pages de pubs intempestives !Fermé

Question

Bonjour a tous, 

Je viens aujourd'hui pour vous demander de l'aide. 
En effet mon ordinateur  est au ralenti  depuis quelques jours et je reçois beaucoup  de publicités intempestives lors de navigation.pouvez vous m'aidez s'il vous plait .

ps/ j'ai fait     Navilog1 et catchme je vous joins les deux rapports  merci.


Fix Navipromo version 4.0.4 commencé le 10/11/2009 17:41:06,85

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files
avilog1

Mise à jour le 09.11.2009 à 20h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free :               Intel(R) Pentium(R) 4 CPU 3.06GHz )
BIOS : Award Medallion BIOS v6.00PG
USER : pc ( Administrator )
BOOT : Normal boot

Antivirus : Norton Internet Security 16.0.0.125 (Activated)
Firewall  : Norton Internet Security 16.0.0.125 (Activated)

A:\ (USB)
C:\ (Local Disk) - NTFS - Total:232 Go (Free:137 Go)
D:\ (CD or DVD)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (USB)


Recherche executée en mode normal 

Nettoyage exécuté au redémarrage de l'ordinateur


c:\docume~1\alluse~1\applic~1\Games-Attack supprimé !
C:\WINDOWS\prefetch\epate*.pf supprimé !
c:\docume~1\pc\locals~1\applic~1\epate.exe supprimé !
c:\docume~1\pc\locals~1\applic~1\epate.dat supprimé !
c:\docume~1\pc\locals~1\applic~1\epate_nav.dat supprimé !
c:\docume~1\pc\locals~1\applic~1\epate_navps.dat supprimé !
C:\DOCUME~1\Elias\locals~1\applic~1\bkcpim.exe supprimé !
C:\DOCUME~1\Elias\locals~1\applic~1\bkcpim.dat supprimé !
C:\DOCUME~1\Elias\locals~1\applic~1\bkcpim_nav.dat supprimé !
C:\DOCUME~1\Elias\locals~1\applic~1\bkcpim_navps.dat supprimé !


Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\pc\locals~1\Temp effectué !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok




*** Scan terminé 10/11/2009 17:48:30,23 ***




catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-10 17:51:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0



merci

moment de grace · Answer

bonjour

• Télécharge Random's System Information Tool (RSIT) de Random/Random. 

http://images.malwareremoval.com/random/RSIT.exe 

• Enregistre le sur ton Bureau. 

• Double clique sur RSIT.exe pour lancer l'outil. 

• Clique sur "Continue" à l'écran Disclaimer. 

• Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande) 

et tu devras accepter la licence. 

• Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp

Les rapports se trouvent à cet endroit: 
C:\rsit\info.txt 
C:\rsit\log.txt

jami-du34 · Answer

bonjour 

voici les rapports comme demandé  ci joint 
merci


info.txt logfile of random's system information tool 1.06 2009-11-10 18:49:23

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{47ECCB1F-2811-49C0-B6A7-26778639ABA0}
99 Puzzle & Logic-->MsiExec.exe /I{959D65B6-F9BC-4572-950F-1A84BC96E89B}
Action Replay Code Manager-->"C:\Program Files\Datel\Action Replay Code Manager\unins000.exe"
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}
Adobe Reader 9.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001}
Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArtRage 2 Starter Edition-->MsiExec.exe /X{016884F6-765D-4482-AE07-34C930718B5C}
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Athan Basic 3.8-->C:\WINDOWS\iun6002.exe "C:\Program Files\Athan\Athan\irunin.ini"
BodyBoarding-->MsiExec.exe /I{C10D105B-D51E-4CB0-80B6-69B90CD6B8B0}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Chicken Little-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1D2E2C9C-5661-4383-945D-F6F787329B51}\Setup.exe" -l0x40c Chicken Little
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
EE Full-->MsiExec.exe /I{C087A7EF-E572-4A39-B7EE-B1391B12D516}
eMule-->"C:\Program Files\eMule\Uninstall.exe"
FaxTools-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x40c ControlPanel
Free - Kit de connexion-->C:\Program Files\Free.fr\uninstall.exe
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files	rend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Customer Participation Program 12.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Imaging Device Functions 12.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart C4500 All-In-One Driver Software12.0 Rel .4-->C:\Program Files\HP\Digital Imaging\{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}\setup\hpzscr01.exe -datfile hposcr30.dat -onestop -forcereboot
HP Photosmart Essential 3.5-->C:\Program Files\HP\Digital Imaging\PhotosmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 12.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Labtec Mouse Software 3.0-->C:\Program Files\Labtec\Mouse\V3.0\uninst00.exe
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LG Bluetooth Drivers-->MsiExec.exe /X{F59A3B93-6C1C-4C3E-BCC4-4897490E2963}
LG MC USB U330 driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}\setup.exe" -l0x40c  -removeonly
LG PC Suite III-->C:\Program Files\InstallShield Installation Information\{C0E18DC4-C74A-4889-AE3A-933471023787}\setup.exe -runfromtemp -l0x040c -removeonly
LG USB Modem Drivers-->MsiExec.exe /X{D137B59C-551C-4659-8AA8-206FA650BF40}
LimeWire 5.3.6-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam-->MsiExec.exe /X{7D2370AC-D8E6-4996-986A-19824F8A167C}
Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Ma-Config.com-->MsiExec.exe /X{425FFD94-36BD-4933-881B-FE0B9DADF2B7}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-040C-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWudf01007$\spuninst\spuninst.exe"
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Model Railroad Simulator-->MsiExec.exe /I{A21E0C06-FCC4-41CB-92C0-E13C9D002A79}
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Moovida-->C:\Program Files\Moovida\uninstall-1.0.6.exe
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
NETGEAR WG111v3 wireless USB 2.0 adapter-->C:\Program Files\InstallShield Installation Information\{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}\setup.exe -runfromtemp -l0x040c
Nokia Connectivity Cable Driver-->MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296}
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\2454B0AB\16.7.2.11\InstStub.exe /X
Norton Security Scan-->C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\InstStub.exe /X
NVIDIA Drivers-->C:\WINDOWS\system32
vuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation
View
ViewSetup.exe -uninstall
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Package de pilotes Windows - Nokia pccsmcfd  (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
PC Connectivity Solution-->MsiExec.exe /I{0C973594-7DDF-4BD0-84ED-3517F7622037}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Photo! Editor 1.1-->"C:\Program Files\Photo!\Photo! Editor\unins000.exe"
Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
ProtectDisc Driver, Version 11-->C:\Program Files\ProtectDisc Driver Installer\uninstall_v11.exe
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Rayman3-->MsiExec.exe /X{BAF5914B-5730-4373-B038-9F436AC6A0D6}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c  -removeonly
Safari-->MsiExec.exe /I{E56D39F8-2A9F-44B4-B068-A72E45A073E6}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shareaza 2.5.0.0-->"C:\Program Files\Shareaza\Uninstall\unins000.exe"
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Smart Link 56K Voice Modem-->C:\WINDOWS\Modio\SLAMR2KV\Setup.exe /Remove
Transfert Windows-->"C:\WINDOWS\$NtUninstallWET7Cable$\spuninst\spuninst.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VLC media player 1.0.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Widget SFR 2.4-->C:\Program Files\SFRWidget\uninst.exe
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
ZoneAlarm Security Suite-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Security center information======

AV: Norton Internet Security
FW: Norton Internet Security

======System event log======

Computer Name: PC-FD4B7AB09A17
Event Code: 7036
Message: Le service Service de découvertes SSDP est entré dans l'état : en cours d'exécution.

Record Number: 1145
Source Name: Service Control Manager
Time Written: 20091105192723.000000+060
Event Type: Informations
User: 

Computer Name: PC-FD4B7AB09A17
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service de découvertes SSDP.

Record Number: 1144
Source Name: Service Control Manager
Time Written: 20091105192721.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: PC-FD4B7AB09A17
Event Code: 7036
Message: Le service Connexions réseau est entré dans l'état : en cours d'exécution.

Record Number: 1143
Source Name: Service Control Manager
Time Written: 20091105192719.000000+060
Event Type: Informations
User: 

Computer Name: PC-FD4B7AB09A17
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Connexions réseau.

Record Number: 1142
Source Name: Service Control Manager
Time Written: 20091105192719.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: PC-FD4B7AB09A17
Event Code: 7036
Message: Le service NLA (Network Location Awareness) est entré dans l'état : en cours d'exécution.

Record Number: 1141
Source Name: Service Control Manager
Time Written: 20091105192709.000000+060
Event Type: Informations
User: 

=====Application event log=====

Computer Name: PC-FD4B7AB09A17
Event Code: 34
Message: Le service 'Norton Internet Security' démarre.

Record Number: 7490
Source Name: Norton Internet Security
Time Written: 20091013155036.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: PC-FD4B7AB09A17
Event Code: 1
Message: 
Record Number: 7489
Source Name: Bonjour Service
Time Written: 20091013155032.000000+120
Event Type: Informations
User: 

Computer Name: PC-FD4B7AB09A17
Event Code: 0
Message: 
Record Number: 7488
Source Name: gusvc
Time Written: 20091013155032.000000+120
Event Type: Informations
User: 

Computer Name: PC-FD4B7AB09A17
Event Code: 0
Message: 
Record Number: 7487
Source Name: iPod Service
Time Written: 20091013154557.000000+120
Event Type: Informations
User: 

Computer Name: PC-FD4B7AB09A17
Event Code: 101
Message: Niveau d'information : success

Le Planificateur a lancé LiveUpdate automatique.

Record Number: 7486
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20091013154556.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------











et voici  le 2iemes rapports .





Logfile of random's system information tool 1.06 (written by random/random)
Run by pc at 2009-11-10 18:48:52
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 142 GB (60%) free of 238 GB
Total RAM: 1535 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:20, on 10/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Winsudate\gibsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXE
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Athan\Athan\Athan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Winsudate\gibusr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Athan\Athan\Athan.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\pc\Bureau\RSIT.exe
C:\Program Files	rend micro\pc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O3 - Toolbar: (no name) - {66886C4D-B307-4ECA-A228-52CA9B9851A4} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation
View
wiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Microsoft Update] livemessenger.com
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan\Athan.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Assistant Smart Wizard NETGEAR pour WG311v3.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)
O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Winsudate - C:\Program Files\Winsudate\gibsvc.exe
O24 - Desktop Component 0: (no name) - http://www.eco-importateur-magasin-quad-scooter-motocross.com/...

moment de grace · Answer

ok

il reste plusieur infections...



Téléchargez USBFIX de Chiquitine29, C_xx 
https://www.androidworld.fr/
ou
https://www.ionos.fr/?affiliate_id=77097


/!\ Utilisateur de vista et windows 7 : ne pas oublier de désactiver Le contrôle des comptes utilisateurs 
https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac 

/!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir 

• Double clic sur le raccourci UsbFix présent sur le bureau . 

• Choisir l'option 1 (Recherche) 
(d’autres options disponibles, voir le tutoriel). 
• Laissez travailler l'outil. 

• Ensuite postez le rapport UsbFix.txt qui apparaîtra. 

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt ) 

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller ) 

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus. 


• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html

jami-du34 · Answer

voici le rapport de usbFix.





############################## | UsbFix V6.050 |

User : pc (Administrateurs) # PC-FD4B7AB09A17
Update on 09/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 19:04:06 | 10/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

              Intel(R) Pentium(R) 4 CPU 3.06GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Norton Internet Security 16.0.0.125 [ Enabled | Updated ]
FW : Norton Internet Security[ Enabled ]16.0.0.125

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 232,88 Go (139,09 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 972
C:\WINDOWS\system32\csrss.exe 1076
C:\WINDOWS\system32\winlogon.exe 1104
C:\WINDOWS\system32\services.exe 1148
C:\WINDOWS\system32\lsass.exe 1160
C:\WINDOWS\system32
vsvc32.exe 1308
C:\WINDOWS\system32\svchost.exe 1364
C:\WINDOWS\system32\svchost.exe 1456
C:\WINDOWS\System32\svchost.exe 1652
C:\WINDOWS\system32\svchost.exe 1688
C:\WINDOWS\system32\svchost.exe 1820
C:\WINDOWS\system32\svchost.exe 1984
C:\WINDOWS\system32\spoolsv.exe 192
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe 228
C:\WINDOWS\system32\svchost.exe 300
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 388
C:\Program Files\Bonjour\mDNSResponder.exe 400
C:\WINDOWS\system32\svchost.exe 512
C:\WINDOWS\system32\svchost.exe 616
C:\Program Files\Java\jre6\bin\jqs.exe 636
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE 760
C:\WINDOWS\System32\svchost.exe 792
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe 812
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe 1620
C:\WINDOWS\System32\svchost.exe 156
C:\WINDOWS\system32\slmdmsr.exe 1792
C:\WINDOWS\system32\svchost.exe 1860
C:\Program Files\Winsudate\gibsvc.exe 1896
C:\WINDOWS\system32\wbem\wmiapsrv.exe 2232
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe 2932
C:\WINDOWS\Explorer.EXE 3176
C:\Program Files\Labtec\Mouse\V3.0\moffice.exe 4020
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe 536
C:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXE 2416
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe 3168
C:\Program Files\iTunes\iTunesHelper.exe 3644
C:\WINDOWS\system32\RUNDLL32.EXE 3892
C:\WINDOWS\SOUNDMAN.EXE 3984
C:\WINDOWS\ALCWZRD.EXE 4028
C:\Program Files\Java\jre6\bin\jusched.exe 5128
C:\Program Files\Athan\Athan\Athan.exe 5220
C:\WINDOWS\system32\ctfmon.exe 5272
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 5292
C:\Program Files\Winsudate\gibusr.exe 5412
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 5476
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe 5804
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe 5832
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 5912
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe 5940
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe 2200
C:\Program Files\iPod\bin\iPodService.exe 6036
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe 4380
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe 4124
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe 5572
C:\Program Files\Mozilla Firefox\firefox.exe 4012
C:\WINDOWS\explorer.exe 4412
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe 5564
C:\Program Files\iTunes\iTunesHelper.exe 4920
C:\WINDOWS\system32\RUNDLL32.EXE 5016
C:\WINDOWS\ALCWZRD.EXE 5588
C:\Program Files\Athan\Athan\Athan.exe 1084
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe 1352
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 5528
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe 256
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe 2084
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe 4516
C:\WINDOWS\system32\wbem\wmiprvse.exe 4528

################## | Fichiers # Dossiers infectieux |


################## | Registre # Clés Run infectieuses |

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Microsoft Update"  

################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{77004867-54ea-11de-b4ce-000feaccda5d}
Shell\AutoRun\command =I:\LaunchU3.exe -a

HKCU\..\..\Explorer\MountPoints2\{e03e3562-4161-11de-b829-000feaccda5d}
shell\AUtoPLAY\coMmANd =I:\xfsg.cmd 
shell\AutoRun\command =I:\xfsg.cmd 
shell\explore\CoMmand =I:\xfsg.cmd 
shell\oPen\coMMAnD =I:\xfsg.cmd 

################## | Suspect | https://www.virustotal.com/gui/ |


################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # UsbFix V6.050 ! |

moment de grace · Answer

&#9679; Relance UsbFix 

&#9679; Dans le menu principale cette fois choisit l'option2 

 Le menu démarrer et les icônes vont à nouveau disparaître.. c'est normal. 

Si un message te demande de redémarrer l'ordinateur fais le ... 

&#9679; Au redémarrage, le fix se relance... laisses l'opération s'effectuer. 

&#9679; Le bloc note s'ouvre avec un rapport, envoies le dans la prochaine réponse

jami-du34 · Answer

voici le rapport 


############################## | UsbFix V6.050 |

User : pc (Administrateurs) # PC-FD4B7AB09A17
Update on 09/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 19:44:18 | 10/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

              Intel(R) Pentium(R) 4 CPU 3.06GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Norton Internet Security 16.0.0.125 [ Enabled | Updated ]
FW : Norton Internet Security[ Enabled ]16.0.0.125

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 232,88 Go (139,06 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 972
C:\WINDOWS\system32\csrss.exe 1076
C:\WINDOWS\system32\winlogon.exe 1104
C:\WINDOWS\system32\services.exe 1148
C:\WINDOWS\system32\lsass.exe 1160
C:\WINDOWS\system32
vsvc32.exe 1308
C:\WINDOWS\system32\svchost.exe 1364
C:\WINDOWS\system32\svchost.exe 1456
C:\WINDOWS\System32\svchost.exe 1652
C:\WINDOWS\system32\svchost.exe 1688
C:\WINDOWS\system32\svchost.exe 1820
C:\WINDOWS\system32\svchost.exe 1984
C:\WINDOWS\system32\spoolsv.exe 192
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe 228
C:\WINDOWS\system32\svchost.exe 300
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 388
C:\Program Files\Bonjour\mDNSResponder.exe 400
C:\WINDOWS\system32\svchost.exe 512
C:\WINDOWS\system32\svchost.exe 616
C:\Program Files\Java\jre6\bin\jqs.exe 636
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE 760
C:\WINDOWS\System32\svchost.exe 792
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe 812
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe 1620
C:\WINDOWS\System32\svchost.exe 156
C:\WINDOWS\system32\slmdmsr.exe 1792
C:\WINDOWS\system32\svchost.exe 1860
C:\Program Files\Winsudate\gibsvc.exe 1896
C:\WINDOWS\system32\wbem\wmiapsrv.exe 2232
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe 2932
C:\WINDOWS\Explorer.EXE 3176
C:\Program Files\Labtec\Mouse\V3.0\moffice.exe 4020
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe 536
C:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXE 2416
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe 3168
C:\Program Files\iTunes\iTunesHelper.exe 3644
C:\WINDOWS\system32\RUNDLL32.EXE 3892
C:\WINDOWS\SOUNDMAN.EXE 3984
C:\WINDOWS\ALCWZRD.EXE 4028
C:\Program Files\Java\jre6\bin\jusched.exe 5128
C:\Program Files\Athan\Athan\Athan.exe 5220
C:\WINDOWS\system32\ctfmon.exe 5272
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 5292
C:\Program Files\Winsudate\gibusr.exe 5412
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 5476
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe 5804
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe 5832
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 5912
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe 5940
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe 2200
C:\Program Files\iPod\bin\iPodService.exe 6036
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe 4380
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe 4124
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe 5572
C:\Program Files\Mozilla Firefox\firefox.exe 4012
C:\WINDOWS\explorer.exe 4412
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe 5564
C:\Program Files\iTunes\iTunesHelper.exe 4920
C:\WINDOWS\system32\RUNDLL32.EXE 5016
C:\WINDOWS\ALCWZRD.EXE 5588
C:\Program Files\Athan\Athan\Athan.exe 1084
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe 1352
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 5528
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe 256
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe 2084
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe 4516
C:\WINDOWS\system32\wbem\wmiprvse.exe 5636

################## | Fichiers # Dossiers infectieux |


################## | Registre # Clés Run infectieuses |

Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Microsoft Update"  

################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{77004867-54ea-11de-b4ce-000feaccda5d}\Shell\AutoRun\Command  
Supprimé ! HKCU\...\Explorer\MountPoints2\{e03e3562-4161-11de-b829-000feaccda5d}\Shell\AutoRun\Command  

################## | Listing des fichiers présent |

[12/05/2009 12:06|--a------|0] C:\AUTOEXEC.BAT 
[12/05/2009 12:00|---hs----|216] C:\boot.ini 
[02/03/2006 13:00|--ahs----|4952] C:\Bootfont.bin 
[10/11/2009 17:49|--a------|1814] C:\cleannavi.txt 
[12/05/2009 12:06|--a------|0] C:\CONFIG.SYS 
[12/05/2009 12:06|--ahs----|0] C:\IO.SYS 
[01/06/2009 17:08|--ah-----|572] C:\IPH.PH 
[12/05/2009 12:06|--ahs----|0] C:\MSDOS.SYS 
[02/03/2006 13:00|--ahs----|47564] C:\NTDETECT.COM 
[28/05/2009 19:53|--ahs----|252240] C:
tldr 
[29/02/2004 16:44|--a------|52576] C:\orange.bmp 
[?|?|?] C:\pagefile.sys 
[15/09/2009 14:46|--a------|129] C:\Raccourci vers Disque amovible (E).lnk 
[22/08/2009 13:43|--a------|49] C:\RtlAudio_Result.txt 
[13/05/2009 19:30|--a------|168] C:\setupfax.log 
[10/11/2009 19:49|--a------|5446] C:\UsbFix.txt 

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix.  

################## | Suspect | https://www.virustotal.com/gui/ |


################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # UsbFix V6.050 ! |

moment de grace · Answer

bien

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent 

&#9654; Télécharge List&Kill'em et enregistre le sur ton bureau 

http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem.exe

Il ne necessite pas d'installation 

&#9654;double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan 

choisis la langue puis choisis l'option 1 = Mode Recherche 

&#9654;laisse travailler l'outil 

à la fin du scan la fenêtre se referme seule. 

ouvre C:\List'em.txt 

&#9654;colle le contenu dans ta prochaine réponse

jami-du34 · Answer

voici  C:\List'em.txt 








List'em by g3n-h@ckm@n 1.0.5.3 

Thx to Chiquitine29..... 

User : pc (Administrateurs) # PC-FD4B7AB09A17
Update on 09/11/2009 by g3n-h@ckm@n ::::: 20.30 
Start at: 20:06:17 | 10/11/2009
Contact : g3n-h@ckm@n sur CCM

              Intel(R) Pentium(R) 4 CPU 3.06GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Norton Internet Security 16.0.0.125 [ (!) Disabled | Updated ]
FW : Norton Internet Security[ (!) Disabled ]16.0.0.125

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 232,88 Go (140,77 Go free) | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processus en cours 

C:\WINDOWS\System32\smss.exe 972
C:\WINDOWS\system32\csrss.exe 1076
C:\WINDOWS\system32\winlogon.exe 1104
C:\WINDOWS\system32\services.exe 1148
C:\WINDOWS\system32\lsass.exe 1160
C:\WINDOWS\system32
vsvc32.exe 1308
C:\WINDOWS\system32\svchost.exe 1364
C:\WINDOWS\system32\svchost.exe 1456
C:\WINDOWS\System32\svchost.exe 1652
C:\WINDOWS\system32\svchost.exe 1688
C:\WINDOWS\system32\svchost.exe 1820
C:\WINDOWS\system32\svchost.exe 1984
C:\WINDOWS\system32\spoolsv.exe 192
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe 228
C:\WINDOWS\system32\svchost.exe 300
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 388
C:\Program Files\Bonjour\mDNSResponder.exe 400
C:\WINDOWS\system32\svchost.exe 512
C:\WINDOWS\system32\svchost.exe 616
C:\Program Files\Java\jre6\bin\jqs.exe 636
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE 760
C:\WINDOWS\System32\svchost.exe 792
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe 812
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe 1620
C:\WINDOWS\System32\svchost.exe 156
C:\WINDOWS\system32\slmdmsr.exe 1792
C:\WINDOWS\system32\svchost.exe 1860
C:\Program Files\Winsudate\gibsvc.exe 1896
C:\WINDOWS\system32\wbem\wmiapsrv.exe 2232
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe 2932
C:\Program Files\Labtec\Mouse\V3.0\moffice.exe 4020
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe 536
C:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXE 2416
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe 3168
C:\Program Files\iTunes\iTunesHelper.exe 3644
C:\WINDOWS\SOUNDMAN.EXE 3984
C:\WINDOWS\ALCWZRD.EXE 4028
C:\Program Files\Java\jre6\bin\jusched.exe 5128
C:\Program Files\Athan\Athan\Athan.exe 5220
C:\WINDOWS\system32\ctfmon.exe 5272
C:\Program Files\Winsudate\gibusr.exe 5412
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 5476
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe 5804
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe 5832
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 5912
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe 5940
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe 2200
C:\Program Files\iPod\bin\iPodService.exe 6036
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe 4380
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe 4124
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe 5572
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe 5564
C:\Program Files\iTunes\iTunesHelper.exe 4920
C:\WINDOWS\ALCWZRD.EXE 5588
C:\Program Files\Athan\Athan\Athan.exe 1084
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe 1352
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 5528
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe 256
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe 2084
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe 4516
C:\WINDOWS\explorer.exe 18736
C:\Program Files\Mozilla Firefox\firefox.exe 21496
C:\WINDOWS\system32\wscntfy.exe 21108
C:\Documents and Settings\pc\Bureau\List_Killem.exe 19000
C:\WINDOWS\system32\cmd.exe 18764
C:\WINDOWS\system32\wbem\wmiprvse.exe 21704
C:\Documents and Settings\pc\Local Settings\Temp\75.tmp\pv.exe 20624

======================
Cles de demarrage "Run" 
======================
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe"
"msnmsgr"="\"C:\Program Files\Windows Live\Messenger\msnmsgr.exe\" /background"
"WinUsr"="C:\Program Files\Winsudate\gibusr.exe"
"swg"="\"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
@=""

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FLMOFFICE4DMOUSE"="C:\Program Files\Labtec\Mouse\V3.0\moffice.exe"
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"LogitechCommunicationsManager"="\"C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe\""
"LogitechQuickCamRibbon"="\"C:\Program Files\Logitech\QuickCam10\QuickCam10.exe\" /hide"
"QuickTime Task"="\"C:\Program Files\QuickTime\qttask.exe\" -atboottime"
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
"iTunesHelper"="\"C:\Program Files\iTunes\iTunesHelper.exe\""
"nwiz"="C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install"
"NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"SunJavaUpdateSched"="\"C:\Program Files\Java\jre6\bin\jusched.exe\""
"Adobe Reader Speed Launcher"="\"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe\""
"Adobe ARM"="\"C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe\""
"Athan"="C:\Program Files\Athan\Athan\Athan.exe"
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@=""
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@=""
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@=""
"Installed"="1"

=====================
cles additionnelles
=====================
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"ConsentPromptBehaviorAdmin"=dword:00000002

=============== 
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

=============== 
=============== 
=============== 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

======
BHO :
====== 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\NoExplorer]
@=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
@="HP Print Enhancer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0EEDB912-C5FA-486F-8334-57288578C627}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
@="AcroIEHelperStub"
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
"NoExplorer"=dword:00000001
@="Symantec NCO BHO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
"NoExplorer"=dword:00000001
@="Symantec Intrusion Prevention"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
@="Google Dictionary Compression sdch"
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
@="JQSIEStartDetectorImpl"
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
@="HP Smart BHO Class"
"NoExplorer"=dword:00000001

==========================
 
=========================
Environnement variables :
=========================

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\DOCUME~1\pc\APPLIC~1
Cache=C:\DOCUME~1\pc\LOCALS~1\TEMPOR~1
call=fichier appelé 
CD Burning=C:\DOCUME~1\pc\LOCALS~1\APPLIC~1\MICROS~1\CDBURN~1
choix=1
ChoixMenu=2
CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
CLIENTNAME=Console
Common Administrative Tools=C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\OUTILS~1
Common AppData=C:\DOCUME~1\ALLUSE~1\APPLIC~1
Common Desktop=C:\DOCUME~1\ALLUSE~1\Bureau
Common Documents=C:\DOCUME~1\ALLUSE~1\DOCUME~1
Common Favorites=C:\DOCUME~1\ALLUSE~1\Favoris
Common Music=C:\DOCUME~1\ALLUSE~1\DOCUME~1\MAMUSI~1
Common Pictures=C:\DOCUME~1\ALLUSE~1\DOCUME~1\MESIMA~1
Common Programs=C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1
Common Start Menu=C:\DOCUME~1\ALLUSE~1\MENUDM~1
Common Startup=C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1
Common Templates=C:\DOCUME~1\ALLUSE~1\MODLES~1
Common Video=C:\DOCUME~1\ALLUSE~1\DOCUME~1\MESVID~1
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=PC-FD4B7AB09A17
ComSpec=C:\WINDOWS\system32\cmd.exe
contrib=Merci pour votre contribution .
Cookies=C:\DOCUME~1\pc\Cookies
created=Dossier créé par UsbFix.
Del=Supprimé !
Desktop=C:\DOCUME~1\pc\Bureau
envoi=Veuillez envoyer le fichier :
est absent=est absent ..... 
etat=Etat / Services / Informations
Favorites=C:\DOCUME~1\pc\Favoris
Fdc=# Affichage des fichiers cachés restauré !
FdcNotOk=Affichage des fichiers cachés non fonctionnel !
FdcOK=# Affichage des fichiers cachés : OK
File=Fichier
findurapport=! Fin du rapport # UsbFix V6.050 !
fixname=UsbFix
fixvers=V6.050
Folder=Dossier
Fonts=C:\WINDOWS\Fonts
found=Présent !
FP_NO_HOST_CHECK=NO
History=C:\DOCUME~1\pc\LOCALS~1\HISTOR~1
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\pc
idioma=F
Key=Cle :
listdos=Listing des dossiers présents
listfich=Listing des fichiers présents
Local AppData=C:\DOCUME~1\pc\LOCALS~1\APPLIC~1
LOGONSERVER=\PC-FD4B7AB09A17
menu1=1 # Recherche .
menu2=2 # Suppression .
menu3=3 # Vacciner .
menu4=4 # Listing .
menu5=5 # Desinstaller .
menu6=Q # Quitter .
merci= Merci d'avoir utilis‚ UsbFix.
merci2=Merci .
Misskey=Clé manquante
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Documents and Settings\pc\Application Data\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\crashreporter-override.ini
Mse=# Mode sans echec restauré !
MseNotOK=Mode sans echec non fonctionnel !
MseOK=# Mode sans echec : OK
My Music=C:\DOCUME~1\pc\MESDOC~1\MAMUSI~1
My Pictures=C:\DOCUME~1\pc\MESDOC~1\MESIMA~1
NetHood=C:\DOCUME~1\pc\VOISIN~1
NoDel=Non supprimé !
notfound=Absent !
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
OSVER=0 
other=Autres suppression
ou=Le rapport est ici : C:\UsbFix.txt
Path=C:\Program Files\Mozilla Firefox;C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
Personal=C:\DOCUME~1\pc\MESDOC~1
PrintHood=C:\DOCUME~1\pc\VOISIN~2
proc=Processus actifs
proc1=Registre Startup
proc2=Fichiers # Dossiers infectieux
proc3=Registre # Clés Run infectieuses
proc4=Registre # Mountpoints2
proc5=Listing des fichiers présent
proc6=Vaccination
proc7=UsbFix V6.050 # UsbScript
proc8=Cracks # Keygens # Serials
proc9=Informations # Fichier Suspect
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
Processus=Processus
ProgramFiles=C:\Program Files
Programs=C:\DOCUME~1\pc\MENUDM~1\PROGRA~1
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
Rapport=C:\UsbFix.txt
reboot=UsbFix, redemarrage en cours...
Recent=C:\DOCUME~1\pc\Recent
rech=Recherche :
Reference=Références de comparaison MD5 :
reinstaller=Veuillez reinstaller 
SendTo=C:\DOCUME~1\pc\SendTo
SESSIONNAME=Console
sfxcmd="C:\Documents and Settings\pc\Bureau\UsbFix.exe" 
sfxname=C:\Documents and Settings\pc\Bureau\UsbFix.exe
Start Menu=C:\DOCUME~1\pc\MENUDM~1
Startup=C:\DOCUME~1\pc\MENUDM~1\PROGRA~1\DMARRA~1
step1=UsbFix s'apprete a demarrer....
step2=Nettoyage des fichiers temporaires ...
step3=Etat de la machine ...
Suspect=Suspect
SysDir=C:\WINDOWS\system32
SystemDrive=C:
SystemRoot=C:\WINDOWS
tazbam=C:\Documents and Settings
TEMP=C:\DOCUME~1\pc\LOCALS~1\Temp
Templates=C:\DOCUME~1\pc\MODLES~1
TMP=C:\DOCUME~1\pc\LOCALS~1\Temp
ToFindA=Adjust Time|AmericanOnLine|Antenna2Net|BrowseAllUsers|CD Burner|Crack_GoogleEarthPro|Disk Defragmenter|FaxSend|FloppyDiskPartion|GoogleToolbarNotifier|HP_LaserJetAllInOneConfig|IDE Conector P2P|InstallMSN11Ar|InstallMSN11En|JetAudio dump|Lock Folder|LockWindowsPartition|Make Windows Original|MakeUrOwnFamilyTree|Microsoft MSN|Microsoft Windows Network|msjavx86|NokiaN73Tools|PanasonicDVD_DigitalCam|RadioTV|Recycle Bin|RecycleBinProtect|ShowDesktop|Sony Erikson DigitalCam|Win98compatibleXP|Windows Keys Secrets|WindowsXp StartMenu Settings|WinrRarSerialInstall
ToFindB=backup|documents_backup|imp_data|MyDocuments|office_crack|passwords|serials|source|windows|windows_secrets
USERDOMAIN=PC-FD4B7AB09A17
USERNAME=pc
USERPROFILE=C:\Documents and Settings\pc
wait=Veuillez patienter.
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI 


¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

C:\Program Files\Winsudate  
C:\WINDOWS\GnuHashes.ini  
C:\WINDOWS\iun6002.exe  
C:\WINDOWS\System32\ACTSKN43.ocx  
C:\WINDOWS\System32\drivers\etc\hosts.msn  
C:\WINDOWS\system32\GroupPolicy000.dat  
C:\WINDOWS\system32\LocalService  
C:\WINDOWS\System32\SET65.tmp  
C:\WINDOWS\System32\SET66.tmp  
C:\WINDOWS\System32\SET67.tmp  
C:\WINDOWS\System32\SET68.tmp  
C:\WINDOWS\System32\SET6D.tmp  
C:\WINDOWS\System32\SET74.tmp  
C:\WINDOWS\System32\SET76.tmp  
C:\WINDOWS\System32\SET77.tmp  
C:\WINDOWS\System32\setb5.tmp  
C:\WINDOWS\system32\SystemX86  
C:\Documents and Settings\pc\application data\Passeport II Prefs  
 
¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes : 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{66886C4D-B307-4ECA-A228-52CA9B9851A4}"  
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"  
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}"  
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"  
"HKLM\Software\Trymedia Systems"  
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb}  
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}  
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}  
HKCU\Software\SweetIM  
HKLM\SOFTWARE\SweetIM  
 
¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch : 

ADOBEARM.EXE-1095AC0A.pf
ALCMTR.EXE-235F9538.pf
ALCWZRD.EXE-17389FC3.pf
APPLESYNCNOTIFIER.EXE-38620255.pf
ATHAN.EXE-3692C63A.pf
ATTRIB.EXE-39EAFB02.pf
AUPDATE.EXE-2253CB60.pf
BYPASS.EXE-3A13827B.pf
CATCHME.EXE-117437EE.pf
CCSVCHST.EXE-21EF8AAE.pf
CHKNTFS.EXE-31921D64.pf
CLEANMGR.EXE-1F86EA8E.pf
CLTLMH.EXE-2FE7AFA7.pf
CMD.EXE-087B4001.pf
COCIMANAGER.EXE-046DBC57.pf
COMMUNICATIONS_HELPER.EXE-18119FEE.pf
CSCRIPT.EXE-1C26180C.pf
CTFMON.EXE-0E17969B.pf
ECHOX.EXE-0EC32D49.pf
EXPLORER.EXE-082F38A9.pf
FAV.EXE-2068B130.pf
FIND.EXE-0EC32F1E.pf
FINDSTR.EXE-0CA6274B.pf
FIREFOX.EXE-28641590.pf
FOIENUM.EXE-04940350.pf
FSUM.EXE-1427D985.pf
GETPATHS.EXE-0651DA57.pf
GIBUPT.EXE-1B1C04EF.pf
GIBUSR.EXE-232BA68B.pf
GLB1C.TMP-36B0A5C0.pf
GLBF.TMP-39A0BB13.pf
GOOGLETOOLBARNOTIFIER.EXE-3629C61D.pf
GOOGLEUPDATERSERVICE.EXE-3AB369BE.pf
HDASHCUT.EXE-1B000CA9.pf
HPQBAM08.EXE-1ED43757.pf
HPQGPC01.EXE-271E6A7F.pf
HPQSRMON.EXE-13F4736C.pf
HPQSTE08.EXE-18A7280B.pf
HPQTRA08.EXE-17E37E7E.pf
HPRBLOG.EXE-16B72A6F.pf
IPODSERVICE.EXE-3192DE38.pf
ITUNESHELPER.EXE-15823303.pf
JQSNOTIFY.EXE-24AE4A36.pf
JUSCHED.EXE-25206883.pf
KILL.EXE-25FB2C73.pf
KILL_P.EXE-15C7A895.pf
Layout.ini
LIST_KILLEM.EXE-10B36E82.pf
LOGON.SCR-151EFAEA.pf
LOGONUI.EXE-0AF22957.pf
LUCOMS~1.EXE-02DB5950.pf
LVCOMSX.EXE-06BC6184.pf
LXBKBMGR.EXE-23FF8E05.pf
MODE.COM-31685BAE.pf
MOFFICE.EXE-3348BFEA.pf
MOUSE32A.EXE-290AD3D4.pf
MSFEEDSSYNC.EXE-25E13438.pf
MSIEXEC.EXE-2F8A8CAE.pf
MSNMSGR.EXE-030AB647.pf
MSOHTMED.EXE-1BD4AAD2.pf
NAVILOG1.EXE-2FD07971.pf
NOTEPAD.EXE-189578DA.pf
NOTEPAD.EXE-336351A9.pf
NTOSBOOT-B00DFAAD.pf
NWIZ.EXE-03B4F2CF.pf
OFFICELIVESIGNIN.EXE-042374FE.pf
OSE.EXE-0125EB9C.pf
OSV.EXE-02D60AAD.pf
PC.EXE-0705BB44.pf
PV.EXE-23649B30.pf
QTTASK.EXE-342507FB.pf
QUICKCAM10.EXE-1BD52EB5.pf
READER_SL.EXE-2B4EA1CB.pf
REG.EXE-0D2A95F7.pf
REGEDIT.EXE-1B606482.pf
RSIT.EXE-2D51CE13.pf
RUNDLL32.EXE-1340EF7F.pf
RUNDLL32.EXE-1619A94E.pf
RUNDLL32.EXE-31245BE5.pf
RUNDLL32.EXE-35A483DA.pf
RUNDLL32.EXE-415F88EC.pf
RUNDLL32.EXE-4489B61B.pf
RUNDLL32.EXE-451FC2C0.pf
RUNDLL32.EXE-4C065BF4.pf
RUNDLL32.EXE-4C4692C7.pf
SED.EXE-2A032EBB.pf
SETPATH.EXE-2D3D2E76.pf
SHUTDOWN.EXE-12DAD820.pf
SORT.EXE-194AE83C.pf
SOUNDMAN.EXE-19745A34.pf
SRVLNCH.EXE-25A7F64D.pf
SVCHOST.EXE-3530F672.pf
SWREG.EXE-2A961210.pf
SYKNLU.EXE-335C6BCD.pf
UPDATE.EXE-0D369EE0.pf
USBFIX.EXE-18BA07B9.pf
USERINIT.EXE-30B18140.pf
VERCLSID.EXE-3667BD89.pf
VSMON.EXE-1609C098.pf
WG111V3.EXE-2F5F5D49.pf
WINWORD.EXE-37F6AE09.pf
WMIPRVSE.EXE-28F301A9.pf
WSCNTFY.EXE-1B24F5EB.pf
WSCRIPT.EXE-32960AB9.pf
WUAUCLT.EXE-399A8E72.pf
ZONE ALARME.EXE-05B691F6.pf
 
 
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

moment de grace · Answer

ok

Suppression : 

REDEMARRE EN MODE SANS ECHEC ,

https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php

 puis : 

&#9654; Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista), 

mais cette fois-ci : 

&#9654; choisis l'option 2 = Mode Destruction 

laisse travailler l'outil 

&#9654; colle le contenu de C:\Kill'em.txt dans ta réponse après avoir redémarré en mode normal

jami-du34 · Answer

bonjour moment de grace 
je n'ai pas pu me connecter plus tôt je n'étais pas chez moi .
je ne peux pas télécharger le lien ci-dessous
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem.exe parce que je ne l'ai plus dans mon bureau je pense que c'est norton  mon par feu qu'il a effacé 

merci

moment de grace · Answer

oui effectivement et pas d'autres liens n'existent apparement

faisons autre chose

Téléchargez et enregistrez le fichier d installation sur le bureau
http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe


Double cliquez sur le fichier d'installation de AD-Remover, le programme s'installera automatiquement. 
Sous Vista : clic droit sur AD-Remover et sélectionner "Exécuter en tant qu'administrateur"
Au menu principal choisir l'option "s" et tapez sur [entrée] .
Laissez travailler l'outil et ne touchez à rien ... 
Postez le rapport  qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

jami-du34 · Answer

voici le rapport .


======= RAPPORT D'AD-REMOVER 1.1.4.6_B | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 11.11.2009 à  0:24
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 18:09:43, 12/11/2009 | Mode Normal | Option: SCAN
Exécuté de: "C:\Program Files\Ad-Remover\"
Système d'exploitation: Microsoft® Windows XP™  Service Pack 3 v5.1.2600
Nom du PC: PC-FD4B7AB09A17 | Utilisateur actuel: pc
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.

HKCU\Software\AppDataLow\HavingFunOnline 
HKCU\Software\Iminent 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} 
HKCU\Software\SweetIM 
HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook 
HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1 
HKLM\Software\Iminent 
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} 
HKLM\Software\SweetIM 
HKLM\Software\Trymedia Systems 
HKLM\Software\Microsoft\Internet Explorer\Toolbar\{66886C4D-B307-4ECA-A228-52CA9B9851A4} 
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EEE6C35B-6118-11DC-9C72-001320C79847} 
HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0} 
HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D} 
HKLM\Software\Classes\TypeLib\{DC3020B4-815F-427B-A5DA-82DC6634EBAD}

moment de grace · Answer

..

jami-du34 · Answer

voici le rapport 


.
======= RAPPORT D'AD-REMOVER 1.1.4.6_B | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 11.11.2009 à  0:24
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 18:23:09, 12/11/2009 | Mode Normal | Option: SCAN
Exécuté de: "C:\Program Files\Ad-Remover\"
Système d'exploitation: Microsoft® Windows XP™  Service Pack 3 v5.1.2600
Nom du PC: PC-FD4B7AB09A17 | Utilisateur actuel: pc
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.

HKCU\Software\AppDataLow\HavingFunOnline 
HKCU\Software\Iminent 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} 
HKCU\Software\SweetIM 
HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook 
HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1 
HKLM\Software\Iminent 
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} 
HKLM\Software\SweetIM 
HKLM\Software\Trymedia Systems 
HKLM\Software\Microsoft\Internet Explorer\Toolbar\{66886C4D-B307-4ECA-A228-52CA9B9851A4} 
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EEE6C35B-6118-11DC-9C72-001320C79847} 
HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0} 
HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D} 
HKLM\Software\Classes\TypeLib\{DC3020B4-815F-427B-A5DA-82DC6634EBAD} 
.
C:\WINDOWS\Installer\{E1B94435-241E-4519-B1C3-C4DD9EB352A2} 
C:\DOCUME~1\pc\Cookies\pc@zwinky[1].txt 
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.5 [fr] *
.
 Nom du profil: r9jme6jk.default (pc)
.
(pc, prefs.js) Browser.startup.homepage, about:blank
. 
(pc, prefs.js) Browser.download.lastDir, C:\Documents and Settings\pc\Bureau
(pc, prefs.js) Browser.search.defaultenginename, Fast Browser Search
(pc, prefs.js) Browser.startup.homepage, hxxp://www.wibeez.com/meteo
. 
(pc, prefs.js) TROUVE - Browser.search.defaultenginename, Fast Browser Search
(pc, prefs.js) TROUVE - Browser.search.defaultthis.engineName, iminent-en Customized Web Search
(pc, prefs.js) TROUVE - Browser.search.order.1, Fast Browser Search
. 
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://securityresponse.symantec.com/avcenter/fix_homepage
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchAssistant: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Search Bar: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://fr.msn.com/
Search Bar: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1227203949jtun_nghost12_patch_all.zip.full.zip
C:\Documents and Settings\pc\Bureau\music aicha 2\AOL Password Cracker.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\Brutus FTP Cracker.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\Counter-Strike KeyGen.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\DivX 5.0 Pro KeyGen.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\FTP Cracker.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\Hotmail Cracker.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\L0pht 4.0 Windows Password Cracker.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\Microsoft Visual Basic KeyGen.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\Microsoft Visual C++ KeyGen.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\Microsoft Visual Studio KeyGen.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\MSN Password Cracker.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\NetBIOS Cracker.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\Norton Anti-Virus 2005 Enterprise Crack.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\Password Cracker.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\UT 2003 KeyGen.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\Windows 2003 Advanced Server KeyGen.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\Windows Password Cracker.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\AOL Password Cracker.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Brutus FTP Cracker.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Counter-Strike KeyGen.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\DivX 5.0 Pro KeyGen.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\FTP Cracker.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Hotmail Cracker.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\L0pht 4.0 Windows Password Cracker.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Microsoft Visual Basic KeyGen.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Microsoft Visual C++ KeyGen.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Microsoft Visual Studio KeyGen.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\MSN Password Cracker.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\NetBIOS Cracker.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Norton Anti-Virus 2005 Enterprise Crack.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Password Cracker.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\UT 2003 KeyGen.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Windows 2003 Advanced Server KeyGen.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Windows Password Cracker.exe
.
===================================
.
1605 Octet(s) - C:\Ad-Report-SCAN[1].log 
6667 Octet(s) - C:\Ad-Report-SCAN[2].log 
.
56 Fichier(s) - C:\DOCUME~1\pc\LOCALS~1\Temp 
30 Fichier(s) - C:\WINDOWS\Temp 
.
3 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE 
.
Fin à: 18:47:34 | 12/11/2009 - SCAN[2]
.
============== E.O.F ==============
.

moment de grace · Answer

Même outil

En mode sans échec
https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php

Option L Lancer le nettoyage

poster le rapport


puis faire un nouveau RSit

jami-du34 · Answer

voici le rapport  ad-report-clean


.
======= RAPPORT D'AD-REMOVER 1.1.4.6_B | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 11.11.2009 à  0:24
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 19:47:11, 12/11/2009 | Mode sans echec | Option: CLEAN
Exécuté de: "C:\Program Files\Ad-Remover\"
Système d'exploitation: Microsoft® Windows XP™  Service Pack 3 v5.1.2600
Nom du PC: PC-FD4B7AB09A17 | Utilisateur actuel: pc
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.

HKCU\Software\AppDataLow\HavingFunOnline 
HKCU\Software\Iminent 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} 
HKCU\Software\SweetIM 
HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook 
HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1 
HKLM\Software\Iminent 
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} 
HKLM\Software\SweetIM 
HKLM\Software\Trymedia Systems 
HKLM\Software\Microsoft\Internet Explorer\Toolbar\{66886C4D-B307-4ECA-A228-52CA9B9851A4}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0} 
HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D} 
HKLM\Software\Classes\TypeLib\{DC3020B4-815F-427B-A5DA-82DC6634EBAD} 
.
C:\WINDOWS\Installer\{E1B94435-241E-4519-B1C3-C4DD9EB352A2}
C:\DOCUME~1\pc\Cookies\pc@zwinky[1].txt
 
(!) -- Fichiers temporaires supprimés. 
 
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.5 [fr] *
.
 Nom du profil: r9jme6jk.default (pc)
.
(pc, prefs.js) Browser.startup.homepage, about:blank
. 
(pc, prefs.js) Browser.download.lastDir, C:\Documents and Settings\pc\Bureau
(pc, prefs.js) Browser.search.defaultenginename, Fast Browser Search
(pc, prefs.js) Browser.startup.homepage, hxxp://www.wibeez.com/meteo
. 
(pc, prefs.js) EFFACE - Browser.search.defaultenginename, Fast Browser Search
(pc, prefs.js) EFFACE - Browser.search.defaultthis.engineName, iminent-en Customized Web Search
(pc, prefs.js) EFFACE - Browser.search.order.1, Fast Browser Search
. 
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchAssistant: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
Search Bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1227203949jtun_nghost12_patch_all.zip.full.zip
C:\Documents and Settings\pc\Bureau\music aicha 2\AOL Password Cracker.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\Brutus FTP Cracker.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\Counter-Strike KeyGen.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\DivX 5.0 Pro KeyGen.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\FTP Cracker.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\Hotmail Cracker.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\L0pht 4.0 Windows Password Cracker.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\Microsoft Visual Basic KeyGen.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\Microsoft Visual C++ KeyGen.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\Microsoft Visual Studio KeyGen.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\MSN Password Cracker.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\NetBIOS Cracker.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\Norton Anti-Virus 2005 Enterprise Crack.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\Password Cracker.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\UT 2003 KeyGen.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\Windows 2003 Advanced Server KeyGen.exe
C:\Documents and Settings\pc\Bureau\music aicha 2\Windows Password Cracker.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\AOL Password Cracker.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Brutus FTP Cracker.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Counter-Strike KeyGen.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\DivX 5.0 Pro KeyGen.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\FTP Cracker.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Hotmail Cracker.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\L0pht 4.0 Windows Password Cracker.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Microsoft Visual Basic KeyGen.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Microsoft Visual C++ KeyGen.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Microsoft Visual Studio KeyGen.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\MSN Password Cracker.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\NetBIOS Cracker.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Norton Anti-Virus 2005 Enterprise Crack.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Password Cracker.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\UT 2003 KeyGen.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Windows 2003 Advanced Server KeyGen.exe
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Windows Password Cracker.exe
.
===================================
.
6747 Octet(s) - C:\Ad-Report-CLEAN[1].log 
1605 Octet(s) - C:\Ad-Report-SCAN[1].log 
6990 Octet(s) - C:\Ad-Report-SCAN[2].log 
7037 Octet(s) - C:\Ad-Report-SCAN[3].log 
.
35 Fichier(s) - C:\DOCUME~1\pc\LOCALS~1\Temp 
0 Fichier(s) - C:\WINDOWS\Temp 
.
21 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
7 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE 
.
Fin à: 19:56:29 | 12/11/2009 - CLEAN[1]
.
============== E.O.F ==============
.


et voici  le nouveau  rapport de RSIT



Logfile of random's system information tool 1.06 (written by random/random)
Run by pc at 2009-11-12 20:16:02
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 144 GB (60%) free of 238 GB
Total RAM: 1535 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:16:13, on 12/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Winsudate\gibsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXE
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Athan\Athan\Athan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Winsudate\gibusr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\pc\Bureau\RSIT.exe
C:\Program Files	rend micro\pc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation
View
wiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan\Athan.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Assistant Smart Wizard NETGEAR pour WG311v3.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)
O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Winsudate - C:\Program Files\Winsudate\gibsvc.exe
O24 - Desktop Component 0: (no name) - http://www.eco-importateur-magasin-quad-scooter-motocross.com/...

moment de grace · Answer

Téléchargez MalwareByte's Anti-Malware
  https://www.majorgeeks.com/files/details/malwarebytes_anti_malware.html

  . sur la page cliques sur Télécharger Malwarebyte's Anti-Malware 
. enregistres le sur le bureau 
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation. 
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour 
. si le pare-feu demande l'autorisation de se connecter pour malwarebytes, acceptes 
. Une fois la mise à jour terminé 
. rend-toi dans l'onglet, Recherche 
. Sélectionnes Exécuter un examen complet 
. Cliques sur Rechercher 
. Le scan démarre. 
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés. 
. Cliques sur Ok pour poursuivre.
 . Si des malwares ont été détectés, cliques sur  Afficher les résultats 
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine. 
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse. 
. rends toi dans l'onglet rapport/log 
. tu cliques dessus pour l'afficher une fois affiché 
. tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous 
. tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse 
. tu cliques droit dans le cadre de la reponse et coller 


Si tu as besoin d'aide regarde ces tutoriels : 
 Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
 http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam

moment de grace · Answer

j'oubliais

désinstalles ceci avant le post 17

C:\Program Files\Winsudate\gibsvc.exe

jami-du34 · Answer

voici le log 


Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3155
Windows 5.1.2600 Service Pack 3

12/11/2009 22:57:55
mbam-log-2009-11-12 (22-57-55).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 313760
Temps écoulé: 2 hour(s), 18 minute(s), 8 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 143

Processus mémoire infecté(s):
C:\Program Files\Winsudate\gibsvc.exe (Adware.Gibmedia) -> Unloaded process successfully.
C:\Program Files\Winsudate\gibusr.exe (Adware.Gibmedia) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winsvc (Adware.Gibmedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\winsvc (Adware.Gibmedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winsvc (Adware.Gibmedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winusr (Adware.Gibmedia) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\WINDOWS\system32\LocalService (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86 (Worm.Archive) -> Quarantined and deleted successfully.
C:\Program Files\Winsudate (Adware.Gibmedia) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Winsudate\gibsvc.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Winsudate\gibusr.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\BASH\Clone\BHCB7.tmp (Trojan.Downloader) -> Delete on reboot.
C:\Documents and Settings\Amine\Local Settings\Temp\6.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amine\Local Settings\Temp\7.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amine\Local Settings\Temp\8.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amine\Local Settings\Temp\9.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amine\Local Settings\Temp\A.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amine\Local Settings\Temp\B.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elias\Bureau\CrazySmileys_setup.exe (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elias\Bureau\MUSIQUES 09\Nouveau dossier\Free-MediaCenter_setup.exe (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\music aicha 2\Counter-Strike KeyGen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\music aicha 2\FTP Cracker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\music aicha 2\Sub7 2.3 Private.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\music aicha 2\UT 2003 KeyGen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\music aicha 2\L0pht 4.0 Windows Password Cracker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\music aicha 2\Norton Anti-Virus 2005 Enterprise Crack.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\music aicha 2\Microsoft Visual Basic KeyGen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\music aicha 2\Microsoft Visual C++ KeyGen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\music aicha 2\Microsoft Visual Studio KeyGen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\music aicha 2\sdbot with NetBIOS Spread.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\music aicha 2\DCOM Exploit.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\music aicha 2\DivX 5.0 Pro KeyGen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\music aicha 2\Website Hacker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\music aicha 2\Windows 2003 Advanced Server KeyGen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\music aicha 2\Windows Password Cracker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\music aicha 2\AOL Instant Messenger (AIM) Hacker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\music aicha 2\AOL Password Cracker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\music aicha 2\Keylogger.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\music aicha 2\Half-Life 2 Downloader.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\music aicha 2\MSN Password Cracker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\music aicha 2\Brutus FTP Cracker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\music aicha 2\Hotmail Cracker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\music aicha 2\Hotmail Hacker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\music aicha 2\ICQ Hacker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\music aicha 2\IP Nuker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\music aicha 2\NetBIOS Cracker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\music aicha 2\NetBIOS Hacker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\music aicha 2\Password Cracker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\AOL Instant Messenger (AIM) Hacker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\AOL Password Cracker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Brutus FTP Cracker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Counter-Strike KeyGen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\DCOM Exploit.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\DivX 5.0 Pro KeyGen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\FTP Cracker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Half-Life 2 Downloader.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Hotmail Cracker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Hotmail Hacker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\ICQ Hacker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\IP Nuker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Keylogger.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\L0pht 4.0 Windows Password Cracker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Microsoft Visual Basic KeyGen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Microsoft Visual C++ KeyGen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Microsoft Visual Studio KeyGen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\MSN Password Cracker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\NetBIOS Cracker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\NetBIOS Hacker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Norton Anti-Virus 2005 Enterprise Crack.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Password Cracker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\sdbot with NetBIOS Spread.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Sub7 2.3 Private.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\UT 2003 KeyGen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Website Hacker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Windows 2003 Advanced Server KeyGen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Bureau\Nouveau Porte-documents\music aicha 2\Windows Password Cracker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\FTP Cracker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\Half-Life 2 Downloader.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\Hotmail Cracker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\Hotmail Hacker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\ICQ Hacker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\AOL Instant Messenger (AIM) Hacker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\AOL Password Cracker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\sdbot with NetBIOS Spread.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\Sub7 2.3 Private.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\UT 2003 KeyGen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\Website Hacker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\Windows 2003 Advanced Server KeyGen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\Windows Password Cracker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\Brutus FTP Cracker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\Microsoft Visual Basic KeyGen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\IP Nuker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\Keylogger.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\L0pht 4.0 Windows Password Cracker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\Counter-Strike KeyGen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\DCOM Exploit.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\DivX 5.0 Pro KeyGen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\Microsoft Visual C++ KeyGen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\Microsoft Visual Studio KeyGen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\MSN Password Cracker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\NetBIOS Cracker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\NetBIOS Hacker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\Norton Anti-Virus 2005 Enterprise Crack.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\eMule\Incoming\Password Cracker.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Winsudate\gibcom.dll (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Winsudate\gibidl.dll (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Winsudate\gibupt.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{32022699-9D96-42D5-8844-F4DE88DCAC1F}\RP180\A0128925.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{32022699-9D96-42D5-8844-F4DE88DCAC1F}\RP180\A0128943.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{32022699-9D96-42D5-8844-F4DE88DCAC1F}\RP180\A0128921.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{32022699-9D96-42D5-8844-F4DE88DCAC1F}\RP180\A0128922.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{32022699-9D96-42D5-8844-F4DE88DCAC1F}\RP180\A0128923.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{32022699-9D96-42D5-8844-F4DE88DCAC1F}\RP180\A0128924.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{32022699-9D96-42D5-8844-F4DE88DCAC1F}\RP180\A0128926.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{32022699-9D96-42D5-8844-F4DE88DCAC1F}\RP180\A0128927.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{32022699-9D96-42D5-8844-F4DE88DCAC1F}\RP180\A0128928.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{32022699-9D96-42D5-8844-F4DE88DCAC1F}\RP180\A0128929.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{32022699-9D96-42D5-8844-F4DE88DCAC1F}\RP180\A0128930.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{32022699-9D96-42D5-8844-F4DE88DCAC1F}\RP180\A0128931.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{32022699-9D96-42D5-8844-F4DE88DCAC1F}\RP180\A0128932.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{32022699-9D96-42D5-8844-F4DE88DCAC1F}\RP180\A0128933.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{32022699-9D96-42D5-8844-F4DE88DCAC1F}\RP180\A0128934.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{32022699-9D96-42D5-8844-F4DE88DCAC1F}\RP180\A0128935.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{32022699-9D96-42D5-8844-F4DE88DCAC1F}\RP180\A0128936.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{32022699-9D96-42D5-8844-F4DE88DCAC1F}\RP180\A0128937.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{32022699-9D96-42D5-8844-F4DE88DCAC1F}\RP180\A0128938.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{32022699-9D96-42D5-8844-F4DE88DCAC1F}\RP180\A0128939.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{32022699-9D96-42D5-8844-F4DE88DCAC1F}\RP180\A0128940.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{32022699-9D96-42D5-8844-F4DE88DCAC1F}\RP180\A0128941.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{32022699-9D96-42D5-8844-F4DE88DCAC1F}\RP180\A0128942.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{32022699-9D96-42D5-8844-F4DE88DCAC1F}\RP180\A0128944.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{32022699-9D96-42D5-8844-F4DE88DCAC1F}\RP180\A0128945.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{32022699-9D96-42D5-8844-F4DE88DCAC1F}\RP180\A0128946.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{32022699-9D96-42D5-8844-F4DE88DCAC1F}\RP180\A0128947.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{32022699-9D96-42D5-8844-F4DE88DCAC1F}\RP180\A0128948.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{32022699-9D96-42D5-8844-F4DE88DCAC1F}\RP180\A0128965.com (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\269.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\269.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\270.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\270.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\271.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\271.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\272.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\272.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\273.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\274.music2.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\275.music3.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LocalService\276.music.snd.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86\230.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GroupPolicy000.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amine\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.

moment de grace · Answer

un nouveau Rsit stp pour controler

jami-du34 · Answer

je viens de me rendre compte que tu m'avais envoyé ceci .
je n'ai pas pu faire ce que tu m'as demander 
j'espere rien de grave



J'oubliaiS

désinstalles ceci avant le post 17

C:\Program Files\Winsudate\gibsvc.exe

jami-du34 · Answer

voici le nouveau Rsit

Logfile of random's system information tool 1.06 (written by random/random)
Run by pc at 2009-11-13 11:10:28
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 144 GB (60%) free of 238 GB
Total RAM: 1535 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:39, on 13/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Athan\Athan\Athan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\pc\Bureau\RSIT.exe
C:\Program Files	rend micro\pc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation
View
wiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan\Athan.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Assistant Smart Wizard NETGEAR pour WG311v3.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (file missing)
O24 - Desktop Component 0: (no name) - http://www.eco-importateur-magasin-quad-scooter-motocross.com/...

moment de grace · Answer

comment va le pc ?

jami-du34 · Answer

Tous va bien mais j'ai remarqué lorsque j'éteins mon pc mon écran devient par alternance de couleur bleu ensuite orange ensuite blanc ensuite rouge .je ne s'est pas du tout d'où cela proviens.

moment de grace · Answer

???

depuis quand as tu ces problèmes d"écran

Rends toi sur ce site : 

https://www.virustotal.com/gui/ 

Clique sur parcourir et cherche ces fichiers

C:\WINDOWS\system32\hposwia_p01a.dll     
C:\WINDOWS\system32\hpost_p01a.dll     
C:\WINDOWS\system32\hposc_p01a.dl



Clique sur Send File. 

Un rapport va s'élaborer ligne à ligne. 

Attends la fin. Il doit comprendre la taille du fichier envoyé. 

Sauvegarde le rapport avec le bloc-note. 

Copie le dans ta réponse. 

.........

si tu ne les trouve pas

Affiche tous les fichiers et dossiers cachés : 
Pour cela : 
Clique sur démarrer/panneau de configuration/option des dossiers/affichage 

Cocher afficher les dossiers cachés 

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)" 

Décocher masquer les extensions dont le type est connu 

Puis fais «appliquer» pour valider les changements. 

Et OK

jami-du34 · Answer

ou je peux trouver ces fichiers 


C:\WINDOWS\system32\hposwia_p01a.dll
C:\WINDOWS\system32\hpost_p01a.dll
C:\WINDOWS\system32\hposc_p01a.dl

moment de grace · Answer

en suivant le chemin indiqué
poste de travail C puis windows puis system32 etc

moment de grace · Answer

bonjour nathandre

pour les raisons que nous connaissons, je serai honoré que tu prennes la main sur ce sujet (d'autant que je ne le vois pas le vundo) et que tu le mènes à son terme avec un regard interressé de ma part...

amicalement

Utilisateur anonyme · Answer

bonjour jami-du34
le vundo est un malware assez répandu qui provoque l'ouverture de fenêtres publicitaires intempestives, tu n'en a pas
pourrai tu héberger le rapport log.txtqui est dans le disque C sur ci joint.com pour que je puisse l'analyser plus en détail

Utilisateur anonyme · Answer

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime 
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" 
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE 
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe 
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1960408961-920026266-725345543-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 


Relance Hijackthis
Clique sur do a system scan only
Coche les lignes que je t'indique en gras
Clique sur fix checked
Redémarre le PC

Utilisateur anonyme · Answer

bonjour
Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

- http://images.malwareremoval.com/random/RSIT.exe

! Déconnecte toi et ferme toutes tes applications en cours !

* Double-clique sur RSIT.exe pour le lancer .
* Une première fenêtre s'ouvre avec en titre : Disclaimer of warranty .
* Devant l'option List files/folders created ... , tu choisis  2 months
* Clique ensuite sur Continue pour lancer l'analyse ...
* Laisse faire le scan et ne touche pas au PC ...
* Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).
* Héberge le contenu de log.txt (c'est celui qui apparait à l'écran), ainsi que de  info.txt ici.  
Clique sur parcourir
Une fois que tu as trouvé les rapports à héberger, clique sur ouvrir
Clique sur Cliquez ici pour déposer le fichier, puis donne le lien
qui apparait comme ceci http:/www.cijoint.fr/cjlink.php?file=cj200911/cijgAdC3Ch.txt

Note : les rapports seront en outre sauvegardés dans ce dossier C:\rsit

jami-du34 · Answer

bonjour nathandre
j'ai un 3 soucis au niveau du pc depuis notre dernière intervention 
mon pc devient enormément trop  lent à démarrer et aussi il faut attendre un certain moment assez long pour ouvrir la page internet et la tour centrale travaille tous le temps elle fait beaucoup de bruit.
voila que puis je faire 
merci

jami-du34 · Answer

voici les liens j'ai eu vraiment beaucoup de mal à effectuer ceci trop lent le pc 


http://www.cijoint.fr/cjlink.php?file=cj200912/cijba6MU8b.txt

http://www.cijoint.fr/cjlink.php?file=cj200912/cijS4jBAyx.txt

jami-du34 · Answer

coucou il y a quelqu'un????????????

jami-du34 · Answer

voici le rapport des 2 clés usb 
mais j'ai 2 autres clé usb que jre n'ai pas sous la main pour l'instant je vous enverrai leurs rapports demain 
merci

############################## | UsbFix V6.065 |

User : pc (Administrateurs) # PC-FD4B7AB09A17
Update on 18/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 15:14:28 | 18/12/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

              Intel(R) Pentium(R) 4 CPU 3.06GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : Norton Internet Security 16.0.0.125 [ Enabled | Updated ]
FW : Norton Internet Security[ Enabled ]16.0.0.125

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 232,88 Go (152,22 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible # 3,77 Go (983,84 Mo free) [IPOD (MARIA] # FAT32
J:\ -> Disque amovible # 1,88 Go (1,87 Go free) # FAT

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 1012
C:\WINDOWS\system32\csrss.exe 1092
C:\WINDOWS\system32\winlogon.exe 1132
C:\WINDOWS\system32\services.exe 1188
C:\WINDOWS\system32\lsass.exe 1200
C:\WINDOWS\system32
vsvc32.exe 1364
C:\WINDOWS\system32\svchost.exe 1428
C:\WINDOWS\system32\svchost.exe 1488
C:\WINDOWS\System32\svchost.exe 1684
C:\WINDOWS\system32\svchost.exe 1720
C:\WINDOWS\system32\svchost.exe 1864
C:\WINDOWS\system32\svchost.exe 160
C:\WINDOWS\system32\spoolsv.exe 240
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe 272
C:\WINDOWS\system32\svchost.exe 324
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 412
C:\Program Files\Bonjour\mDNSResponder.exe 476
C:\WINDOWS\system32\svchost.exe 540
C:\WINDOWS\system32\svchost.exe 628
C:\Program Files\Java\jre6\bin\jqs.exe 640
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE 712
C:\WINDOWS\System32\svchost.exe 728
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe 744
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe 1060
C:\WINDOWS\System32\svchost.exe 1108
C:\WINDOWS\system32\slmdmsr.exe 1712
C:\WINDOWS\system32\svchost.exe 1764
C:\WINDOWS\System32\alg.exe 3164
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe 3772
C:\WINDOWS\Explorer.EXE 4084
C:\Program Files\Labtec\Mouse\V3.0\moffice.exe 2016
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe 500
C:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXE 1896
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe 2540
C:\WINDOWS\system32\RUNDLL32.EXE 2732
C:\Program Files\Java\jre6\bin\jusched.exe 3076
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe 3260
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 3892
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 4056
C:\WINDOWS\system32\ctfmon.exe 1384
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe 2256
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 2900
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe 1248
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe 2100
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe 2036
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe 904
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe 520
C:\WINDOWS\system32\wbem\wmiprvse.exe 532

################## | Fichiers # Dossiers infectieux |

J:\autorun.inf  
J:\autorun.inf -> fichier appelé : "J:\ xfsg.cmd" ( Absent ! )  

################## | Registre # Clés infectieuses |


################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{e03e3562-4161-11de-b829-000feaccda5d}
shell\AUtoPLAY\coMmANd =xfsg.cmd 
shell\AutoRun\command =xfsg.cmd 
shell\explore\CoMmand =xfsg.cmd 
shell\oPen\coMMAnD =xfsg.cmd 

################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # UsbFix V6.065 ! |

Pages de pubs intempestives !

35 réponses

Discussions similaires

Newsletters