Virus Outlook Résolu

Jac34 · le 18 février 2009

Bonsoir,

J'ai, je pense,un problème de virus avec Outlook alors que je suis (théoriquement) protégé par Avast.

Lorsque j'envoie un message celui-ci est en fait envoyé un nombre aléatoire de fois + de 10 en général.

J'ai lancé Malwarebytes: pas d'infection, j'ai nettoyé avec RegSeeker, et CCleaner rien n'y fait.

En plus je ne peux même plus effacer mes messages dans la boite de réception et celle d'envoi.

Quelqu'un a-t-il déjà eu ce problème et comment le résoudre ?

Modifié le 26 février 2009 par Jac34

Falkra · le 19 février 2009

BOnjour,

Avast ne protège pas grand chose, et n'est pas bon, depuis un moment maintenant.

Il faudra changer ça après avoir réglé son compte au virus, s'il est là.

Oublie Ccleaner et RegSeeker pour ça : ce ne sont pas des logiciels de désinfection, ni de résolution de problèmes généraux.

On va voir ce qui tourne pour se faire une idée.

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Ca fait deux rapports donc.

Jac34 · le 19 février 2009

Bonsoir,

Voici les 2 fichiers:

info.txt logfile of random's system information tool 1.05 2009-02-19 17:46:04

======Uninstall list======

-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

ACDSee 5.0 Standard Trial-->MsiExec.exe /I{7FFADA6F-9A46-4D80-8400-8D3B77C62908}

Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}

AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"

ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"

avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

C-Media 3D Audio-->C:\WINDOWS\CMIUnInstall.exe

Colin McRae Rally 2005 Demo-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECEF0322-5EA8-4158-80E1-A65CFCAF560E}\Setup.exe" -l0x9

ConvertXtoDVD 2.1.4.162-->"C:\Program Files\vso\ConvertXtoDVD\unins000.exe"

Copernic Agent Basic-->"C:\WINDOWS\CopernicAgentUninstall.exe" /ARGSFILE="D:\Program Files\Copernic Agent\unwise.dat"

Correctif Windows XP - KB282010-->C:\WINDOWS\$NtUninstallKB282010$\spuninst\spuninst.exe

Correctif Windows XP - KB810217-->C:\WINDOWS\$NtUninstallKB810217$\spuninst\spuninst.exe

Correctif Windows XP - KB820291-->C:\WINDOWS\$NtUninstallKB820291$\spuninst\spuninst.exe

Correctif Windows XP - KB823182-->C:\WINDOWS\$NtUninstallKB823182$\spuninst\spuninst.exe

Correctif Windows XP - KB824141-->C:\WINDOWS\$NtUninstallKB824141$\spuninst\spuninst.exe

Correctif Windows XP - KB825119-->C:\WINDOWS\$NtUninstallKB825119$\spuninst\spuninst.exe

Correctif Windows XP - KB825121-->C:\WINDOWS\$NtUninstallKB825121$\spuninst\spuninst.exe

Correctif Windows XP - KB826939-->C:\WINDOWS\$NtUninstallKB826939$\spuninst\spuninst.exe

Correctif Windows XP - KB828035-->C:\WINDOWS\$NtUninstallKB828035$\spuninst\spuninst.exe

Correctif Windows XP (SP2) Q327979-->C:\WINDOWS\$NtUninstallQ327979$\spuninst\spuninst.exe

Correctif Windows XP (SP2) q329623-->C:\WINDOWS\$NtUninstallq329623$\spuninst\spuninst.exe

Correctif Windows XP (SP2) Q815485-->C:\WINDOWS\$NtUninstallQ815485$\spuninst\spuninst.exe

Correctif Windows XP (SP2) Q819696-->C:\WINDOWS\$NtUninstallQ819696$\spuninst\spuninst.exe

Creative Modem Blaster DI5733-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1C0717C-546A-11D7-9963-00A0C92C4EC3}\setup.exe" -l0x40c /remove

Diskeeper Professional Edition-->MsiExec.exe /X{DE4847A9-E86B-4BBB-B991-58C5ACA4FA04}

DivxToDVD 0.5.2-->"C:\Program Files\vso\DivxToDVD\unins000.exe"

DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"

DVDx-->"C:\Program Files\DVDx\unins000.exe"

Easy CD Creator 5 Platinum-->MsiExec.exe /I{8851E12C-0EF9-11D4-A788-009027ABA5D0}

eMule-->"C:\Program Files\eMule\Uninstall.exe"

EVEREST Home Edition v2.20-->"D:\Program Files\EVEREST Home Edition\unins000.exe"

Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}

Heredis 8-->C:\WINDOWS\unvise32.exe C:\Program Files\Heredis 8\uninstal.log

HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

HP Deskjet 3740-->msiexec /x{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}

HP Precisionscan Pro 3.1-->MsiExec.exe /I{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}

Internet Explorer Q824145-->C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q824145.inf

IZArc 3.7-->"C:\Program Files\IZArc\unins000.exe"

K-Lite Codec Pack 4.5.3 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

Labtec WebCam-->MsiExec.exe /I{58E653BE-BD68-4D68-BB2E-3AE1B925AAD0}

Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Logiciel d'impression photo HP-->C:\WINDOWS\IsUn040c.exe -f"d:\logiciels\Photo Printing\Uninstall.isu" -c"d:\logiciels\Photo Printing\hpiunPC.dll

Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}

Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

MailWasher Pro-->C:\Program Files\Firetrust\MailWasher Pro\uninstall.exe

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Micro Application - PrintPratic 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B056DB05-BF39-49A0-AAB8-C8FA49D9660C}\Setup.exe" -l0x40c

Micro Application - PrintPratic Edition Photo-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03A80A3C-2E33-4CB2-A0C8-57DACD48CF7C}\Setup.exe" -l0x40c

Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Office XP Standard-->MsiExec.exe /I{9012040C-6000-11D3-8CFE-0050048383C9}

Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MP3 Player Utilities-->MsiExec.exe /I{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}

My DSC-->C:\Program Files\InstallShield Installation Information\{225af9a1-b556-88d5-94aa-0010b5426419}\setup.exe

MyDSC2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83D96ED0-98AA-4515-8DDC-816F3EFDD104}\Setup.exe" -l0x9

Outlook Express Update Q330994-->C:\WINDOWS\Q330994.exe C:\WINDOWS\INF\Q330994.inf

Paint Shop Pro 7-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}

Pinnacle InstantCD/DVD Suite-->MsiExec.exe /I{9CA74E7D-CA06-4A5C-9851-83D15B7B4D59}

PixRenamer - v. 1.0-->"C:\Program Files\PixRenamer\unins000.exe"

PIXresizer 2.0.3-->"C:\Program Files\PIXresizer\unins000.exe"

PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

PPP over Ethernet-->rundll32.exe pppoe32.dll,Uninstall

Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Labtec\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT

QuickTime Alternative 1.67-->"C:\Program Files\QuickTime Alternative\unins000.exe"

Rainbow Web 1.1-->"d:\Jac\jeux\Rainbow Web\unins000.exe"

RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

SafeCast Shared Components-->C:\Program Files\Fichiers communs\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall

SCRABBLE® Interactif EDITION 2007 Désinstaller-->C:\Program Files\UBISOFT\SCRABBLE® Interactif EDITION 2007\uninstall.exe

Search Settings 1.2-->MsiExec.exe /X{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}

SFR - Kit de connexion-->C:\Program Files\SFR\Kit\uninstall.exe

Sokoban 3.4.0.0-->C:\Program Files\Sokoban\Uninstal.exe

Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Sunbelt Personal Firewall-->MsiExec.exe /X{BFD080F6-3BF0-40E1-9507-9CA969C35870}

TomTom HOME 2.5.2.60-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe

toptime-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\uxtobirza\toptime\DeIsL1.isu" -c"C:\Program Files\uxtobirza\toptime\_ISREG32.DLL"

Tropix-->"C:\Program Files\Tropix\unins000.exe"

VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}

VideoLAN VLC media player 0.8.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe

VirtualDub 1.6.9 Fr-->C:\Program Files\VirtualDub\UnInstall_VirtualDub.exe

Visionneuse Journal Windows Microsoft-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}

VSO CopyToDVD 4-->"C:\Program Files\VSO\unins000.exe"

VSO Image Resizer 1.3.4d-->"C:\Program Files\VSO\Image Resizer\unins000.exe"

Winamp (désinstallation uniquement)-->"D:\Program Files\Winamp\Winamp.exe" /UNINSTALL

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}

Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

WinMorph™ 3.01-->"C:\Program Files\Debugmode\WinMorph\unins000.exe"

WinRAR Archiveur-->C:\Program Files\WinRAR\uninstall.exe

Zuma Deluxe! 1.0-->C:\WINDOWS\iun6002.exe "D:\Jac\Jeux\Zuma\irunin.ini"

System event log

Computer Name: JAC

Event Code: 7000

Message: Le service Microsoft ASPI Manager n'a pas pu démarrer en raison de l'erreur :

Le chemin d'accès spécifié est introuvable.

Record Number: 1506617

Source Name: Service Control Manager

Time Written: 20090128192941.000000+060

Event Type: erreur

User:

Computer Name: JAC

Event Code: 7

Message: Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Record Number: 1506616

Source Name: Disk

Time Written: 20090128192821.000000+060

Event Type: erreur

User:

Computer Name: JAC

Event Code: 7

Message: Le périphérique \Device\Harddisk0\D comporte un bloc défectueux.

Record Number: 1506615

Source Name: Disk

Time Written: 20090128192821.000000+060

Event Type: erreur

User:

Computer Name: JAC

Event Code: 10005

Message: DCOM a reçu l'erreur "%1058" lors de la mise en route du service ImapiService avec les arguments "-Service"

pour démarrer le serveur :

{520CCA63-51A5-11D3-9144-00104BA11C5E}

Record Number: 1506614

Source Name: DCOM

Time Written: 20090128192814.000000+060

Event Type: erreur

User: JAC\Jac34

Computer Name: JAC

Event Code: 6005

Message: Le service d'Enregistrement d'événement a démarré.

Record Number: 1506613

Source Name: EventLog

Time Written: 20090128192803.000000+060

Event Type: Informations

User:

Application event log

Computer Name: JAC

Event Code: 2

Message: Le centre de contrôle de Diskeeper a étEactivE

Service Diskeeper démarré

Record Number: 118182

Source Name: Diskeeper

Time Written: 20090102124356.000000+060

Event Type: Informations

User:

Computer Name: JAC

Event Code: 105

Message: The service was started.

Record Number: 118181

Source Name: ATI Smart

Time Written: 20090102124354.000000+060

Event Type: Informations

User:

Computer Name: JAC

Event Code: 102

Message: msnmsgr (1016) \\.\C:\Documents and Settings\Jac34\Local Settings\Application Data\Microsoft\Messenger\jacques_crespin@hotmail.com\SharingMetadata\Working\database_9EAC_A807_ACA7_D7D3\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).

Record Number: 118180

Source Name: ESENT

Time Written: 20090101194612.000000+060

Event Type: Informations

User:

Computer Name: JAC

Event Code: 100

Message: msnmsgr (1016) Le moteur de base de données 5.01.2600.0000 est démarré.

Record Number: 118179

Source Name: ESENT

Time Written: 20090101194612.000000+060

Event Type: Informations

User:

Computer Name: JAC

Event Code: 101

Message: msnmsgr (1016) Le moteur de base de données est arrêté.

Record Number: 118178

Source Name: ESENT

Time Written: 20090101194420.000000+060

Event Type: Informations

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Fichiers communs\Adaptec Shared\System;C:\Program Files\Diskeeper Corporation\Diskeeper\

"windir"=%SystemRoot%

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 3, GenuineIntel

"PROCESSOR_REVISION"=0303

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Voici le 2ième fichier:

Logfile of random's system information tool 1.05 (written by random/random)

Run by Jac34 at 2009-02-19 17:48:01

Microsoft Windows XP Édition familiale Service Pack 1

System drive C: has 14 GB (28%) free of 51 GB

Total RAM: 1023 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:48:03, on 19/02/2009

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\System32\RunDll32.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Logitech\Video\LogiTray.exe

D:\Program Files\Winamp\Winampa.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

C:\Program Files\TomTom HOME 2\HOMERunner.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Jac34\Bureau\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\Jac34.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.unika.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.fr/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - D:\PROGRA~1\COPERN~1\COPERN~1.DLL

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll

O2 - BHO: (no name) - {ea5fb64b-1ca5-4939-a93a-9e76234b0a67} - (no file)

O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - D:\Program Files\Copernic Agent\CopernicAgentExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\Winampa.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [instantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Chercher avec Copernic Agent - res://D:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - D:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O14 - IERESET.INF: START_PAGE_URL=http://www.unika.com

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://photoservice.fujicolor.de/ips-opdat...ects/jordan.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0555a29464ab54...RdxIE601_fr.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1212580883811

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212581622608

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://charon777.free.fr/plugins/hardwared...on_2_0_4_10.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.asf.fr/AxisCamControl.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{A3949007-B379-4732-9E40-67A8441875CA}: NameServer = 192.168.1.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: awttjdvp - awtTJDVp.dll (file missing)

O23 - Service: Microsoft ASPI Manager (aspimgr) - Pinnacle Systems GmbH - (no file)

O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--

End of file - 9111 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]

SearchSettings Class - C:\Program Files\Search Settings\kb127\SearchSettings.dll [2008-06-12 1111904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ea5fb64b-1ca5-4939-a93a-9e76234b0a67}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - Copernic Agent - D:\Program Files\Copernic Agent\CopernicAgentExt.dll [2004-12-02 1066968]

{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2002-08-30 846364]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-12-12 335872]

"Cmaudio"=RunDll32 cmicnfg.cpl []

"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-05-23 88363]

"PinnacleDriverCheck"=C:\WINDOWS\System32\PSDrvCheck.exe [2003-11-10 406016]

"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe [2004-03-04 172032]

"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]

"DiskeeperSystray"=C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe [2005-11-22 221184]

"SearchSettings"=C:\Program Files\Search Settings\SearchSettings.exe [2008-06-12 991584]

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

"AdaptecDirectCD"=C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe [2006-02-15 684032]

"LogitechGalleryRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2004-02-12 188416]

"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2004-02-12 188416]

"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2004-02-12 77824]

"WinampAgent"=D:\Program Files\Winamp\Winampa.exe [2001-03-07 24576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\System32\ctfmon.exe [2002-08-30 13312]

"InstantTray"=C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe [2003-10-22 746496]

"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-12-09 234856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2003-12-12 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awttjdvp]

awtTJDVp.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{9C0ADB68-353A-61DD-ED09-1D8003A61111}"= []

"{EA5FB64B-1CA5-4939-A93A-9E76234B0A67}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.reg - open - regedit.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-02-19 17:45:57 ----D---- C:\rsit

2009-01-31 15:59:00 ----A---- C:\WINDOWS\System32\unrar.dll

2009-01-31 15:58:57 ----A---- C:\WINDOWS\System32\yv12vfw.dll

2009-01-31 15:58:57 ----A---- C:\WINDOWS\System32\xvidvfw.dll

2009-01-31 15:58:57 ----A---- C:\WINDOWS\System32\xvidcore.dll

2009-01-31 15:58:56 ----A---- C:\WINDOWS\System32\qt-dx331.dll

2009-01-31 15:58:56 ----A---- C:\WINDOWS\System32\dpl100.dll

2009-01-31 15:58:56 ----A---- C:\WINDOWS\System32\divx.dll

2009-01-31 15:58:54 ----A---- C:\WINDOWS\System32\ff_vfw.dll.manifest

2009-01-31 15:58:54 ----A---- C:\WINDOWS\System32\ff_vfw.dll

2009-01-31 15:58:52 ----D---- C:\Program Files\K-Lite Codec Pack

2009-01-26 12:39:14 ----D---- C:\Program Files\Fichiers communs\debugmode

2009-01-26 12:37:24 ----D---- C:\Program Files\Debugmode

======List of files/folders modified in the last 1 months======

2009-02-19 17:46:04 ----D---- C:\WINDOWS\Prefetch

2009-02-19 17:22:49 ----D---- C:\WINDOWS\Temp

2009-02-19 17:22:42 ----D---- C:\Program Files\Mozilla Firefox

2009-02-19 17:22:06 ----D---- C:\WINDOWS\Debug

2009-02-19 14:00:34 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-02-19 13:44:08 ----D---- C:\Documents and Settings\Jac34\Application Data\MailWasherPro

2009-02-19 11:24:40 ----D---- C:\Program Files\eMule

2009-02-19 10:50:50 ----D---- C:\WINDOWS\System32\CatRoot2

2009-02-19 10:49:15 ----D---- C:\WINDOWS

2009-02-19 10:45:17 ----SHD---- C:\WINDOWS\Installer

2009-02-19 10:45:17 ----SHD---- C:\Config.Msi

2009-02-19 10:45:15 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2009-02-18 19:23:16 ----D---- C:\WINDOWS\SoftwareDistribution

2009-02-18 16:43:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-02-18 16:43:15 ----D---- C:\WINDOWS\System32\drivers

2009-02-13 18:52:19 ----D---- C:\Documents and Settings\Jac34\Application Data\Vso

2009-02-13 18:34:23 ----A---- C:\Log.txt

2009-02-13 13:47:09 ----A---- C:\xPos.txt

2009-02-12 18:32:02 ----D---- C:\WINDOWS\system32

2009-02-10 10:47:36 ----D---- C:\WINDOWS\Minidump

2009-02-07 18:40:43 ----RD---- C:\Program Files

2009-02-07 18:00:10 ----D---- C:\WINDOWS\Help

2009-02-05 22:11:35 ----A---- C:\WINDOWS\System32\aswBoot.exe

2009-01-31 15:54:20 ----D---- C:\Documents and Settings\Jac34\Application Data\DivX

2009-01-29 19:35:27 ----A---- C:\Documents and Settings\Jac34\Application Data\Printer.ini

2009-01-26 12:39:14 ----D---- C:\Program Files\Fichiers communs

2009-01-25 09:47:24 ----D---- C:\Program Files\DVDx

2009-01-24 09:35:25 ----D---- C:\Documents and Settings\Jac34\Application Data\CopyToDvd

2009-01-21 18:19:43 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\System32\drivers\aavmker4.sys [2009-02-05 26944]

R1 aswsp;avast! Self Protection; C:\WINDOWS\System32\drivers\aswsp.sys [2009-02-05 114768]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\System32\drivers\aswTdi.sys [2009-02-05 51376]

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\System32\drivers\Cdr4_xp.sys [2007-01-30 2432]

R1 Cdralw2k;Cdralw2k; C:\WINDOWS\System32\drivers\Cdralw2k.sys [2007-01-30 2560]

R1 cdudf_xp;cdudf_xp; C:\WINDOWS\System32\drivers\cdudf_xp.sys [2007-09-01 241280]

R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-02-28 15440]

R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 302000]

R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 72624]

R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-01-26 52224]

R1 pwd_2k;pwd_2k; C:\WINDOWS\System32\drivers\pwd_2k.sys [2006-02-15 144250]

R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2004-03-11 263616]

R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\System32\drivers\UdfReadr_xp.sys [2007-09-01 206464]

R1 vobcom;vobcom; C:\WINDOWS\System32\drivers\vobcom.sys [2001-10-04 9728]

R1 vobiw;vobiw; C:\WINDOWS\System32\drivers\vobiw.sys [2003-08-29 187392]

R2 aswmon2;avast! Standard Shield Support; C:\WINDOWS\System32\drivers\aswmon2.sys [2009-02-05 94032]

R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\System32\drivers\CdaC15BA.SYS []

R2 tmcomm;tmcomm; \??\C:\WINDOWS\System32\drivers\tmcomm.sys []

R3 AgereSoftModem;Creative Modem Blaster DI5733; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2003-05-23 1171648]

R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2007-06-01 96968]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2002-08-30 57344]

R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2003-11-28 11264]

R3 aswrdr;aswRdr; C:\WINDOWS\System32\drivers\aswrdr.sys [2009-02-05 23152]

R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-12-12 647680]

R3 cdrdrv;Cdrdrv; C:\WINDOWS\System32\Drivers\Cdrdrv.sys [2002-12-13 64000]

R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2003-12-12 784832]

R3 dvd_2K;dvd_2K; C:\WINDOWS\System32\drivers\dvd_2K.sys [2006-02-15 25930]

R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]

R3 fhlppppoe;PPPOE/ADSL miniport; C:\WINDOWS\System32\DRIVERS\fhlpppoe.sys [2004-06-04 49200]

R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]

R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]

R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2002-08-30 57984]

R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-02-18 47360]

R3 pepifilter;Volume Adapter; C:\WINDOWS\System32\DRIVERS\lv302af.sys [2004-01-21 5915]

R3 PID_08A0;Labtec WebCam Pro(PID_08A0); C:\WINDOWS\System32\DRIVERS\LV302AV.SYS [2004-01-21 271360]

R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2002-08-29 56832]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2002-08-29 28160]

R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2002-08-30 19328]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-30 51968]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-30 19328]

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-07-09 16384]

S3 DCamUSBSQTECH;Dual-Mode DSC(2770); C:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-01-10 30921]

S3 mmc_2K;mmc_2K; C:\WINDOWS\System32\drivers\mmc_2K.sys [2006-02-15 30662]

S3 MS1000;MS1000; C:\WINDOWS\System32\DRIVERS\MS1000.sys [2008-03-01 5376]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-07-09 10112]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-07-09 10880]

S3 SQTECH905C;DualCamera; C:\WINDOWS\System32\Drivers\Capt905c.sys [2005-06-17 33545]

S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-07-09 14976]

S3 SymEvent;SymEvent; C:\WINDOWS\System32\drivers\SymEvent.sys [2004-03-04 82832]

S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2004-03-11 16288]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]

S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswupdsv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2003-12-12 397312]

R2 avast! antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]

R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\System32\drivers\CDAC11BA.EXE [2006-01-28 54784]

R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2005-11-23 765952]

R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-10 38912]

R3 avast! mail scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]

R3 avast! web scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]

S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2003-12-12 516096]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------

C'est long mais j'espère que c'est parlant pour toi !!!

Falkra · le 19 février 2009

Ton système n'est pas à jour (XP SP1 ! il faudra passer au SP3 d'urgence après le nettoyage) et est très vulnérable.

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

Double-clique maintenant sur le fichier téléchargé.
Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
Choisis maintenant l'option (Recherche). Patiente jusqu'à la fin de la recherche.
Poste le rapport généré. (C:\TB.txt)

Jac34 · le 20 février 2009

Bonjour,

Voici le rapport:

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 1

X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.00GHz )

BIOS : Phoenix - AwardBIOS v6.00PG

USER : Jac34 ( Administrator )

BOOT : Normal boot

C:\ (Local Disk) - NTFS - Total:50 Go (Free:13 Go)

D:\ (Local Disk) - NTFS - Total:100 Go (Free:66 Go)

E:\ (CD or DVD)

F:\ (CD or DVD)

G:\ (CD or DVD)

I:\ (USB)

J:\ (USB)

K:\ (USB)

L:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [1] ( 20/02/2009| 9:46 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\Jac34\APPLIC~1\Search Settings

C:\DOCUME~1\Jac34\APPLIC~1\Search Settings\kb127

C:\DOCUME~1\Jac34\APPLIC~1\Search Settings\kb127\res

C:\DOCUME~1\Jac34\APPLIC~1\Search Settings\kb127\temp

C:\DOCUME~1\Jac34\APPLIC~1\Search Settings\kb127\temp\ws-14292.log

C:\DOCUME~1\Jac34\APPLIC~1\Search Settings\kb127\temp\ws-14293.log

C:\DOCUME~1\Jac34\APPLIC~1\Search Settings\kb127\temp\ws-14294.log

C:\DOCUME~1\Jac34\APPLIC~1\Search Settings\kb127\temp\ws-14295.log

C:\Program Files\Search Settings

C:\Program Files\Search Settings\kb127

C:\Program Files\Search Settings\SearchSettings.exe

C:\Program Files\Search Settings\kb127\res

C:\Program Files\Search Settings\kb127\SearchSettings.dll

C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll

C:\Program Files\Search Settings\kb127\temp

C:\WINDOWS\iun6002.exe

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.yahoo.fr/"

"Search Page"="http://home.microsoft.com/access/allinone.asp"

"Search Bar"="http://g.msn.fr/0SEFRFR/SAOS02"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://www.unika.com"

"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Search Page"="http://www.google.com"'>http://www.google.com"

"Start Page"="http://www.google.com"

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

1 - "C:\ToolBar SD\TB_1.txt" - 20/02/2009| 9:48 - Option : [1]

-----------\\ Fin du rapport a 9:48:55,20

Falkra · le 20 février 2009

Relance Toolbar-S&D. Choisis cette fois l'option "suppression" puis valide en appuyant sur "Entrée".

! Ne ferme pas la fenêtre lors de la suppression !

Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.

Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."

Tape explorer puis valide.

Jac34 · le 20 février 2009

Bonsoir,

voici le rapport:

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 1

X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.00GHz )

BIOS : Phoenix - AwardBIOS v6.00PG

USER : Jac34 ( Administrator )

BOOT : Normal boot

C:\ (Local Disk) - NTFS - Total:50 Go (Free:13 Go)

D:\ (Local Disk) - NTFS - Total:100 Go (Free:66 Go)

E:\ (CD or DVD)

F:\ (CD or DVD)

G:\ (CD or DVD)

I:\ (USB)

J:\ (USB)

K:\ (USB)

L:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [2] ( 20/02/2009|19:08 )

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\Jac34\APPLIC~1\Search Settings\kb127

Supprime! - C:\Program Files\Search Settings\kb127

Supprime! - C:\Program Files\Search Settings\SearchSettings.exe

Supprime! - C:\WINDOWS\iun6002.exe

Supprime! - C:\DOCUME~1\Jac34\APPLIC~1\Search Settings

Supprime! - C:\Program Files\Search Settings

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.yahoo.fr/"

"Search Page"="http://home.microsoft.com/access/allinone.asp"

"Search Bar"="http://g.msn.fr/0SEFRFR/SAOS02"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://www.unika.com"

"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Search Page"="http://www.google.com"

"Start Page"="http://www.msn.com/"

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

1 - "C:\ToolBar SD\TB_1.txt" - 20/02/2009| 9:48 - Option : [1]

2 - "C:\ToolBar SD\TB_2.txt" - 20/02/2009|19:10 - Option : [2]

-----------\\ Fin du rapport a 19:10:23,60

Falkra · le 20 février 2009

Bien, une saleté de moins.

Poste un nouveau rapport HijackThis stp.

Jac34 · le 20 février 2009

Voici le log:

Logfile of random's system information tool 1.05 (written by random/random)

Run by Jac34 at 2009-02-20 19:54:34

Microsoft Windows XP Édition familiale Service Pack 1

System drive C: has 14 GB (28%) free of 51 GB

Total RAM: 1023 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:54:36, on 20/02/2009

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\System32\RunDll32.exe

C:\WINDOWS\AGRSMMSG.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Logitech\Video\LogiTray.exe

D:\Program Files\Winamp\Winampa.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe

C:\Program Files\TomTom HOME 2\HOMERunner.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Program Files\Firetrust\MailWasher Pro\MailWasher.exe