aclim

le 16 mai 2010

ok je fais les mise a jour windows je te tiens au courant une fois fini

encore merci

@clim

le 16 mai 2010

avant toute chose a une periode y'avais une des dernieres MaJ de windows XP qui faisait bugger le pc il m'affichait l'ouverture de session et impossible de l'ouvrir comment dois je faire?

@clim

le 16 mai 2010

A noter que ton système n'est pas à jour. Ne le mets pas à jour maintenant, attends que je te le demande. Mais sais-tu pourquoi tes parents ne sont pas au SP3 ? Est-ce fait exprès ?

tout d'abord merci de ta reponse

pour repondre a ta question l'ordinateur n'est pas a jour car il ne se lancer plus du tout meme en mode sans echec donc j'ai fais une reparation a partir du cd mais avant de faire toute mise a jour je prefere etre sur de ne plus rien avoir sur le pc

ensuite mes parents ne pocede aucun site internet mon pere a attraper se virus en effectuant une simple recherche sur le net "d'apres ces dires" (peut etre un mauvais clic sa je ne sais pas)

pour finir voici les deux rapports

Logfile of random's system information tool 1.07 (written by random/random)

Run by Compaq_Propriétaire at 2010-05-16 16:05:27

Microsoft Windows XP Édition familiale Service Pack 2

System drive C: has 134 GB (90%) free of 149 GB

Total RAM: 1406 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:05:45, on 16/05/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.5.0\bin\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\AGRSMMSG.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Compaq_Propriétaire\Bureau\RSIT.exe

C:\Program Files\trend micro\Compaq_Propriétaire.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)

O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe

O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--

End of file - 7750 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2941977146-894043044-2822475458-1008Core.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2941977146-894043044-2822475458-1008UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0\bin\jusched.exe [2005-01-01 36972]

"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]

"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]

"KBD"=C:\HP\KBD\KBD.EXE [2005-02-03 61440]

"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472]

"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]

"PS2"=C:\WINDOWS\system32\ps2.exe [2003-09-12 98304]

"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-04-06 339968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2005-04-06 46080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL France"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"

======List of files/folders created in the last 1 months======

2010-05-16 18:26:48 ----RSHD---- C:\cmdcons

2010-05-16 18:18:09 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Malwarebytes

2010-05-16 18:17:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-05-16 18:17:58 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2010-05-16 18:12:25 ----D---- C:\Program Files\Sunbelt Software

2010-05-16 18:01:25 ----A---- C:\WINDOWS\system32\LuResult.txt

2010-05-16 17:49:43 ----A---- C:\WINDOWS\system32\wmpns.dll

2010-05-16 17:49:11 ----ASH---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\desktop.ini

2010-05-16 17:49:09 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Identities

2010-05-16 17:49:09 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Apple Computer

2010-05-16 17:49:08 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Symantec

2010-05-16 17:49:08 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\SampleView

2010-05-16 17:49:08 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft

2010-05-16 16:05:27 ----D---- C:\rsit

2010-05-16 14:50:01 ----D---- C:\Program Files\Trend Micro

2010-05-16 14:06:20 ----A---- C:\WINDOWS\system32\tmp.txt

2010-05-16 14:01:01 ----A---- C:\rapport.txt

2010-05-16 13:34:31 ----D---- C:\Program Files\Spybot - Search & Destroy

2010-05-16 13:34:31 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2010-05-16 13:33:55 ----D---- C:\WINDOWS\system32\SoftwareDistribution

2010-05-16 06:38:03 ----D---- C:\WINDOWS\tmp

2010-05-16 00:44:04 ----D---- C:\Program Files\CCleaner

2010-05-15 21:52:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$

2010-05-15 21:49:00 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$

2010-05-15 21:05:33 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software

2010-05-12 19:03:23 ----HDC---- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

2010-05-12 19:03:07 ----D---- C:\Program Files\Lavasoft

2010-05-12 19:03:07 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft

2010-05-09 20:37:02 ----D---- C:\Program Files\Loaris

======List of files/folders modified in the last 1 months======

2010-05-17 01:38:33 ----D---- C:\WINDOWS\CACHE

2010-05-16 19:02:10 ----HD---- C:\hp

2010-05-16 19:02:10 ----D---- C:\WINDOWS\system

2010-05-16 18:59:29 ----D---- C:\Program Files\Windows NT

2010-05-16 18:59:28 ----D---- C:\Program Files\Windows Media Player

2010-05-16 18:59:28 ----D---- C:\Program Files\Outlook Express

2010-05-16 18:59:28 ----D---- C:\Program Files\NetMeeting

2010-05-16 18:59:27 ----D---- C:\Program Files\Fichiers communs\Services

2010-05-16 18:59:25 ----D---- C:\WINDOWS\system32\wbem

2010-05-16 18:59:23 ----D---- C:\WINDOWS\system32\ras

2010-05-16 18:59:23 ----D---- C:\WINDOWS\system32\oobe

2010-05-16 18:59:19 ----D---- C:\WINDOWS\system32\icsxml

2010-05-16 18:59:19 ----D---- C:\WINDOWS\system32\ias

2010-05-16 18:59:01 ----D---- C:\WINDOWS\system32\Setup

2010-05-16 18:59:00 ----D---- C:\WINDOWS\system32\Com

2010-05-16 18:59:00 ----D---- C:\WINDOWS\srchasst

2010-05-16 18:58:59 ----RD---- C:\WINDOWS\Web

2010-05-16 18:58:59 ----D---- C:\WINDOWS\Media

2010-05-16 18:58:59 ----D---- C:\WINDOWS\addins

2010-05-16 18:58:55 ----RSD---- C:\WINDOWS\Fonts

2010-05-16 18:58:53 ----D---- C:\WINDOWS\Cursors

2010-05-16 18:58:51 ----D---- C:\WINDOWS\I386

2010-05-16 18:58:51 ----AHDC---- C:\WINDOWS\$NtUninstallKB888113$

2010-05-16 18:50:06 ----RSD---- C:\WINDOWS\assembly

2010-05-16 18:27:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-05-16 18:26:58 ----RASH---- C:\boot.ini

2010-05-16 18:26:48 ----A---- C:\WINDOWS\UPGRADE.TXT

2010-05-16 18:26:45 ----D---- C:\WINDOWS\setup.pss

2010-05-16 18:26:16 ----D---- C:\Program Files\Fichiers communs

2010-05-16 18:26:15 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec

2010-05-16 18:25:57 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$

2010-05-16 18:25:28 ----D---- C:\WINDOWS\security

2010-05-16 18:16:48 ----D---- C:\WINDOWS\system32\Restore

2010-05-16 18:12:29 ----D---- C:\WINDOWS\Prefetch

2010-05-16 18:08:42 ----D---- C:\Program Files\QuickTime

2010-05-16 17:59:15 ----SHD---- C:\RECYCLER

2010-05-16 17:49:07 ----D---- C:\Documents and Settings

2010-05-16 17:48:04 ----D---- C:\sysprep

2010-05-16 17:47:30 ----RASH---- C:\BOOT.BAK

2010-05-16 17:46:04 ----D---- C:\WINDOWS\Registration

2010-05-16 17:43:20 ----D---- C:\WINDOWS\system32\CatRoot

2010-05-16 17:42:37 ----A---- C:\WINDOWS\system.ini

2010-05-16 15:34:04 ----SHD---- C:\WINDOWS\Installer

2010-05-16 15:34:03 ----SHD---- C:\Config.Msi

2010-05-16 15:34:03 ----D---- C:\Program Files

2010-05-16 15:34:02 ----D---- C:\WINDOWS\system32

2010-05-16 15:33:21 ----D---- C:\WINDOWS\Tasks

2010-05-16 15:33:21 ----D---- C:\Program Files\Easy Internet signup

2010-05-16 15:32:00 ----D---- C:\WINDOWS\Temp

2010-05-16 15:32:00 ----D---- C:\WINDOWS\Debug

2010-05-16 15:32:00 ----D---- C:\WINDOWS

2010-05-16 14:56:44 ----D---- C:\WINDOWS\Downloaded Program Files

2010-05-16 14:49:34 ----D---- C:\WINDOWS\system32\dllcache

2010-05-16 14:49:29 ----D---- C:\WINDOWS\system32\CatRoot2

2010-05-16 14:48:43 ----D---- C:\WINDOWS\system32\drivers

2010-05-16 14:48:06 ----N---- C:\WINDOWS\SchedLgU.Txt

2010-05-16 13:34:13 ----D---- C:\WINDOWS\SoftwareDistribution

2010-05-16 13:34:01 ----D---- C:\WINDOWS\Help

2010-05-16 13:33:57 ----HD---- C:\WINDOWS\inf

2010-05-16 05:03:15 ----D---- C:\temp

2010-05-16 00:45:46 ----D---- C:\WINDOWS\Minidump

2010-05-15 20:35:01 ----D---- C:\WINDOWS\pss

2010-05-15 20:26:20 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$

2010-05-15 20:22:11 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$

2010-05-04 11:32:53 ----D---- C:\Program Files\IncrediMail

2010-04-25 14:28:11 ----A---- C:\WINDOWS\ULEAD32.INI

2010-04-18 10:36:25 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008]

R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]

R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]

R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]

R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-05 60800]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-04-06 1035776]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-05 61824]

R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2002-07-29 23808]

R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976]

R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]

R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

R4 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys []

S1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys []

S3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-04 607452]

S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys [2005-01-19 12416]

S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-05 20480]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504]

S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-05 73600]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-04-06 364544]

R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]

R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]

S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]

S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-05 268800]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

-----------------EOF-----------------

------------------------------------------------------

info.txt logfile of random's system information tool 1.06 2010-05-16 16:05:48

======Uninstall list======

-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu

-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}

-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}

-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 6.0.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A00000000001}

Agere Systems PCI Soft Modem-->agrsmdel

ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

Compléments d'aide et de support-->WScript.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\eHelpSetup.jse eHelpUninstall

Correctif Windows XP - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe

Correctif Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

Correctif Windows XP - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe

Correctif Windows XP - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe

Correctif Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe

Correctif Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe

Correctif Windows XP - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe

Correctif Windows XP - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe

Correctif Windows XP - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe

Correctif Windows XP - KB888239-->C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe

Correctif Windows XP - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe

Correctif Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}

KBD-->C:\HP\KBD\KBD.EXE uninstalled

Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

PC-Doctor for Windows-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{19C989C4-50AE-43A4-B06E-8C70FFFF852F} /l1036

PS2-->C:\WINDOWS\system32\ps2.exe uninstall

Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}

Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}

Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}

Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}

Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}

Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Sunbelt Personal Firewall-->MsiExec.exe /X{82B1150E-9B37-49FC-83EB-D52197D900D0}

Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

======Hosts File======

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

======Security center information======

FW: Sunbelt Personal Firewall

======System event log======

Computer Name: MAISON

Event Code: 7035

Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur.

Record Number: 5

Source Name: Service Control Manager

Time Written: 20100516174928.000000+120

Event Type: Informations

User: AUTORITE NT\SYSTEM

Computer Name: MAISON

Event Code: 7036

Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution.

Record Number: 4

Source Name: Service Control Manager

Time Written: 20100516174928.000000+120

Event Type: Informations

User:

Computer Name: MAISON

Event Code: 6005

Message: Le service d'Enregistrement d'événement a démarré.

Record Number: 3

Source Name: EventLog

Time Written: 20100516174905.000000+120

Event Type: Informations

User:

Computer Name: MAISON

Event Code: 6009

Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 2 Uniprocessor Free.

Record Number: 2

Source Name: EventLog

Time Written: 20100516174905.000000+120

Event Type: Informations

User:

Computer Name: maison

Event Code: 115

Message: Le suivi de la Restauration système a été activé sur tous les lecteurs.

Record Number: 1

Source Name: SRService

Time Written: 20100516174807.000000+120

Event Type: Informations

User:

=====Application event log=====

Computer Name: MAISON

Event Code: 1

Message:

Record Number: 5

Source Name: ccEvtMgr

Time Written: 20100516174920.000000+120

Event Type: Informations

User: AUTORITE NT\SYSTEM

Computer Name: MAISON

Event Code: 26

Message:

Record Number: 4

Source Name: ccEvtMgr

Time Written: 20100516174918.000000+120

Event Type: Informations

User: AUTORITE NT\SYSTEM

Computer Name: MAISON

Event Code: 1

Message:

Record Number: 3

Source Name: ccSetMgr

Time Written: 20100516174917.000000+120

Event Type: Informations

User: AUTORITE NT\SYSTEM

Computer Name: MAISON

Event Code: 26

Message:

Record Number: 2

Source Name: ccSetMgr

Time Written: 20100516174908.000000+120

Event Type: Informations

User: AUTORITE NT\SYSTEM

Computer Name: MAISON

Event Code: 26

Message:

Record Number: 1

Source Name: ccProxy

Time Written: 20100516174908.000000+120

Event Type: Informations

User: AUTORITE NT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 0, AuthenticAMD

"PROCESSOR_REVISION"=2f00

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"SonicCentral"=c:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\

-----------------EOF-----------------

a toute de suite pour la suite

encore merci

@clim

le 16 mai 2010

j'ai omis une chose avant de proceder au rapport hijackthis j'ai deux analyse avec MbAM voici les rapports

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Version de la base de données: 4105

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

16/05/2010 14:47:41

mbam-log-2010-05-16 (14-47-41).txt

Type d'examen: Examen complet (C:\|)

Elément(s) analysé(s): 197513

Temps écoulé: 55 minute(s), 9 seconde(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 3

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

Fichier(s) infecté(s):

C:\WINDOWS\Temp\~TM15.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\~TM45.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Démarrage\wwwzuc32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

---------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Version de la base de données: 4052

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

16/05/2010 18:24:54

mbam-log-2010-05-16 (18-24-54).txt

Type d'examen: Examen rapide

Elément(s) analysé(s): 143787

Temps écoulé: 5 minute(s), 58 seconde(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 1

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

Fichier(s) infecté(s):

C:\Documents and Settings\Compaq_Propriétaire\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

------------------------------------------------------------------------

j'ai aussi fait une analyse spybot celui ci n'a rien trouver

@++

@clim

le 16 mai 2010

bonjour a tous le pc de mes parents a chopper un gros virus(il changer le fond d'ecran et afficher "your system is infected") mais je sais pas si j'ai reussi a l'eradiquer ou pas voici le rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:50:31, on 16/05/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.5.0\bin\jusched.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\AGRSMMSG.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe