Virus, cheval de troie et autres saletés???!! [Résolu]

Bonsoir

1- Télécharge et installe le logiciel HijackThis :

http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici http://www.clubic.com/lancer-le-telechargement-51452-0-hijackthis.html

-->Clique sur le setup pour lancer l'installation : laisse toi guider et ne modifie pas les paramètres d'installation .
A la fin de l’installation, le programme se lance automatiquement : ferme le en cliquant sur la croix rouge.
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .

(Ne lance pas ce prg pour l'instant et fais la suite ... )


2- Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

-> http://images.malwareremoval.com/random/RSIT.exe

! Déconnecte toi et ferme toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer.

Clic droit sous VISTA (exécuter en tant que…)

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

* Devant l'option "List files/folders created ..." , tu choisis : 2 months

* clique ensuite sur " Continue " pour lancer l'analyse ...


-> laisse faire le scan et ne touche pas au PC ...


Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-notes).

Poste le contenu de " log.txt " (c'est celui qui apparaît à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : poste un rapport, puis l'autre dans la réponse suivante ...
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum ...
( Et si "log.txt" seul, ne passe pas non plus , fais le en 2 fois ... merci ... )

( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )

Bonsoir ^^

Ci-joint les deux rapports demandés.. (je n'ose même pas lire la suite xD)
*******************************************************************************

Logfile of random's system information tool 1.06 (written by random/random)
Run by Sophie at 2009-07-09 22:01:58
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 1 GB (10%) free of 14 GB
Total RAM: 247 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:03:24, on 09/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pack Sécurité\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
C:\Program Files\Pack Sécurité\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Pack Sécurité\Common\FSMB32.EXE
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Pack Sécurité\Common\FCH32.EXE
C:\Program Files\LANDesk\LDClient\qipclnt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost32.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\SCARDS32.EXE
C:\Program Files\Pack Sécurité\Common\FAMEH32.EXE
C:\Program Files\Pack Sécurité\Anti-Virus\fsqh.exe
C:\Program Files\Pack Sécurité\FSPC\fspc.exe
C:\Program Files\webesd\srvany.exe
C:\Program Files\JavaSoft\JRE\1.3.1_03\bin\javaw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pack Sécurité\FSAUA\program\fsaua.exe
C:\Program Files\Pack Sécurité\FWES\Program\fsdfwd.exe
C:\Program Files\Pack Sécurité\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Pack Sécurité\Common\FSM32.EXE
D:\Documents and Settings\VonPablo\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\Pack Sécurité\FSGUI\fsguidll.exe
D:\Documents and Settings\Sophie\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sophie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yoower.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\LANDesk\LDClient\softmon.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - C:\Program Files\Visual IP Trace 2009\VisualIPTraceIE.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Program Files\Visual IP Trace 2009\VisualIPTraceIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LANDeskInventoryClient] "C:\Program Files\LANDesk\LDClient\LDIScn32.exe" /NTT=EMEALDCOFR44:5007 /S=EMEALDCOFR44 /I=HTTP://EMEALDCOFR44/ldlogon/ldappl3.ldz /NOUI
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Sécurité\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SoftwareHelper] D:\Documents and Settings\VonPablo\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [suueowy] "d:\documents and settings\sophie\local settings\application data\suueowy.exe" suueowy
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = europe.honeywell.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = europe.honeywell.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = europe.honeywell.com
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Sécurité\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Sécurité\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Pack Sécurité\ORSP Client\fsorsp.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Intel QIP Client Service - LANDesk Software Ltd. - C:\Program Files\LANDesk\LDClient\qipclnt.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PDEngine - Unknown owner - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (file missing)
O23 - Service: PDScheduler (PDSched) - Unknown owner - C:\Program Files\Raxco\PerfectDisk\PDSched.exe (file missing)
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\RapApp.exe
O23 - Service: svchost32 - Unknown owner - C:\WINDOWS\system32\svchost32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE
O23 - Service: webdrx - Unknown owner - C:\Program Files\webesd\srvany.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

2/ info.txt

info.txt logfile of random's system information tool 1.06 2009-07-09 22:03:32

======Uninstall list======

-->"C:\Program Files\Pack Sécurité\fsuninst.exe" /UninstRegKey:"News Service"
-->"C:\Program Files\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
-->"C:\Program Files\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
-->"C:\Program Files\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
-->"C:\Program Files\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
-->"C:\Program Files\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
-->"C:\Program Files\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
-->"C:\Program Files\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS2"
-->"C:\Program Files\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
-->"C:\Program Files\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
-->"C:\Program Files\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
-->"C:\Program Files\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
-->"C:\Program Files\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
-->"C:\Program Files\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
-->"C:\Program Files\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
-->"C:\Program Files\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
-->"C:\Program Files\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
-->"C:\Program Files\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ISP News"
-->"C:\Program Files\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
-->"C:\Program Files\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
-->"C:\Program Files\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ORSP Client"
-->"C:\Program Files\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
-->"C:\Program Files\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
-->"C:\Program Files\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
-->"C:\Program Files\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
-->"C:\Program Files\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
-->"C:\Program Files\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
-->"C:\Program Files\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Web Filter"
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Absolute Patience-->C:\Program Files\Absolute Patience\uninstall.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
Album Photo-->MsiExec.exe /X{23BFF55F-A391-4985-96AB-B81657FC508D}
Anonymity 4 Proxy version 2.8-->"C:\Program Files\A4Proxy\unins000.exe"
anooki-v5-0 Screen Saver-->C:\WINDOWS\system32\anooki-v5-0.scr /u
Appetizer 1.3-->C:\Program Files\Appetizer\Uninstall.exe
Apprenez les premiers secours-->C:\PROGRA~1\APPREN~1\UNWISE.EXE C:\PROGRA~1\APPREN~1\INSTALL.LOG
ArtRage 2.2 Free-->"C:\Program Files\Ambient Design\ArtRage 2 Free\unins000.exe"
Artweaver 0.3.9.9-->"C:\Program Files\Artweaver 0.3\unins000.exe"
AWicons Lite by Lokas Software-->C:\WINDOWS\AWuninstall.exe Software\Lokas Ltd\AWicons Lite
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Code de la Route - Objectif Examen-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17AA040E-1A71-4E18-A6B4-BF973D2C0085}\SETUP.EXE" -l0x40c -removeonly
Conexant D110 MDC V.9x Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DefaultProductName-->MsiExec.exe /I{7E8833A1-AF24-4CAE-82DF-CFE14C14B94D}
Dell Wireless WLAN Card-->C:\WINDOWS\system32\BCMWLU00.exe verbose
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivxToDVD 1.99.24-->"C:\Program Files\vso\DivxToDVD\unins000.exe"
Easy WiFi Radar 1.0.5-->C:\PROGRA~1\MAKAYA~1\EASYWI~1\Setup.exe /remove /q0
EKinx 2.0-->C:\Program Files\EKinX\Uninstal.exe
eoEngine 9.1-->"C:\Program Files\EoRezo\unins000.exe"
Favorit-->"d:\documents and settings\sophie\local settings\application data\suueowy.exe" -uninstall
ffdshow-->"C:\Program Files\Satsuki Decoder Pack\filtres\ffds\uninstall.exe"
Games-Attack-->C:\Program Files\Games-Attack\Uninstall.exe
GIMP 2.6.4-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
GTK+ 2.6.8-1 runtime environment-->"C:\Program Files\Common Files\GTK\2.0\unins000.exe"
Haali Media Splitter-->"C:\Program Files\Satsuki Decoder Pack\filtres\haali\uninstall.exe"
Hide Your IP Address-->"C:\Program Files\Hide Your IP Address\unins000.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IBM Lotus Symphony-->MsiExec.exe /X{6dde8b21-0510-4cfd-92db-cac94e4e4d0a}
Intel(R) Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment Standard Edition v1.3.1_03-->C:\PROGRA~1\Webd\UNWISE.EXE C:\PROGRA~1\Webd\INSTALL.LOG
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Macromedia Flash Player 8-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB886904)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886904\M886904Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2003 French User Interface Pack-->MsiExec.exe /I{901E040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Outlook 2003-->MsiExec.exe /I{90E00409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003-->MsiExec.exe /I{903B040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003-->MsiExec.exe /I{9051040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Virtual PC 2004 Service Pack 1-->MsiExec.exe /X{CCCAFDDE-ECEC-4AE4-BD97-047076BBD4A9}
Microsoft Visio Viewer 2002-->MsiExec.exe /I{94F9723E-900A-43C5-8F4E-AD2D2ED09273}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}
Pack sécurité-->"C:\Program Files\Pack Sécurité\FSGUI\PostInstall.exe" /tUnInstall
Paint.NET v3.0-->MsiExec.exe /X{267AB309-8021-4CAE-9698-D9A0BEEF7FBA}
Patiences et Réussites-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A18DA2A4-9AA4-4B11-9C2A-A476E6603FB2}\setup.exe" -l0x40c
PerfectDisk-->MsiExec.exe /I{C190CB55-817E-4713-84F4-0BBB8961CED9}
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
PokerTH-->C:\Program Files\PokerTH\uninstall.exe
Satsuki Decoder Pack-->C:\Program Files\Satsuki Decoder Pack\Uninstall.exe
Schneider Electric Neza USB Multi-Function Cable Drivers-->C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini
Scribus 1.3.4-->C:\Program Files\Scribus 1.3.4\uninst.exe
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
SFR - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe
Shareaza 2.4.0.0-->"C:\Program Files\Shareaza\Uninstall\unins000.exe"
SiSoftware Sandra Lite 2009.SP3-->"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3\unins000.exe"
SoftwareUpdate 1.0-->"D:\Documents and Settings\VonPablo\Application Data\eoRezo\SoftwareUpdate\unins000.exe"
SUPER © Version 1.811-->C:\PROGRA~1\fever\SUPER\Setup.exe /remove /q0
Suppress plus 1.8-->"C:\Program Files\splus\unins000.exe"
Texas Hold 'Em-->C:\PROGRA~1\MICROA~1\TEXASH~1\UNWISE.EXE C:\PROGRA~1\MICROA~1\TEXASH~1\INSTALL.LOG
Texas Instruments PCIxx21/x515 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{52503B4E-149A-4731-A6FF-495067EABFDC} /l1033
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
TV-->C:\Program Files\TV\Uninst0.exe
UltimateZip 3.0.3-->"C:\Program Files\UltimateZip\unins000.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
VBScript Documentation-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\VBSdoc.inf, Uninstall
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VideoLAN VLC media player 0.8.6b-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VirginMega.Fr Premium-->MsiExec.exe /I{EE467474-04A8-48D5-8DDF-0F8D3A3CCBE5}
Visual IP Trace-->"C:\Program Files\Visual IP Trace 2009\Uninstall.exe" "C:\Program Files\Visual IP Trace 2009"
Visual Music-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Visual Music\DeIsL1.isu" -c"C:\Program Files\Visual Music\_ISREG32.DLL"
WebD Agent Installation Package NT 2K XP-->C:\WINDOWS\system32\UNWISE.EXE C:\WINDOWS\system32\INSTALL.LOG
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
X Codec Pack-->C:\Program Files\Recode Media\X Codec Pack v2\Uninstall.exe
Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zattoo 3.3.4 Beta-->C:\Program Files\Zattoo\uninst.exe

======Security center information======

AV: Pack sécurité 8.00
FW: Pack sécurité 8.00

======System event log======

Computer Name: THVWS674
Event Code: 7035
Message: Un contrôle Arrêter a correctement été envoyé au service Multicast LANDesk ciblé.

Record Number: 5
Source Name: Service Control Manager
Time Written: 20090313154412.000000+060
Event Type: Informations
User: THILLAUME\VonPablo

Computer Name: THVWS674
Event Code: 7036
Message: Le service McAfee Framework Service est entré dans l'état : arrêté.

Record Number: 4
Source Name: Service Control Manager
Time Written: 20090313154343.000000+060
Event Type: Informations
User:

Computer Name: THVWS674
Event Code: 7035
Message: Un contrôle Arrêter a correctement été envoyé au service McAfee Framework Service.

Record Number: 3
Source Name: Service Control Manager
Time Written: 20090313154343.000000+060
Event Type: Informations
User: THILLAUME\VonPablo

Computer Name: THVWS674
Event Code: 7036
Message: Le service LANDesk(R) Management Agent est entré dans l'état : arrêté.

Record Number: 2
Source Name: Service Control Manager
Time Written: 20090313154305.000000+060
Event Type: Informations
User:

Computer Name: THVWS674
Event Code: 7035
Message: Un contrôle Arrêter a correctement été envoyé au service LANDesk(R) Management Agent.

Record Number: 1
Source Name: Service Control Manager
Time Written: 20090313154304.000000+060
Event Type: Informations
User: THILLAUME\VonPablo

=====Application event log=====

Computer Name: THILLAUME
Event Code: 103
Message: 1 2009-05-20 03:17:25+02:00 thillaume THILLAUME\VonPablo F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\OEMBIOS.BIN was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).


Record Number: 8003
Source Name: F-Secure Anti-Virus
Time Written: 20090520031738.000000+120
Event Type: erreur
User:

Computer Name: THILLAUME
Event Code: 25
Message: LDIScn32 : Échec de résolution du nom d'hôte.
Record Number: 8002
Source Name: Inventory Scanner
Time Written: 20090520031613.000000+120
Event Type: erreur
User:

Computer Name: THILLAUME
Event Code: 2002
Message: Le service EAPOL a été arrêté correctement.

Record Number: 8001
Source Name: EAPOL
Time Written: 20090520031501.000000+120
Event Type: Informations
User:

Computer Name: THILLAUME
Event Code: 2003
Message: Le service EAPOL est en cours d'exécution

Record Number: 8000
Source Name: EAPOL
Time Written: 20090520031501.000000+120
Event Type: Informations
User:

Computer Name: THILLAUME
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 7999
Source Name: SecurityCenter
Time Written: 20090520031456.000000+120
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Siemens\Sqlany;C:\Program Files\Siemens\Step7\S7bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\Common Files\DivX Shared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0d08
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"drvdir"=C:\DRV
"MODEL"=D610
"MANU"=Dell Inc.
"TYPE"=Latitude
"NUMBER_OF_PROCESSORS"=1
"LDMS_LOCAL_DIR"=C:\Program Files\LANDesk\LDClient\Data
"SQLANY"=C:\Program Files\Common Files\Siemens\Sqlany
"S7TMP"=C:\Program Files\Siemens\Step7\S7Tmp
"LANG"=fr
"SAN_DIR"=C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3

-----------------EOF-----------------

Pfiouuuuu !!!! Plus d'une heure pour ouvrir Mozilla!!!! Je suis dégoutée ;-(
Et en plus, ça rame plus que jamais..... Je suis sûre que ça pirate à donf lol

**********************************************************************************

Fix Navipromo version 4.0.0 commencé le 09/07/2009 à 22:29:53,28

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 19.06.2009 à 20h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.60GHz )
BIOS : Default System BIOS
USER : Sophie ( Administrator )
BOOT : Normal boot

Antivirus : Pack sécurité 8.00 8.00 (Activated)
Firewall : Pack sécurité 8.00 8.00 (Activated)

C:\ (Local Disk) - NTFS - Total:14 Go (Free:1 Go)
D:\ (Local Disk) - NTFS - Total:23 Go (Free:4 Go)
E:\ (CD or DVD) - UDF - Total:4 Go (Free:0 Go)


Recherche exécutée en mode normal

Nettoyage exécuté au redémarrage de l'ordinateur


C:\Program Files\Games-Attack supprimé !
D:\Documents and Settings\All Users\startm~1\programs\Games-Attack supprimé !
d:\docume~1\alluse~1\applic~1\Games-Attack supprimé !
D:\Documents and Settings\Sophie\applic~1\Live-Player supprimé !
C:\WINDOWS\prefetch\suueowy*.pf supprimé !
D:\Documents and Settings\Sophie\locals~1\applic~1\suueowy.exe supprimé !
D:\Documents and Settings\Sophie\locals~1\applic~1\suueowy.dat supprimé !
D:\Documents and Settings\Sophie\locals~1\applic~1\suueowy_nav.dat supprimé !
D:\Documents and Settings\Sophie\locals~1\applic~1\suueowy_navps.dat supprimé !


Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu D:\Documents and Settings\Sophie\locals~1\Temp effectué !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok




*** Scan terminé le 09/07/2009 à 22:58:19,59 ***

Fin énervée!!!! 3 heures pour ouvrir internet... Y'a fallu reconfigurer "Nortel IPSECSHM Adapter" et bidouiller un peu partout pour enfin réussir à venir poster... Je ne pense pas que ce soit terminé!!! A demain (tout à l'heure!!!), je bosse à 6h!!! Je serai de retour vers 14h15.... @+


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.60GHz )
BIOS : Default System BIOS
USER : Sophie ( Administrator )
BOOT : Normal boot
Antivirus : Pack sécurité 8.00 8.00 (Activated)
Firewall : Pack sécurité 8.00 8.00 (Activated)
C:\ (Local Disk) - NTFS - Total:14 Go (Free:1 Go)
D:\ (Local Disk) - NTFS - Total:23 Go (Free:4 Go)
E:\ (CD or DVD) - UDF - Total:4 Go (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 10/07/2009| 0:16 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\WINDOWS\System32\b4fm.dll

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.google.fr/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://search.msn.fr/spbasic.htm"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.yoower.com/"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 10/07/2009| 0:35 - Option : [1]

-----------\\ Fin du rapport a 0:35:23,07

Salut ^^
Ca va un peu mieux à cette heure!!! Ca rame beaucoup moins ;-)


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.60GHz )
BIOS : Default System BIOS
USER : Sophie ( Administrator )
BOOT : Normal boot
Antivirus : Pack sécurité 8.00 8.00 (Activated)
Firewall : Pack sécurité 8.00 8.00 (Activated)
C:\ (Local Disk) - NTFS - Total:14 Go (Free:1 Go)
D:\ (Local Disk) - NTFS - Total:23 Go (Free:4 Go)
E:\ (CD or DVD) - UDF - Total:4 Go (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 10/07/2009|15:00 )

-----------\\ SUPPRESSION

Supprime! - C:\WINDOWS\System32\b4fm.dll

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.google.fr/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://search.msn.fr/spbasic.htm"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.msn.com/"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 10/07/2009| 0:35 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 10/07/2009|15:05 - Option : [2]

-----------\\ Fin du rapport a 15:05:20,96

J'ai lancé Ad-remover il y a plus d'1h30... Je viens de stopper car il ne se passait rien... & pas de rapport... J'ai suivi toutes les consignes à la lettre, je fais quoi?? Merci

Y'a de quoi faire???? Aie aie aie!!!! ^^
Quand j'ouvre des fenêtres dans F-Secure et que je passe le curseur sur les mots, ils se mettent en surgras comme si je les coloriais; Normalement, quand je coche les cases, c'est en vert... Là, c'est en noir!!! De plus, ça ressemble à de fausses fenêtres!!!! Les patchs peuvent-ils faire ça?? Merci
*********************************************************************


SmitFraudFix v2.423

Scan done at 18:51:45,03, 10/07/2009
Run from D:\Documents and Settings\Sophie\Desktop\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Pack Sécurité\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
C:\Program Files\Pack Sécurité\Anti-Virus\FSGK32.EXE
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\Program Files\Pack Sécurité\Common\FSMB32.EXE
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\LANDesk\LDClient\qipclnt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Pack Sécurité\Common\FCH32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost32.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\SCARDS32.EXE
C:\Program Files\Pack Sécurité\Common\FAMEH32.EXE
C:\Program Files\Pack Sécurité\Anti-Virus\fsqh.exe
C:\Program Files\webesd\srvany.exe
C:\Program Files\JavaSoft\JRE\1.3.1_03\bin\javaw.exe
C:\Program Files\Pack Sécurité\FSPC\fspc.exe
C:\Program Files\Pack Sécurité\FSAUA\program\fsaua.exe
C:\Program Files\Pack Sécurité\Anti-Virus\fssm32.exe
C:\Program Files\Pack Sécurité\FWES\Program\fsdfwd.exe
C:\Program Files\Pack Sécurité\FSAUA\program\fsus.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Pack Sécurité\Common\FSM32.EXE
D:\Documents and Settings\VonPablo\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\Neuf\Kit\9props.exe
C:\Program Files\Pack Sécurité\FSGUI\fsguidll.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» D:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Sophie


»»»»»»»»»»»»»»»»»»»»»»»» c:\temp


»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Sophie\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\Sophie\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\Program Files\\LANDesk\\LDClient\\softmon.exe"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Dell Wireless 1450 Dual Band WLAN Mini-PCI Card - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{F9665CFB-0E9E-458D-99E0-098A9D84F4CE}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F9665CFB-0E9E-458D-99E0-098A9D84F4CE}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F9665CFB-0E9E-458D-99E0-098A9D84F4CE}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Re

Je n'ai pas téléchargé moi-même Landesk... Si il est dans les programmes, dois-je l'ôter?? Ci-dessous le dernier rapport analyse complète


Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2403
Windows 5.1.2600 Service Pack 2

10/07/2009 21:46:57
mbam-log-2009-07-10 (21-46-26).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 278690
Temps écoulé: 1 hour(s), 49 minute(s), 23 second(s)

Processus mémoire infecté(s): 3
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 15

Processus mémoire infecté(s):
D:\Documents and Settings\VonPablo\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Adware.EoRezo) -> No action taken.
C:\Program Files\EoRezo\EoEngine.exe (Adware.EoRezo) -> No action taken.
C:\WINDOWS\system32\svchost32.exe (Trojan.Agent) -> No action taken.

Module(s) mémoire infecté(s):
C:\Program Files\EoRezo\EoAdv\EoAdv.dll (Adware.EoRezo) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\TypeLib\{b6acb3f1-6a83-432c-b854-3e1056f87f4e} (Adware.EoRezo) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{819db72d-1c28-4387-9778-e2ff3dc86f74} (Adware.EoRezo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c7b76b90-3455-4ae6-a752-eac4d19689e5} (Adware.EoRezo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c7b76b90-3455-4ae6-a752-eac4d19689e5} (Adware.EoRezo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c7b76b90-3455-4ae6-a752-eac4d19689e5} (Adware.EoRezo) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\svchost32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\svchost32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svchost32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\softwarehelper (Adware.EoRezo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eoengine (Adware.EoRezo) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
d:\documents and settings\VonPablo\local settings\application data\qqygk_navps.dat (Adware.Navipromo.H) -> No action taken.
d:\documents and settings\VonPablo\local settings\application data\qqygk_nav.dat (Adware.Navipromo.H) -> No action taken.
d:\documents and settings\VonPablo\local settings\application data\qqygk.dat (Adware.Navipromo.H) -> No action taken.
d:\documents and settings\VonPablo\local settings\application data\qqygk.exe (Adware.Navipromo.H) -> No action taken.
D:\Documents and Settings\VonPablo\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Adware.EoRezo) -> No action taken.
C:\Program Files\EoRezo\EoEngine.exe (Adware.EoRezo) -> No action taken.
C:\Program Files\EoRezo\EoAdv\EoAdv.dll (Adware.EoRezo) -> No action taken.
c:\program files\EoRezo\EoAdv\EoRezoBHO.dll (Adware.EoRezo) -> No action taken.
d:\RECYCLER\s-1-5-21-2034619130-942208284-4199664126-1013\Dd19.exe (Adware.Navipromo) -> No action taken.
d:\RECYCLER\s-1-5-21-2034619130-942208284-4199664126-1013\Dd20.exe (Adware.Navipromo) -> No action taken.
d:\RECYCLER\s-1-5-21-2034619130-942208284-4199664126-1013\Dd21.exe (Adware.Navipromo) -> No action taken.
C:\WINDOWS\system32\svchost32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\_svchost32.exe (Trojan.Agent) -> No action taken.
d:\documents and settings\admin\local settings\application data\mkgqc_nav.dat (Adware.NaviPromo) -> No action taken.
d:\documents and settings\admin\local settings\application data\mkgqc_navps.dat (Adware.NaviPromo) -> No action taken.

Il ne les a pas supprimés là??? si???

J'ai supprimé les éléments mis en quarantaine... @+

~~DOUBLON~~

http://www.commentcamarche.net/forum/affich 13192308 est ce un virus

PS : Arrangez-vous entre vous.

Bye

Bonjour Guillaume

Ci-joint RSIT Merci

Logfile of random's system information tool 1.06 (written by random/random)
Run by Sophie at 2009-07-12 01:51:31
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 1 GB (10%) free of 14 GB
Total RAM: 247 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:52:48, on 12/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Pack Sécurité\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
C:\Program Files\Pack Sécurité\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\imapi.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\Program Files\Pack Sécurité\Common\FSMB32.EXE
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\LANDesk\LDClient\qipclnt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Pack Sécurité\Common\FCH32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\SCARDS32.EXE
C:\Program Files\webesd\srvany.exe
C:\Program Files\JavaSoft\JRE\1.3.1_03\bin\javaw.exe
C:\Program Files\Pack Sécurité\Common\FAMEH32.EXE
C:\Program Files\Pack Sécurité\Anti-Virus\fsqh.exe
C:\Program Files\Pack Sécurité\FSPC\fspc.exe
C:\Program Files\Pack Sécurité\FSAUA\program\fsaua.exe
C:\Program Files\Pack Sécurité\Anti-Virus\fssm32.exe
C:\Program Files\Pack Sécurité\FWES\Program\fsdfwd.exe
C:\Program Files\Pack Sécurité\FSAUA\program\fsus.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Pack Sécurité\Common\FSM32.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Neuf\Kit\9props.exe
C:\Program Files\Pack Sécurité\FSGUI\fsguidll.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\Program Files\Pack Sécurité\Anti-Virus\fsav32.exe
D:\Documents and Settings\Sophie\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sophie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Program Files\LANDesk\LDClient\softmon.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - C:\Program Files\Visual IP Trace 2009\VisualIPTraceIE.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Program Files\Visual IP Trace 2009\VisualIPTraceIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LANDeskInventoryClient] "C:\Program Files\LANDesk\LDClient\LDIScn32.exe" /NTT=EMEALDCOFR44:5007 /S=EMEALDCOFR44 /I=HTTP://EMEALDCOFR44/ldlogon/ldappl3.ldz /NOUI
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Sécurité\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\Neuf\Kit\9props.exe" /trayicon
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = europe.honeywell.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = europe.honeywell.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = europe.honeywell.com
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Sécurité\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Sécurité\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pack Sécurité\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Pack Sécurité\ORSP Client\fsorsp.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Intel QIP Client Service - LANDesk Software Ltd. - C:\Program Files\LANDesk\LDClient\qipclnt.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PDEngine - Unknown owner - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (file missing)
O23 - Service: PDScheduler (PDSched) - Unknown owner - C:\Program Files\Raxco\PerfectDisk\PDSched.exe (file missing)
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\RapApp.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - Towitoko AG - C:\WINDOWS\SCARDS32.EXE
O23 - Service: webdrx - Unknown owner - C:\Program Files\webesd\srvany.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Salut ^^
Mon pc va plutôt bien pour le moment... Tout s'ouvre relativement vite & ça ne rame plus comme ces derniers temps... En espérant que...
Je fais le scan et je reviens après. En attendant, merci ^^

Re= Désolée, j'ai du m'absenter... ^^

Que veut dire:

"Nom du profil: lud52ov0. default (Sophie)"????

MERCI

*********************************************************************************


======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 14:10:51, 12/07/2009 | Mode Normal | Option: SCAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
Nom du PC: THILLAUME | Utilisateur actuel: Sophie
.
Administrateur: admin
Administrateur: Administrator
N'est pas administrateur: ASPNET *Desactive*
N'est pas administrateur: Guest *Desactive*
N'est pas administrateur: HelpAssistant *Desactive*
Administrateur: Sophie
N'est pas administrateur: SUPPORT_388945a0 *Desactive*
Administrateur: VonPablo
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
.
HKCR\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKCR\AppID\EoRezoBHO.DLL
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCU\Software\EoRezo
HKLM\Software\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKLM\Software\Classes\AppID\EoRezoBHO.DLL
HKLM\Software\Classes\EoRezoBHO.EoBho
HKLM\Software\Classes\EoRezoBHO.EoBho.1
HKLM\Software\Microsoft\shared tools\msconfig\startupreg\SoftwareHelper
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
HKU\S-1-5-21-2034619130-942208284-4199664126-1016\Software\Eorezo
.
D:\DOCUME~1\Sophie\APPLIC~1\EoRezo
C:\Program Files\EoRezo
D:\Documents and Settings\admin\Application Data\Eorezo
D:\Documents and Settings\VonPablo\Application Data\Eorezo
c:\temp\is-38MSJ.tmp\EoRezo
C:\WINDOWS\Prefetch\SOFTWAREUPDATEHP.EXE-139C0702.pf
D:\DOCUME~1\Sophie\Cookies\sophie@eorezo[1].txt
D:\DOCUME~1\Sophie\Cookies\sophie@kiwee[1].txt
D:\DOCUME~1\Sophie\Cookies\sophie@www.kiwee[1].txt
D:\DOCUME~1\Sophie\Cookies\sophie@www1.kiwee[1].txt
D:\Documents and Settings\admin\Cookies\admin@ads.eorezo[2].txt
D:\Documents and Settings\admin\Cookies\admin@eorezo[1].txt
D:\Documents and Settings\VonPablo\Cookies\vonpablo@ads.eorezo[2].txt
D:\Documents and Settings\VonPablo\Cookies\vonpablo@eorezo[2].txt
D:\Documents and Settings\VonPablo\Cookies\vonpablo@soft.eorezo[1].txt
.
============== Scan additionnel ==============
.

* Mozilla FireFox Version 3.0.11 *

Nom du profil: lud52ov0.default (Sophie)
.
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.11");
.
.

* Internet Explorer Version 6.0.2900.2180 *

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Search bar: hxxp://search.msn.fr/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.google.fr/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

============== Suspect (Cracks, Serials ... ) ==============

.
.
===================================
.
3450 Octet(s) - C:\Ad-Report-SCAN.log
.
1379 Fichier(s) - c:\temp
3 Fichier(s) - C:\WINDOWS\Temp
.
1 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 15:55:46 | 12/07/2009
.
============== E.O.F ==============
.

C'est parti... ^^

Mon portable va beaucoup mieux ^^ Pas de souci de démarrage... Vraiment, merci
Je fais le scan avec antivirus. @+ tard


======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 17:59:44, 12/07/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
Nom du PC: THILLAUME | Utilisateur actuel: Sophie
.
Administrateur: admin
Administrateur: Administrator
N'est pas administrateur: ASPNET *Desactive*
N'est pas administrateur: Guest *Desactive*
N'est pas administrateur: HelpAssistant *Desactive*
Administrateur: Sophie
N'est pas administrateur: SUPPORT_388945a0 *Desactive*
Administrateur: VonPablo
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
HKCR\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKCR\AppID\EoRezoBHO.DLL
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCU\Software\EoRezo
HKLM\Software\Microsoft\shared tools\msconfig\startupreg\SoftwareHelper
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
.
D:\DOCUME~1\Sophie\APPLIC~1\EoRezo\cmhost.cyp
D:\DOCUME~1\Sophie\APPLIC~1\EoRezo\ConfMedia.cyp
D:\DOCUME~1\Sophie\APPLIC~1\EoRezo\ConfMedia.cyp.old
D:\DOCUME~1\Sophie\APPLIC~1\EoRezo\db
D:\DOCUME~1\Sophie\APPLIC~1\EoRezo\eoStats
D:\DOCUME~1\Sophie\APPLIC~1\EoRezo\host.cyp
D:\DOCUME~1\Sophie\APPLIC~1\EoRezo\user.cyp
D:\DOCUME~1\Sophie\APPLIC~1\EoRezo\eoStats\eoStats.txt
D:\DOCUME~1\Sophie\APPLIC~1\EoRezo
C:\Program Files\EoRezo\ConfMedia.cyp
C:\Program Files\EoRezo\EoAdv
C:\Program Files\EoRezo\eoEngine.url
C:\Program Files\EoRezo\EoMultiLanguage.dll
C:\Program Files\EoRezo\EoRezoComm.dll
C:\Program Files\EoRezo\EoRezoImg_17.dll
C:\Program Files\EoRezo\EoRezoImg_19.dll
C:\Program Files\EoRezo\EoRezoImg_20.dll
C:\Program Files\EoRezo\EoRezoImg_21.dll
C:\Program Files\EoRezo\EoRezoImg_22.dll
C:\Program Files\EoRezo\EoRezoImg_23.dll
C:\Program Files\EoRezo\EoRezoTools_16.dll
C:\Program Files\EoRezo\EoRezoTools_17.dll
C:\Program Files\EoRezo\EoRezoTools_18.dll
C:\Program Files\EoRezo\EoRezoTools_20.dll
C:\Program Files\EoRezo\EoRezoTools_21.dll
C:\Program Files\EoRezo\EoRezoTools_26.dll
C:\Program Files\EoRezo\EoRezoTools_27.dll
C:\Program Files\EoRezo\EoRezoTools_28.dll
C:\Program Files\EoRezo\EoRezoTools_29.dll
C:\Program Files\EoRezo\EoRezoTools_30.dll
C:\Program Files\EoRezo\FreeImage.dll
C:\Program Files\EoRezo\Host.cyp
C:\Program Files\EoRezo\lang
C:\Program Files\EoRezo\MngInstaller.dll
C:\Program Files\EoRezo\unins000.dat
C:\Program Files\EoRezo\unins000.exe
C:\Program Files\EoRezo\user.cyp
C:\Program Files\EoRezo\EoAdv\atl90.dll
C:\Program Files\EoRezo\EoAdv\mfc90.dll
C:\Program Files\EoRezo\EoAdv\Microsoft.VC90.ATL.manifest
C:\Program Files\EoRezo\EoAdv\Microsoft.VC90.CRT.manifest
C:\Program Files\EoRezo\EoAdv\Microsoft.VC90.MFC.manifest
C:\Program Files\EoRezo\EoAdv\msvcr90.dll
C:\Program Files\EoRezo\lang\ihm_eoclock.xml
C:\Program Files\EoRezo\lang\ihm_eoengine.xml
C:\Program Files\EoRezo\lang\ihm_eonet.xml
C:\Program Files\EoRezo\lang\ihm_eorezotools.xml
C:\Program Files\EoRezo\lang\ihm_eosudoku.xml
C:\Program Files\EoRezo\lang\ihm_eoweather.xml
C:\Program Files\EoRezo\lang\lang_en.xml
C:\Program Files\EoRezo\lang\lang_es.xml
C:\Program Files\EoRezo\lang\lang_fr.xml
C:\Program Files\EoRezo\lang\lang_it.xml
C:\Program Files\EoRezo
D:\Documents and Settings\admin\Application Data\Eorezo\cmhost.cyp
D:\Documents and Settings\admin\Application Data\Eorezo\ConfMedia.cyp
D:\Documents and Settings\admin\Application Data\Eorezo\ConfMedia.cyp.old
D:\Documents and Settings\admin\Application Data\Eorezo\db
D:\Documents and Settings\admin\Application Data\Eorezo\eoStats
D:\Documents and Settings\admin\Application Data\Eorezo\host.cyp
D:\Documents and Settings\admin\Application Data\Eorezo\install.exe
D:\Documents and Settings\admin\Application Data\Eorezo\user.cyp
D:\Documents and Settings\admin\Application Data\Eorezo
D:\Documents and Settings\VonPablo\Application Data\Eorezo\cmhost.cyp
D:\Documents and Settings\VonPablo\Application Data\Eorezo\ConfMedia.cyp
D:\Documents and Settings\VonPablo\Application Data\Eorezo\ConfMedia.cyp.old
D:\Documents and Settings\VonPablo\Application Data\Eorezo\db
D:\Documents and Settings\VonPablo\Application Data\Eorezo\EoDesk3d
D:\Documents and Settings\VonPablo\Application Data\Eorezo\EoDesk3d.cfg
D:\Documents and Settings\VonPablo\Application Data\Eorezo\eoDesktop
D:\Documents and Settings\VonPablo\Application Data\Eorezo\eoStats
D:\Documents and Settings\VonPablo\Application Data\Eorezo\host.cyp
D:\Documents and Settings\VonPablo\Application Data\Eorezo\SoftwareUpdate
D:\Documents and Settings\VonPablo\Application Data\Eorezo\user.cyp
D:\Documents and Settings\VonPablo\Application Data\Eorezo\EoDesk3d\eoDesk3d.cfg
D:\Documents and Settings\VonPablo\Application Data\Eorezo\eoDesktop\config.xml
D:\Documents and Settings\VonPablo\Application Data\Eorezo\eoDesktop\eoDesktop.html
D:\Documents and Settings\VonPablo\Application Data\Eorezo\eoDesktop\userConfig.xml
D:\Documents and Settings\VonPablo\Application Data\Eorezo\eoStats\eoStats.txt
D:\Documents and Settings\VonPablo\Application Data\Eorezo\SoftwareUpdate\Download
D:\Documents and Settings\VonPablo\Application Data\Eorezo\SoftwareUpdate\help_config.cyp
D:\Documents and Settings\VonPablo\Application Data\Eorezo\SoftwareUpdate\Software
D:\Documents and Settings\VonPablo\Application Data\Eorezo\SoftwareUpdate\SoftwareUpdate.exe
D:\Documents and Settings\VonPablo\Application Data\Eorezo\SoftwareUpdate\unins000.dat
D:\Documents and Settings\VonPablo\Application Data\Eorezo\SoftwareUpdate\unins000.exe
D:\Documents and Settings\VonPablo\Application Data\Eorezo\SoftwareUpdate\user_config.cyp
D:\Documents and Settings\VonPablo\Application Data\Eorezo\SoftwareUpdate\user_profil.cyp
D:\Documents and Settings\VonPablo\Application Data\Eorezo\SoftwareUpdate\Software\itsTV
D:\Documents and Settings\VonPablo\Application Data\Eorezo\SoftwareUpdate\Software\itsTV\3.0.1.0
D:\Documents and Settings\VonPablo\Application Data\Eorezo
c:\temp\is-38MSJ.tmp\EoRezo
C:\WINDOWS\Prefetch\SOFTWAREUPDATEHP.EXE-139C0702.pf
D:\DOCUME~1\Sophie\Cookies\sophie@eorezo[1].txt
D:\DOCUME~1\Sophie\Cookies\sophie@kiwee[1].txt
D:\DOCUME~1\Sophie\Cookies\sophie@www.kiwee[1].txt
D:\DOCUME~1\Sophie\Cookies\sophie@www1.kiwee[1].txt
D:\Documents and Settings\admin\Cookies\admin@ads.eorezo[2].txt
D:\Documents and Settings\admin\Cookies\admin@eorezo[1].txt
D:\Documents and Settings\VonPablo\Cookies\vonpablo@ads.eorezo[2].txt
D:\Documents and Settings\VonPablo\Cookies\vonpablo@eorezo[2].txt
D:\Documents and Settings\VonPablo\Cookies\vonpablo@soft.eorezo[1].txt

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.

* Mozilla FireFox Version 3.0.11 *

Nom du profil: lud52ov0.default (Sophie)
.
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.11");
.
.

* Internet Explorer Version 6.0.2900.2180 *

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

============== Suspect (Cracks, Serials ... ) ==============

.
.
===================================
.
8485 Octet(s) - C:\Ad-Report-CLEAN.log
3739 Octet(s) - C:\Ad-Report-SCAN.log
.
1246 Fichier(s) - c:\temp
1 Fichier(s) - C:\WINDOWS\Temp
.
19 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
80 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 19:52:33 | 12/07/2009
.
============== E.O.F ==============
.

Hello,

Désolé, j'avais dit que je passerais faire un tour ici Dimanche, et on est déjà Lundi.

Je vous laisse continuer ici sur ce pc.

@Yen-a-marre: Si tu souhaites qu'on voit ensemble pour l'autre pc qui ne démarre plus, fais moi un signe sur l'autre topic.

@+ et bonne continuation à vous deux.

OK Trying2 @+ ^^

Bonsoir Guillaume5188

J'ai fais une analyse complète démarrée ce matin à 08h45 et finie ce soir vers 19h30!!!! (au lieu de lancer un scan!!)

Il trouve 3 programmes à risques:

1/ RiskTool.Win32.Pskill.a
2/ RiskTool.Win32.PsShutdown.101
3/ RiskTool.Win32.PsShutdown.101

Dois-je les supprimer?? A l'endroit où je me trouve, je n'ai pas de rapport, on me demande juste ce que je veux faire.

Je reste en ligne pour le moment ^^