plus de son qui sort de mon pcFermé

Question

Bonjour,


-vraiment j'ai un truc bizarre depuis un certain temp j'ai plus de son qui sort de mon pc pourquoi ??? aucune idée
et tout semble bien configurer au niveau du son (je test le demarage de son dans l'onglet son mais j'entend rien de tout
ce que j'ai essayé de faire :

1/désinstaller les pilotes de son  puis reboot de pc  rien ne se passe
2/débrancher tout les périph de mon enseinte et rebrancher reboot de pc  rien ne se passe
3/brancher un casque en usb j'entend rien
4/restaurer mon pc ben il ve pas se restaurer
5/reinstaller ma carte son rien ne se passe
6/scanner tout mon pc et desinfecter de tout les virus reboot rien ne se passe

RQ: ce que je doute c'est que je pense que depuis que j'ai installer un logiciel qui nettoie le base de registre il s'appelle registry booster je crois que c'est lui le coupable enfin svp aider moi car je pense pas que le formatage va resoudre le probleme

Voici ma config:
-Xp pro sp2
saound max
carte son externe cmi 8738/c3dx pci devices
enseinte genius

Merci d'avance

archet9 · Answer

Salut mimo007,

On va essayer de voir cela:


Télécharges RSIT (de random/random) sur le bureau ici : 

http://images.malwareremoval.com/random/RSIT.exe 

- Double clique sur RSIT.exe qui est sur le bureau 
- Clique sur Continue dans la fenêtre 
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence 
- Poste le contenu de log.txt plus info.txt (réduit ds la barre de taches) à la fin de l’analyse . 

Les rapports sont dans le dossier ici C:\rsit
a+

mimo007 · Answer

voici le fichier log :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-06-01 23:47:35
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 27 GB (47%) free of 56 GB
Total RAM: 766 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:50:04, on 01/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files	rend micro\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://badoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR	bEaz1.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR	bEaz1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR	bEaz1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-21-1708537768-796845957-682003330-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NeroMediaHomeUser.4')
O4 - HKUS\S-1-5-21-1708537768-796845957-682003330-1005\..\RunOnce: [nLite] %systemroot%\inf
lite.cmd (User 'NeroMediaHomeUser.4')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nLite] %systemroot%\inf
lite.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nLite] %systemroot%\inf
lite.cmd (User 'Default user')
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://www.securitoo.com/ols/fscax.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Ipswitch WhatsUp Engine - Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421 - C:\Program Files\Ipswitch\WhatsUp Professional\NMService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe

archet9 · Answer

1)
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau. 
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 

* Lance l'installation du programme en exécutant le fichier téléchargé. 
* Double-clique maintenant sur le raccourci de Toolbar-S&D. 
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée. 
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche. 
* Poste le rapport généré. (C:\TB.txt)

*******


2)
Télécharges et installes USBFIX  de C_XX & Chiquitine29 
http://pagesperso-orange.fr/NosTools/usbfix.html 


Branches tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectées sans les ouvrir 

# Double clic sur le raccourci UsbFix présent sur ton bureau . 

# Choisis l'option 1 ( Recherche ) # Laisse travailler l'outil. 

# Ensuite post le rapport UsbFix.txt qui apparaitra. 

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt ) 


# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus. 

A+

mimo007 · Answer

-----------\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Uniprocessor Free :               Intel(R) Pentium(R) 4 CPU 2.80GHz )
   BIOS : Phoenix ROM BIOS PLUS Version 1.10 A09
   USER : Administrateur ( Administrator )
   BOOT : Normal boot
   Antivirus : Kaspersky Internet Security 7.0.0.125 (Not Activated)
   Firewall  : Kaspersky Internet Security 7.0.0.125 (Activated)
   C:\ (Local Disk) - NTFS - Total:54 Go (Free:25 Go)
   D:\ (Local Disk) - NTFS - Total:2 Go (Free:0 Go)
   E:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [1] ( 02/06/2009|23:14 )

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\Program Files\AskTBar
   C:\Program Files\AskTBar\bar
   C:\Program Files\AskTBar\SrchAstt
   C:\Program Files\AskTBar\bar\1.bin
   C:\Program Files\AskTBar\bar\Cache
   C:\Program Files\AskTBar\bar\History
   C:\Program Files\AskTBar\bar\Settings
   C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL
   C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
   C:\Program Files\AskTBar\bar\Cache\0001A718.bin
   C:\Program Files\AskTBar\bar\Cache\0001D56B.bin
   C:\Program Files\AskTBar\bar\Cache\00065769
   C:\Program Files\AskTBar\bar\Cache\00084251.bin
   C:\Program Files\AskTBar\bar\Cache\0008485C.bin
   C:\Program Files\AskTBar\bar\Cache\000DCDA1
   C:\Program Files\AskTBar\bar\Cache\files.ini
   C:\Program Files\AskTBar\bar\History\search2
   C:\Program Files\AskTBar\bar\Settings\prevcfg2.htm
   C:\Program Files\AskTBar\SrchAstt\1.bin
   C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
   C:\DOCUME~1\ADMINI~1\Cookies\administrateur@mysearch[2].txt

   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Start Page"="https://badoo.com/"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\ADMINI~1\Bureau\NERO\Nero Burning Rom 9.2.6.0 + SeriaL\Nero 9 KeyGen



   1 - "C:\ToolBar SD\TB_1.txt" - 02/06/2009|23:17 - Option : [1]

   -----------\  Fin du rapport a 23:17:00,50






############################## [ UsbFix V3.028 | Scan ]

# User : Administrateur (Administrateurs) # BASIC
# Update on 02/06/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 23:24:01 | 02/06/2009

#               Intel(R) Pentium(R) 4 CPU 2.80GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# AV : Kaspersky Internet Security 7.0.0.125 [ (!) Disabled | Updated ]
# FW : Kaspersky Internet Security[ Enabled ]7.0.0.125

# C:\ # Disque fixe local # 54,79 Go (25,89 Go free) # NTFS
# D:\ # Disque fixe local # 2,23 Go (224,06 Mo free) [Nouveau nom] # NTFS
# E:\ # Disque CD-ROM

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$WHATSUP\Binn\sqlservr.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
C:\WINDOWS\system32	cpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Ipswitch\WhatsUp Professional\NMService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [  Registre Startup ]

HKCU_Main:   "Local Page"="C:\WINDOWS\system32\blank.htm" 
HKCU_Main:   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" 
HKCU_Main:   "Start Page"="https://badoo.com/" 
HKLM_logon:  "Userinit"="C:\WINDOWS\system32\userinit.exe," 
HKLM_logon:  "DefaultUserName"="Administrateur" 
HKLM_logon:  "AltDefaultUserName"="Administrateur" 
HKLM_logon:  "LegalNoticeCaption"="" 
HKLM_logon:  "LegalNoticeText"="" 
HKLM_Run:    AVP="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" 
HKLM_Run:    C-Media Mixer=Mixer.exe /startup 
HKLM_Run:    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents= 
HKCU_Run:    msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background  
HKCU_Run:    SuperCopier2.exe=C:\Program Files\SuperCopier2\SuperCopier2.exe  
HKCU_Run:    Uniblue RegistryBooster 2009=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S  

################## [ Fichiers # Dossiers infectieux ]


################## [ Registre # Clés Run infectieuses ]


################## [ Registre # Mountpoints2 ]

HKCU\...\Explorer\MountPoints2\{9359ba05-4b01-11de-b712-00167618e19e}\Shell\AutoRun\Command  
HKCU\...\Explorer\MountPoints2\{9359ba05-4b01-11de-b712-00167618e19e}\Shell\open\Command  

################## [ ! Fin du rapport # UsbFix V3.028 ! ]

archet9 · Answer

Reprends Toolbar et Usbfix 
Lances l'option 2 pour les deux fix.
Colles les rapports stp...

a+

mimo007 · Answer

-----------\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Uniprocessor Free :               Intel(R) Pentium(R) 4 CPU 2.80GHz )
   BIOS : Phoenix ROM BIOS PLUS Version 1.10 A09
   USER : Administrateur ( Administrator )
   BOOT : Normal boot
   Antivirus : Kaspersky Internet Security 7.0.0.125 (Not Activated)
   Firewall  : Kaspersky Internet Security 7.0.0.125 (Activated)
   C:\ (Local Disk) - NTFS - Total:54 Go (Free:25 Go)
   D:\ (Local Disk) - NTFS - Total:2 Go (Free:0 Go)
   E:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [2] ( 07/06/2009| 2:14 )

   -----------\ SUPPRESSION

   Echec   ! - C:\Program Files\AskTBar\bar
   Echec   ! - C:\Program Files\AskTBar\SrchAstt
   Echec   ! - C:\Program Files\AskTBar\bar\1.bin
   Echec   ! - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
   Echec   ! - C:\Program Files\AskTBar\SrchAstt\1.bin
   Echec   ! - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
   Echec   ! - C:\Program Files\AskTBar

   -----------\ DEUXIEME PASSAGE
 
   Echec   ! - C:\Program Files\AskTBar\bar
   Echec   ! - C:\Program Files\AskTBar\SrchAstt
   Echec   ! - C:\Program Files\AskTBar\bar\1.bin
   Echec   ! - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
   Echec   ! - C:\Program Files\AskTBar\SrchAstt\1.bin
   Echec   ! - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
   Echec   ! - C:\Program Files\AskTBar

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\Program Files\AskTBar
   C:\Program Files\AskTBar\bar
   C:\Program Files\AskTBar\SrchAstt
   C:\Program Files\AskTBar\bar\1.bin
   C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
   C:\Program Files\AskTBar\SrchAstt\1.bin
   C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
   C:\DOCUME~1\ADMINI~1\Cookies\administrateur@mysearch[1].txt

   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Start Page"="https://badoo.com/"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Start Page"="https://www.msn.com/fr-fr/"


   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\ADMINI~1\Bureau\NERO\Nero Burning Rom 9.2.6.0 + SeriaL\Nero 9 KeyGen



   1 - "C:\ToolBar SD\TB_1.txt" - 02/06/2009|23:17 - Option : [1]
   2 - "C:\ToolBar SD\TB_2.txt" - 07/06/2009| 2:17 - Option : [2]

   -----------\  Fin du rapport a  2:17:07,04

archet9 · Answer

Ok, on va faire autrement:

---> Télécharge OTM (OldTimer) sur ton Bureau : 
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/ 

---> Double-clique sur OTMoveIt3.exe afin de le lancer. 

---> Copie (Ctrl+C) le texte suivant en gras ci-dessous : 

:processes 
explorer.exe 

:files 
c:\program files\asktbar\srchastt\1.bin\a5srchas.dll
c:\program files\asktbar\bar\1.bin\asktbar.dll
 

:reg 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
[-HKEY_CLASSES_ROOT\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FE063DB9-4EC0-403e-8DD8-394C54984B2C}"=-
 

:commands 
[purity] 
[emptytemp] 
[start explorer] 


---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved. 

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3. 

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. 
Accepte en cliquant sur YES. 

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\ 
Le nom du rapport correspond au moment de sa création : date_heure.log 

a+

mimo007 · Answer

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL unregistered successfully.
c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL moved successfully.
c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL unregistered successfully.
c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}\ not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_IO3X2yrg9FsTkC4TlZfH scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS	emp\cch~648a4d32.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~648a5381.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~64f74640.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~64f74cc1.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~650f8792.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~650f8dd0.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~651c4f59.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~651c55eb.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~65537072.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~6553770e.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~6573630e.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~657369a9.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~65751166.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~65751802.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~6582a1bd.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~6582a94a.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~65f4e504.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~65f4ec8a.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~66306bfa.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~6630728f.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~674e75b6.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~674e7c1c.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~67630221.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~676308dc.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~67638dfe.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~67639e5b.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~679cf381.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~679cfa20.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~67e4e899.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\cch~67e4efb0.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\Perflib_Perfdata_260.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\Perflib_Perfdata_3e8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\Perflib_Perfdata_5dc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7j01sgaw.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7j01sgaw.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7j01sgaw.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7j01sgaw.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7j01sgaw.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7j01sgaw.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTM by OldTimer - Version 2.1.0.0 log created on 06072009_153719

Files moved on Reboot...
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_IO3X2yrg9FsTkC4TlZfH not found!
File C:\WINDOWS	emp\cch~648a4d32.htp not found!
File C:\WINDOWS	emp\cch~648a5381.htp not found!
File C:\WINDOWS	emp\cch~64f74640.htp not found!
File C:\WINDOWS	emp\cch~64f74cc1.htp not found!
File C:\WINDOWS	emp\cch~650f8792.htp not found!
File C:\WINDOWS	emp\cch~650f8dd0.htp not found!
File C:\WINDOWS	emp\cch~651c4f59.htp not found!
File C:\WINDOWS	emp\cch~651c55eb.htp not found!
File C:\WINDOWS	emp\cch~65537072.htp not found!
File C:\WINDOWS	emp\cch~6553770e.htp not found!
File C:\WINDOWS	emp\cch~6573630e.htp not found!
File C:\WINDOWS	emp\cch~657369a9.htp not found!
File C:\WINDOWS	emp\cch~65751166.htp not found!
File C:\WINDOWS	emp\cch~65751802.htp not found!
File C:\WINDOWS	emp\cch~6582a1bd.htp not found!
File C:\WINDOWS	emp\cch~6582a94a.htp not found!
File C:\WINDOWS	emp\cch~65f4e504.htp not found!
File C:\WINDOWS	emp\cch~65f4ec8a.htp not found!
File C:\WINDOWS	emp\cch~66306bfa.htp not found!
File C:\WINDOWS	emp\cch~6630728f.htp not found!
File C:\WINDOWS	emp\cch~674e75b6.htp not found!
File C:\WINDOWS	emp\cch~674e7c1c.htp not found!
File C:\WINDOWS	emp\cch~67630221.htp not found!
File C:\WINDOWS	emp\cch~676308dc.htp not found!
File C:\WINDOWS	emp\cch~67638dfe.htp not found!
File C:\WINDOWS	emp\cch~67639e5b.htp not found!
File C:\WINDOWS	emp\cch~679cf381.htp not found!
File C:\WINDOWS	emp\cch~679cfa20.htp not found!
File C:\WINDOWS	emp\cch~67e4e899.htp not found!
File C:\WINDOWS	emp\cch~67e4efb0.htp not found!
File C:\WINDOWS	emp\Perflib_Perfdata_260.dat not found!
File C:\WINDOWS	emp\Perflib_Perfdata_3e8.dat not found!
C:\WINDOWS	emp\Perflib_Perfdata_5dc.dat moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7j01sgaw.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7j01sgaw.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7j01sgaw.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7j01sgaw.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7j01sgaw.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\7j01sgaw.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...

archet9 · Answer

1)
Branches tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau

# choisis l'option 2 ( Suppression )

# Ton bureau disparaitra et le pc redémarrera .

# Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

2)

Fais un scan avec cet antispyware :
Telecharges malwarebytes + tutoriel :  

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/ 

Tu l´installes; mets le a jour...(onglet mise a jour) 
Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
Puis click sur "rechercher".  
Laisses le scanner le pc... 
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "oui".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
Copies et colles le rapport stp. 

a+

mimo007 · Answer

############################## [ UsbFix V3.028 | Cleaning ]

# User : Administrateur (Administrateurs) # BASIC
# Update on 02/06/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 15:28:12 | 07/06/2009

#               Intel(R) Pentium(R) 4 CPU 2.80GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# AV : Kaspersky Internet Security 7.0.0.125 [ (!) Disabled | Updated ]
# FW : Kaspersky Internet Security[ Enabled ]7.0.0.125

# C:\ # Disque fixe local # 54,79 Go (25,75 Go free) # NTFS
# D:\ # Disque fixe local # 2,23 Go (219,65 Mo free) [Nouveau nom] # NTFS
# E:\ # Disque CD-ROM

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$WHATSUP\Binn\sqlservr.exe
C:\WINDOWS\system32	cpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ipswitch\WhatsUp Professional\NMService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

################## [ Fichiers # Dossiers infectieux ]


################## [ Registre # Clés Run infectieuses ]


################## [ Registre # Mountpoints2 ]


################## [ Listing des fichiers présent ]

[04/04/2009 18:22|--a------|1024] - C:\.rnd
[20/05/2006 23:48|--a------|32] - C:\ALCSetup.log
[06/10/2008 23:08|---hs----|7] - C:\AUTOEXEC.BAT
[06/10/2008 22:10|--a------|303] - C:\Boot.bak
[14/01/2009 22:43|-rahs----|373] - C:\boot.ini
[28/09/2001 15:00|-rahs----|4952] - C:\Bootfont.bin
[24/05/2009 22:32|-ra------|8294] - C:\CLDMA.LOG
[04/08/2004 00:00|--a------|263488] - C:\cmldr
[06/06/2009 01:30|--a------|15405] - C:\ComboFix.txt
[29/04/2006 18:56|--a------|0] - C:\CONFIG.SYS
[07/12/2008 15:01|--a------|15360] - C:\divx-connected.db
[29/04/2006 18:56|-rahs----|0] - C:\IO.SYS
[29/04/2006 18:56|-rahs----|0] - C:\MSDOS.SYS
[28/03/2003 14:00|-rahs----|47548] - C:\NTDETECT.COM
[28/03/2003 14:00|-rahs----|279344] - C:
tldr
[?|?|?] - C:\pagefile.sys
[06/05/2006 20:36|--a------|13030] - C:\PDOXUSRS.NET
[17/10/2008 12:06|--ah-----|268] - C:\sqmdata00.sqm
[17/10/2008 12:06|--ah-----|244] - C:\sqmnoopt00.sqm
[07/06/2009 02:17|--a------|2908] - C:\TB.txt
[07/06/2009 15:30|--a------|3196] - C:\UsbFix.txt
[09/10/2008 12:15|--a------|1799] - D:\caracteres_ascii.zip
[21/11/2008 17:52|--a------|63488] - D:\CV 3.doc
[23/11/2008 16:26|--a------|23552] - D:\lettre motivation.doc
[08/12/2008 02:04|--a------|439697] - D:	racroute.zip

################## [ Vaccination ]

# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.  
# D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.  

################## [ ! Fin du rapport # UsbFix V3.028 ! ]

mimo007 · Answer

Malwarebytes' Anti-Malware 1.37
Version de la base de données: 2243
Windows 5.1.2600 Service Pack 2

07/06/2009 18:34:58
mbam-log-2009-06-07 (18-34-53).txt

Type de recherche: Examen rapide
Eléments examinés: 88304
Temps écoulé: 23 minute(s), 47 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 (Security.Hijack) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 (Security.Hijack) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 (Security.Hijack) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\documents and settings\propriétaire\local settings\application data\winlogon.VIR (Heuristics.Reserved.Word.Exploit) -> No action taken.

archet9 · Answer

---> Télécharge ComboFix.exe de sUBs sur ton Bureau : 
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\ 

---> Double-clique sur Combofix.exe 
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...". 
Accepte en cliquant sur "Oui" 

---> Mets-le en langue française F 
Tape sur la touche 1 (Yes) pour démarrer le scan. 

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\ 

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire. 

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu 

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\ 

Note : Le rapport se trouve également là : C:\ComboFix.txt

a+

mimo007 · Answer

ComboFix 09-06-05.05 - Administrateur 07/06/2009 22:43.3 - NTFSx86
Microsoft Windows XP Professionnel  5.1.2600.2.1252.33.1036.18.766.381 [GMT 2:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
Les fichiers ci-dessous ont été désactivés pendant l'exécution:
c:\program files\SuperCopier2\SC2Hook.dll


((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Windows Live\Messenger\msnmsgr.exe

.
(((((((((((((((((((((((((((((   Fichiers créés du 2009-05-07 au 2009-06-07  ))))))))))))))))))))))))))))))))))))
.

2009-06-07 16:03 . 2009-06-07 16:03	--------	d-----w-	c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-06-07 16:03 . 2009-05-26 11:20	40160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-07 16:03 . 2009-06-07 16:03	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-07 16:03 . 2009-06-07 16:03	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-06-07 16:03 . 2009-05-26 11:19	19096	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-06-07 13:37 . 2009-06-07 13:37	--------	d-----w-	C:\_OTM
2009-06-07 00:11 . 2009-06-07 20:37	--------	d-----w-	c:\documents and settings\Administrateur\Tracing
2009-06-07 00:03 . 2009-06-07 00:03	--------	d-----w-	c:\program files\Microsoft Office Outlook Connector
2009-06-06 23:59 . 2009-06-07 00:03	--------	d-----w-	c:\program files\Microsoft
2009-06-06 23:59 . 2009-06-06 23:59	--------	d-----w-	c:\program files\Windows Live SkyDrive
2009-06-06 23:29 . 2009-06-06 23:29	--------	d-----w-	c:\program files\Fichiers communs\Windows Live
2009-06-06 10:31 . 2009-06-06 10:31	--------	d-----w-	c:\program files\Analog Devices
2009-06-02 21:21 . 2009-06-07 13:32	--------	d-----w-	C:\UsbFix
2009-06-02 21:12 . 2009-06-07 00:17	--------	d-----w-	C:\ToolBar SD
2009-06-01 21:47 . 2009-06-01 21:50	--------	d-----w-	c:\program files	rend micro
2009-06-01 21:47 . 2009-06-01 21:50	--------	d-----w-	C:sit
2009-05-28 22:18 . 2009-06-07 20:41	--------	d-----w-	c:\program files\SuperCopier2
2009-05-24 11:37 . 1998-08-27 04:51	182032	----a-w-	c:\windows\system32\dxtmsft3.dll
2009-05-24 11:37 . 2004-08-05 12:00	221184	----a-w-	c:\windows\system32\wmpns.dll
2009-05-17 20:10 . 2009-05-17 20:10	--------	d-----w-	c:\documents and settings\Administrateur\Application Data\Uniblue
2009-05-16 23:39 . 2009-05-16 23:39	--------	d-----w-	c:\program files\ARAR

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 20:51 . 2008-11-12 23:33	17880608	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2009-06-07 20:51 . 2008-11-12 23:33	955168	--sha-w-	c:\windows\system32\drivers\fidbox2.dat
2009-06-07 20:36 . 2008-11-12 23:33	--------	d-----w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-06-07 17:19 . 2008-11-12 23:33	92324	--sha-w-	c:\windows\system32\drivers\fidbox2.idx
2009-06-07 17:19 . 2008-11-12 23:33	242816	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2009-06-07 00:10 . 2008-11-15 17:05	83400	----a-w-	c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-07 00:02 . 2008-10-17 09:09	--------	d-----w-	c:\program files\Windows Live
2009-06-06 23:29 . 2004-08-05 12:00	89120	----a-w-	c:\windows\system32\perfc00C.dat
2009-06-06 23:29 . 2004-08-05 12:00	518840	----a-w-	c:\windows\system32\perfh00C.dat
2009-06-06 23:24 . 2009-04-04 16:21	--------	d-----w-	c:\program files\LogMeIn
2009-06-06 10:34 . 2006-04-29 17:30	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-06-05 22:49 . 2009-01-10 22:10	--------	d-----w-	c:\program files\Fichiers communs\Nero
2009-06-05 22:49 . 2009-01-10 22:10	--------	d-----w-	c:\documents and settings\All Users\Application Data\Nero
2009-06-05 22:49 . 2009-01-10 22:11	--------	d-----w-	c:\program files\Nero
2009-05-24 11:47 . 2007-11-27 21:05	--------	d-----w-	c:\program files\PCI Audio Applications
2009-05-20 21:48 . 2008-11-12 23:34	94643	----a-w-	c:\windows\system32\drivers\klick.dat
2009-05-20 21:48 . 2008-11-12 23:34	105395	----a-w-	c:\windows\system32\drivers\klin.dat
2009-04-30 23:42 . 2009-01-16 20:33	--------	d-----w-	c:\program files\Fichiers communs\ACD Systems
2009-04-30 23:42 . 2009-04-30 23:42	--------	d-----w-	c:\documents and settings\All Users\Application Data\ACD Systems
2009-04-30 23:41 . 2009-04-30 23:41	--------	d-----w-	c:\program files\ACD Systems
2009-04-30 22:33 . 2009-04-30 22:11	--------	d-----w-	c:\program files\PhotoFiltre
2009-04-05 15:02 . 2009-04-05 15:02	410984	----a-w-	c:\windows\system32\deploytk.dll
2009-04-05 15:01 . 2009-04-05 15:01	152576	----a-w-	c:\documents and settings\Administrateur\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2004-08-03 23:54 . 2004-08-03 23:54	1392671	--sh--r-	c:\windows\system32\msvbvm60.dll
.

(((((((((((((((((((((((((((((   SnapShot@2009-06-05_23.25.19   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-07 20:35 . 2009-06-07 20:35	16384              c:\windows\Temp\Perflib_Perfdata_7c.dat
+ 2009-06-07 20:35 . 2009-06-07 20:35	16384              c:\windows\Temp\Perflib_Perfdata_3f8.dat
+ 2009-06-07 20:35 . 2009-06-07 20:35	16384              c:\windows\Temp\Perflib_Perfdata_270.dat
+ 2009-02-06 16:52 . 2009-02-06 16:52	49504              c:\windows\system32\sirenacm.dll
+ 2004-08-05 12:00 . 2009-06-06 23:29	76162              c:\windows\system32\perfc009.dat
- 2004-08-05 12:00 . 2009-06-01 21:49	76162              c:\windows\system32\perfc009.dat
- 2008-10-06 20:17 . 2009-06-05 21:06	32768              c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-06 20:17 . 2009-06-07 20:35	32768              c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-06 20:17 . 2009-06-07 20:35	32768              c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-10-06 20:17 . 2009-06-05 21:06	32768              c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-10-06 20:17 . 2009-06-05 21:06	16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-10-06 20:17 . 2009-06-07 20:35	16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-06-07 00:03 . 2009-06-07 00:03	29316              c:\windows\Installer\{95120000-0120-040C-0000-0000000FF1CE}\olc_setup.exe
+ 2009-06-06 23:59 . 2009-06-06 23:59	62304              c:\windows\Installer\{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}\IconWlc.exe
+ 2009-06-07 00:01 . 2009-06-07 00:01	58945              c:\windows\Installer\{63DC2DA0-2A6C-4C38-9249-B75395458657}\wlmail.exe
+ 2009-06-07 00:11 . 2009-06-07 00:11	80395              c:\windows\Installer\{059C042E-796A-4ACC-A81A-ECC2010BB78C}\MsblIco.Exe
+ 2009-06-07 00:31 . 2009-06-07 00:31	49152              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\49d7a5364f8f2840b9e21f81e8fdd75b\WindowsLiveWriter.ni.exe
+ 2007-11-06 23:19 . 2007-11-06 23:19	655872              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-06 23:19 . 2007-11-06 23:19	568832              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-06 18:23 . 2007-11-06 18:23	224768              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2004-08-05 12:00 . 2009-06-06 23:29	450650              c:\windows\system32\perfh009.dat
- 2004-08-05 12:00 . 2009-06-01 21:49	450650              c:\windows\system32\perfh009.dat
+ 2006-04-29 18:45 . 2009-06-07 00:23	298848              c:\windows\system32\FNTCACHE.DAT
+ 2009-06-07 00:32 . 2009-06-07 00:32	638976              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\1b3e6250f4f81948bf63f28a64bb77cf\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2009-06-07 00:32 . 2009-06-07 00:32	143360              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ecce5c546370e245b04d75776dae221f\WindowsLive.Writer.Extensibility.ni.dll
+ 2009-06-07 00:32 . 2009-06-07 00:32	135168              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e3044d7f672f5348acd168157f447c89\WindowsLive.Writer.Passport.ni.dll
+ 2009-06-07 00:32 . 2009-06-07 00:32	163840              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ccaa72861773934893ef964104639819\WindowsLive.Writer.Instrumentation.ni.dll
+ 2009-06-07 00:32 . 2009-06-07 00:32	286720              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c60949808489c841b4d13cd3abdc1377\WindowsLive.Writer.Mshtml.ni.dll
+ 2009-06-07 00:32 . 2009-06-07 00:32	352256              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c13b2b4977762f4899fbc433a21d210b\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2009-06-07 00:32 . 2009-06-07 00:32	176128              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b2580ac06b72804b886bc3feb543edbb\WindowsLive.Writer.HtmlParser.ni.dll
+ 2009-06-07 00:32 . 2009-06-07 00:32	929792              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9b98f8468c4a71478bc9246172fa986b\WindowsLive.Writer.BlogClient.ni.dll
+ 2009-06-07 00:31 . 2009-06-07 00:31	876544              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\902ed468ebb93d41899f8b013e788e2c\WindowsLive.Writer.Controls.ni.dll
+ 2009-06-07 00:32 . 2009-06-07 00:32	139264              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\88020c860c3bf54aa53ae38a1909235b\WindowsLive.Writer.FileDestinations.ni.dll
+ 2009-06-07 00:32 . 2009-06-07 00:32	376832              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6bf303649812ae46819bac8d9df6ada0\WindowsLive.Writer.SpellChecker.ni.dll
+ 2009-06-07 00:32 . 2009-06-07 00:32	335872              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6a2cdea796e90844a95146436d60e3e3\WindowsLive.Writer.Interop.ni.dll
+ 2009-06-07 00:32 . 2009-06-07 00:32	204800              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6289dbb871e6d943b68f387bda3eb76b\WindowsLive.Writer.BrowserControl.ni.dll
+ 2009-06-07 00:32 . 2009-06-07 00:32	335872              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\58e6258790c11647a58eca82530d5c02\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2009-06-07 00:32 . 2009-06-07 00:32	475136              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\493329e017464e409fa0fc70355c8f05\WindowsLive.Writer.Localization.ni.dll
+ 2009-06-07 00:32 . 2009-06-07 00:32	643072              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\24624d7dab6d2f478d9caec81293ce90\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2009-06-07 00:32 . 2009-06-07 00:32	114688              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\169ee5066f2f194c99003c0432b76e78\WindowsLive.Writer.Api.ni.dll
+ 2009-06-07 00:32 . 2009-06-07 00:32	163840              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\a67a2917772f2a4c9eb89ee64a2f0a2b\WindowsLive.Client.ni.dll
+ 2009-06-07 00:32 . 2009-06-07 00:32	2093056              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c0df8e551dbf1e4a859157bedc97fa37\WindowsLive.Writer.CoreServices.ni.dll
+ 2009-06-07 00:31 . 2009-06-07 00:31	6516736              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5339a2ba1d644f46815d998c4fec4583\WindowsLive.Writer.PostEditor.ni.dll
+ 2009-06-07 00:32 . 2009-06-07 00:32	1163264              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\41317b5374378142b3e17d4b0b7ef729\WindowsLive.Writer.ApplicationFramework.ni.dll
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe}]
2009-04-04 17:00	1883672	----a-w-	c:\program files\Eazel-FR	bEaz1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [BU]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-07-12 1581056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nLite"="c:\windows\inf
lite.cmd" [2004-08-25 385]
"tscuninstall"="c:\windows\system32	scupgrd.exe" [2004-08-05 44544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"2"= mmc.exe
"5"= regedt32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\LMIinit]
2008-10-16 18:35	87352	----a-w-	c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\games\RedFaction\rf.exe"=
"c:\Program Files\Skype\Phone\Skype.exe"=
"c:\Program Files\Windows Live\Messenger\wlcsdk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Groupement homologue Windows
"3540:UDP"= 3540:UDP:Protocole PNRP (Peer Name Resolution Protocol)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86ainfo.sys [24/07/2008 18:46 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [04/04/2009 18:22 47640]
R2 MSSQL$WHATSUP;MSSQL$WHATSUP;c:\program files\Microsoft SQL Server\MSSQL$WHATSUP\Binn\sqlservr.exe -sWHATSUP --> c:\program files\Microsoft SQL Server\MSSQL$WHATSUP\Binn\sqlservr.exe -sWHATSUP [?]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [04/04/2007 15:58 24344]
S2 Ipswitch WhatsUp Engine;Ipswitch WhatsUp Engine;c:\program files\Ipswitch\WhatsUp Professional\NmService.exe [06/05/2006 20:19 118784]
S3 ch7009;ch7009;c:\windows\system32\drivers\ch7009.sys [02/05/2006 21:48 20096]
S3 ch7017;ch7017;c:\windows\system32\drivers\ch7017.sys [02/05/2006 21:48 26112]
S3 d3dUtil;d3dutil;c:\windows\system32\drivers\d3dutil.sys [02/05/2006 21:48 2560]
S3 DCamUSBNW802;Mustek Wcam 300;c:\windows\system32\DRIVERS\pcam.sys --> c:\windows\system32\DRIVERS\pcam.sys [?]
S3 fs454;fs454;c:\windows\system32\drivers\fs454.sys [02/05/2006 21:48 15488]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [19/11/2008 21:00 33752]
S3 i740;i740;c:\windows\system32\drivers\i740nt5.sys [01/05/2006 13:59 58592]
S3 igdmini;igdmini;c:\windows\system32\drivers\igdmini.sys [02/05/2006 21:48 248192]
S3 lvds;lvds;c:\windows\system32\drivers\lvds.sys [02/05/2006 21:48 5504]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [02/09/2008 16:14 191656]
S3 ns2501;ns2501;c:\windows\system32\drivers
s2501.sys [02/05/2006 21:48 7424]
S3 ns387;ns387;c:\windows\system32\drivers
s387.sys [02/05/2006 21:48 5376]
S3 sii164;sii164;c:\windows\system32\drivers\sii164.sys [02/05/2006 21:48 4992]
S3 SQLAgent$WHATSUP;SQLAgent$WHATSUP;c:\program files\Microsoft SQL Server\MSSQL$WHATSUP\Binn\sqlagent.EXE -i WHATSUP --> c:\program files\Microsoft SQL Server\MSSQL$WHATSUP\Binn\sqlagent.EXE -i WHATSUP [?]
S3 th164;th164;c:\windows\system32\drivers	h164.sys [02/05/2006 21:48 4736]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc	REG_MULTI_SZ   	p2psvc p2pimsvc p2pgasvc PNRPSvc
.
.
------- Examen supplémentaire -------
.
mWindow Title = 
uInternet Settings,ProxyOverride = <local>
IE: Ajouter à Kaspersky Anti-Bannière - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\7j01sgaw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - plugin: c:\program files\Microsoft\Office Live
pOLW.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-07 22:51
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc21.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1708537768-796845957-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{10100274-7665-5820-EE9C-CA6118A9FAA4}*]
"iahocmeknfbkhicdoi"=hex:6a,61,6d,6c,61,6e,6f,68,63,6e,6d,65,6c,61,61,61,70,6e,
   6f,6c,00,00
"hannejmcbnmepgep"=hex:6a,61,6d,6c,61,6e,6f,68,63,6e,6d,65,6c,61,61,61,70,6e,
   6f,6c,00,51

[HKEY_USERS\S-1-5-21-1708537768-796845957-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2D427C0A-EA3A-41A6-5948-9253F17E4BAD}*]
"hajfndedpamcppni"=hex:6b,61,67,63,63,70,69,61,70,61,67,70,62,65,62,62,6c,66,
   6b,64,67,68,00,00
"ialfdnpikmpalicndj"=hex:6b,61,67,63,63,70,69,61,70,61,67,70,62,65,62,62,6c,66,
   6b,64,67,68,00,00
"gamgdojdkomlab"=hex:6b,61,67,63,63,70,68,61,62,69,63,6f,65,6e,65,6f,69,6d,68,
   70,67,70,00,00

[HKEY_USERS\S-1-5-21-1708537768-796845957-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8E1D2FBB-81DE-AD0F-3E0B-238414B2FF4E}*]
"iabkphejpfkgokfoeg"=hex:6a,61,61,6e,6e,62,67,64,61,68,61,6d,68,64,66,68,61,67,
   66,6e,00,00
"halkckbnngepkpka"=hex:6a,61,61,6e,6e,62,67,64,61,68,61,6d,68,64,66,68,61,67,
   66,6e,00,00

[HKEY_USERS\S-1-5-21-1708537768-796845957-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D71CE600-65C2-2EE8-5B94-B17EF975D373}*]
"iadebjikfgngnoaofp"=hex:6a,61,6b,6d,61,69,67,6c,6a,62,6a,68,66,6d,65,66,6c,67,
   6d,6e,00,00
"hanchoekokkdoplo"=hex:6a,61,6b,6d,61,69,67,6c,6a,62,6a,68,66,6d,65,66,6c,67,
   6d,6e,00,cc

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3A8231D8-10AA-E501-D1628F1228C1C23D}\{9FBDD5EA-4495-C0E7-9FB18FDE150E0FB1}\{CE138A88-EA8A-2B13-832B7DD9051A701A}*]
"HM2IWJHCJ1YPACACB3J45EIVWF1"=hex:01,00,01,00,00,00,00,00,05,82,2b,8a,0b,60,84,
   6f,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E24A3BE2-0E58-440D-C5291999CC5C5741}\{9EE83BBD-CDA7-8737-4BFE3ADA0C41BF51}\{12860FBF-70CB-D90A-D9669DC891BE38B3}*]
"HM2IWJHCJ1YPACACB3J45EIVWF1"=hex:01,00,01,00,00,00,00,00,05,82,2b,8a,0b,60,84,
   6f,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1236)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
c:\windows\system32\klogon.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'lsass.exe'(1292)
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
.
Heure de fin: 2009-06-07 22:54
ComboFix-quarantined-files.txt  2009-06-07 20:54
ComboFix2.txt  2009-06-05 23:30
ComboFix3.txt  2009-01-14 20:57

Avant-CF: 28 193 017 856 octets libres
Après-CF: 28 176 662 528 octets libres

241

archet9 · Answer

Remets 1 RSIT stp ...

a+

mimo007 · Answer

info.txt logfile of random's system information tool 1.06 2009-06-01 23:50:09

======Uninstall list======

-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->C:\Program Files\Fichiers communs\Real\Update_OB1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee Pro 2-->MsiExec.exe /I{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}
Acrobat.com-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Acrobat Reader 3.0-->C:\WINDOWS\uninst.exe -fC:\Acrobat3\Reader\DeIsL1.isu
Adobe AIR-->C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Advanced RAR Repair v1.2-->C:\PROGRA~1\ARAR\UNWISE.EXE C:\PROGRA~1\ARAR\INSTALL.LOG
aMule-->C:\Program Files\aMule\uninstall.exe
AutoScan-->C:\Program Files\AutoScan-1.02 Pre BETA\uninstall.exe
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Eazel-FR Toolbar-->C:\PROGRA~1\Eazel-FR\UNWISE.EXE   /U C:\PROGRA~1\Eazel-FR\INSTALL.LOG  
Free Download Manager 2.5-->"C:\Program Files\Free Download Manager\unins000.exe"
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files	rend micro\HijackThis.exe" /uninstall
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Kaspersky Internet Security 7.0-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
LogMeIn-->MsiExec.exe /I{7F831576-6246-42C7-B523-55B3F96509CC}
Macromedia Flash Player 8 Plugin-->MsiExec.exe /X{23AEBB83-CB47-4739-8A0C-92CC1E32AA2F}
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft DirectX Transform optional components-->RUNDLL32.EXE ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\DXTXTRA.INF,UNINSTALL.NT,12
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server Desktop Engine (WHATSUP)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Virtual PC 2007-->MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB927977)-->MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
Nero 6 Ultra Edition-->C:\Program Files\Ahead
ero\uninstall\UNNERO.exe /UNINSTALL
Nero 9-->C:\Program Files\Fichiers communs\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
Nero BackItUp 4-->C:\Program Files\Fichiers communs\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="9M11-01CA-032E-01A5-AA9C-H44K-6T9U-X4HW"
Nero MediaHome 4-->C:\Program Files\Fichiers communs\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="9M06-019C-TTET-880Z-5PUM-6XA2-5MEC-35WM"
Nero Move it-->C:\Program Files\Fichiers communs\Nero\Nero ProductInstaller 4\SetupX.exe  REMOVESERIALNUMBER="9M09-01AC-5TE3-KEU9-177W-C6E0-6KCT-2W4K"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
PCI Audio Applications-->C:\Program Files\PCI Audio Applications\Bin\Uninstall.exe
PCI Audio Driver-->cmuninst.exe
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804} 
Sam Spade version 1.14-->"C:\Program Files\Blighty Design\unins000.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x40c -remove -removeonly
SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" 
SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AV: Kaspersky Internet Security (disabled)
FW: Kaspersky Internet Security

======System event log======

Computer Name: BASIC
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.

Record Number: 14658
Source Name: Service Control Manager
Time Written: 20090414211211.000000+120
Event Type: Informations
User: 

Computer Name: BASIC
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexions d'accès distant.

Record Number: 14657
Source Name: Service Control Manager
Time Written: 20090414211211.000000+120
Event Type: Informations
User: BASIC\Administrateur

Computer Name: BASIC
Event Code: 7036
Message: Le service NLA (Network Location Awareness) est entré dans l'état : en cours d'exécution.

Record Number: 14656
Source Name: Service Control Manager
Time Written: 20090414211211.000000+120
Event Type: Informations
User: 

Computer Name: BASIC
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness).

Record Number: 14655
Source Name: Service Control Manager
Time Written: 20090414211211.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: BASIC
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.

Record Number: 14654
Source Name: Service Control Manager
Time Written: 20090414211211.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

=====Application event log=====

Computer Name: BASIC
Event Code: 101
Message: msnmsgr (2984) Le moteur de base de données est arrêté.

Record Number: 11822
Source Name: ESENT
Time Written: 20090418194929.000000+120
Event Type: Informations
User: 

Computer Name: BASIC
Event Code: 103
Message: msnmsgr (2984) \.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\chtywy1@hotmail.fr\SharingMetadata\Working\database_60C0_3829_C038_7B4\dfsr.db: Le moteur de base de données a arrêté une instance (0).

Record Number: 11821
Source Name: ESENT
Time Written: 20090418194929.000000+120
Event Type: Informations
User: 

Computer Name: BASIC
Event Code: 102
Message: msnmsgr (2984) \.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\chtywy1@hotmail.fr\SharingMetadata\Working\database_60C0_3829_C038_7B4\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).

Record Number: 11820
Source Name: ESENT
Time Written: 20090418122306.000000+120
Event Type: Informations
User: 

Computer Name: BASIC
Event Code: 100
Message: msnmsgr (2984) Le moteur de base de données 5.01.2600.2180 est démarré.

Record Number: 11819
Source Name: ESENT
Time Written: 20090418122306.000000+120
Event Type: Informations
User: 

Computer Name: BASIC
Event Code: 101
Message: msnmsgr (2984) Le moteur de base de données est arrêté.

Record Number: 11818
Source Name: ESENT
Time Written: 20090418122227.000000+120
Event Type: Informations
User: 

=====Security event log=====

Computer Name: BASIC
Event Code: 850
Message: Un port générait une erreur d'exception lorsque le Pare-feu Windows a démarré.



Origine de la stratégie : Stratégie locale

Profil utilisé : Standard

Interface : Toutes les interfaces

Nom : Groupement homologue Windows

Numéro du port : 3587

Protocole : TCP

État : Activé

Étendue : Tous les sous-réseaux

Record Number: 32986
Source Name: Security
Time Written: 20090521235920.000000+120
Event Type: Succès de l'audit
User: AUTORITE NT\SYSTEM

Computer Name: BASIC
Event Code: 850
Message: Un port générait une erreur d'exception lorsque le Pare-feu Windows a démarré.



Origine de la stratégie : Stratégie locale

Profil utilisé : Standard

Interface : Toutes les interfaces

Nom : Protocole PNRP (Peer Name Resolution Protocol)

Numéro du port : 3540

Protocole : UDP

État : Activé

Étendue : Tous les sous-réseaux

Record Number: 32985
Source Name: Security
Time Written: 20090521235920.000000+120
Event Type: Succès de l'audit
User: AUTORITE NT\SYSTEM

Computer Name: BASIC
Event Code: 850
Message: Un port générait une erreur d'exception lorsque le Pare-feu Windows a démarré.



Origine de la stratégie : Stratégie locale

Profil utilisé : Standard

Interface : Toutes les interfaces

Nom : Bureau à distance

Numéro du port : 3389

Protocole : TCP

État : Désactivé

Étendue : Tous les sous-réseaux

Record Number: 32984
Source Name: Security
Time Written: 20090521235920.000000+120
Event Type: Succès de l'audit
User: AUTORITE NT\SYSTEM

Computer Name: BASIC
Event Code: 850
Message: Un port générait une erreur d'exception lorsque le Pare-feu Windows a démarré.



Origine de la stratégie : Stratégie locale

Profil utilisé : Standard

Interface : Toutes les interfaces

Nom : Infrastructure UPnP sur TCP

Numéro du port : 2869

Protocole : TCP

État : Activé

Étendue : Sous-réseau local uniquement

Record Number: 32983
Source Name: Security
Time Written: 20090521235920.000000+120
Event Type: Succès de l'audit
User: AUTORITE NT\SYSTEM

Computer Name: BASIC
Event Code: 850
Message: Un port générait une erreur d'exception lorsque le Pare-feu Windows a démarré.



Origine de la stratégie : Stratégie locale

Profil utilisé : Standard

Interface : Toutes les interfaces

Nom : Composant SSDP de l'infrastructure UpnP

Numéro du port : 1900

Protocole : UDP

État : Activé

Étendue : Sous-réseau local uniquement

Record Number: 32982
Source Name: Security
Time Written: 20090521235920.000000+120
Event Type: Succès de l'audit
User: AUTORITE NT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Fichiers communs\Ulead Systems\MPEG;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Intel\DMIX
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=C:\WINDOWS\system32\QTJava.zip
"QTJAVA"=C:\WINDOWS\system32\QTJava.zip

-----------------EOF-----------------




__________________________________________________________________________



Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-06-01 23:47:35
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 27 GB (47%) free of 56 GB
Total RAM: 766 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:50:04, on 01/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files	rend micro\Administrateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://badoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR	bEaz1.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR	bEaz1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR	bEaz1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-21-1708537768-796845957-682003330-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NeroMediaHomeUser.4')
O4 - HKUS\S-1-5-21-1708537768-796845957-682003330-1005\..\RunOnce: [nLite] %systemroot%\inf
lite.cmd (User 'NeroMediaHomeUser.4')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nLite] %systemroot%\inf
lite.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nLite] %systemroot%\inf
lite.cmd (User 'Default user')
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://www.securitoo.com/ols/fscax.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Ipswitch WhatsUp Engine - Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421 - C:\Program Files\Ipswitch\WhatsUp Professional\NMService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe

archet9 · Answer

Logfile of Trend Micro HijackThis v2.0.2 
Scan saved at 23:50:04, on 01/06/2009 
Platform: Windows XP SP2 (WinNT 5.01.2600) 
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) 

Un nouveau RSIT stp.....


a+

mimo007 · Answer

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-06-08 23:14:26
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 27 GB (48%) free of 56 GB
Total RAM: 766 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:14:37, on 08/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$WHATSUP\Binn\sqlservr.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32	cpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files	rend micro\Administrateur.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR	bEaz1.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR	bEaz1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Eazel-FR Toolbar - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} - C:\Program Files\Eazel-FR	bEaz1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nLite] %systemroot%\inf
lite.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nLite] %systemroot%\inf
lite.cmd (User 'Default user')
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://www.securitoo.com/ols/fscax.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Ipswitch WhatsUp Engine - Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421 - C:\Program Files\Ipswitch\WhatsUp Professional\NMService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe (file missing)

archet9 · Answer

Donne des nouvelles du pc stp....

a+

mimo007 · Answer

en fait j'ai toujours les mêmes symptomes je crois que je dois le formater

archet9 · Answer

Fais ceci avant
Avec OTM

---> Double-clique sur OTMoveIt3.exe afin de le lancer. 

---> Copie (Ctrl+C) le texte suivant en gras ci-dessous : 

:processes 
explorer.exe 

:files 
 C:\WINDOWS\PEV.exe 



:commands 
[purity] 
[emptytemp] 
[start explorer] 

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved. 

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3. 

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. 
Accepte en cliquant sur YES. 

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\ 
Le nom du rapport correspond au moment de sa création : date_heure.log 

a+

Plus de son qui sort de mon pc

20 réponses

Newsletters