f4czx

Bonjour, rapport SX : SX Check&Update Lien vers le tutoriel : Tutoriels - Security-X - Page 1 --- Windows Version : Windows XP 32 bits Service Pack : 3 UserName : DELL 27/07/2012 13:56:52 version = v0.2.4 --- Windows Update Information : AUOptions : 4 Automatically, no notification --- Name : FlashPlayer ActiveX Version : 11.3.300.268 Flash Player ActiveX est à jour Name : FlashPlayer Plugin Version : 11.3.300.268 Flash Player Plugin est à jour Nom : Mozilla Firefox 14.0.1 (x86 fr) Version : 14.0.1 Nom : Mozilla Maintenance Service Version : 14.0.1 Java Information : Nom : Java 7 Update 5 Version : 7.0.50 Java 7 Update 5 est à jour Name : Adobe Reader 9.5.1 - Français Version : 9.5.1 Adobe Reader est à jour Nom : Internet Explorer Version : 8.0.6001.18702 OK pour Startups@ease. Pour le primary channel, c'est bien en DMA, donc je n'ai rien touché. Bonne après midi

Bonjour, je reviens vers vous car mon PC a été une nouvelle fois infecté (trojan simulant Hadopi et bloquant le PC). Je m'en suis à nouveau sorti, mais depuis je trouve que le PC est très lent et que le nombre de processus est impressionnant. Rapport ZHP Diag & rapport Antimalware Byte. Merci pour votre aide.

Merci pour votre aide. Bon week end.

Je parlais des logs de USB Fix. Y'a t-il d'autres manip à faire ? Merci !

Bonjour, le pb de double accent circonflexe est bien résolu et je vous en remercie. Par contre, je ne sais pas si les logs postés sont normaux ou inquiétants. A bientôt.

Rapport de la suppression de USB Fix : ############################## | UsbFix V 7.082 | [suppression] Utilisateur: DELL (Administrateur) # DELL-A90459E02E Mis à jour le 01/03/2012 par El Desaparecido Lancé à 20:10:32 | 01/03/2012 Site Web: http://eldesaparecido.com Fichier suspect ? : http://eldesaparecido.com/upload.html Contact: contact@eldesaparecido.com PC: Dell Inc. (Latitude E5500 ) (X86-based PC) # Notebook CPU: Processeur Intel Pentium III Xeon (2393) RAM -> [ Total : 3539 | Free : 3021 ] BIOS: Phoenix ROM BIOS PLUS Version 1.10 A15 BOOT: Normal boot OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 3 WB: Windows Internet Explorer 8.0.6001.18702 SC: Security Center Service [ Enabled ] WU: Windows Update Service [ Enabled ] FW: Windows FireWall Service [ Enabled ] C:\ (%systemdrive%) -> Disque fixe # 149 Go (81 Go libre(s) - 54%) [] # NTFS D:\ -> CD-ROM E:\ -> Disque amovible # 4 Go (3 Go libre(s) - 92%) [] # FAT32 F:\ -> Disque amovible # 4 Go (1 Mo libre(s) - 0%) [] # FAT32 G:\ -> Disque amovible # 4 Go (341 Mo libre(s) - 9%) [uSB DISK] # FAT32 ################## | Processus Actif | C:\WINDOWS\System32\smss.exe (540) C:\WINDOWS\system32\winlogon.exe (920) C:\WINDOWS\system32\services.exe (964) C:\WINDOWS\system32\lsass.exe (976) C:\WINDOWS\system32\svchost.exe (1136) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (1244) C:\WINDOWS\System32\svchost.exe (1280) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (1368) C:\WINDOWS\system32\spoolsv.exe (1768) c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe (1816) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (1988) C:\Program Files\Java\jre6\bin\jqs.exe (2020) C:\WINDOWS\System32\svchost.exe (212) C:\Program Files\CDBurnerXP\NMSAccessU.exe (248) C:\WINDOWS\System32\svchost.exe (272) C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe (308) C:\Program Files\Intel\WiFi\bin\WLKeeper.exe (388) C:\WINDOWS\Explorer.EXE (1696) C:\WINDOWS\system32\wbem\wmiapsrv.exe (2208) C:\Program Files\IDT\WDM\sttray.exe (2420) C:\WINDOWS\system32\AESTFltr.exe (2552) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (2560) C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe (2568) C:\WINDOWS\system32\igfxsrvc.exe (2604) C:\WINDOWS\system32\igfxpers.exe (2700) C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe (2728) C:\Program Files\DellTPad\Apoint.exe (2836) C:\Program Files\Microsoft Security Client\msseces.exe (2848) C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (2976) C:\WINDOWS\system32\ctfmon.exe (3164) C:\Program Files\DellTPad\ApMsgFwd.exe (3192) C:\Program Files\DellTPad\HidFind.exe (3396) C:\Program Files\DellTPad\Apntex.exe (3420) C:\WINDOWS\system32\wbem\unsecapp.exe (3428) C:\UsbFix\Go.exe (1556) ################## | Processus Stoppés | Stoppé! c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (1244) Stoppé! C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (1368) Stoppé! C:\WINDOWS\system32\spoolsv.exe (1768) Stoppé! c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe (1816) Stoppé! C:\Program Files\Intel\WiFi\bin\EvtEng.exe (1988) Stoppé! C:\Program Files\Java\jre6\bin\jqs.exe (2020) Stoppé! C:\Program Files\CDBurnerXP\NMSAccessU.exe (248) Stoppé! C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe (308) Stoppé! C:\Program Files\Intel\WiFi\bin\WLKeeper.exe (388) Stoppé! C:\WINDOWS\Explorer.EXE (1696) Stoppé! C:\WINDOWS\system32\wbem\wmiapsrv.exe (2208) Stoppé! C:\Program Files\IDT\WDM\sttray.exe (2420) Stoppé! C:\WINDOWS\system32\AESTFltr.exe (2552) Stoppé! C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (2560) Stoppé! C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe (2568) Stoppé! C:\WINDOWS\system32\igfxsrvc.exe (2604) Stoppé! C:\WINDOWS\system32\igfxpers.exe (2700) Stoppé! C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe (2728) Stoppé! C:\Program Files\DellTPad\Apoint.exe (2836) Stoppé! C:\Program Files\Microsoft Security Client\msseces.exe (2848) Stoppé! C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (2976) Stoppé! C:\WINDOWS\system32\ctfmon.exe (3164) Stoppé! C:\Program Files\DellTPad\ApMsgFwd.exe (3192) Stoppé! C:\Program Files\DellTPad\HidFind.exe (3396) Stoppé! C:\Program Files\DellTPad\Apntex.exe (3420) ################## | Éléments infectieux | Supprimé! C:\Recycler\S-1-5-21-1715567821-1935655697-682003330-1003 (!) Fichiers temporaires supprimés. ################## | Registre | Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr ################## | Mountpoints2 | Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{ed63bdd4-21f6-11df-aaf1-002564708a39} ################## | Listing | [01/03/2010 - 14:41:11 | D ] C:\6633e2dc8dcf1a3239482a39e36a88 [05/08/2010 - 08:29:42 | D ] C:\ATDI [27/01/2010 - 11:33:51 | N | 0] C:\AUTOEXEC.BAT [01/03/2012 - 16:50:56 | D ] C:\BASE DOC [08/10/2011 - 09:07:35 | N | 56] C:\bctool.log [29/02/2012 - 14:31:25 | N | 212] C:\boot.ini [14/04/2008 - 08:00:00 | N | 4952] C:\Bootfont.bin [04/08/2011 - 18:42:59 | N | 82] C:\bureau.scf [27/01/2010 - 11:33:51 | N | 0] C:\CONFIG.SYS [06/08/2010 - 15:20:53 | D ] C:\DELL [12/06/2010 - 21:18:25 | D ] C:\Documents and Settings [02/06/2011 - 16:22:49 | D ] C:\garmin [31/08/2011 - 16:32:45 | D ] C:\IC-F31POMPIER [02/02/2011 - 10:29:23 | D ] C:\Icom [05/08/2010 - 08:58:01 | D ] C:\ICS telecom library [27/01/2010 - 12:51:21 | D ] C:\Intel [27/01/2010 - 11:33:51 | N | 0] C:\IO.SYS [06/08/2010 - 15:20:53 | D ] C:\JWALK32T [05/08/2010 - 09:08:30 | D ] C:\MNT [27/01/2010 - 11:33:51 | N | 0] C:\MSDOS.SYS [27/01/2010 - 12:18:54 | RHD ] C:\MSOCache [05/01/2002 - 02:38:38 | N | 54784] C:\msvci70.dll [14/04/2008 - 08:00:00 | N | 47564] C:\NTDETECT.COM [14/04/2008 - 08:00:00 | N | 252240] C:\ntldr [01/03/2012 - 19:13:47 | ASH | 2145386496] C:\pagefile.sys [07/04/2011 - 21:49:41 | D ] C:\PDW3.1-full [29/02/2012 - 17:15:52 | N | 512] C:\PhysicalDisk0_MBR.bin [29/02/2012 - 17:21:06 | D ] C:\Program Files [01/03/2012 - 20:13:25 | SHD ] C:\RECYCLER [07/02/2011 - 14:08:14 | D ] C:\SAUVEGARDE [27/01/2010 - 11:37:26 | SHD ] C:\System Volume Information [01/03/2012 - 20:13:25 | D ] C:\UsbFix [01/03/2012 - 20:18:48 | A | 4661] C:\UsbFix.txt [02/06/2011 - 16:41:13 | D ] C:\wdgps [01/03/2012 - 08:08:18 | D ] C:\WINDOWS [01/03/2012 - 14:41:00 | D ] C:\ZHP [01/02/2012 - 14:26:36 | D ] E:\~ CLIENTS [01/02/2012 - 14:53:16 | D ] E:\~ARCEP [22/09/2011 - 08:57:56 | D ] F:\HYTERA [06/10/2011 - 19:05:00 | N | 66643] F:\IMGP0552.jpg [06/10/2011 - 19:05:02 | N | 62821] F:\IMGP0599.jpg [06/10/2011 - 21:21:14 | N | 94641] F:\IMGP0661.jpg [06/10/2011 - 19:05:02 | N | 76790] F:\IMGP0667.jpg [06/10/2011 - 19:05:04 | N | 81127] F:\IMGP0753.jpg [06/10/2011 - 19:05:04 | N | 70471] F:\IMGP0819.jpg [06/10/2011 - 19:05:04 | N | 65280] F:\IMGP0821.jpg [06/10/2011 - 19:05:04 | N | 47846] F:\IMGP0827.jpg [06/10/2011 - 19:05:06 | N | 78914] F:\IMGP0966.jpg [06/10/2011 - 19:05:06 | N | 82450] F:\IMGP1018.jpg [06/10/2011 - 19:05:06 | N | 43547] F:\IMGP1138.jpg [06/10/2011 - 19:05:06 | N | 66903] F:\IMGP1258.jpg [06/10/2011 - 19:06:28 | N | 64386] F:\IMGP0496.jpg [06/10/2011 - 19:06:28 | N | 73765] F:\IMGP0633.jpg [06/10/2011 - 19:06:28 | N | 73780] F:\IMGP1037.jpg [06/10/2011 - 19:06:28 | N | 102882] F:\IMGP1047.jpg [08/10/2011 - 15:05:34 | D ] F:\110927_Maldives [08/10/2011 - 15:14:58 | D ] F:\110917_Sausheim [08/10/2011 - 15:15:16 | D ] F:\111006_Col_Alpe [08/10/2011 - 15:15:32 | D ] F:\110922_Coupe_Icare [18/02/2012 - 13:46:04 | N | 4096] G:\._.Trashes [18/02/2012 - 13:46:04 | D ] G:\.Trashes [18/02/2012 - 13:46:04 | D ] G:\.fseventsd [18/02/2012 - 13:46:06 | D ] G:\.Spotlight-V100 [03/11/2009 - 21:47:58 | D ] G:\DOCUMENTS [13/01/2010 - 11:20:40 | D ] G:\TEMP [19/03/2010 - 14:05:36 | N | 73] G:\pmp_usb.ini [16/12/2011 - 21:44:12 | D ] G:\photos ################## | Vaccin | C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) E:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) G:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) ################## | Upload | Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_DELL-A90459E02E.zip http://eldesaparecido.com/upload.html Merci de votre contribution. ################## | E.O.F | Merci !

Bonjour, Je postais la réponse au fur et à mesure des procédures pour ne pas paumer les logs. L'option 2 plante à 48%... Je ressayerais. En tout cas, le bug ^^ a disparu et le PC rame beaucoup moins. Merci !

Bonjour, voici le rapport ZHPFix : Rapport de ZHPFix 1.12.3380 par Nicolas Coolman, Update du 05/02/2011 Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-01-03-2012-14-41-00.txt Run by DELL at 01/03/2012 14:41:00 Windows XP Professional Service Pack 3 (Build 2600) Web site : ZHPFix Fix de rapport Web site : Blog de NicolasCoolman - ZebHelpProcess - Skyrock.com ========== Clé(s) du Registre ========== SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} ABSENT Key: Service: Lavasoft Ad-Aware Service SUPPRIME CLSID MPSK: {d7cff395-1809-11df-aaec-002564708a39} SUPPRIME Key: StartupReg: binhost SUPPRIME Key: StartupReg: gema SUPPRIME Key: StartupReg: gema. SUPPRIME Key: StartupReg: htmlresult SUPPRIME Key: StartupReg: {AF9E0A44-7A48-497B-E9A3-5746AB4AE323} ========== Valeur(s) du Registre ========== ABSENT RunValue: KernelFaultCheck SUPPRIME AAKE KeyValue: C:\agwpe\AGW Packet Engine.exe SUPPRIME AAKE KeyValue: C:\ACARS\acarsd.exe SUPPRIME FirewallRaz (SP) : C:\Program Files\Skype\Plugin Manager\skypePM.exe SUPPRIME FirewallRaz (SP) : C:\Program Files\aMSN\bin\wish.exe Aucune valeur présente dans la clé d'exception du registre (FirewallRaz) ========== Elément(s) de donnée du Registre ========== REMPLACE Value CheckedValue : Good (1) - Bad (0) ========== Dossier(s) ========== SUPPRIME Flash Cookies: 1 SUPPRIME Temporaires Windows: : 75 ========== Fichier(s) ========== ABSENT File: c:\program files\lavasoft\ad-aware\aawservice.exe ABSENT Folder/File: c:\program files\lavasoft\ad-aware\ad-awareadmin.exe ABSENT File: c:\agwpe\agw packet engine.exe ABSENT File: c:\acars\acarsd.exe ABSENT File: c:\documents and settings\dell\application data\binhost.exe ABSENT File: c:\windows\system32\gema.exe ABSENT File: c:\documents and settings\all users\application data\gema\gema.exe ABSENT File: c:\documents and settings\all users\htmlresult.exe ABSENT File: c:\documents and settings\dell\application data\foafle\octiq.exe SUPPRIME Flash Cookies: 0 SUPPRIME Temporaires Windows: : 197 ========== Tache planifiée ========== SUPPRIME Task: Ad-Aware Update (Weekly) ========== Récapitulatif ========== 9 : Clé(s) du Registre 6 : Valeur(s) du Registre 1 : Elément(s) de donnée du Registre 2 : Dossier(s) 11 : Fichier(s) 1 : Tache planifiée End of clean in 00mn 04s ========== Chemin de fichier rapport ========== C:\ZHP\ZHPFix[R1].txt - 01/03/2012 14:41:00 [2509] ________________________________________________________________________________________ Rapport USB Fix : ############################## | UsbFix V 7.082 | [Recherche] Utilisateur: DELL (Administrateur) # DELL-A90459E02E Mis à jour le 01/03/2012 par El Desaparecido Lancé à 14:48:13 | 01/03/2012 Site Web: http://eldesaparecido.com Fichier suspect ? : http://eldesaparecido.com/upload.html Contact: contact@eldesaparecido.com PC: Dell Inc. (Latitude E5500 ) (X86-based PC) # Notebook CPU: Processeur Intel Pentium III Xeon (2394) RAM -> [ Total : 3539 | Free : 2802 ] BIOS: Phoenix ROM BIOS PLUS Version 1.10 A15 BOOT: Normal boot OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 3 WB: Windows Internet Explorer 8.0.6001.18702 SC: Security Center Service [ Enabled ] WU: Windows Update Service [ Enabled ] FW: Windows FireWall Service [ Enabled ] C:\ (%systemdrive%) -> Disque fixe # 149 Go (81 Go libre(s) - 54%) [] # NTFS D:\ -> CD-ROM E:\ -> Disque amovible # 4 Go (3 Go libre(s) - 92%) [] # FAT32 F:\ -> Disque amovible # 4 Go (1 Mo libre(s) - 0%) [] # FAT32 G:\ -> Disque amovible # 4 Go (341 Mo libre(s) - 9%) [uSB DISK] # FAT32 ################## | Processus Actif | C:\WINDOWS\System32\smss.exe (824) C:\WINDOWS\system32\winlogon.exe (920) C:\WINDOWS\system32\services.exe (964) C:\WINDOWS\system32\lsass.exe (976) C:\WINDOWS\system32\svchost.exe (1148) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (1360) C:\WINDOWS\System32\svchost.exe (1396) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (1464) C:\WINDOWS\system32\spoolsv.exe (1992) c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe (2036) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (1480) C:\Program Files\CDBurnerXP\NMSAccessU.exe (316) C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe (600) C:\Program Files\Intel\WiFi\bin\WLKeeper.exe (1044) C:\WINDOWS\Explorer.EXE (1456) C:\Program Files\IDT\WDM\sttray.exe (3276) C:\WINDOWS\system32\AESTFltr.exe (3372) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (3396) C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe (3548) C:\WINDOWS\system32\igfxpers.exe (3572) C:\WINDOWS\system32\igfxsrvc.exe (3588) C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe (4024) C:\Program Files\DellTPad\Apoint.exe (4036) C:\WINDOWS\system32\wbem\unsecapp.exe (4060) C:\Program Files\Microsoft Security Client\msseces.exe (4088) C:\WINDOWS\system32\ctfmon.exe (1928) C:\Program Files\DellTPad\ApMsgFwd.exe (716) C:\Program Files\DellTPad\HidFind.exe (2168) C:\Program Files\DellTPad\Apntex.exe (2812) C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (2864) C:\Program Files\ZHPDiag\ZHPFix.exe (3652) C:\Program Files\Mozilla Firefox\firefox.exe (588) C:\Program Files\Mozilla Firefox\plugin-container.exe (2632) C:\Documents and Settings\DELL\Bureau\SXCU.exe (1356) C:\WINDOWS\system32\msiexec.exe (2220) C:\Program Files\Java\jre6\bin\jqs.exe (1752) C:\WINDOWS\system32\wbem\wmiapsrv.exe (2276) C:\WINDOWS\system32\wscntfy.exe (2828) C:\UsbFix\Go.exe (1620) ################## | Éléments infectieux | ################## | Registre | Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr ################## | Mountpoints2 | HKCU\.\.\.\.\Explorer\MountPoints2\{ed63bdd4-21f6-11df-aaf1-002564708a39} Shell\AutoRun\Command = E:\Autorun.exe ################## | Vaccin | (!) Cet ordinateur n'est pas vacciné! ################## | E.O.F | ________________________________________________________________________

merci à toi

Et voilà ! Rapport de ZHPDiag.

Bonjour, j'ai eu un virus récement (gema = sorte de message Hadopi bidon qui bloque explorer.exe). J'ai réussi à m'en sortir, mais depuis le PC est très lent et j'ai le syndrome du double accent circonflexe. Voici mon log : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:35:07, on 29/02/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\WiFi\bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Intel\WiFi\bin\WLKeeper.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\IDT\WDM\sttray.exe C:\WINDOWS\system32\AESTFltr.exe C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Fichiers communs\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [uSBFW] C:\Program Files\Net Studio\USB FireWall\USB FireWall.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [usuwleydm] "C:\Documents and Settings\DELL\Application Data\Uviwy\qeyw.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264592095968 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Fichiers communs\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\dellxpm09b_6017v022\wdm\stacsv.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe -- End of file - 6758 bytes Merci ... !

Bonjour, bon ben là ça à l'air nickel, même en arrêtant normalement, c'est beaucoup plus rapide. Tu peux m'expliquer brièvement les manips que tu m'a décrites pour en arriver là ? En tout cas merci, tu m'as rendu un fier service. Damien

Bonsoir, merci pour l'info. Il me semble bien que c'est Antivir effectivement. J'ai fait la manip' avec le registre. Pour le shutdown, c'est quoi ? merci, a+

Re, les mises à jours windows sont pourtant désactivées.... a+

Bonjour, j'ai fait tout cela, le système à l'air de bien tourner. Deux choses +/- génantes : 1 - la conso en ressource de update.exe au démarrage (vraissemblablement MAJ Avira) 2 - la lenteur à l'extinction du PC En tout cas merci bcp, car ça va nettement mieux maintenant. Cordialement, Damien

Bonsoir, ok pour les 2 fix, c'est fait. Rapport RSIT : Logfile of random's system information tool 1.06 (written by random/random) Run by Damien at 2009-09-24 19:11:11 Microsoft Windows XP Professionnel Service Pack 2 System drive D: has 28 GB (40%) free of 68 GB Total RAM: 1279 MB (66% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:11:49, on 24/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Sygate\SPF\smc.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Avira\AntiVir Desktop\sched.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Avira\AntiVir Desktop\avguard.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Avira\AntiVir Desktop\avgnt.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\CO2 Saver\CO2Saver.exe D:\WINDOWS\system32\wscntfy.exe D:\Documents and Settings\Damien\Bureau\pb virus\RSIT.exe C:\HijackThis\Damien.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.free.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [smcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: CO2 Saver.lnk = D:\Program Files\CO2 Saver\CO2Saver.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - D:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.2.cab O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFna...acComposant.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe -- End of file - 5256 bytes ======Scheduled tasks folder====== D:\WINDOWS\tasks\Symantec NetDetect.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SmcService"=D:\PROGRA~1\Sygate\SPF\smc.exe [2004-10-15 2577632] "avgnt"=D:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskIcon] D:\Program Files\USB MEMORY BAR\diskicon.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] D:\Program Files\Google\Google Talk\googletalk.exe /autostart [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI] D:\Program Files\LogMeIn\x86\LogMeInSystray.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] D:\WINDOWS\system32\NeroCheck.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nForce APU1 Utilities] D:\WINDOWS\system32\NVATray.exe [2002-01-18 45056] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] D:\Program Files\QuickTime\qttask.exe [2007-08-13 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sacam] d:\documents and settings\damien\local settings\application data\sacam.exe sacam [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2006-10-06 185784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] D:\Program Files\Winamp\winampa.exe [2008-08-04 36352] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk] D:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -hx [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] D:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Bonjour Service"=2 "usnjsvc"=3 "MDM"=2 "LogMeIn"=2 "LMIMaint"=2 D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage CO2 Saver.lnk - D:\Program Files\CO2 Saver\CO2Saver.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit] D:\WINDOWS\system32\LMIinit.dll [2007-11-15 87352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] WgaLogon.dll [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=255 "NoDriveAutoRun"=FFFFFFFF "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoFolderOptions"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\Program Files\eMule\emule.exe"="D:\Program Files\eMule\emule.exe:*:Enabled:eMule" "D:\WINDOWS\System32\P2P Networking\P2P Networking.exe"="D:\WINDOWS\System32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking" "D:\Program Files\Kazaa\kazaa.exe"="D:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa Media Desktop" "D:\Program Files\Real\RealPlayer\realplay.exe"="D:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" "D:\cygwin\usr\X11R6\bin\XWin.exe"="D:\cygwin\usr\X11R6\bin\XWin.exe:*:Enabled:XWin" "D:\Program Files\Shareaza\Shareaza.exe"="D:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing" "D:\Program Files\FTP Expert 3\ftpxpert3.exe"="D:\Program Files\FTP Expert 3\ftpxpert3.exe:*:Enabled:AceFTP v3" "D:\Program Files\K1RFD\EchoLink\EchoLink.exe"="D:\Program Files\K1RFD\EchoLink\EchoLink.exe:*:Enabled:EchoLink" "D:\Program Files\FileZilla\FileZilla.exe"="D:\Program Files\FileZilla\FileZilla.exe:*:Enabled:FileZilla" "D:\Documents and Settings\ADRASEC\Bureau\agwpe\AGW Packet Engine.exe"="D:\Documents and Settings\ADRASEC\Bureau\agwpe\AGW Packet Engine.exe:*:Enabled:Packet Engine For RadioAmateur" "D:\Program Files\Visicom Media\FTP Expert 3\ftpxpert3.exe"="D:\Program Files\Visicom Media\FTP Expert 3\ftpxpert3.exe:*:Enabled:AceFTP v3" "D:\Program Files\Freeplayer\vlc\vlc.exe"="D:\Program Files\Freeplayer\vlc\vlc.exe:*:Enabled:VLC media player" "D:\Program Files\Mozilla Firefox\FIREFOX.EXE"="D:\Program Files\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox" "D:\Program Files\emulev0.47\eMule\emule.exe"="D:\Program Files\emulev0.47\eMule\emule.exe:*:Enabled:eMule" "D:\Program Files\Messenger\MSMSGS.EXE"="D:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger" "D:\Program Files\M6 Video\M6video.exe"="D:\Program Files\M6 Video\M6video.exe:*:Disabled:OneClick" "D:\Program Files\MSN Messenger\msncall.exe"="D:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\Temp\Agw2005\AGW Packet Engine.exe"="C:\Temp\Agw2005\AGW Packet Engine.exe:*:Enabled:Packet Engine For RadioAmateur" "D:\Program Files\MSN Messenger\livecall.exe"="D:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "D:\Documents and Settings\ADRASEC\Mes documents\agwpe\AGW Packet Engine.exe"="D:\Documents and Settings\ADRASEC\Mes documents\agwpe\AGW Packet Engine.exe:*:Enabled:Packet Engine For RadioAmateur" "D:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="D:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater" "D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare" "D:\Program Files\Google\Google Talk\googletalk.exe"="D:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk" "D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "D:\Program Files\Free Music Zilla\FMZilla.exe"="D:\Program Files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla Module" "D:\Documents and Settings\Damien\Bureau\freezer.exe"="D:\Documents and Settings\Damien\Bureau\freezer.exe:*:Enabled:freezer" "D:\Program Files\Windows Live\Messenger\wlcsdk.exe"="D:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "D:\Program Files\HomePlayer\HomePlayer.exe"="D:\Program Files\HomePlayer\HomePlayer.exe:*:Enabled:HomePlayer" "D:\Program Files\HomePlayer\VLC\vlc.exe"="D:\Program Files\HomePlayer\VLC\vlc.exe:*:Enabled:VLC HomePlayer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\Program Files\MSN Messenger\msncall.exe"="D:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "D:\Program Files\MSN Messenger\livecall.exe"="D:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "D:\Program Files\Windows Live\Messenger\wlcsdk.exe"="D:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 1 months====== 2009-09-10 19:13:39 ----RASHD---- D:\autorun.inf 2009-09-10 18:53:46 ----D---- D:\_OTM 2009-09-06 17:45:08 ----D---- D:\Program Files\Navilog1 2009-09-06 17:31:28 ----D---- D:\rsit 2009-09-06 17:20:59 ----D---- D:\WINDOWS\WBEM 2009-09-06 17:19:20 ----HD---- D:\WINDOWS\ie8 2009-09-06 17:19:20 ----D---- D:\WINDOWS\system32\fr-FR 2009-09-06 14:22:46 ----A---- D:\WINDOWS\SchedLgU.Txt 2009-08-28 19:42:56 ----D---- D:\Documents and Settings\Damien\Application Data\fdrtools.com ======List of files/folders modified in the last 1 months====== 2009-09-08 19:06:30 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI 2009-09-06 14:37:34 ----A---- D:\WINDOWS\win.ini 2009-09-06 14:37:34 ----A---- D:\WINDOWS\system.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\D:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; D:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Pilote de processeur Intel; D:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-19 40320] R1 kbdhid;Pilote HID de clavier; D:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-19 14848] R1 ssmdrv;ssmdrv; D:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 wpsdrvnt;wpsdrvnt; \??\D:\WINDOWS\system32\drivers\wpsdrvnt.sys [] R2 avgntflt;avgntflt; D:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-24 55656] R2 CommSB96;CommSB96; D:\WINDOWS\system32\drivers\CommSB96.sys [2002-05-16 24776] R2 CommSBEP;CommSBEP; D:\WINDOWS\system32\drivers\CommSBEP.sys [2002-05-16 24476] R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\D:\WINDOWS\system32\drivers\LMIRfsDriver.sys [] R2 wg3n;SyGate for NT, wg3n; D:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2004-10-15 14568] R2 wg4n;SyGate for NT, wg4n; D:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2004-10-15 14568] R2 wg5n;SyGate for NT, wg5n; D:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2004-10-15 14568] R2 wg6n;SyGate for NT, wg6n; D:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2004-10-15 14568] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); D:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-10-16 947884] R3 HidUsb;Pilote de classe HID Microsoft; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 lmimirr;lmimirr; D:\WINDOWS\system32\DRIVERS\lmimirr.sys [2007-08-03 10144] R3 mouhid;Pilote HID de souris; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 nv;nv; D:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); D:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] R3 usbccgp;Pilote parent générique USB Microsoft; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Concentrateur USB2; D:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; D:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480] S2 LMIInfo;LogMeIn Kernel Information Provider; \??\D:\Program Files\LogMeIn\x86\RaInfo.sys [] S2 zntport;ioctrl driver ; \??\D:\WINDOWS\system32\zntport.sys [] S3 bfastfao;bfastfao; \??\D:\DOCUME~1\ADRASEC\LOCALS~1\Temp\bfastfao.sys [] S3 catchme;catchme; \??\D:\DOCUME~1\Damien\LOCALS~1\Temp\catchme.sys [] S3 fbxusb;FreeBox USB Network Adapter; D:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 18848] S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [] S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; D:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] S3 pcouffin;VSO Software pcouffin; D:\WINDOWS\System32\Drivers\pcouffin.sys [2007-06-01 47360] S3 usbprint;Classe d'imprimantes USB Microsoft; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;Usbscan; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;Pilote de stockage de masse USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 wceusbsh;Windows CE USB Serial Host Driver; D:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-03-09 37768] S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys [] S4 LMIRfsClientNP;LMIRfsClientNP; D:\WINDOWS\system32\drivers\LMIRfsClientNP.sys [] S4 vsdatant;vsdatant; D:\WINDOWS\system32\drivers\vsdatant.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planificateur; D:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; D:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-24 185089] R2 SmcService;Sygate Personal Firewall; D:\Program Files\Sygate\SPF\smc.exe [2004-10-15 2577632] R2 UMWdf;Windows User Mode Driver Framework; D:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912] S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S4 MDM;Machine Debug Manager; D:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336] -----------------EOF-----------------

Bonsoir, désolé pour le mauvais rapport, le mauvais copié était resté dans la pile .... ******************************************************************************** ***** Analyse en ligne de CO2saver.exe : Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.24 2009.09.23 - AhnLab-V3 5.0.0.2 2009.09.23 - AntiVir 7.9.1.23 2009.09.23 - Antiy-AVL 2.0.3.7 2009.09.23 - Authentium 5.1.2.4 2009.09.23 - Avast 4.8.1351.0 2009.09.23 - AVG 8.5.0.412 2009.09.23 - BitDefender 7.2 2009.09.23 - CAT-QuickHeal 10.00 2009.09.23 - ClamAV 0.94.1 2009.09.23 - Comodo 2416 2009.09.23 - DrWeb 5.0.0.12182 2009.09.23 - eSafe 7.0.17.0 2009.09.23 Suspicious File eTrust-Vet 31.6.6757 2009.09.23 - F-Prot 4.5.1.85 2009.09.23 - F-Secure 8.0.14470.0 2009.09.23 - Fortinet 3.120.0.0 2009.09.23 - GData 19 2009.09.23 - Ikarus T3.1.1.72.0 2009.09.23 - Jiangmin 11.0.800 2009.09.23 - K7AntiVirus 7.10.852 2009.09.23 - Kaspersky 7.0.0.125 2009.09.23 - McAfee 5750 2009.09.23 - McAfee+Artemis 5750 2009.09.23 - McAfee-GW-Edition 6.8.5 2009.09.23 - Microsoft 1.5005 2009.09.23 - NOD32 4451 2009.09.23 - Norman 6.01.09 2009.09.23 - nProtect 2009.1.8.0 2009.09.23 - Panda 10.0.2.2 2009.09.23 - PCTools 4.4.2.0 2009.09.23 - Prevx 3.0 2009.09.23 - Rising 21.48.24.00 2009.09.23 - Sophos 4.45.0 2009.09.23 - Sunbelt 3.2.1858.2 2009.09.23 - Symantec 1.4.4.12 2009.09.23 - TheHacker 6.5.0.2.015 2009.09.22 - TrendMicro 8.950.0.1094 2009.09.23 - VBA32 3.12.10.10 2009.09.23 - ViRobot 2009.9.23.1950 2009.09.23 - VirusBuster 4.6.5.0 2009.09.23 - Information additionnelle File size: 229448 bytes MD5...: 67fdf4cc56763a4def8c1b6399def7e8 SHA1..: eae42f81b00bce258fb197ada7ff0ac42e7428a0 SHA256: e9fdc75a962688363cb63cdb0e2df42b840e64ec7a0d0631e3577923dd0ff6d7 ssdeep: 6144:zT6xyZH8QBdifPOCM4wocF4RZODcs43IyzoH:zT6xuBdvCMhocGl73IoG PEiD..: - PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x86f10 timedatestamp.....: 0x469fd5fa (Thu Jul 19 21:22:02 2007) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 UPX0 0x1000 0x56000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e UPX1 0x57000 0x31000 0x30200 7.94 263f6aed7da284a210f06f1bc95f165b .rsrc 0x88000 0x7000 0x6400 5.30 7b0c73cfe0552c581c4f7c306535f27d ( 16 imports ) > KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess > COMCTL32.dll: - > comdlg32.dll: GetFileTitleA > GDI32.dll: SaveDC > imagehlp.dll: ImageGetCertificateData > MSIMG32.dll: AlphaBlend > ole32.dll: CoInitialize > OLEAUT32.dll: - > oledlg.dll: - > OLEPRO32.DLL: - > POWRPROF.dll: EnumPwrSchemes > SHELL32.dll: ShellExecuteA > USER32.dll: GetDC > WININET.dll: InternetOpenA > WINMM.dll: timeGetTime > WINSPOOL.DRV: ClosePrinter ( 0 exports ) RDS...: NSRL Reference Data Set - pdfid.: - trid..: UPX compressed Win32 Executable (33.8%) Win32 EXE Yoda's Crypter (29.4%) Windows Screen Saver (14.5%) Win32 Executable Generic (9.4%) Win32 Dynamic Link Library (generic) (8.3%) ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=67fdf4cc56763a4def8c1b6399def7e8' target='_blank'>http://www.threatexpert.com/report.aspx?md5=67fdf4cc56763a4def8c1b6399def7e8</a> packers (Kaspersky): UPX sigcheck: publisher....: Snap Technologies, Inc. copyright....: Copyright © 2007, Snap Technologies, Inc. product......: CO2 Saver Application description..: CO2 Saver original name: CO2Saver.exe internal name: CO2 Saver file version.: 1, 0, 0, 16 comments.....: signers......: Perfect Market Technologies, Inc Thawte Code Signing CA Thawte Premium Server CA signing date.: 11:22 PM 7/19/2007 verified.....: - packers (F-Prot): UPX ******************************************************************************** ************** Rapport de OTM : All processes killed ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\Software\Classes\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\ not found. Registry key HKEY_CLASSES_ROOT\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D6711C8-7154-40BB-8380-3DEA45B69CBF}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 134 bytes User: All Users User: NetworkService ->Temp folder emptied: 0 bytes File delete failed. D:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 1065572 bytes ->FireFox cache emptied: 41951375 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Damien ->Temp folder emptied: 190984 bytes File delete failed. D:\Documents and Settings\Damien\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 186405 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 38323095 bytes ->Apple Safari cache emptied: 9121929 bytes User: Nounours ->Temp folder emptied: 49152 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->FireFox cache emptied: 2552682 bytes User: ADRASEC ->Temp folder emptied: 49152 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 35652961 bytes ->Apple Safari cache emptied: 876861 bytes User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LogMeInRemoteUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 134 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1099861 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 299433 bytes Total Files Cleaned = 125,49 mb OTM by OldTimer - Version 3.0.0.6 log created on 09232009_214445 Files moved on Reboot... Registry entries deleted on Reboot... ****************************************************************************** Rapport Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:55:41, on 23/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Sygate\SPF\smc.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Avira\AntiVir Desktop\sched.exe D:\Program Files\Avira\AntiVir Desktop\avguard.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\wscntfy.exe D:\Program Files\Avira\AntiVir Desktop\avgnt.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\CO2 Saver\CO2Saver.exe D:\Program Files\Mozilla Firefox\firefox.exe C:\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.free.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file) O4 - HKLM\..\Run: [smcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: CO2 Saver.lnk = D:\Program Files\CO2 Saver\CO2Saver.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - D:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.2.cab O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFna...acComposant.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe -- End of file - 5333 bytes merci, a+

Bonsoir, je signale qu'au démarrage, j'ai un process update.exe qui consomme environ 80% du CPU (pendant quelques minutes -> 10 minutes). Est ce un virus ? Je pense que c'est AntiVir, mais ça me parait lourd. Si oui, y a t-il moyen de forcer ce process à moins consommer ? y'a t-il d'autres manipulations à effectuer pour vérifier la désinfection ? Merci, a+ Ci dessous, un nouveau rapport HIJACKTHIS : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:42:40, on 21/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Sygate\SPF\smc.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Avira\AntiVir Desktop\sched.exe D:\Program Files\Avira\AntiVir Desktop\avguard.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\wscntfy.exe D:\Program Files\Avira\AntiVir Desktop\avgnt.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\CO2 Saver\CO2Saver.exe D:\Program Files\Avira\AntiVir Desktop\update.exe D:\Program Files\Mozilla Firefox\firefox.exe C:\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.free.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file) O4 - HKLM\..\Run: [smcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: CO2 Saver.lnk = D:\Program Files\CO2 Saver\CO2Saver.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - D:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.2.cab O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFna...acComposant.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe -- End of file - 5384 bytes Nouveau rapport RSIT : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:42:40, on 21/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Sygate\SPF\smc.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Avira\AntiVir Desktop\sched.exe D:\Program Files\Avira\AntiVir Desktop\avguard.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\wscntfy.exe D:\Program Files\Avira\AntiVir Desktop\avgnt.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\CO2 Saver\CO2Saver.exe D:\Program Files\Avira\AntiVir Desktop\update.exe D:\Program Files\Mozilla Firefox\firefox.exe C:\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.free.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file) O4 - HKLM\..\Run: [smcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: CO2 Saver.lnk = D:\Program Files\CO2 Saver\CO2Saver.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - D:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.2.cab O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFna...acComposant.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe -- End of file - 5384 bytes

Bonjour, depuis les dernières manip, le PC est nettement plus rapide, plante moins et aucune alarme de virus ou malwares. a+ et merci.

Bonjour, pas de soucis pour l'absence. Je suis sincèrement bluffé par la méthode et le professionnalisme avec lequel vous répondez ... Voici le report de la soirée .... !! REPORT OTM.EXE ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++ All processes killed ========== PROCESSES ========== ========== FILES ========== D:\Documents and Settings\Damien\Application Data\VMNTOOLBAR moved successfully. D:\WINDOWS\SOUNDMAN.EXE moved successfully. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00D6A7E7-4A97-456f-848A-3B75BF7554D7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00D6A7E7-4A97-456f-848A-3B75BF7554D7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan\ deleted successfully. OTM by OldTimer - Version 3.0.0.6 log created on 09102009_185346 Files moved on Reboot... Registry entries deleted on Reboot... REPORT USBFIX OPTION1 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++ ############################## | UsbFix V6.029 | User : Damien (Administrateurs) # DAMIEN-N4MIMJ7Z Update on 09/09/2009 by Chiquitine29, C_XX & Chimay8 Start at: 19:03:36 | 10/09/2009 Website : http://pagesperso-orange.fr/NosTools/index.html Intel® Celeron® CPU 2.20GHz Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Enabled AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ] FW : Sygate Personal Firewall[ Enabled ]4.6 A:\ -> Lecteur de disquettes 3 ½ pouces C:\ -> Disque fixe local # 9,76 Go (8,83 Go free) [NOUS] # FAT32 D:\ -> Disque fixe local # 66,54 Go (28,03 Go free) # FAT32 E:\ -> Disque CD-ROM F:\ -> Disque CD-ROM G:\ -> Disque amovible # 3,79 Go (2,85 Go free) # FAT32 H:\ -> Disque fixe local # 372,52 Go (202,05 Go free) [EXTERNE] # FAT32 ############################## | Processus actifs | D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\csrss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Sygate\SPF\smc.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Avira\AntiVir Desktop\sched.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Avira\AntiVir Desktop\avguard.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\wdfmgr.exe D:\WINDOWS\system32\wscntfy.exe D:\WINDOWS\System32\alg.exe D:\WINDOWS\System32\wbem\wmiprvse.exe D:\WINDOWS\notepad.exe D:\Program Files\Avira\AntiVir Desktop\avgnt.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\CO2 Saver\CO2Saver.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\WINDOWS\system32\NOTEPAD.EXE D:\WINDOWS\System32\wbem\wmiprvse.exe ################## | Fichiers # Dossiers infectieux | ################## | Registre # Clés Run infectieuses | Présent ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" Présent ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoFolderOptions" Présent ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoFolderOptions" ################## | Registre # Mountpoints2 | HKCU\..\..\Explorer\MountPoints2\{46dcae9a-78ca-11db-a1f3-0007cb0000ff} Shell\AutoRun\command =wscript.exe sys.vbs Shell\open\Command =wscript.exe sys.vbs HKCU\..\..\Explorer\MountPoints2\{f6cd91f8-2039-11dd-8f63-00184d6f13b9} Shell\AutoRun\command =wscript.exe sys.vbs Shell\open\Command =wscript.exe sys.vbs ################## | ! Fin du rapport # UsbFix V6.029 ! | REPORT USBFIX OPTION2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++ ############################## | UsbFix V6.029 | User : Damien (Administrateurs) # DAMIEN-N4MIMJ7Z Update on 09/09/2009 by Chiquitine29, C_XX & Chimay8 Start at: 19:08:07 | 10/09/2009 Website : http://pagesperso-orange.fr/NosTools/index.html Intel® Celeron® CPU 2.20GHz Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Enabled AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ] FW : Sygate Personal Firewall[ Enabled ]4.6 A:\ -> Lecteur de disquettes 3 ½ pouces C:\ -> Disque fixe local # 9,76 Go (8,83 Go free) [NOUS] # FAT32 D:\ -> Disque fixe local # 66,54 Go (27,97 Go free) # FAT32 E:\ -> Disque CD-ROM F:\ -> Disque CD-ROM G:\ -> Disque amovible # 3,79 Go (2,85 Go free) # FAT32 H:\ -> Disque fixe local # 372,52 Go (202,05 Go free) [EXTERNE] # FAT32 ############################## | Processus actifs | D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\csrss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\logonui.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Sygate\SPF\smc.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Avira\AntiVir Desktop\sched.exe D:\WINDOWS\system32\userinit.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Avira\AntiVir Desktop\avguard.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\wdfmgr.exe D:\WINDOWS\System32\wbem\wmiprvse.exe ################## | Fichiers # Dossiers infectieux | ################## | Registre # Clés Run infectieuses | Supprimé ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" Supprimé ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoFind" Supprimé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoFolderOptions" Supprimé ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoRun" ################## | Registre # Mountpoints2 | Supprimé ! HKCU\...\Explorer\MountPoints2\{46dcae9a-78ca-11db-a1f3-0007cb0000ff}\Shell\AutoRun\Command Supprimé ! HKCU\...\Explorer\MountPoints2\{f6cd91f8-2039-11dd-8f63-00184d6f13b9}\Shell\AutoRun\Command ################## | Listing des fichiers présent | [26/10/2004 16:20|---hs----|56556] C:\BOOTLOG.TXT [05/05/1999 22:22|---hs----|95874] C:\COMMAND.COM [06/05/2005 17:35|--a------|134] C:\AUTOEXEC.BAT [26/10/2004 15:52|---hs----|22] C:\MSDOS.--- [26/10/2004 16:08|---hs----|117213] C:\SETUPLOG.TXT [26/10/2004 16:08|---hs----|6174] C:\NETLOG.TXT [06/05/2005 17:35|--a------|100] C:\CONFIG.SYS [26/10/2004 16:05|---hs----|73021] C:\DETLOG.OLD [26/10/2004 15:57|---hs----|7809] C:\SUHDLOG.DAT [26/10/2004 16:06|-r-hs----|1676] C:\MSDOS.SYS [06/05/2005 17:20|--ahs----|54274] C:\DETLOG.TXT [26/10/2004 16:08|---hs----|50899] C:\BOOTLOG.PRV [26/10/2004 15:57|---hs----|540704] C:\SYSTEM.1ST [05/05/1999 22:22|-r-hs----|222390] C:\IO.SYS [26/10/2004 16:20|---hs----|512] C:\BOOTSECT.DOS [26/10/2004 18:26|-rahs----|251712] C:\ntldr [06/02/2002 20:40|-rahs----|4952] C:\Bootfont.bin [26/10/2004 18:26|-rahs----|47564] C:\ntdetect.com [06/09/2009 14:37|-rahs----|238] C:\boot.ini [08/09/2005 10:34|--ahs----|603168768] C:\pagefile.sys [?|?|?] D:\pagefile.sys [07/09/2009 09:17|--a------|1240] D:\cleannavi.txt [10/09/2009 19:10|--a------|3505] D:\UsbFix.txt [09/10/2007 21:12|--a------|41] H:\pmp_usb.ini ################## | ! Fin du rapport # UsbFix V6.029 ! | Bonne soirée et merci, a+

Bonsoir. Rapport Navilog : ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Fix Navipromo version 4.0.2 commencé le 06/09/2009 17:48:26,09 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! Outil exécuté depuis D:\Program Files\navilog1 Mise à jour le 27.08.2009 à 11h00 par IL-MAFIOSO Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : Intel® Celeron® CPU 2.20GHz ) BIOS : Version 1.00 USER : Damien ( Administrator ) BOOT : Normal boot Antivirus : AntiVir Desktop 9.0.1.32 (Not Activated) Firewall : Sygate Personal Firewall 4.6 (Activated) A:\ (USB) C:\ (Local Disk) - FAT32 - Total:9 Go (Free:8 Go) D:\ (Local Disk) - FAT32 - Total:66 Go (Free:25 Go) E:\ (CD or DVD) F:\ (CD or DVD) Recherche executée en mode normal Nettoyage exécuté au redémarrage de l'ordinateur Nettoyage contenu D:\WINDOWS\Temp effectué ! Nettoyage contenu D:\Documents and Settings\Damien\locals~1\Temp effectué ! *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Scan terminé 07/09/2009 9:17:51,78 *** ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++ RAPPORT ANTIMALWAREBYTE : Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2747 Windows 5.1.2600 Service Pack 2 08/09/2009 00:23:28 mbam-log-2009-09-08 (00-23-28).txt Type de recherche: Examen complet (C:\|D:\|H:\|) Eléments examinés: 238771 Temps écoulé: 1 hour(s), 13 minute(s), 31 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ RAPPORT RSIT : Logfile of random's system information tool 1.06 (written by random/random) Run by Damien at 2009-09-08 00:23:54 Microsoft Windows XP Professionnel Service Pack 2 System drive D: has 27 GB (39%) free of 68 GB Total RAM: 1279 MB (71% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:25:05, on 08/09/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Sygate\SPF\smc.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Avira\AntiVir Desktop\sched.exe D:\Program Files\Avira\AntiVir Desktop\avguard.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\wscntfy.exe D:\WINDOWS\Explorer.EXE D:\Program Files\Avira\AntiVir Desktop\avgnt.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\CO2 Saver\CO2Saver.exe D:\Documents and Settings\Damien\Bureau\pb virus\RSIT.exe D:\Program Files\Mozilla Firefox\firefox.exe C:\HijackThis\Damien.exe D:\WINDOWS\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.talti.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.free.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [smcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: CO2 Saver.lnk = D:\Program Files\CO2 Saver\CO2Saver.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - D:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.2.cab O16 - DPF: {D28C3640-A6D7-4668-A53C-07A9CF67D157} (CFnacComposantCtrl Object) - http://www.fnacmusic.com/telechargementFna...acComposant.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe -- End of file - 5958 bytes ======Scheduled tasks folder====== D:\WINDOWS\tasks\Symantec NetDetect.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00D6A7E7-4A97-456f-848A-3B75BF7554D7}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}] VMN Toolbar - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL [2006-11-17 2533376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - D:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - VMN Toolbar - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL [2006-11-17 2533376] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SmcService"=D:\PROGRA~1\Sygate\SPF\smc.exe [2004-10-15 2577632] "avgnt"=D:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskIcon] D:\Program Files\USB MEMORY BAR\diskicon.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] D:\Program Files\Google\Google Talk\googletalk.exe /autostart [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI] D:\Program Files\LogMeIn\x86\LogMeInSystray.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] D:\WINDOWS\system32\NeroCheck.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nForce APU1 Utilities] D:\WINDOWS\system32\NVATray.exe [2002-01-18 45056] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] D:\Program Files\QuickTime\qttask.exe [2007-08-13 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sacam] d:\documents and settings\damien\local settings\application data\sacam.exe sacam [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] D:\WINDOWS\SOUNDMAN.EXE [2002-10-16 47104] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2006-10-06 185784] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] D:\Program Files\Winamp\winampa.exe [2008-08-04 36352] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel Kodak EasyShare.lnk] D:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -hx [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] D:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Bonjour Service"=2 "usnjsvc"=3 "MDM"=2 "LogMeIn"=2 "LMIMaint"=2 D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage CO2 Saver.lnk - D:\Program Files\CO2 Saver\CO2Saver.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit] D:\WINDOWS\system32\LMIinit.dll [2007-11-15 87352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] WgaLogon.dll [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NofolderOptions"=0 "NoFind"=0 "NoRun"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoFolderOptions"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\Program Files\eMule\emule.exe"="D:\Program Files\eMule\emule.exe:*:Enabled:eMule" "D:\WINDOWS\System32\P2P Networking\P2P Networking.exe"="D:\WINDOWS\System32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking" "D:\Program Files\Kazaa\kazaa.exe"="D:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa Media Desktop" "D:\Program Files\Real\RealPlayer\realplay.exe"="D:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" "D:\cygwin\usr\X11R6\bin\XWin.exe"="D:\cygwin\usr\X11R6\bin\XWin.exe:*:Enabled:XWin" "D:\Program Files\Shareaza\Shareaza.exe"="D:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing" "D:\Program Files\FTP Expert 3\ftpxpert3.exe"="D:\Program Files\FTP Expert 3\ftpxpert3.exe:*:Enabled:AceFTP v3" "D:\Program Files\K1RFD\EchoLink\EchoLink.exe"="D:\Program Files\K1RFD\EchoLink\EchoLink.exe:*:Enabled:EchoLink" "D:\Program Files\FileZilla\FileZilla.exe"="D:\Program Files\FileZilla\FileZilla.exe:*:Enabled:FileZilla" "D:\Documents and Settings\ADRASEC\Bureau\agwpe\AGW Packet Engine.exe"="D:\Documents and Settings\ADRASEC\Bureau\agwpe\AGW Packet Engine.exe:*:Enabled:Packet Engine For RadioAmateur" "D:\Program Files\Visicom Media\FTP Expert 3\ftpxpert3.exe"="D:\Program Files\Visicom Media\FTP Expert 3\ftpxpert3.exe:*:Enabled:AceFTP v3" "D:\Program Files\Freeplayer\vlc\vlc.exe"="D:\Program Files\Freeplayer\vlc\vlc.exe:*:Enabled:VLC media player" "D:\Program Files\Mozilla Firefox\FIREFOX.EXE"="D:\Program Files\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox" "D:\Program Files\emulev0.47\eMule\emule.exe"="D:\Program Files\emulev0.47\eMule\emule.exe:*:Enabled:eMule" "D:\Program Files\Messenger\MSMSGS.EXE"="D:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger" "D:\Program Files\M6 Video\M6video.exe"="D:\Program Files\M6 Video\M6video.exe:*:Disabled:OneClick" "D:\Program Files\MSN Messenger\msncall.exe"="D:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\Temp\Agw2005\AGW Packet Engine.exe"="C:\Temp\Agw2005\AGW Packet Engine.exe:*:Enabled:Packet Engine For RadioAmateur" "D:\Program Files\MSN Messenger\livecall.exe"="D:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "D:\Documents and Settings\ADRASEC\Mes documents\agwpe\AGW Packet Engine.exe"="D:\Documents and Settings\ADRASEC\Mes documents\agwpe\AGW Packet Engine.exe:*:Enabled:Packet Engine For RadioAmateur" "D:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="D:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater" "D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare" "D:\Program Files\Google\Google Talk\googletalk.exe"="D:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk" "D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "D:\Program Files\Free Music Zilla\FMZilla.exe"="D:\Program Files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla Module" "D:\Documents and Settings\Damien\Bureau\freezer.exe"="D:\Documents and Settings\Damien\Bureau\freezer.exe:*:Enabled:freezer" "D:\Program Files\Windows Live\Messenger\wlcsdk.exe"="D:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "D:\Program Files\HomePlayer\HomePlayer.exe"="D:\Program Files\HomePlayer\HomePlayer.exe:*:Enabled:HomePlayer" "D:\Program Files\HomePlayer\VLC\vlc.exe"="D:\Program Files\HomePlayer\VLC\vlc.exe:*:Enabled:VLC HomePlayer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\Program Files\MSN Messenger\msncall.exe"="D:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "D:\Program Files\MSN Messenger\livecall.exe"="D:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "D:\Program Files\Windows Live\Messenger\wlcsdk.exe"="D:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46dcae9a-78ca-11db-a1f3-0007cb0000ff}] shell\AutoRun\command - wscript.exe sys.vbs shell\open\command - wscript.exe sys.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6cd91f8-2039-11dd-8f63-00184d6f13b9}] shell\AutoRun\command - wscript.exe sys.vbs shell\open\command - wscript.exe sys.vbs ======List of files/folders created in the last 1 months====== 2009-09-06 17:48:26 ----A---- D:\cleannavi.txt 2009-09-06 17:45:08 ----D---- D:\Program Files\Navilog1 2009-09-06 17:31:28 ----D---- D:\rsit 2009-09-06 17:20:59 ----D---- D:\WINDOWS\WBEM 2009-09-06 17:19:20 ----HD---- D:\WINDOWS\ie8 2009-09-06 17:19:20 ----D---- D:\WINDOWS\system32\fr-FR 2009-09-06 16:25:20 ----D---- D:\Documents and Settings\Damien\Application Data\VMNTOOLBAR 2009-09-06 14:22:46 ----N---- D:\WINDOWS\SchedLgU.Txt 2009-08-28 19:42:56 ----D---- D:\Documents and Settings\Damien\Application Data\fdrtools.com 2009-08-23 12:04:40 ----D---- D:\Program Files\Avira 2009-08-23 12:04:40 ----D---- D:\Documents and Settings\All Users\Application Data\Avira 2009-08-19 17:45:24 ----D---- D:\Documents and Settings\Damien\Application Data\Malwarebytes 2009-08-19 17:45:13 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-08-19 17:45:12 ----D---- D:\Program Files\Malwarebytes' Anti-Malware ======List of files/folders modified in the last 1 months====== 2009-09-06 14:37:34 ----A---- D:\WINDOWS\win.ini 2009-09-06 14:37:34 ----A---- D:\WINDOWS\system.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\D:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; D:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Pilote de processeur Intel; D:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-19 40320] R1 kbdhid;Pilote HID de clavier; D:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-19 14848] R1 ssmdrv;ssmdrv; D:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 wpsdrvnt;wpsdrvnt; \??\D:\WINDOWS\system32\drivers\wpsdrvnt.sys [] R2 avgntflt;avgntflt; D:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-24 55656] R2 CommSB96;CommSB96; D:\WINDOWS\system32\drivers\CommSB96.sys [2002-05-16 24776] R2 CommSBEP;CommSBEP; D:\WINDOWS\system32\drivers\CommSBEP.sys [2002-05-16 24476] R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\D:\WINDOWS\system32\drivers\LMIRfsDriver.sys [] R2 wg3n;SyGate for NT, wg3n; D:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2004-10-15 14568] R2 wg4n;SyGate for NT, wg4n; D:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2004-10-15 14568] R2 wg5n;SyGate for NT, wg5n; D:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2004-10-15 14568] R2 wg6n;SyGate for NT, wg6n; D:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2004-10-15 14568] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); D:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-10-16 947884] R3 HidUsb;Pilote de classe HID Microsoft; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 lmimirr;lmimirr; D:\WINDOWS\system32\DRIVERS\lmimirr.sys [2007-08-03 10144] R3 mouhid;Pilote HID de souris; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 nv;nv; D:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); D:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992] R3 usbccgp;Pilote parent générique USB Microsoft; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Concentrateur USB2; D:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 USBSTOR;Pilote de stockage de masse USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; D:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480] S2 LMIInfo;LogMeIn Kernel Information Provider; \??\D:\Program Files\LogMeIn\x86\RaInfo.sys [] S2 zntport;ioctrl driver ; \??\D:\WINDOWS\system32\zntport.sys [] S3 bfastfao;bfastfao; \??\D:\DOCUME~1\ADRASEC\LOCALS~1\Temp\bfastfao.sys [] S3 catchme;catchme; \??\D:\DOCUME~1\Damien\LOCALS~1\Temp\catchme.sys [] S3 fbxusb;FreeBox USB Network Adapter; D:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 18848] S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [] S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; D:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] S3 pcouffin;VSO Software pcouffin; D:\WINDOWS\System32\Drivers\pcouffin.sys [2007-06-01 47360] S3 usbprint;Classe d'imprimantes USB Microsoft; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;Usbscan; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 wceusbsh;Windows CE USB Serial Host Driver; D:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-03-09 37768] S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys [] S4 LMIRfsClientNP;LMIRfsClientNP; D:\WINDOWS\system32\drivers\LMIRfsClientNP.sys [] S4 vsdatant;vsdatant; D:\WINDOWS\system32\drivers\vsdatant.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planificateur; D:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; D:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-24 185089] R2 SmcService;Sygate Personal Firewall; D:\Program Files\Sygate\SPF\smc.exe [2004-10-15 2577632] R2 UMWdf;Windows User Mode Driver Framework; D:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912] S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S4 MDM;Machine Debug Manager; D:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336] -----------------EOF----------------- Merci

Ok je fait ça. J'ai édité le message en rajoutant quelques infos juste avant votre réponse. Je suis sur XP SP2. A noter que je n'ai aucun fichier dans D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots mais que D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2 comporte des .reg en quantité. Que dois je faire ? a+ et merci