Windows ne trouve pas ‘C: \WINDOWS\system32\rundll32.exe’

bonjours

impossible de supprimer un programme, impossible de lancer une recherche. quand vous cliquez sur un programme dans le panneau de configuration, ce message apparait:

« Windows ne trouve pas ‘C: \WINDOWS\system32\rundll32.exe’. Vérifiez que vous avez entrez le nom correctement et essayez à nouveau. Pour rechercher un fichier cliquer sur le bouton démarrer puis sur Rechercher » 
svp aidez moi

Salut charrynsasi


Quel programme veux-tu désinstaller?

Télécharge RSIT (de random/random) sur le bureau ici :
http://images.malwareremoval.com/random/RSIT.exe

- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenue des deux rapports, log.txt et info.txt à la fin de l’analyse


@++

bonjours dedetraque et merci pour votre bonne foi
je vais vous envoyer le rapport demain car la machine dont je suis connecté n'est pas la notre.
je travail dans un cyber café
merci

Salut charrynsasi


A demain alors


@++

bonjours dedetraque
pour acceder a tous les programmes de configuration au niveau du panneau de configuration, et quand vous cliquer dessus ce message apparait.
excusez mpoi pour ce petit retard de post.

voici le resulat de log.txt:

Logfile of random's system information tool 1.04 (written by random/random)
Run by famille at 2008-10-24 23:45:36
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 8 GB (21%) free of 38 GB
Total RAM: 575 MB (50% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Maintenance en 1 clic.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{58525551-538D-404B-B429-1DFAFF1A737D}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{341116E2-9CC4-4A6E-9303-4819C84846DE}]
iebho surf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-08-25 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2e2b2a6-dcd6-41ac-9188-1e1fd9136264}]
CodecPlugin Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CFB25594-4D5F-11D6-AB7B-00B0D094B576} - Systran40premi.IEPlugIn - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll [2002-04-12 65536]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-08-25 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-07 53248]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2005-08-03 163840]
"AudioDeck"=C:\Program Files\VIAudioi\SBADeck\ADeck.exe [2005-04-08 512000]
"DiskeeperSystray"=C:\Program Files\Executive Software\Diskeeper\DkIcon.exe [2005-07-26 184408]
"USB Storage Toolbox"=C:\Program Files\USB Disk Win98 Driver\Res.EXE [2005-09-14 65536]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
""=C:\WINDOWS\system\KEYBOARD.exe [2008-02-12 225280]
"Horloge Parlante ZMSoft"=C:\ZMSoft\HParlant\HParlante.exe [2006-11-07 658944]
"chiCkie"=C:\WINDOWS\inf\chiCkie.exe [2008-02-12 445952]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"sys"=C:\WINDOWS\Fonts\Fonts.exe [2008-02-12 225280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]
"I just want to say I love Milko and I need a drink"=C:\Documents and Settings\famille\Local Settings\Application Data\svchost.exe [2008-02-12 445952]
"L08FXLRD_1982546"=C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE [2007-06-12 351000]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Raccourci vers Démarrage

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoRun"=1
"NoFind"=1
"NoLogOff"=1
"NoSetFolders"=1
"DisallowRun"=0
"NoDriveAutoRun"=4294967295
"NoFolderOptions"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Disabled:eMule"
"C:\Program Files\ABC\abc.exe"="C:\Program Files\ABC\abc.exe:*:Disabled:abc"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe:*:Disabled:Nero Home"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Disabled:Ares p2p for windows"
"C:\Program Files\Fichiers communs\Nero\Nero Web\SetupX.exe"="C:\Program Files\Fichiers communs\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{055e9659-8744-11dd-aaca-0013d3cc33c8}]
shell\AutoRun\command - 6.bat
shell\explore\command - 6.bat
shell\open\command - 6.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05fa9d92-5122-11dd-a9c6-0013d3cc33c8}]
shell\AutoRun\command - J:\0u.cmd
shell\explore\command - J:\0u.cmd
shell\open\command - J:\0u.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ade98ea-512c-11dd-a9c7-0013d3cc33c8}]
shell\AutoRun\command - kg2v.com
shell\explore\command - kg2v.com
shell\open\command - kg2v.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{368c9f60-99ec-11dd-ab31-0013d3cc33c8}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MS-DOS.com
shell\Explore\command - F:\MS-DOS.com
shell\Open\command - F:\MS-DOS.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{373386e2-83d8-11dd-aab8-0013d3cc33c8}]
shell\AutoRun\command - F:\22xo.exe
shell\explore\command - F:\22xo.exe
shell\open\command - F:\22xo.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{582a8497-59c5-11dd-a9e5-0013d3cc33c8}]
shell\AutoRun\command - F:\wak.cmd
shell\explore\command - F:\wak.cmd
shell\open\command - F:\wak.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{582a849c-59c5-11dd-a9e5-0013d3cc33c8}]
shell\AutoRun\command - H:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{582a849d-59c5-11dd-a9e5-0013d3cc33c8}]
shell\AutoRun\command - I:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5eef747b-9c48-11dd-ab3e-0013d3cc33c8}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MS-DOS.com
shell\Explore\command - H:\MS-DOS.com
shell\Open\command - H:\MS-DOS.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77b026bc-57dc-11dd-a9df-0013d3cc33c8}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MS-DOS.com
shell\Explore\command - MS-DOS.com
shell\Open\command - MS-DOS.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f9cb45b-8ef3-11dd-aaff-0013d3cc33c8}]
shell\AutoRun\command - F:\t1ypkh.exe
shell\explore\command - F:\t1ypkh.exe
shell\open\command - F:\t1ypkh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82934c80-68fe-11dd-aa33-0013d3cc33c8}]
shell\AutoRun\command - I:\9mf.exe
shell\explore\command - I:\9mf.exe
shell\open\command - I:\9mf.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9339518f-7c0f-11dd-aa8c-0013d3cc33c8}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MS-DOS.com
shell\Explore\command - H:\MS-DOS.com
shell\Open\command - H:\MS-DOS.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96392500-63fc-11dd-aa17-0013d3cc33c8}]
shell\AutoRun\command - 1weicxa.com
shell\explore\command - 1weicxa.com
shell\open\command - 1weicxa.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b452ebcd-5895-11dd-a9e1-0013d3cc33c8}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MS-DOS.com
shell\Explore\command - H:\MS-DOS.com
shell\Open\command - H:\MS-DOS.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b64612e0-815e-11dd-aaab-0013d3cc33c8}]
shell\AutoRun\command - F:\1t6yxlxx.cmd
shell\explore\command - F:\1t6yxlxx.cmd
shell\open\command - F:\1t6yxlxx.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0243286-9af2-11dd-ab35-0013d3cc33c8}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c579038c-67d6-11dd-aa2d-0013d3cc33c8}]
shell\AutoRun\command - F:\wak.cmd
shell\explore\command - F:\wak.cmd
shell\open\command - F:\wak.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd8576da-5371-11dd-a9ce-0013d3cc33c8}]
shell\AutoRun\command - F:\1weicxa.com
shell\explore\command - F:\1weicxa.com
shell\open\command - F:\1weicxa.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce63304d-5117-11dd-a9c5-0013d3cc33c8}]
shell\AutoRun\command - 0u.cmd
shell\explore\command - 0u.cmd
shell\open\command - 0u.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0881c44-535f-11dd-a9cc-0013d3cc33c8}]
shell\AutoRun\command - F:\1t6yxlxx.cmd
shell\explore\command - F:\1t6yxlxx.cmd
shell\open\command - F:\1t6yxlxx.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1dd43dd-87f7-11dd-aacb-0013d3cc33c8}]
shell\AutoRun\command - H:\1t6yxlxx.cmd
shell\explore\command - H:\1t6yxlxx.cmd
shell\open\command - H:\1t6yxlxx.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d649f72d-9ec1-11dd-ab4a-0013d3cc33c8}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MS-DOS.com
shell\Explore\command - MS-DOS.com
shell\Open\command - MS-DOS.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de89c91b-979a-11dd-ab23-0013d3cc33c8}]
shell\AutoRun\command - F:\2ifetri.cmd
shell\explore\command - F:\2ifetri.cmd
shell\open\command - F:\2ifetri.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfa3d92c-646f-11dd-aa1a-0013d3cc33c8}]
shell\AutoRun\command - I:\xmnm2.cmd
shell\explore\command - I:\xmnm2.cmd
shell\open\command - I:\xmnm2.cmd


======File associations======

.reg - open - C:\WINDOWS\pchealth\Global.exe
.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2036-02-07 02:58:15 ----RD---- C:\VIDEO_TS
2036-02-07 02:58:15 ----RD---- C:\AUDIO_TS
2008-10-24 23:45:36 ----D---- C:\rsit
2008-10-24 22:43:19 ----D---- C:\Program Files\Alwil Software
2008-10-24 22:21:59 ----D---- C:\Program Files\trend micro
2008-10-24 21:08:13 ----RASH---- C:\MS-DOS.com
2008-10-24 21:08:06 ----RASH---- C:\WINDOWS\system32\regedit.exe
2008-10-22 21:49:02 ----HD---- C:\$AVG8.VAULT$
2008-10-22 21:29:31 ----D---- C:\Program Files\AVG
2008-10-22 21:00:11 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-10-22 21:00:07 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-10-22 21:00:05 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-10-22 21:00:04 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-10-22 21:00:01 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-10-22 21:00:01 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-10-22 21:00:00 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-10-22 06:54:32 ----D---- C:\Program Files\Microsoft Picture It! 7
2008-10-19 07:48:20 ----D---- C:\Mes documents
2008-10-17 15:43:16 ----A---- C:\WINDOWS\_profsect_0001.tmp
2008-10-17 15:25:08 ----D---- C:\Documents and Settings\famille\Application Data\IMSI
2008-10-17 15:22:51 ----D---- C:\Program Files\Common Files
2008-10-17 15:22:51 ----D---- C:\Documents and Settings\All Users\Application Data\IMSI
2008-10-17 15:20:55 ----D---- C:\Program Files\TurboCAD Professionnel v11.2 Setup
2008-10-12 21:38:35 ----D---- C:\EP6E
2008-10-11 15:22:43 ----D---- C:\Program Files\Component Factory Pty Ltd
2008-10-11 15:22:42 ----D---- C:\Documents and Settings\famille\Application Data\Component Factory
2008-10-05 00:40:34 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-05 00:40:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-10-05 00:39:55 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-10-04 06:55:28 ----SHD---- C:\Sites Favoris
2008-10-04 06:55:28 ----SHD---- C:\Downloads
2008-10-03 14:17:41 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-10-03 01:40:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-28 08:27:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-27 11:49:30 ----D---- C:\Program Files\Free Download Manager
2008-09-27 10:32:10 ----D---- C:\Documents and Settings\All Users\Application Data\Avanquest Software

======List of files/folders modified in the last 1 months======

2008-10-24 23:40:25 ----D---- C:\Documents and Settings\famille\Application Data\TeraCopy
2008-10-24 23:39:42 ----D---- C:\WINDOWS\Prefetch
2008-10-24 23:33:35 ----D---- C:\WINDOWS\Temp
2008-10-24 23:26:49 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-24 23:19:26 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-24 23:12:47 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-24 22:49:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-24 22:48:08 ----D---- C:\WINDOWS\system32
2008-10-24 22:43:19 ----D---- C:\Program Files
2008-10-24 22:36:00 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-24 22:35:03 ----D---- C:\WINDOWS\system32\drivers
2008-10-24 22:35:03 ----D---- C:\WINDOWS
2008-10-24 22:35:02 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-24 22:08:05 ----D---- C:\Program Files\Mozilla Firefox
2008-10-24 21:08:07 ----SHDC---- C:\WINDOWS\system32\dllcache
2008-10-24 21:08:07 ----D---- C:\WINDOWS\Cursors
2008-10-24 21:08:06 ----RSD---- C:\WINDOWS\Fonts
2008-10-24 21:08:06 ----D---- C:\WINDOWS\system
2008-10-24 21:08:06 ----D---- C:\WINDOWS\pchealth
2008-10-24 21:08:06 ----D---- C:\WINDOWS\Media
2008-10-24 21:08:06 ----D---- C:\WINDOWS\Help
2008-10-22 21:29:31 ----SHD---- C:\WINDOWS\Installer
2008-10-22 21:28:59 ----HD---- C:\Config.Msi
2008-10-22 21:00:12 ----HD---- C:\WINDOWS\inf
2008-10-22 21:00:00 ----RSD---- C:\WINDOWS\assembly
2008-10-22 20:59:33 ----D---- C:\WINDOWS\system32\DirectX
2008-10-22 07:06:21 ----A---- C:\WINDOWS\ModemLog_Motorola USB Modem #3.txt
2008-10-22 06:55:33 ----D---- C:\ASAP
2008-10-21 22:06:15 ----D---- C:\Program Files\Pool 'm Up
2008-10-20 09:45:29 ----D---- C:\Documents and Settings\famille\Application Data\KIMS
2008-10-19 17:37:12 ----D---- C:\Documents and Settings\famille\Application Data\Image Zone Express
2008-10-19 08:24:39 ----D---- C:\WINDOWS\system32\NtmsData
2008-10-19 07:46:01 ----D---- C:\WINDOWS\repair
2008-10-19 07:45:54 ----D---- C:\WINDOWS\Registration
2008-10-18 07:49:07 ----A---- C:\WINDOWS\ModemLog_Motorola USB Modem.txt
2008-10-17 15:26:27 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-17 15:22:51 ----D---- C:\Program Files\IMSI
2008-10-16 22:09:07 ----A---- C:\WINDOWS\win.ini
2008-10-16 19:52:35 ----D---- C:\Program Files\Zuma Deluxe
2008-10-14 21:56:19 ----A---- C:\WINDOWS\impborl.dll
2008-10-14 21:56:19 ----A---- C:\WINDOWS\flashax.exe
2008-10-14 09:17:44 ----SD---- C:\Documents and Settings\famille\Application Data\Microsoft
2008-10-14 07:34:05 ----A---- C:\WINDOWS\ModemLog_Motorola USB Modem #2.txt
2008-10-14 06:07:24 ----SHD---- C:\System Volume Information
2008-10-14 06:07:24 ----D---- C:\WINDOWS\system32\Restore
2008-10-11 15:24:08 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-05 00:40:35 ----D---- C:\WINDOWS\WinSxS
2008-10-05 00:40:21 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-05 00:40:18 ----A---- C:\WINDOWS\imsins.BAK
2008-10-04 06:38:50 ----A---- C:\WINDOWS\ModemLog_Qualcomm USB CDC Modem (PID 3100).txt
2008-10-04 05:14:03 ----D---- C:\WINDOWS\system32\config
2008-10-03 22:01:26 ----D---- C:\Documents and Settings\famille\Application Data\Adobe
2008-10-03 14:57:14 ----D---- C:\Program Files\PCHealthCenter
2008-09-29 07:16:47 ----SHD---- C:\memoires gaylord
2008-09-29 07:16:47 ----SHD---- C:\Lecteur RSS
2008-09-26 23:45:43 ----RD---- C:\WINDOWS\Web

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 eusk2par;EUTRON SmartKey Parallel Driver; \??\C:\WINDOWS\system32\Drivers\eusk2par.sys []
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 MarxDev1;MarxDev1; C:\WINDOWS\system32\drivers\MarxDev1.sys [2001-05-28 8864]
R2 MarxDev2;MarxDev2; C:\WINDOWS\system32\drivers\MarxDev2.sys [2001-05-28 8864]
R2 MarxDev3;MarxDev3; C:\WINDOWS\system32\drivers\MarxDev3.sys [2001-05-28 8864]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 MMRTKRNL;MMRTKRNL; C:\WINDOWS\system32\drivers\mmrtkrnl.sys [2001-11-05 32960]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-05 20480]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2005-08-10 237312]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2005-04-08 179968]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-05 14848]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-05 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 qccdcmdm0;Qualcomm USB CDC Driver (PID 3100); C:\WINDOWS\system32\DRIVERS\qcusbmdm.sys [2004-11-02 64384]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-05 31616]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbsermpt;Motorola USB Modem Driver for MPT; C:\WINDOWS\system32\DRIVERS\usbsermpt.sys [2008-07-14 22768]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-05 73600]
S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Diskeeper;Diskeeper; C:\Program Files\Executive Software\Diskeeper\DkService.exe [2005-07-26 606316]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 SQLWriter;Enregistreur VSS SQL Server; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2004-08-05 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-07-19 72704]
S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2007-03-20 263168]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe [2008-08-23 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-25 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-13 306432]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

-----------------EOF-----------------
et voici le resultat de info.txt:
info.txt logfile of random's system information tool 1.04 2008-10-24 23:45:38

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
40 leçons pour parler anglais-->C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\HAVAS Poche\40 leçons pour parler anglais\ST5UNST.LOG"
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-040C-2E257A25E34D}
Adobe Reader 8 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A80000000002}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
Alcohol 120%-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
Archicad 9 International-->C:\PROGRA~1\ARCHIC~1\ARCHIC~1\UNWISE.EXE C:\PROGRA~1\ARCHIC~1\ARCHIC~1\INSTALL.LOG
Ares 2.0.9-->"C:\Program Files\Ares\uninstall.exe"
AutoCAD Architecture 2008-->C:\Program Files\AutoCAD Architecture 2008\Setup\Setup.exe /P {5783F2D7-6004-0409-0002-0060B0CE6BBA} /M ACAD
Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Biblia Universalis-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\Biblia Universalis\DeIsL1.isu" -c"C:\Program Files\Biblia Universalis\_ISREG32.DLL"
BPM-Studio 4 Profi-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ALCATech\BPM-Studio Profi\DeIsL1.isu" -c"C:\Program Files\ALCATech\BPM-Studio Profi\_ISREG32.DLL"
Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007-->MsiExec.exe /X{90120000-00B2-040C-0000-0000000FF1CE}
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Diskeeper Professional Edition-->MsiExec.exe /X{DBCD6910-F929-4D46-B867-3EBEA4A1D409}
Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)-->MsiExec.exe /X{3380F354-C5F7-4E71-8F51-EEE6C3F06C62}
foXta Demo-->MsiExec.exe /I{A98A6F82-5353-11D4-B00B-00104BA70D95}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"H:\Downloads\Soft\HijackThis.exe" /uninstall
Horloge Parlante 4.0.0.2-->C:\ZMSoft\HParlant\Uninstal.exe
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
HP Extended Capabilities 5.3-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
ICAB Force 5.2-->C:\WINDOWS\IsUninst.exe -fC:\ICAB\Uninst.isu
Krypton Toolkit 3.0.0-->MsiExec.exe /I{74E68FB9-383E-4560-95AE-1771F0972D1B}
Learn to Speak English Essentials 9.5-->MsiExec.exe /I{A05AC7E6-86DF-407E-A642-EA41CD34DF3C}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta 2008 - Études-->MsiExec.exe /I{08181881-FCA5-44A7-B863-D66037A16AAF}
Microsoft Encarta Maths-->MsiExec.exe /I{07183840-959A-4B0D-8825-2C533F0DDB19}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft SQL Server 2005 (SQLEXPRESS)-->MsiExec.exe /I{16BBCDA8-C8E0-4E39-9D95-1E3274917D22}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{9C7E944F-4502-40B8-A0AB-66B2FA9EE829}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{75FF1600-6330-43FA-9022-E0835BF20778}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Basic 2005 Express - FRA-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Basic 2005 Express Edition - FRA\setup.exe
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual Web Developer 2005 Express - FRA-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Web Developer 2005 Express Edition - FRA\setup.exe
Microsoft Visual Web Developer 2005 Express Edition - FRA-->MsiExec.exe /X{C9301CC8-66FD-4040-9C9B-B850E8DFA70A}
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Motorola Phone Tools-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x40c -removeonly
Mozilla Firefox (1.5)-->C:\WINDOWS\UninstallFirefox.exe /ua "1.5 (fr)"
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{1787603C-E6E3-42D4-8034-55F358486F1D}
Nero 7 Demo-->MsiExec.exe /I{84B2CF01-194D-2284-B313-F2E0D78D1036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Parlons Anglais 9.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD922165-12A6-11D7-B585-00C04F4351FF}\setup.exe" -l0x40c
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RocketDock-->C:\Program Files\RocketDock\Uninst.exe
SPMP3050 Transcoding Tool-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBF6F373-236E-49EE-9A07-0F67B4EAC8E8}\setup.exe" -l0x9 -removeonly
Systran Professional Premium 4.0-->C:\WINDOWS\unvise32.exe C:\Program Files\Systran\4_0\Premium\uninstal.log
TeraCopy 2.0 beta 3-->"C:\Program Files\TeraCopy\unins000.exe"
Total Video Converter 3.12 080325-->"C:\Program Files\Total Video Converter\unins000.exe"
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
TurboCAD Professionnel v11.2-->MsiExec.exe /I{E0C8A104-C12C-4223-AEC6-19D0BA0B7007}
USB Disk Win98 Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}\Setup.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VIA Vinyl Audio Codecs Driver Setup Program-->RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -y-f"C:\PROGRA~1\VIAudioi\SBASetup\Uninst.isu"
VIA/S3G Display Driver-->C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns
VideoLAN VLC media player 0.8.6h-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Zuma Deluxe RA-->C:\PROGRA~1\ZUMADE~1\UNWISE.EXE C:\PROGRA~1\ZUMADE~1\INSTALL.LOG

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 080826-0] (outdated)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Fichiers communs\Adobe\AGL;C:\Program Files\Executive Software\Diskeeper\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Salut charrynsasi


Tu as plusieurs infection sur ce PC, télécharge et installe MalwareByte's Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

- Mets le à jour

---

- Redémarre en mode sans échec :

Au redémarrage de ton PC tapote sur la touche F8 ou F5 sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session habituelle et non la session Administrateur

---

- Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
- Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
- clique sur Rechercher

- Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

- Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

- Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

- Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

Tutoriel pour MalwareByte's ici :
http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php

-----


Télécharge Hijackthis V 2.02 sur le bureau :

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe


- Double clique sur HJTInstall.exe sur le bureau

- Clique sur Install ensuite sur I Accept

- ferme toutes les fenêtres, HJT doit être exécuté seul (tout autre programme fermé).

- double clique sur le raccourci d'HijackThis sur ton Bureau
(Pour Vista, clique droit sur le raccourci d'HijackThis sur ton Bureau, puis "Exécuter en tant qu'administrateur".
- et clique sur Do a system scan and save a logfile pour lancer le scan

Quand le rapport apparaît dans le bloc note, allez dans Edition, puis Sélectionner Tout, le texte est alors sélectionné, retourne dans Edition toujours en laissant le texte sélectionné, et cliquez sur copier.

Dans ta prochaine réponse, faire un clic droit et coller, je procéderai a son analyse.
Ferme le bloc note et la fenêtre de HJT


Aide : http://forum.telecharger.01net.com/microhebdo/questions-techniques-diverses/t(...)

@++

Bonjours dedetraqué
Un grand merci de votre part, j’ai lancé l’un des programmes du panneau de configuration après l’analyse complète de la machine et le résultat a été impeccable sauf que le bouton rechercher ne fonctionne toujours
Le bouton exécuter apparait seulement pendant 2 secondes et disparait.

Voici le rapport du MalwareByte's :

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1306
Windows 5.1.2600 Service Pack 2

29/10/2008 21:44:23
mbam-log-2008-10-29 (21-44-23).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 177539
Temps écoulé: 1 hour(s), 51 minute(s), 49 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 27
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\codecbho.codecplugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.codecplugin.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\jungle (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolie.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7bb12b03-3c94-4b92-9ec8-5a0b049669a9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{99ad8bfc-79f6-4a22-99a2-b96617ab962a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9d9471f0-b58c-49d2-8b6c-0472917a6ca0} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ac465e6f-5655-4f62-82c9-de86c20a8bd3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e2e2b2a6-dcd6-41ac-9188-1e1fd9136264} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{19728c36-4bff-4c3e-a42d-1f8fec979ec7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{341116e2-9cc4-4a6e-9303-4819c84846de} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{15c7d7ad-a87a-4c0d-9d8b-637fcd3488ef} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{dbc4edfe-2910-4baa-bb49-a733eac52cd4} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2e2b2a6-dcd6-41ac-9188-1e1fd9136264} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{341116e2-9cc4-4a6e-9303-4819c84846de} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\CodecBHO.DLL (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RichVideoCodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRun.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\i just want to say i love milko and i need a drink (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (C:\WINDOWS\pchealth\Global.exe) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun (Hijack.Run) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\RichVideoCodec (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E} (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\Recycler.{645FF040-5081-101B-9F08-00AA002F954E}\system.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\c.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\famille\Local Settings\Application Data\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Et en fin le rapport de HJTInstall :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:46, on 29/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\ZMSoft\HParlant\HParlante.exe
C:\WINDOWS\inf\chiCkie.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\system\KEYBOARD.exe
O4 - HKLM\..\Run: [Horloge Parlante ZMSoft] C:\ZMSoft\HParlant\HParlante.exe
O4 - HKLM\..\Run: [chiCkie] C:\WINDOWS\inf\chiCkie.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ImageDrive-{0CFE4D98-44D7-4542-9842-B924978C2A4F}] C:\Program Files\Nero\Nero 7\Nero ImageDrive\ImageDrive.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [L08FXLRD_1982546] "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m
O4 - HKLM\..\Policies\Explorer\Run: [sys] C:\WINDOWS\Fonts\Fonts.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Raccourci vers Démarrage
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6525 bytes

Salut charrynsasi


Important Désactive ton Antivirus et antispyware avant le scan avec Combofix :
http://forum.pcastuces.com/desactiver_les_protections_residentes-f31s4.htm


Télécharge combofix.exe (de sUBs) sur le bureau :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe


==> Sauvegarde et ferme toutes les fenêtres actives, il peut y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n’est pas fini. <==

Double clique sur combofix.exe, clique sur OUI et valide par Entrée

Il te sera demandé d’installer la console si elle n’est pas installer, clique sur NON

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\ Combofix.txt

Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure


@++

Salut dedetraqué

je ne sais pas comment vous remercier.

le programme a marché sans probleme et à la fin du scan, j'ai redemaré la machine et le resultat
a ete impeccable ( le bouton rechercher fonctionne correctement) sauf que le bouton executer
apparait toujours pendant 2 secones mais ce n'est pas grave.

bonne journnée à toi et que le Seigneur vous benisse.

@++

voici le resultat de combofix:


ComboFix 08-11-01.01 - famille 2008-11-01 23:23:23.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.228 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\famille\Bureau\ComboFix.exe

[B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\famille\Local Settings\Temporary Internet Files\artmod_jewel_expand.GIF
C:\Documents and Settings\famille\Local Settings\Temporary Internet Files\t641945a.jpg
C:\Documents and Settings\famille\Menu Démarrer\VIP Casino.url
C:\WINDOWS\Cursors\Boom.vbs
C:\WINDOWS\Help\Microsoft.hlp
C:\WINDOWS\Media\rndll32.pif
C:\WINDOWS\pchealth\Global.exe
C:\WINDOWS\system\KEYBOARD.exe
C:\WINDOWS\system32\dllcache\Default.exe
C:\WINDOWS\system32\dllcache\Global.exe
C:\WINDOWS\system32\dllcache\rndll32.exe
C:\WINDOWS\system32\dllcache\tskmgr.exe
C:\WINDOWS\system32\drivers\drivers.cab.exe
C:\WINDOWS\system32\mdm.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-01 au 2008-11-01 ))))))))))))))))))))))))))))))))))))
.

2036-02-07 02:58 . 2008-07-29 22:24 <REP> dr------- C:\VIDEO_TS
2036-02-07 02:58 . 2036-02-07 02:58 <REP> dr------- C:\AUDIO_TS
2008-11-01 23:03 . 2008-11-01 23:26 <REP> d-------- C:\Documents and Settings\famille\Application Data\Free Download Manager
2008-11-01 23:03 . 2008-11-01 23:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-10-31 09:51 . 2008-10-31 09:51 <REP> d-------- C:\tmp
2008-10-31 09:49 . 2008-10-31 09:49 <REP> d-------- C:\YouTubeGet
2008-10-30 21:10 . 2008-10-30 21:10 <REP> d-------- C:\Eidos
2008-10-29 23:11 . 2008-10-29 23:11 <REP> d-------- C:\Program Files\RocketDock
2008-10-29 22:16 . 2008-10-29 22:25 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-29 22:16 . 2008-10-29 22:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-29 22:05 . 2008-10-29 22:05 <REP> d-------- C:\Program Files\P2P_Energy
2008-10-29 22:05 . 2008-10-29 22:05 <REP> d-------- C:\Program Files\Conduit
2008-10-29 22:04 . 2008-10-29 22:09 <REP> d-------- C:\Program Files\Morpheus Music
2008-10-29 19:46 . 2008-10-29 19:46 <REP> d-------- C:\Documents and Settings\famille\Application Data\Malwarebytes
2008-10-29 19:45 . 2008-10-29 19:46 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-29 19:45 . 2008-10-29 19:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-29 19:45 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-29 19:45 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-28 18:01 . 2008-10-28 18:01 <REP> d-------- C:\Program Files\Boonty
2008-10-28 17:50 . 2005-08-27 02:38 1,435,272 --a------ C:\WINDOWS\system32\Flash.ocx
2008-10-28 17:50 . 2004-03-08 23:00 131,856 --a------ C:\WINDOWS\system32\MSADODC.ocx
2008-10-28 17:50 . 2000-12-05 23:00 109,248 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-10-28 17:50 . 2000-07-15 05:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-10-27 06:32 . 2005-10-20 05:59 81,920 --a------ C:\WINDOWS\system32\ImageDrive.cpl
2008-10-24 22:43 . 2008-10-24 22:43 <REP> d-------- C:\Program Files\Alwil Software
2008-10-24 22:21 . 2008-10-29 21:49 <REP> d-------- C:\Program Files\trend micro
2008-10-24 21:08 . 2008-02-12 17:32 225,280 -rahsc--- C:\WINDOWS\system32\dllcache\svchost.exe
2008-10-22 21:49 . 2008-10-24 18:37 <REP> d--h----- C:\$AVG8.VAULT$
2008-10-22 21:29 . 2008-10-22 21:29 <REP> d-------- C:\Program Files\AVG
2008-10-22 21:18 . 2008-10-22 21:18 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\TuneUp Software
2008-10-22 21:00 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-10-22 21:00 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-10-22 21:00 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-10-22 21:00 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-10-22 21:00 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-10-22 21:00 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-10-22 21:00 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-10-22 06:54 . 2008-10-22 06:54 <REP> d-------- C:\Program Files\Microsoft Picture It! 7
2008-10-22 06:23 . 2008-10-22 06:23 3,072 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-10-17 15:43 . 2008-10-17 15:43 1,032 --a------ C:\WINDOWS\_profsect_0001.tmp
2008-10-17 15:25 . 2008-10-17 15:25 <REP> d-------- C:\Documents and Settings\famille\Application Data\IMSI
2008-10-17 15:22 . 2008-10-17 15:22 <REP> d-------- C:\Program Files\Common Files
2008-10-17 15:22 . 2008-10-17 15:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IMSI
2008-10-17 15:20 . 2008-10-17 15:21 <REP> d-------- C:\Program Files\TurboCAD Professionnel v11.2 Setup
2008-10-12 21:38 . 2008-10-12 21:38 <REP> d-------- C:\EP6E
2008-10-11 15:22 . 2008-10-11 15:22 <REP> d-------- C:\Program Files\Component Factory Pty Ltd
2008-10-11 15:22 . 2008-10-11 15:22 <REP> d-------- C:\Documents and Settings\famille\Application Data\Component Factory
2008-10-04 06:55 . 2008-10-04 06:55 <REP> d--hs---- C:\Sites Favoris
2008-10-04 06:55 . 2008-10-06 18:38 <REP> d--hs---- C:\Downloads

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-01 22:21 --------- d-----w C:\Documents and Settings\famille\Application Data\TeraCopy
2008-11-01 22:03 --------- d-----w C:\Program Files\Free Download Manager
2008-11-01 06:49 --------- d-----w C:\Program Files\Total Video Converter
2008-10-29 21:05 --------- d-----w C:\Documents and Settings\famille\Application Data\Shareaza
2008-10-24 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-24 21:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-10-21 21:06 --------- d-----w C:\Program Files\Pool 'm Up
2008-10-20 08:45 --------- d-----w C:\Documents and Settings\famille\Application Data\KIMS
2008-10-19 16:37 --------- d-----w C:\Documents and Settings\famille\Application Data\Image Zone Express
2008-10-17 14:22 --------- d-----w C:\Program Files\IMSI
2008-10-16 18:52 --------- d-----w C:\Program Files\Zuma Deluxe
2008-10-14 20:56 545,280 ----a-w C:\WINDOWS\flashax.exe
2008-10-14 20:56 12,288 ----a-w C:\WINDOWS\impborl.dll
2008-10-11 14:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-29 21:31 998,873 ----a-w C:\WINDOWS\system32\Desperate Housewives.scr
2008-09-27 09:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avanquest Software
2008-09-24 22:58 107,132 ----a-w C:\WINDOWS\UninstallFirefox.exe
2008-09-20 19:16 1,017,801 ----a-w C:\WINDOWS\system32\LOST.scr
2008-09-20 19:09 1,014,754 ----a-w C:\WINDOWS\system32\Prison Break.scr
2008-09-18 16:22 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2008-09-10 20:27 --------- d-----w C:\Program Files\RSS Xpress
2008-09-10 18:56 --------- d-----w C:\Documents and Settings\famille\Application Data\Bull
2008-09-10 04:54 --------- d-----w C:\Program Files\MSXML 4.0
2008-09-08 22:13 --------- d-----w C:\Program Files\BuildSoft
2008-09-08 14:06 --------- d-----w C:\Program Files\SPMP3050 Transcoding Tool
2008-09-08 14:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-04 22:56 --------- d-----w C:\Documents and Settings\famille\Application Data\dvdcss
2008-09-04 22:46 --------- d-----w C:\Documents and Settings\famille\Application Data\Ahead
2008-09-04 20:27 --------- d-----w C:\Program Files\Nero
2008-09-04 20:27 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-09-04 19:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-09-04 18:18 --------- d-----w C:\Documents and Settings\famille\Application Data\Autodesk
2008-09-04 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-09-04 10:07 --------- d-----w C:\Program Files\foXtaDemo
2008-09-01 05:53 --------- d-----w C:\Program Files\Dictionnaire
2008-08-25 18:16 516 ---ha-w C:\os847477.bin
2008-07-13 23:45 24,192 ----a-w C:\Documents and Settings\famille\usbsermptxp.sys
2008-07-13 23:45 22,768 ----a-w C:\Documents and Settings\famille\usbsermpt.sys
2008-02-12 09:06 445,952 ---h--r C:\WINDOWS\inf\chiCkie.exe
2008-02-12 16:32 225,280 -csha-r C:\WINDOWS\system32\dllcache\svchost.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "C:\Program Files\P2P_Energy\tbP2P_.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2008-09-15 06:47 1784856 --a------ C:\Program Files\P2P_Energy\tbP2P_.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "C:\Program Files\P2P_Energy\tbP2P_.dll" [2008-09-15 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "C:\Program Files\P2P_Energy\tbP2P_.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"L08FXLRD_1982546"="C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" [2007-06-12 351000]
"I just want to say I love Milko and I need a drink"="C:\Documents and Settings\famille\Local Settings\Application Data\svchost.exe" [2008-02-12 445952]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2008-05-20 2474031]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2005-04-08 512000]
"DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" [2005-07-26 184408]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"chiCkie"="C:\WINDOWS\inf\chiCkie.exe" [2008-02-12 445952]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"VTTimer"="VTTimer.exe" [2005-03-07 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-08-03 C:\WINDOWS\system32\VTTrayp.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ProcessManager.exe]
"Debugger"=C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"L08FXLRD_21443656"="C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"chiCkie"=C:\WINDOWS\inf\chiCkie.exe
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"Horloge Parlante ZMSoft"=C:\ZMSoft\HParlant\HParlante.exe
"ImageDrive-{0CFE4D98-44D7-4542-9842-B924978C2A4F}"=C:\Program Files\Nero\Nero 7\Nero ImageDrive\ImageDrive.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=

R0 sojubus;sojubus;C:\WINDOWS\system32\DRIVERS\sojubus.sys [2003-10-05 123520]
R0 sojuscsi;sojuscsi;C:\WINDOWS\system32\DRIVERS\sojuscsi.sys [2003-09-28 5504]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 eusk2par;EUTRON SmartKey Parallel Driver;C:\WINDOWS\system32\Drivers\eusk2par.sys [2005-11-21 25634]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 MarxDev1;MarxDev1;C:\WINDOWS\system32\drivers\MarxDev1.sys [2001-05-28 8864]
R2 MarxDev2;MarxDev2;C:\WINDOWS\system32\drivers\MarxDev2.sys [2001-05-28 8864]
R2 MarxDev3;MarxDev3;C:\WINDOWS\system32\drivers\MarxDev3.sys [2001-05-28 8864]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14336]
S3 qccdcmdm0;Qualcomm USB CDC Driver (PID 3100);C:\WINDOWS\system32\DRIVERS\qcusbmdm.sys [2004-11-02 64384]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-13 306432]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{055e9659-8744-11dd-aaca-0013d3cc33c8}]
\Shell\AutoRun\command - 6.bat
\Shell\explore\Command - 6.bat
\Shell\open\Command - 6.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05fa9d92-5122-11dd-a9c6-0013d3cc33c8}]
\Shell\AutoRun\command - F:\o2g.exe
\Shell\explore\Command - F:\o2g.exe
\Shell\open\Command - F:\o2g.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ade98ea-512c-11dd-a9c7-0013d3cc33c8}]
\Shell\AutoRun\command - kg2v.com
\Shell\explore\Command - kg2v.com
\Shell\open\Command - kg2v.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{368c9f60-99ec-11dd-ab31-0013d3cc33c8}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MS-DOS.com
\Shell\Explore\command - F:\MS-DOS.com
\Shell\Open\command - F:\MS-DOS.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{373386e2-83d8-11dd-aab8-0013d3cc33c8}]
\Shell\AutoRun\command - F:\22xo.exe
\Shell\explore\Command - F:\22xo.exe
\Shell\open\Command - F:\22xo.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3888cd3d-a2b0-11dd-ab66-0013d3cc33c8}]
\Shell\AutoRun\command - F:\yew.bat
\Shell\explore\Command - F:\yew.bat
\Shell\open\Command - F:\yew.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{582a8497-59c5-11dd-a9e5-0013d3cc33c8}]
\Shell\AutoRun\command - F:\wak.cmd
\Shell\explore\Command - F:\wak.cmd
\Shell\open\Command - F:\wak.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{582a849c-59c5-11dd-a9e5-0013d3cc33c8}]
\Shell\AutoRun\command - H:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{582a849d-59c5-11dd-a9e5-0013d3cc33c8}]
\Shell\AutoRun\command - I:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5eef747b-9c48-11dd-ab3e-0013d3cc33c8}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MS-DOS.com
\Shell\Explore\command - H:\MS-DOS.com
\Shell\Open\command - H:\MS-DOS.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77b026bc-57dc-11dd-a9df-0013d3cc33c8}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MS-DOS.com
\Shell\Explore\command - MS-DOS.com
\Shell\Open\command - MS-DOS.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f9cb45b-8ef3-11dd-aaff-0013d3cc33c8}]
\Shell\AutoRun\command - F:\2fiji.com
\Shell\explore\Command - F:\2fiji.com
\Shell\open\Command - F:\2fiji.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82934c80-68fe-11dd-aa33-0013d3cc33c8}]
\Shell\AutoRun\command - I:\9mf.exe
\Shell\explore\Command - I:\9mf.exe
\Shell\open\Command - I:\9mf.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{841d10b8-6196-11dd-aa0b-0013d3cc33c8}]
\Shell\AutoRun\command - F:\xih9.cmd
\Shell\explore\Command - F:\xih9.cmd
\Shell\open\Command - F:\xih9.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9339518f-7c0f-11dd-aa8c-0013d3cc33c8}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MS-DOS.com
\Shell\Explore\command - H:\MS-DOS.com
\Shell\Open\command - H:\MS-DOS.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96392500-63fc-11dd-aa17-0013d3cc33c8}]
\Shell\AutoRun\command - 1weicxa.com
\Shell\explore\Command - 1weicxa.com
\Shell\open\Command - 1weicxa.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b64612e0-815e-11dd-aaab-0013d3cc33c8}]
\Shell\AutoRun\command - F:\1t6yxlxx.cmd
\Shell\explore\Command - F:\1t6yxlxx.cmd
\Shell\open\Command - F:\1t6yxlxx.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0243286-9af2-11dd-ab35-0013d3cc33c8}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c579038c-67d6-11dd-aa2d-0013d3cc33c8}]
\Shell\AutoRun\command - F:\wak.cmd
\Shell\explore\Command - F:\wak.cmd
\Shell\open\Command - F:\wak.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd8576da-5371-11dd-a9ce-0013d3cc33c8}]
\Shell\AutoRun\command - F:\1weicxa.com
\Shell\explore\Command - F:\1weicxa.com
\Shell\open\Command - F:\1weicxa.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce63304d-5117-11dd-a9c5-0013d3cc33c8}]
\Shell\AutoRun\command - 0u.cmd
\Shell\explore\Command - 0u.cmd
\Shell\open\Command - 0u.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0881c44-535f-11dd-a9cc-0013d3cc33c8}]
\Shell\AutoRun\command - F:\1t6yxlxx.cmd
\Shell\explore\Command - F:\1t6yxlxx.cmd
\Shell\open\Command - F:\1t6yxlxx.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1dd43dd-87f7-11dd-aacb-0013d3cc33c8}]
\Shell\AutoRun\command - H:\1t6yxlxx.cmd
\Shell\explore\Command - H:\1t6yxlxx.cmd
\Shell\open\Command - H:\1t6yxlxx.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d649f72d-9ec1-11dd-ab4a-0013d3cc33c8}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MS-DOS.com
\Shell\Explore\command - MS-DOS.com
\Shell\Open\command - MS-DOS.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de89c91b-979a-11dd-ab23-0013d3cc33c8}]
\Shell\AutoRun\command - F:\2ifetri.cmd
\Shell\explore\Command - F:\2ifetri.cmd
\Shell\open\Command - F:\2ifetri.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfa3d92c-646f-11dd-aa1a-0013d3cc33c8}]
\Shell\AutoRun\command - I:\xmnm2.cmd
\Shell\explore\Command - I:\xmnm2.cmd
\Shell\open\Command - I:\xmnm2.cmd

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'

2008-10-31 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 14:39]

2008-11-01 C:\WINDOWS\Tasks\User_Feed_Synchronization-{58525551-538D-404B-B429-1DFAFF1A737D}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 11:58]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\famille\Application Data\Mozilla\Firefox\Profiles\g39ugfmp.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.msn.com/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-01 23:27:54
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


**************************************************************************
.
Heure de fin: 2008-11-01 23:31:15
ComboFix-quarantined-files.txt 2008-11-01 22:30:13

Avant-CF: 11 160 559 616 octets libres
Après-CF: 11,351,285,760 octets libres

317 --- E O F --- 2008-10-04 23:40:38

Salut dedetraqué

je ne sais pas comment vous remercier.

le programme a marché sans probleme et à la fin du scan, j'ai redemaré la machine et le resultat
a ete impeccable ( le bouton rechercher fonctionne correctement) sauf que le bouton executer
apparait toujours pendant 2 secones mais ce n'est pas grave.

bonne journnée à toi et que le Seigneur vous benisse.

@++

voici le resultat de combofix:


ComboFix 08-11-01.01 - famille 2008-11-01 23:23:23.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.228 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\famille\Bureau\ComboFix.exe

[B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\famille\Local Settings\Temporary Internet Files\artmod_jewel_expand.GIF
C:\Documents and Settings\famille\Local Settings\Temporary Internet Files\t641945a.jpg
C:\Documents and Settings\famille\Menu Démarrer\VIP Casino.url
C:\WINDOWS\Cursors\Boom.vbs
C:\WINDOWS\Help\Microsoft.hlp
C:\WINDOWS\Media\rndll32.pif
C:\WINDOWS\pchealth\Global.exe
C:\WINDOWS\system\KEYBOARD.exe
C:\WINDOWS\system32\dllcache\Default.exe
C:\WINDOWS\system32\dllcache\Global.exe
C:\WINDOWS\system32\dllcache\rndll32.exe
C:\WINDOWS\system32\dllcache\tskmgr.exe
C:\WINDOWS\system32\drivers\drivers.cab.exe
C:\WINDOWS\system32\mdm.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-01 au 2008-11-01 ))))))))))))))))))))))))))))))))))))
.

2036-02-07 02:58 . 2008-07-29 22:24 <REP> dr------- C:\VIDEO_TS
2036-02-07 02:58 . 2036-02-07 02:58 <REP> dr------- C:\AUDIO_TS
2008-11-01 23:03 . 2008-11-01 23:26 <REP> d-------- C:\Documents and Settings\famille\Application Data\Free Download Manager
2008-11-01 23:03 . 2008-11-01 23:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-10-31 09:51 . 2008-10-31 09:51 <REP> d-------- C:\tmp
2008-10-31 09:49 . 2008-10-31 09:49 <REP> d-------- C:\YouTubeGet
2008-10-30 21:10 . 2008-10-30 21:10 <REP> d-------- C:\Eidos
2008-10-29 23:11 . 2008-10-29 23:11 <REP> d-------- C:\Program Files\RocketDock
2008-10-29 22:16 . 2008-10-29 22:25 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-29 22:16 . 2008-10-29 22:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-29 22:05 . 2008-10-29 22:05 <REP> d-------- C:\Program Files\P2P_Energy
2008-10-29 22:05 . 2008-10-29 22:05 <REP> d-------- C:\Program Files\Conduit
2008-10-29 22:04 . 2008-10-29 22:09 <REP> d-------- C:\Program Files\Morpheus Music
2008-10-29 19:46 . 2008-10-29 19:46 <REP> d-------- C:\Documents and Settings\famille\Application Data\Malwarebytes
2008-10-29 19:45 . 2008-10-29 19:46 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-29 19:45 . 2008-10-29 19:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-29 19:45 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-29 19:45 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-28 18:01 . 2008-10-28 18:01 <REP> d-------- C:\Program Files\Boonty
2008-10-28 17:50 . 2005-08-27 02:38 1,435,272 --a------ C:\WINDOWS\system32\Flash.ocx
2008-10-28 17:50 . 2004-03-08 23:00 131,856 --a------ C:\WINDOWS\system32\MSADODC.ocx
2008-10-28 17:50 . 2000-12-05 23:00 109,248 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-10-28 17:50 . 2000-07-15 05:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-10-27 06:32 . 2005-10-20 05:59 81,920 --a------ C:\WINDOWS\system32\ImageDrive.cpl
2008-10-24 22:43 . 2008-10-24 22:43 <REP> d-------- C:\Program Files\Alwil Software
2008-10-24 22:21 . 2008-10-29 21:49 <REP> d-------- C:\Program Files\trend micro
2008-10-24 21:08 . 2008-02-12 17:32 225,280 -rahsc--- C:\WINDOWS\system32\dllcache\svchost.exe
2008-10-22 21:49 . 2008-10-24 18:37 <REP> d--h----- C:\$AVG8.VAULT$
2008-10-22 21:29 . 2008-10-22 21:29 <REP> d-------- C:\Program Files\AVG
2008-10-22 21:18 . 2008-10-22 21:18 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\TuneUp Software
2008-10-22 21:00 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-10-22 21:00 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-10-22 21:00 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-10-22 21:00 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-10-22 21:00 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-10-22 21:00 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-10-22 21:00 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-10-22 06:54 . 2008-10-22 06:54 <REP> d-------- C:\Program Files\Microsoft Picture It! 7
2008-10-22 06:23 . 2008-10-22 06:23 3,072 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-10-17 15:43 . 2008-10-17 15:43 1,032 --a------ C:\WINDOWS\_profsect_0001.tmp
2008-10-17 15:25 . 2008-10-17 15:25 <REP> d-------- C:\Documents and Settings\famille\Application Data\IMSI
2008-10-17 15:22 . 2008-10-17 15:22 <REP> d-------- C:\Program Files\Common Files
2008-10-17 15:22 . 2008-10-17 15:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IMSI
2008-10-17 15:20 . 2008-10-17 15:21 <REP> d-------- C:\Program Files\TurboCAD Professionnel v11.2 Setup
2008-10-12 21:38 . 2008-10-12 21:38 <REP> d-------- C:\EP6E
2008-10-11 15:22 . 2008-10-11 15:22 <REP> d-------- C:\Program Files\Component Factory Pty Ltd
2008-10-11 15:22 . 2008-10-11 15:22 <REP> d-------- C:\Documents and Settings\famille\Application Data\Component Factory
2008-10-04 06:55 . 2008-10-04 06:55 <REP> d--hs---- C:\Sites Favoris
2008-10-04 06:55 . 2008-10-06 18:38 <REP> d--hs---- C:\Downloads

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-01 22:21 --------- d-----w C:\Documents and Settings\famille\Application Data\TeraCopy
2008-11-01 22:03 --------- d-----w C:\Program Files\Free Download Manager
2008-11-01 06:49 --------- d-----w C:\Program Files\Total Video Converter
2008-10-29 21:05 --------- d-----w C:\Documents and Settings\famille\Application Data\Shareaza
2008-10-24 21:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-24 21:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-10-21 21:06 --------- d-----w C:\Program Files\Pool 'm Up
2008-10-20 08:45 --------- d-----w C:\Documents and Settings\famille\Application Data\KIMS
2008-10-19 16:37 --------- d-----w C:\Documents and Settings\famille\Application Data\Image Zone Express
2008-10-17 14:22 --------- d-----w C:\Program Files\IMSI
2008-10-16 18:52 --------- d-----w C:\Program Files\Zuma Deluxe
2008-10-14 20:56 545,280 ----a-w C:\WINDOWS\flashax.exe
2008-10-14 20:56 12,288 ----a-w C:\WINDOWS\impborl.dll
2008-10-11 14:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-29 21:31 998,873 ----a-w C:\WINDOWS\system32\Desperate Housewives.scr
2008-09-27 09:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avanquest Software
2008-09-24 22:58 107,132 ----a-w C:\WINDOWS\UninstallFirefox.exe
2008-09-20 19:16 1,017,801 ----a-w C:\WINDOWS\system32\LOST.scr
2008-09-20 19:09 1,014,754 ----a-w C:\WINDOWS\system32\Prison Break.scr
2008-09-18 16:22 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2008-09-10 20:27 --------- d-----w C:\Program Files\RSS Xpress
2008-09-10 18:56 --------- d-----w C:\Documents and Settings\famille\Application Data\Bull
2008-09-10 04:54 --------- d-----w C:\Program Files\MSXML 4.0
2008-09-08 22:13 --------- d-----w C:\Program Files\BuildSoft
2008-09-08 14:06 --------- d-----w C:\Program Files\SPMP3050 Transcoding Tool
2008-09-08 14:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-04 22:56 --------- d-----w C:\Documents and Settings\famille\Application Data\dvdcss
2008-09-04 22:46 --------- d-----w C:\Documents and Settings\famille\Application Data\Ahead
2008-09-04 20:27 --------- d-----w C:\Program Files\Nero
2008-09-04 20:27 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-09-04 19:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-09-04 18:18 --------- d-----w C:\Documents and Settings\famille\Application Data\Autodesk
2008-09-04 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-09-04 10:07 --------- d-----w C:\Program Files\foXtaDemo
2008-09-01 05:53 --------- d-----w C:\Program Files\Dictionnaire
2008-08-25 18:16 516 ---ha-w C:\os847477.bin
2008-07-13 23:45 24,192 ----a-w C:\Documents and Settings\famille\usbsermptxp.sys
2008-07-13 23:45 22,768 ----a-w C:\Documents and Settings\famille\usbsermpt.sys
2008-02-12 09:06 445,952 ---h--r C:\WINDOWS\inf\chiCkie.exe
2008-02-12 16:32 225,280 -csha-r C:\WINDOWS\system32\dllcache\svchost.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "C:\Program Files\P2P_Energy\tbP2P_.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2008-09-15 06:47 1784856 --a------ C:\Program Files\P2P_Energy\tbP2P_.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "C:\Program Files\P2P_Energy\tbP2P_.dll" [2008-09-15 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "C:\Program Files\P2P_Energy\tbP2P_.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"L08FXLRD_1982546"="C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" [2007-06-12 351000]
"I just want to say I love Milko and I need a drink"="C:\Documents and Settings\famille\Local Settings\Application Data\svchost.exe" [2008-02-12 445952]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2008-05-20 2474031]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2005-04-08 512000]
"DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" [2005-07-26 184408]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"chiCkie"="C:\WINDOWS\inf\chiCkie.exe" [2008-02-12 445952]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"VTTimer"="VTTimer.exe" [2005-03-07 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-08-03 C:\WINDOWS\system32\VTTrayp.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ProcessManager.exe]
"Debugger"=C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"L08FXLRD_21443656"="C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"chiCkie"=C:\WINDOWS\inf\chiCkie.exe
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"Horloge Parlante ZMSoft"=C:\ZMSoft\HParlant\HParlante.exe
"ImageDrive-{0CFE4D98-44D7-4542-9842-B924978C2A4F}"=C:\Program Files\Nero\Nero 7\Nero ImageDrive\ImageDrive.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=

R0 sojubus;sojubus;C:\WINDOWS\system32\DRIVERS\sojubus.sys [2003-10-05 123520]
R0 sojuscsi;sojuscsi;C:\WINDOWS\system32\DRIVERS\sojuscsi.sys [2003-09-28 5504]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 eusk2par;EUTRON SmartKey Parallel Driver;C:\WINDOWS\system32\Drivers\eusk2par.sys [2005-11-21 25634]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 MarxDev1;MarxDev1;C:\WINDOWS\system32\drivers\MarxDev1.sys [2001-05-28 8864]
R2 MarxDev2;MarxDev2;C:\WINDOWS\system32\drivers\MarxDev2.sys [2001-05-28 8864]
R2 MarxDev3;MarxDev3;C:\WINDOWS\system32\drivers\MarxDev3.sys [2001-05-28 8864]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14336]
S3 qccdcmdm0;Qualcomm USB CDC Driver (PID 3100);C:\WINDOWS\system32\DRIVERS\qcusbmdm.sys [2004-11-02 64384]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-13 306432]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{055e9659-8744-11dd-aaca-0013d3cc33c8}]
\Shell\AutoRun\command - 6.bat
\Shell\explore\Command - 6.bat
\Shell\open\Command - 6.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05fa9d92-5122-11dd-a9c6-0013d3cc33c8}]
\Shell\AutoRun\command - F:\o2g.exe
\Shell\explore\Command - F:\o2g.exe
\Shell\open\Command - F:\o2g.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ade98ea-512c-11dd-a9c7-0013d3cc33c8}]
\Shell\AutoRun\command - kg2v.com
\Shell\explore\Command - kg2v.com
\Shell\open\Command - kg2v.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{368c9f60-99ec-11dd-ab31-0013d3cc33c8}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MS-DOS.com
\Shell\Explore\command - F:\MS-DOS.com
\Shell\Open\command - F:\MS-DOS.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{373386e2-83d8-11dd-aab8-0013d3cc33c8}]
\Shell\AutoRun\command - F:\22xo.exe
\Shell\explore\Command - F:\22xo.exe
\Shell\open\Command - F:\22xo.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3888cd3d-a2b0-11dd-ab66-0013d3cc33c8}]
\Shell\AutoRun\command - F:\yew.bat
\Shell\explore\Command - F:\yew.bat
\Shell\open\Command - F:\yew.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{582a8497-59c5-11dd-a9e5-0013d3cc33c8}]
\Shell\AutoRun\command - F:\wak.cmd
\Shell\explore\Command - F:\wak.cmd
\Shell\open\Command - F:\wak.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{582a849c-59c5-11dd-a9e5-0013d3cc33c8}]
\Shell\AutoRun\command - H:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{582a849d-59c5-11dd-a9e5-0013d3cc33c8}]
\Shell\AutoRun\command - I:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5eef747b-9c48-11dd-ab3e-0013d3cc33c8}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MS-DOS.com
\Shell\Explore\command - H:\MS-DOS.com
\Shell\Open\command - H:\MS-DOS.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77b026bc-57dc-11dd-a9df-0013d3cc33c8}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MS-DOS.com
\Shell\Explore\command - MS-DOS.com
\Shell\Open\command - MS-DOS.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f9cb45b-8ef3-11dd-aaff-0013d3cc33c8}]
\Shell\AutoRun\command - F:\2fiji.com
\Shell\explore\Command - F:\2fiji.com
\Shell\open\Command - F:\2fiji.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82934c80-68fe-11dd-aa33-0013d3cc33c8}]
\Shell\AutoRun\command - I:\9mf.exe
\Shell\explore\Command - I:\9mf.exe
\Shell\open\Command - I:\9mf.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{841d10b8-6196-11dd-aa0b-0013d3cc33c8}]
\Shell\AutoRun\command - F:\xih9.cmd
\Shell\explore\Command - F:\xih9.cmd
\Shell\open\Command - F:\xih9.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9339518f-7c0f-11dd-aa8c-0013d3cc33c8}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MS-DOS.com
\Shell\Explore\command - H:\MS-DOS.com
\Shell\Open\command - H:\MS-DOS.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96392500-63fc-11dd-aa17-0013d3cc33c8}]
\Shell\AutoRun\command - 1weicxa.com
\

Salut charrynsasi


- Clique sur le menu démarrer/Exécuter, tape notepad à l’invite de commande et OK.

- Copie/colle ce qui est en citation ci-dessous dans le Bloc-Notes :




- Enregistre ce fichier sur le bureau (Impératif)

-Nom du fichier : CFScript.txt
-Type du fichier : tous les fichiers

- Clique sur Enregistrer et quitte le Bloc Notes

Important Déconnecte toi de l’internet et désactive ton Antivirus et antispyware avant de faire le glisser/déposer

- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe sur le bureau, comme sur cette capture (l’icône est un lion) :



* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ ComboFix.txt

-----

Télécharge Hijackthis V 2.02 sur le bureau :

http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe


- Double clique sur HJTInstall.exe sur le bureau

- Clique sur Install ensuite sur I Accept

- ferme toutes les fenêtres, HJT doit être exécuté seul (tout autre programme fermé).

- double clique sur le raccourci d'HijackThis sur ton Bureau
(Pour Vista, clique droit sur le raccourci d'HijackThis sur ton Bureau, puis "Exécuter en tant qu'administrateur".
- et clique sur Do a system scan and save a logfile pour lancer le scan

Quand le rapport apparaît dans le bloc note, allez dans Edition, puis Sélectionner Tout, le texte est alors sélectionné, retourne dans Edition toujours en laissant le texte sélectionné, et cliquez sur copier.

Dans ta prochaine réponse, faire un clic droit et coller, je procéderai a son analyse.
Ferme le bloc note et la fenêtre de HJT


Aide : http://forum.telecharger.01net.com/microhebdo/questions-techniques-diverses/t(...)


@++