne sont pas correctement installe. Veuillez reeinstallez l’application.

Pour info, j’ai toujours des pages de pubs qui arrivent,

Merci d’avance,

Bon dimanche.

50

Re,

Refait un hijackthis.

@+

51

Bon tjr pas résolu :icon_biggrin:

Non sans rire je n’ai pas tout relu mais quelqu’un t’a demandé quel genre de pub c’est?
Sinon si personne ne l’a fait moi je le demande.
Au dela de l’infection car clairement tu étais infecté, certain logiciel que tu installe toi même donne des popup CID cela est écrit au début de la fenêtre c’est le cas de msn plus si tu installes le sponsor.
Tiens moi au courant.
@+

52

Salut,

Vraiment dsl Goldorack59 mais je travaillai a l’etranger et mon chargeur ne marchai plus, voila je sui la et compte le rester jusqu’au bout maintenant ne t’inquiete pas, bon je refai un hijackthis et te tiens au jus dessuite.
(pour la reponse a lustu les pubs etaient de tout et n’importe quoi, des jeux virtuels comme des conneries de la redoute, mais je n’en ai plus de ca, ca y est)

voici le result:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:23, on 09/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = fr.yahoo.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = fr.rd.yahoo.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM…\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe”
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM…\Run: [IntelZeroConfig] “C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe”
O4 - HKLM…\Run: [IntelWireless] “C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless
O4 - HKLM…\Run: [EOUApp] “C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe”
O4 - HKLM…\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM…\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM…\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe”
O4 - HKLM…\Run: [Symantec PIF AlertEng] “C:\Program Files\Fichiers communs\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” /a /m “C:\Program Files\Fichiers communs\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll”
O4 - HKLM…\Run: [YMailAdvisor] “C:\Program Files\Yahoo!\Common\YMailAdvisor.exe”
O4 - HKCU…\Run: [MessengerPlus3] “C:\Program Files\MessengerPlus! 3\MsgPlus.exe” /WinStart
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - kiw.imgag.com…
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - webscanner.kaspersky.fr…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe


End of file - 10669 bytes

53

Peu tu mettre à jour ton PC maintenant?
Si oui mets à jour ton OS et passe au SP3.
Profite en aussi pour passer soit à Internet explorer 7 ou encore mieux à Firefox.
@+

Sinon ton log me parrait propre.
55

Re,

Bon pour Firefox j’ai deja, pour Java je vien de le telecharger, je sai pas comment on met a jour un PC, je sui nul lol; et je n’ai normalement plus aucun antivirus a part ceux aue j’ai installer depuis le debut de la maneuvre, les autres je les ai supprimer.

56

Re,

Fait ceci STP:

==>Télécharge random’s system information tool (RSIT) et enregistre le sur ton bureau.

==>Double clique sur RSIT.exe pour lancer l’outil.

==>Clique sur ’ continue ’ à l’écran Disclaimer.

==>Si l’outil HIjackThis (version à jour) n’est pas présent ou non détecté sur l’ordinateur,RSIT le téléchargera et tu devras accepter la licence.

==>Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports
( log.txt & info.txt )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

57

Voila chef:

Logfile of random’s system information tool 1.04 (written by random/random)
Run by Mr Brunet at 2008-12-11 15:07:42
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 11 GB (20%) free of 56 GB
Total RAM: 2047 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:07:44, on 11/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Mr Brunet\Mes documents\Mes fichiers reçus\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mr Brunet.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = fr.yahoo.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = fr.rd.yahoo.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM…\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe”
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM…\Run: [IntelZeroConfig] “C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe”
O4 - HKLM…\Run: [IntelWireless] “C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless
O4 - HKLM…\Run: [EOUApp] “C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe”
O4 - HKLM…\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM…\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM…\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [Symantec PIF AlertEng] “C:\Program Files\Fichiers communs\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” /a /m “C:\Program Files\Fichiers communs\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll”
O4 - HKLM…\Run: [YMailAdvisor] “C:\Program Files\Yahoo!\Common\YMailAdvisor.exe”
O4 - HKCU…\Run: [MessengerPlus3] “C:\Program Files\MessengerPlus! 3\MsgPlus.exe” /WinStart
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - kiw.imgag.com…
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - webscanner.kaspersky.fr…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe


End of file - 10852 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
C:\WINDOWS\tasks\A8090D6A918E8232.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d’aide de l’Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“HControl”=C:\WINDOWS\ATK0100\HControl.exe [2005-11-10 102400]
“RemoteControl”=C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe [2004-11-02 32768]
“NeroFilterCheck”=C:\WINDOWS\system32\NeroCheck.exe [2007-02-22 155648]
“ATICCC”=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
“RTHDCPL”=C:\WINDOWS\RTHDCPL.EXE [2005-09-06 14850560]
“SynTPEnh”=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-10-21 761945]
“Wireless Console 2”=C:\Program Files\Wireless Console 2\wcourier.exe [2007-02-22 987136]
“IntelZeroConfig”=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-04-14 667718]
“IntelWireless”=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-04-14 602182]
“EOUApp”=C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [2006-04-14 569413]
“Power_Gear”=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2006-03-06 86016]
“ASUS Live Update”=C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2006-02-21 180224]
“SMSERIAL”=C:\WINDOWS\sm56hlpr.exe [2005-05-26 544768]
“HP Software Update”=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
“SunJavaUpdateSched”=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-10 136600]
“Symantec PIF AlertEng”=C:\Program Files\Fichiers communs\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]
“YMailAdvisor”=C:\Program Files\Yahoo!\Common\YMailAdvisor.exe [2008-06-05 125208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“MessengerPlus3”=C:\Program Files\MessengerPlus! 3\MsgPlus.exe [2007-02-23 190024]
“ctfmon.exe”=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]
“msnmsgr”=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
“updateMgr”=c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2007-02-23 307200]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
ASUS ChkMail.lnk - C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-21 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDrives”=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDriveTypeAutoRun”=
“NoDrives”=
“NoDriveAutoRun”=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
“C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe::Enabled:hpqtra08.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe::Enabled:hpqste08.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe::Enabled:hpofxm08.exe"
“C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe::Enabled:hposfx08.exe”
“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe::Enabled:hposid01.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe::Enabled:hpqscnvw.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe::Enabled:hpqkygrp.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe::Enabled:hpqcopy.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe::Enabled:hpfccopy.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe::Enabled:hpzwiz01.exe”
“C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=“C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe::Enabled:hpoews01.exe"
“C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe”="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe::Enabled:hpqnrs08.exe”
“C:\Program Files\Messenger\msmsgs.exe”=“C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”="C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger”
“C:\Program Files\Windows Live\Messenger\livecall.exe”=“C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)"
“C:\Program Files\Skype\Phone\Skype.exe”="C:\Program Files\Skype\Phone\Skype.exe::Enabled:Skype”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=“C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger"
“C:\Program Files\Windows Live\Messenger\livecall.exe”="C:\Program Files\Windows Live\Messenger\livecall.exe::Enabled:Windows Live Messenger (Phone)”

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{627a75c4-b128-11db-a5c7-0017310aade6}]
shell\AutoRun\command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{627a75c5-b128-11db-a5c7-0017310aade6}]
shell\AutoRun\command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{9733784a-edf1-11dc-a730-0017310aade6}]
shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{cc8f2018-cd10-11dc-a714-0017310aade6}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{ffee77a2-07f2-11dd-a745-0017310aade6}]
shell\AutoRun\command - H:\LaunchU3.exe

======List of files/folders created in the last 3 months======

2008-12-11 15:06:09 ----D---- C:\rsit
2008-12-10 22:26:50 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-09 11:37:45 ----A---- C:\WINDOWS\Missing.ini
2008-12-07 13:43:46 ----SHD---- C:\FOUND.004
2008-11-23 11:28:54 ----D---- C:\WINDOWS\system32\Kaspersky Lab
2008-11-20 13:21:42 ----D---- C:\Documents and Settings\Mr Brunet\Application Data\Malwarebytes
2008-11-20 13:21:38 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-20 13:21:37 ----D---- C:\Program Files\Malwarebytes’ Anti-Malware
2008-11-20 10:43:54 ----A---- C:\TB.txt
2008-11-20 10:42:47 ----D---- C:\ToolBar SD
2008-11-20 09:43:45 ----A---- C:\ComboFix.txt
2008-11-20 09:11:26 ----A---- C:\WINDOWS\zip.exe
2008-11-20 09:11:26 ----A---- C:\WINDOWS\VFIND.exe
2008-11-20 09:11:26 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-11-20 09:11:26 ----A---- C:\WINDOWS\SWSC.exe
2008-11-20 09:11:26 ----A---- C:\WINDOWS\SWREG.exe
2008-11-20 09:11:26 ----A---- C:\WINDOWS\sed.exe
2008-11-20 09:11:26 ----A---- C:\WINDOWS\NIRCMD.exe
2008-11-20 09:11:26 ----A---- C:\WINDOWS\grep.exe
2008-11-20 09:11:26 ----A---- C:\WINDOWS\fdsv.exe
2008-11-20 09:11:22 ----D---- C:\WINDOWS\ERDNT
2008-11-20 09:11:21 ----D---- C:\Qoobox
2008-11-20 08:16:39 ----D---- C:\Program Files\Trend Micro
2008-11-08 06:02:46 ----SHD---- C:\FOUND.003
2008-11-05 15:51:19 ----SH---- C:\WINDOWS\system32\dqgcjesl.ini
2008-11-03 00:04:28 ----A---- C:\hbK.exe
2008-11-01 16:41:58 ----SHD---- C:\FOUND.002
2008-10-31 17:32:16 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-31 15:56:43 ----D---- C:\WINDOWS\Prefetch
2008-10-31 15:49:46 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-10-31 15:49:46 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-10-31 15:49:46 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-10-31 15:49:45 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-10-31 15:49:44 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-10-31 15:49:43 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-10-31 15:49:43 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-10-31 15:49:42 ----N---- C:\WINDOWS\system32\slserv.exe
2008-10-31 15:49:42 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-10-31 15:49:42 ----N---- C:\WINDOWS\system32\slgen.dll
2008-10-31 15:49:42 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-10-31 15:49:42 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-10-31 15:49:42 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-10-31 15:49:40 ----N---- C:\WINDOWS\slrundll.exe
2008-10-31 15:48:10 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-31 15:45:20 ----A---- C:\WINDOWS\002486_.tmp
2008-10-31 15:43:18 ----HD---- C:\WINDOWS$NtServicePackUninstall$
2008-10-31 15:43:09 ----D---- C:\WINDOWS\EHome
2008-10-31 15:27:50 ----D---- C:\Program Files\acid type mode
2008-10-31 14:50:57 ----D---- C:\Documents and Settings\Mr Brunet\Application Data\Yahoo!
2008-10-31 14:41:34 ----A---- C:\WINDOWS\system32\iuengine.dll
2008-10-31 14:21:39 ----A---- C:\WINDOWS\system32\wpa.bak
2008-10-31 13:53:20 ----D---- C:\Program Files\Common Files
2008-10-31 13:53:15 ----A---- C:\WINDOWS\system32\msgsvc.dll
2008-10-31 13:52:49 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-10-31 13:52:49 ----A---- C:\WINDOWS\system32\magnify.exe
2008-10-31 13:52:49 ----A---- C:\WINDOWS\system32\locator.exe
2008-10-31 13:52:49 ----A---- C:\WINDOWS\system32\cryptsvc.dll
2008-10-31 13:52:49 ----A---- C:\WINDOWS\system32\crypt32.dll
2008-10-31 13:52:49 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-10-31 13:52:49 ----A---- C:\WINDOWS\hh.exe
2008-10-31 13:52:48 ----A---- C:\WINDOWS\system32\osk.exe
2008-10-31 13:52:48 ----A---- C:\WINDOWS\system32\ole32.dll
2008-10-31 13:52:48 ----A---- C:\WINDOWS\system32\narrator.exe
2008-10-31 13:52:47 ----A---- C:\WINDOWS\system32\rpcss.dll
2008-10-31 13:52:47 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2008-10-31 13:52:46 ----A---- C:\WINDOWS\system32\shmedia.dll
2008-10-31 13:52:45 ----A---- C:\WINDOWS\system32\zipfldr.dll
2008-10-31 13:52:45 ----A---- C:\WINDOWS\system32\newdev.dll
2008-10-31 13:52:45 ----A---- C:\WINDOWS\system32\itss.dll
2008-10-31 13:52:45 ----A---- C:\WINDOWS\system32\hhsetup.dll
2008-10-31 13:52:43 ----A---- C:\WINDOWS\system32\shell32.dll
2008-10-31 13:51:58 ----A---- C:\WINDOWS\system32\xpsp1hfm.exe
2008-10-31 13:49:55 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-10-31 13:49:19 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-10-31 13:49:19 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-10-31 13:49:19 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-10-31 13:49:19 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-10-31 13:49:16 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-10-31 13:49:16 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-10-31 13:49:13 ----A---- C:\WINDOWS\system32\isign32.dll
2008-10-31 13:49:13 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-10-31 13:49:13 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-10-31 13:49:12 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-10-31 13:49:05 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-10-31 13:49:04 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-10-31 13:48:58 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-10-31 13:48:58 ----A---- C:\WINDOWS\system32\srclient.dll
2008-10-31 13:48:57 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-10-31 13:48:57 ----A---- C:\WINDOWS\system32\ils.dll
2008-10-31 13:48:56 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-10-31 13:48:56 ----A---- C:\WINDOWS\system32\msconf.dll
2008-10-31 13:48:51 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-10-31 13:48:51 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-10-31 13:48:50 ----A---- C:\WINDOWS\system32\mstask.dll
2008-10-31 13:47:27 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-10-31 13:47:26 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-10-31 13:47:25 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-10-31 13:47:25 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-10-31 13:47:25 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-10-31 13:47:25 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-10-31 13:47:25 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-10-31 13:47:24 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-10-31 13:47:24 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-10-31 13:47:24 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-10-31 13:47:23 ----A---- C:\WINDOWS\system32\comuid.dll
2008-10-31 13:47:23 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-10-31 13:47:23 ----A---- C:\WINDOWS\system32\colbact.dll
2008-10-31 13:47:23 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-10-31 13:47:23 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-10-31 13:47:23 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-10-31 13:47:22 ----A---- C:\WINDOWS\system32\fxsmon.dll
2008-10-31 13:47:22 ----A---- C:\WINDOWS\system32\fxsevent.dll
2008-10-31 13:47:22 ----A---- C:\WINDOWS\system32\fxscom.dll
2008-10-31 13:47:22 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-10-31 13:47:18 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-10-31 13:47:18 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-10-31 13:47:17 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-10-31 13:47:11 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-10-31 13:47:11 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-10-31 13:47:11 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-10-31 13:47:10 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-31 13:47:10 ----A---- C:\WINDOWS\system32\spider.exe
2008-10-31 13:47:09 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-10-31 13:47:09 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-31 13:47:08 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-10-31 13:47:08 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-10-31 13:47:08 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-10-31 13:47:08 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-10-31 13:47:08 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-10-31 13:47:08 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-10-31 13:47:07 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-10-31 13:47:07 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-10-31 13:47:07 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-10-31 13:47:07 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-10-31 13:47:07 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-10-31 13:47:07 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-10-31 13:47:07 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-10-31 13:47:07 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-10-31 13:47:06 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-10-31 13:47:06 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-10-31 13:47:05 ----A---- C:\WINDOWS\system32\fxsxp32.dll
2008-10-31 13:47:05 ----A---- C:\WINDOWS\system32\fxswzrd.dll
2008-10-31 13:47:05 ----A---- C:\WINDOWS\system32\fxsui.dll
2008-10-31 13:47:05 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-10-31 13:47:04 ----A---- C:\WINDOWS\system32\fxstiff.dll
2008-10-31 13:47:04 ----A---- C:\WINDOWS\system32\fxst30.dll
2008-10-31 13:47:04 ----A---- C:\WINDOWS\system32\fxssvc.exe
2008-10-31 13:47:04 ----A---- C:\WINDOWS\system32\fxsst.dll
2008-10-31 13:47:04 ----A---- C:\WINDOWS\system32\fxsres.dll
2008-10-31 13:47:04 ----A---- C:\WINDOWS\system32\fxsperf.dll
2008-10-31 13:47:04 ----A---- C:\WINDOWS\system32\fxsext32.dll
2008-10-31 13:47:04 ----A---- C:\WINDOWS\system32\fxsdrv.dll
2008-10-31 13:47:04 ----A---- C:\WINDOWS\system32\fxscover.exe
2008-10-31 13:47:03 ----A---- C:\WINDOWS\system32\fxscomex.dll
2008-10-31 13:47:03 ----A---- C:\WINDOWS\system32\fxsclnt.exe
2008-10-31 13:47:03 ----A---- C:\WINDOWS\system32\fxsapi.dll
2008-10-31 13:46:59 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-10-31 13:37:56 ----RA---- C:\WINDOWS\SETD9.tmp
2008-10-31 13:37:53 ----RA---- C:\WINDOWS\SETCD.tmp
2008-10-31 13:25:48 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-10-31 13:25:32 ----A---- C:\WINDOWS\pnplog.txt
2008-10-31 13:23:34 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-10-31 13:14:22 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-10-31 13:14:22 ----A---- C:\WINDOWS\system32\irclass.dll
2008-10-31 13:14:21 ----A---- C:\WINDOWS\system32\storprop.dll
2008-10-31 13:14:12 ----RA---- C:\WINDOWS\SET10C.tmp
2008-10-31 13:14:09 ----RA---- C:\WINDOWS\SET100.tmp
2008-10-29 16:29:16 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2008-10-29 16:18:15 ----D---- C:\Program Files\Electronic Arts
2008-10-29 16:15:54 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-10-29 16:15:48 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-10-29 13:38:14 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-26 20:03:41 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-10-26 18:47:17 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-25 13:04:20 ----D---- C:\Program Files\Spyware Doctor
2008-10-24 11:47:57 ----A---- C:\WINDOWS\system32\e3e0888a-.txt
2008-09-18 10:58:48 ----D---- C:\WINDOWS\system32\CatRoot_bak

======List of files/folders modified in the last 3 months======

2008-12-10 22:26:40 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-10 22:26:40 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-10 22:26:40 ----A---- C:\WINDOWS\system32\java.exe
2008-12-08 14:41:52 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-07 13:49:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-24 21:30:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-20 09:41:00 ----A---- C:\WINDOWS\system.ini
2008-10-31 17:30:32 ----A---- C:\WINDOWS\win.ini
2008-10-31 15:59:04 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-31 15:58:08 ----A---- C:\WINDOWS\setuplog.txt
2008-10-31 15:53:58 ----A---- C:\WINDOWS\imsins.BAK
2008-10-31 15:50:36 ----RASH---- C:\boot.ini
2008-10-31 15:45:58 ----RASH---- C:\NTDETECT.COM
2008-10-31 13:51:08 ----A---- C:\WINDOWS\ODBCINST.INI
2008-10-31 13:50:00 ----RD---- C:\WINDOWS\Web
2008-10-31 13:50:00 ----RD---- C:\Program Files
2008-10-31 13:49:48 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-10-31 13:38:00 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-10-29 19:39:48 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Data Fax Modem.txt
2008-10-16 20:03:44 ----A---- C:\WINDOWS\DHO.INI
2008-10-03 19:12:28 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-02 21:24:32 ----A---- C:\WINDOWS\QTW.INI
2008-09-26 14:14:10 ----A---- C:\WINDOWS\ModemLog_Modem standard.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-04-24 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-07-25 21275]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 s24trans;Transport RLAN; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-04-14 13568]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-21 1505792]
R3 CmBatt;Pilote d’adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-08 3959808]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-07-01 9856]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976]
R3 SynMini;USB2.0 1.3M Web Cam; C:\WINDOWS\System32\Drivers\SynMini.sys [2005-10-03 720470]
R3 SynScan;USB2.0 1.3M Web Cam Still Image; C:\WINDOWS\System32\Drivers\SynScan.sys [2005-10-03 8278]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-10-21 191936]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2005-11-24 47104]
R3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2006-02-02 108928]
R3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2005-12-14 37632]
R3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2006-02-08 62848]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2006-01-31 39808]
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-04 1429632]
S1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-05 40320]
S3 catchme;catchme; ??\C:\C-Fix\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2003-04-24 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2003-04-24 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 RimUsb;Appareil BlackBerry; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-04-24 5888]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-05-26 839724]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-22 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2005-11-11 52864]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Classe d’imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2006-02-21 405504]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-04-14 114753]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-10 152984]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Fichiers communs\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-09-08 198336]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-04-14 217164]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-04-14 540745]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-08 2528960]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-19 268800]
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 PCLEPCI;PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [2005-02-09 14165]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2007-02-23 32768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

-----------------EOF-----------------

ET LE DEUXIEME;

info.txt logfile of random’s system information tool 1.04 2008-12-11 15:06:19

======Uninstall list======

–>C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
–>C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{DD4F051C-1A2B-4A91-B187-B093C597418C}\setup.exe” -l0x40c anything
–>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX–>C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0–>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Assistant de connexion Windows Live–>MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Asus ChkMail–>C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Asus\Asus ChkMail\Uninst.isu"
ASUS Live Update–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\setup.exe” -l0x9
Asus_A_Series_ScreenSaver–>C:\WINDOWS\ASUS A Series ScreenSaver Uninstaller.exe
ASUSDVD–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe” -uninstall
ATI - Utilitaire de désinstallation du logiciel–>C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center–>MsiExec.exe /I{1CE7D0E0-AC02-42C3-8EAD-66F9D39E3C0E}
ATI Display Driver–>rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATK0100 ACPI UTILITY–>C:\WINDOWS\ATK0100\XPunin.exe
avast! Antivirus–>C:\Program Files\Alwil Software\Avast4\aswRunDll.exe “C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll”,RunSetup
Barre d’outils Outlook de Windows Live (Windows Live Toolbar)–>MsiExec.exe /X{6E15BEDF-7EB5-4010-998E-B430DB4EFE45}
Bloqueur de fenêtres pop-up (Windows Live Toolbar)–>MsiExec.exe /X{A425C250-A0E1-4D78-B1C1-A5CBC7385E7C}
Bluetooth Stack for Windows–>MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
CDex extraction audio–>“C:\Program Files\CDex_170b2\uninstall.exe”
Client Web MetaFrame Presentation Server pour Win32–>C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)–>MsiExec.exe /X{EFFCB0F1-CFEC-48D4-B793-EBFCAE852976}
Extension de Windows Live Toolbar (Windows Live Toolbar)–>MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
HijackThis 2.0.2–>“C:\Program Files\Trend Micro\HijackThis\HijackThis.exe” /uninstall
HP Customer Participation Program 7.0–>C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0–>C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential–>MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart, Officejet and Deskjet 7.0.A–>C:\Program Files\HP\Digital Imaging{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update–>MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0–>C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
J2SE Runtime Environment 5.0 Update 10–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
Java™ 6 Update 11–>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 2–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ SE Runtime Environment 6 Update 1–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner–>C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Kaspersky On-line Scanner–>C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
le Parrain® LE JEU VIDEO–>C:\Program Files\Electronic Arts\le Parrain® LE JEU VIDEO\EAUninstall.exe
Lecteur Windows Media 11–>“C:\Program Files\Windows Media Player\Setup_wm.exe” /Uninstall
Livebox–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe” -l0x40c
LiveUpdate 3.1 (Symantec Corporation)–>“C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE” /U
LiveUpdate Notice (Symantec Corporation)–>MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logiciel Intel® PROSet/Wireless–>C:\WINDOWS\Installer\iProInst.exe
Malwarebytes’ Anti-Malware–>“C:\Program Files\Malwarebytes’ Anti-Malware\unins000.exe”
mCore–>MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver–>MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi–>MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
Menus intelligents (Windows Live Toolbar)–>MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
mEoU–>MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}
Messenger Plus! 3 & Sponsor–>“C:\PROGRAM FILES\MESSENGERPLUS! 3\MSGPLUS.EXE” /Remove
Messenger Plus! Live & Sponsor (CiD)–>“C:\Program Files\Messenger Plus! Live\Uninstall.exe”
mHelp–>MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.1 Hotfix (KB928366)–>“C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe” “C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp”
Microsoft .NET Framework 1.1–>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1–>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP–>“C:\WINDOWS$NtUninstallMSCompPackV1$\spuninst\spuninst.exe”
Microsoft Internationalized Domain Names Mitigation APIs–>“C:\WINDOWS$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe”
Microsoft National Language Support Downlevel APIs–>“C:\WINDOWS$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe”
Microsoft Office Standard Edition 2003–>MsiExec.exe /I{9112040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0–>“C:\WINDOWS$NtUninstallWudf01000$\spuninst\spuninst.exe”
Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works–>MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)–>“C:\WINDOWS$NtUninstallKB898458$\spuninst\spuninst.exe”
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)–>“C:\WINDOWS$NtUninstallKB923723$\spuninst\spuninst.exe”
mIWA–>MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView–>MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse–>MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Motorola SM56 Data Fax Modem–>C:\WINDOWS\Motorola\SMSERIAL\sm56unst.exe
Mozilla Firefox (3.0.4)–>C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr–>MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz–>MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe–>MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB927978)–>MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)–>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Multi Virus Cleaner 2008–>“C:\Program Files\AxBx\Multi Virus Cleaner 2008\unins000.exe”
mWlsSafe–>MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML–>MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig–>MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero OEM–>C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
OneCare Advisor (Windows Live Toolbar)–>MsiExec.exe /X{6D7F8D4B-D1A4-402A-973E-31E90940E585}
Power4 Gear–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{4462AD13-F2AA-4CBD-9F95-293C38EED870}\setup.exe” -l0x9
PowerDirector–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe” -uninstall
Quicktime Browser Plug-In–>C:\WINDOWS\uninst.exe -f"C:\Program Files\Netscape\Navigator\Program\Plugins\npqtw\DeIsL1.isu"
Realtek High Definition Audio Driver–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe” -l0x40c -removeonly
REALTEK PCIE NIC Driver–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{17E2F183-BAC4-4D01-BD7A-59F781E17EFA}\setup.exe” -l0x40c REMOVE
SAMSUNG CDMA Modem Driver Set–>C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile USB Modem ^^–>C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software–>C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software–>C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Security Update for CAPICOM (KB931906)–>MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)–>MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype 2.5–>“C:\Program Files\Skype\Phone\unins000.exe”
Synaptics Pointing Device Driver–>rundll32.exe “C:\Program Files\Synaptics\SynTP\SynISDLL.dll”,standAloneUninstall
USB2.0 1.3M Web Cam–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{A87869D7-B133-498C-A347-D9BE109FF6C8}\Setup.exe” -l0x40c
VideoLAN VLC media player 0.8.5–>C:\Program Files\VideoLAN\VLC\uninstall.exe
WD Diagnostics–>MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Internet Explorer 7–>“C:\WINDOWS\ie7\spuninst\spuninst.exe”
Windows Live Favorites pour Windows Live Toolbar–>MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer–>MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger–>MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Toolbar–>“C:\Program Files\Windows Live Toolbar\UnInstall.exe” {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Toolbar–>MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Media Format 11 runtime–>“C:\Program Files\Windows Media Player\wmsetsdk.exe” /UninstallAll
Windows Media Format 11 runtime–>“C:\WINDOWS$NtUninstallWMFDist11$\spuninst\spuninst.exe”
Windows Media Player 11–>“C:\WINDOWS$NtUninstallwmp11$\spuninst\spuninst.exe”
Windows XP Service Pack 2–>C:\WINDOWS$NtServicePackUninstall$\spuninst\spuninst.exe
WinFlash–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.exe” -l0x9
Wireless Console 2–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{83F73CB1-7705-49D1-9852-84D839CA2A45}\setup.exe” -l0x9 -removeonly
Yahoo! Install Manager–>C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL
Yahoo! Mail Advisor–>C:\PROGRA~1\Yahoo!\Common\UNINST~1.EXE
Yahoo! Toolbar–>C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 081210-0]

======Environment variables======

58

Re,

Passe sa:

–> Télécharge UsbFix (de Chiquitine29) sur ton Bureau :

–> Lance l’installation avec les paramètres par défaut.

–> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc…) sans les ouvrir.

–> Double-clique sur le raccourci UsbFix sur ton Bureau.

–> Choisit l’option 1

–> Le PC va redémarrer.

–> Après redémarrage, poste le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet “Fichier”, “Nouvelle tâche”, tape explorer.exe et valide)

59

-------------- UsbFix V2.413.3 ---------------

  • User : Mr Brunet - NOM-8EBA70C8440
  • Outils mis a jours le 06/12/2008 par Chiquitine29 et Chimay8
  • Recherche effectuée à 16:02:07 le 11/12/2008
  • Windows Xp - Internet Explorer 6.0.2900.2180

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\DOCUME~1\MRBRUN~1\LOCALS~1\Temp\1.tmp\b2e.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

D: - Lecteur fixe

G: - Lecteur fixe

H: - Lecteur amovible

--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe

± Listing des fichiers présents :

[22/08/2008 12:57][–a------] C:\AUTOEXEC.BAT
[31/10/2008 15:45][-rahs----] C:\NTDETECT.COM
[03/11/2008 00:04][–a------] C:\hbK.exe
[31/10/2008 15:50][-rahs----] C:\boot.ini
[26/07/2006 21:30][—hs----] C:\BOOTLOG.TXT
[26/07/2006 21:30][—hs----] C:\TB.txt
[26/07/2006 21:30][—hs----] C:\ComboFix.txt
[26/07/2006 21:30][—hs----] C:\UsbFix.txt
[26/07/2006 21:30][—hs----] C:\devlist.txt
[][] C:\PAGEFILE.SYS
[][] C:\CONFIG.SYS
[][] C:\IO.SYS
[][] C:\MSDOS.SYS

--------------- [ Lecteur D ] ----------------

D: - Lecteur fixe

± Listing des fichiers présents :

--------------- [ Lecteur G ] ----------------

G: - Lecteur fixe

± Listing des fichiers présents :

--------------- [ Lecteur H ] ----------------

H: - Lecteur amovible

± Listing des fichiers présents :

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
“Userinit”=“C:\WINDOWS\system32\userinit.exe,”

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Search Page”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
“Start Page”=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
MessengerPlus3=“C:\Program Files\MessengerPlus! 3\MsgPlus.exe” /WinStart
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
msnmsgr=“C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
updateMgr=c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
HControl=C:\WINDOWS\ATK0100\HControl.exe
RemoteControl=“C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe”
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
ATICCC=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime -Delay
RTHDCPL=RTHDCPL.EXE
SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Wireless Console 2=C:\Program Files\Wireless Console 2\wcourier.exe
IntelZeroConfig=“C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe”
IntelWireless=“C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” /tf Intel PROSet/Wireless
EOUApp=“C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe”
Power_Gear=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
ASUS Live Update=C:\Program Files\ASUS\ASUS Live Update\ALU.exe
SMSERIAL=sm56hlpr.exe
HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
SunJavaUpdateSched=“C:\Program Files\Java\jre6\bin\jusched.exe”
Symantec PIF AlertEng=“C:\Program Files\Fichiers communs\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe” /a /m “C:\Program Files\Fichiers communs\Symantec Shared\PIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll”
YMailAdvisor=“C:\Program Files\Yahoo!\Common\YMailAdvisor.exe”
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
Installed=1
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{627a75c4-b128-11db-a5c7-0017310aade6}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{627a75c5-b128-11db-a5c7-0017310aade6}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{9733784a-edf1-11dc-a730-0017310aade6}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{cc8f2018-cd10-11dc-a714-0017310aade6}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{ffee77a2-07f2-11dd-a745-0017310aade6}\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre [http://www.virustotal.com/fr/ interprété] par un spécialiste /!\

[22/08/2008 12:57][–a------] C:\AUTOEXEC.BAT
[31/10/2008 15:45][-rahs----] C:\NTDETECT.COM
[03/11/2008 00:04][–a------] C:\hbK.exe
[31/10/2008 15:50][-rahs----] C:\boot.ini

--------------- ! Fin du rapport ! ----------------

60

Re,

Comment va ton PC ?
@+

61

Be il va super,

Plus de pub et tout va mieu mais dit moi on a finit?
Si oui, il faut que j’efface un peu tout ce que j’ai telecharger ou je les gardes? aussi il faut que j’en utilise un d’antivirus pour tout le temps non?

Merci tu gere.