Publicités intempestivesFermé

Question

Bonjour,

Je viens demander de l'aide, car depuis hier j'ai des publicités qui s'ouvrent les unes aprés les autres, que je sois sur IE ou Firefox. 
J'ai l'habitude de prendre soin de mon PC avec le peu de connaissances que je possède en informatique. Mais hier j'ai en fait prété mon PC à ma petite amie pour qu'elle regarde le début de la saison de Grey's anatomy en streaming, et je ne sais pas trop ce qu'elle à fait mais elle a accepté quelque chose sur mon PC et donc depuis j'ai des pubs qui envahissent mon écran. 
J'ai vu aussi qu'un ad-ware avait été bloqué par avast mais je ne m'y connais pas beaucoup là dessus. 

Pourriez vous m'aider à me débarasser de tout cela et par le biais de cette intervention m'aider à faire un nettoyage efficace de mon PC, et puis m'aider à bien régler les paramètres de sécurité pour ne plus que ca se reproduise. 

Merci par avance de votre aide, et je vous souhaite à tous de bonnes fêtes de fin d'année. 

Cordialement Geoffroy

Utilisateur anonyme · Answer

Bonjour, Télécharge Random's System Information Tool (RSIT) : http://images.malwareremoval.com/random/RSIT.exe par random/random et sauvegarde-le sur ton Bureau. Important (Sous Vista) tu dois exécuter RSIT avec les droits d'administrateur, pour cela Clic droit sur RSIT et "Lances en tant qu'administrateur" ==> Double-clique sur RSIT.exe afin de lancer RSIT. ==> Clique sur Continue à l'écran Disclaimer. ==> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence. ==>Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. ==> Poste le contenu des deux rapports ==> log.txt (<==qui sera affiché) ainsi que de info.txt (<==qui sera réduit dans la Barre des Tâches). Note : Les deux rapports sont également sauvegardés %systemroot%\rsit

Utilisateur anonyme · Answer

bonjour
je laisse

roro04 · Answer

Bonjour Geogeodom.

1/ Télécharge malwarebytes à l'adresse https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/

2/ Fait un scan complet à l'aide de ce tuto https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

3/ Donne nous une réponse.



Pour le nettoyage de ton PC, nettoie toutes les fichiers temps et répare ton registre à l'aide de CCleaner. Télécharge à l'adresse: https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/
Tuto: http://www.6ma.fr/tuto/ccleaner+v202-411

Nettoie ton registre à l'aide de reg cleaner
Télécharge à l'adresse https://www.commentcamarche.net/telecharger/utilitaires/19159-regcleaner/
Tuto: http://www.6ma.fr/tuto/regcleaner-nettoyer-le-registre-systeme/


Bonne chance et tien nous au courrent

Geogeodom · Answer

Euh excusez moi, je veux pas paraître idiot, mais pourquoi vous ne dîtes pas tous la même chose, je dois faire quoi en premier? je dois suivre le message de qui? 

Merci, je ne veux pas faire de bétises.

Utilisateur anonyme · Answer

Le message 1 ou 2, c'est la même chose ^^

roro04 · Answer

OK à vous deux, je me tait.

Geogeodom · Answer

Merci loicdem, je fais tout ca, à toute hihi

Geogeodom · Answer

Voila j'espere que c'est bien ca? j'ai rien oublié ? 
Merci


Logfile of random's system information tool 1.06 (written by random/random)
Run by Geoffroy at 2009-12-19 12:30:35
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 2
System drive C: has 91 GB (63%) free of 145 GB
Total RAM: 1982 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:37, on 19/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\System32undll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\system32\LVComS.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Geoffroy\Downloads\RSIT.exe
C:\Program Files	rend micro\Geoffroy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ww12.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww12.cherche.us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Automated Content Enhancer - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - C:\Program Files\Automated Content Enhancer\4.1.0.5290\ACEIEAddOn.dll
O2 - BHO: Customized Platform Advancer - {42C7C39F-3128-4a17-BDB7-91C46032B5B9} - C:\Program Files\Customized Platform Advancer\4.1.0.1960\CPAIEAddOn.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Content Management Wizard - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - C:\Program Files\Content Management Wizard\1.1.0.1990\CMWIE.dll
O2 - BHO: Textual Content Provider - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - C:\Program Files\Textual Content Provider\1.1.0.1810\TCPIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Web Search Operator - {EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} - C:\Program Files\Web Search Operator\4.1.0.2080\wso.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Internet Today Task] "C:\Program Files\Internet Today\1.1.0.1260\InternetToday.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Users\Geoffroy\AppData\Local\Temp\cce4848.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: traduire la page - C:\Users\Geoffroy\AppData\Local\Temp\cce4836.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\Users\Geoffroy\AppData\Local\Temp\cce4847.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix: 
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: QuestService Service - Unknown owner - C:\ProgramData\QuestService\questservice111.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Utilisateur anonyme · Answer

/!\ Désactive temporairement ton antivirus /!\

Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

      /!\ Déconnecte-toi et ferme toutes applications en cours /!\

    * Lance l'installation avec les paramètres par défaut.
    * Double-clique sur le raccourci Ad-Remover sur ton Bureau.
    * Choisit ta langue F pour française.
    * Au menu principal, choisis l'option S.

      /!\ Laisse travailler l'outil /!\
    * Poste le rapport qui apparaît à la fin. 


(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Note :"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Geogeodom · Answer

J'ai un petit probleme, quand j'ouvre Ad-remover ca me met : Le "contrôle des comptes utilisateur" est actif !
Dans ces conditions, le programme ne peut continuer à s'exécuter... Veuillez en parler à la personne qui vous aide.

Merci

Utilisateur anonyme · Answer

Désactive l'UAC; suis le tuto : https://www.zebulon.fr/astuces/pratique/220-desactiver-l-uac-dans-vista.html

Geogeodom · Answer

Merci, je crois que c'est bon.

.
======= RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 19.12.2009 à 12:58
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 13:27:30, 19/12/2009 | Mode Normal | Option: SCAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 2 v6.0.6002
Nom du PC: PC-DE-GEOFFROY | Utilisateur actuel: Geoffroy
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.

C:\Program Files\Automated Content Enhancer 
C:\Program Files\Content Management Wizard 
C:\Program Files\Customized Platform Advancer 
C:\Program Files\Gameztar Toolbar 
C:\Program Files\Internet Today 
C:\Program Files\QuestService 
C:\Program Files\Textual Content Provider 
C:\Program Files\Web Search Operator 
C:\Users\Geoffroy\AppData\Local\Internet Today 
C:\Users\Geoffroy\AppData\LocalLow\Automated Content Enhancer 
C:\Users\Geoffroy\AppData\LocalLow\Customized Platform Advancer 
C:\Users\Geoffroy\AppData\LocalLow\Textual Content Provider 
C:\Users\Geoffroy\AppData\LocalLow\Web Search Operator 
C:\ProgramData\{540FDD5A-3C68-4DFB-B9FF-FCEB20538D75} 
.
HKCU\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}
HKCU\software\appdatalow\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}
HKCU\software\appdatalow\software\Automated Content Enhancer
HKCU\software\appdatalow\software\CMW
HKCU\software\appdatalow\software\Customized Platform Advancer
HKCU\software\appdatalow\software\Media Access Startup
HKCU\software\appdatalow\software\Web Search Operator
HKCU\software\Gameztar Toolbar
HKCU\Software\Microsoft\Explorer\Bars\{B72681C0-A222-4b21-A0E2-53A5A5CA3D411}
HKCU\Software\Microsoft\Explorer\Bars\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D74E9DD-8987-448B-B2CB-67FFF2B8A932}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{42C7C39F-3128-4A17-BDB7-91C46032B5B9}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B72681C0-A222-4B21-A0E2-53A5A5CA3D41}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CAC89FF9-34A9-4431-8CFE-292A47F843BC} 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB4A577D-BCAD-4B1C-8AF2-9A74B8DD3431}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D74E9DD-8987-448B-B2CB-67FFF2B8A932}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42C7C39F-3128-4A17-BDB7-91C46032B5B9}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B72681C0-A222-4B21-A0E2-53A5A5CA3D41}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB4A577D-BCAD-4B1C-8AF2-9A74B8DD3431}
HKLM\software\appdatalow\software\Automated Content Enhancer
HKLM\software\appdatalow\software\Customized Platform Advancer
HKLM\software\appdatalow\software\Internet Today
HKLM\software\appdatalow\software\Web Search Operator
HKLM\Software\Classes\CLSID\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932}
HKLM\Software\Classes\CLSID\{42C7C39F-3128-4a17-BDB7-91C46032B5B9}
HKLM\Software\Classes\CLSID\{B72681C0-A222-4b21-A0E2-53A5A5CA3D41}
HKLM\Software\Classes\CLSID\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}
HKLM\Software\Classes\CLSID\{EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431}
HKLM\software\classes\ExplorerBar.CMW
HKLM\software\classes\ExplorerBar.CMW.1
HKLM\software\classes\ExplorerBar.FunExplorer
HKLM\software\classes\ExplorerBar.FunExplorer.1
HKLM\software\classes\ExplorerBar.FunRedirector
HKLM\software\classes\ExplorerBar.FunRedirector.1
HKLM\software\classes\ExplorerBar.TCP
HKLM\software\classes\ExplorerBar.TCP.1
HKLM\Software\Classes\Interface\{1081D532-7DE4-40BD-B912-388FA6B27C78}
HKLM\Software\Classes\Interface\{480098C6-F6AD-4C61-9B5C-2BAE228A34D1}
HKLM\Software\Classes\Interface\{6160F76A-1992-4B17-A32D-0C706D159105}
HKLM\Software\Classes\Interface\{629CD6C2-E4C5-4554-AEB8-12E4E2CD40FF}
HKLM\Software\Classes\Interface\{877F3EAB-4462-44DF-8475-6064EAFD7FBF}
HKLM\Software\Classes\TypeLib\{2A743834-05F4-4ED4-8A1C-41332B10AC0C}
HKLM\Software\Classes\TypeLib\{565DD573-549E-4DA9-8CD7-6AE3DF25339A}
HKLM\Software\Classes\TypeLib\{883DFC00-8A21-411D-956C-73A4E4B7D16F}
HKLM\Software\Classes\TypeLib\{AC5AB953-ED25-4F9C-87F0-B086B0178FFA}
HKLM\Software\Classes\TypeLib\{F5B8C69C-9B45-4A6A-9380-DF225C546AE7}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{40574696-DB17-4512-A79C-FB6086F15C65}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42C7C39F-3128-4a17-BDB7-91C46032B5B9}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B72681C0-A222-4b21-A0E2-53A5A5CA3D41}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Internet Today Task
HKLM\Software\Mozilla\Firefox\Extensions\{8141440E-08F0-4339-9959-5C31C6A69F23}
HKLM\Software\Mozilla\Firefox\Extensions\{E63605FC-D583-4C81-867F-9457BDB3EA1B}
HKLM\Software\Mozilla\Firefox\Extensions\{E889F097-B0BE-471B-89AD-B86B6F04B506}
HKU\s-1-5-21-4211556805-1544538283-630462636-1000\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}
HKU\s-1-5-21-4211556805-1544538283-630462636-1000\software\appdatalow\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}
HKU\s-1-5-21-4211556805-1544538283-630462636-1000\software\appdatalow\software\Automated Content Enhancer
HKU\s-1-5-21-4211556805-1544538283-630462636-1000\software\appdatalow\software\CMW
HKU\s-1-5-21-4211556805-1544538283-630462636-1000\software\appdatalow\software\Customized Platform Advancer
HKU\s-1-5-21-4211556805-1544538283-630462636-1000\software\appdatalow\software\Media Access Startup
HKU\s-1-5-21-4211556805-1544538283-630462636-1000\software\appdatalow\software\Web Search Operator
HKU\s-1-5-21-4211556805-1544538283-630462636-1000\software\Gameztar Toolbar
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.6 [fr] *
.
 Nom du profil: zb3kktbf.default (Geoffroy)
.
(Geoffroy, prefs.js) Browser.download.dir, C:\Users\Geoffroy\Downloads
(Geoffroy, prefs.js) Browser.download.lastDir, C:\Users\Geoffroy\Desktop
(Geoffroy, prefs.js) Browser.startup.homepage, hxxp://google.cherche.us/
(Geoffroy, prefs.js) Extensions.enabledItems, {AAF6454A-4000-4015-84C1-6CD844C06B19}:1.0,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546,{9d1f059c-cada-4111-9696-41a62d64e3ba}:0.4.9.1,{fd048119-78ee-487f-8fb1-1668d3a6859b}:2.6.1,{E63605FC-D583-4C81-867F-9457BDB3EA1B}:4.1.0.2080,{8141440E-08F0-4339-9959-5C31C6A69F23}:4.1.0.5290,{E889F097-B0BE-471B-89AD-B86B6F04B506}:4.1.0.1960,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6
(Geoffroy, prefs.js) Keyword.URL, hxxp://r.orange.fr/r?ref=O_toolbar32_hook_syntaxError&url=hxxp%3A//rws.search.ke.voila.fr/RW/A/O_toolbar31?errorigin=noturl&kw=
. 
. 
.
* Internet Explorer Version 8.0.6001.18865 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://google.cherche.us/
Do404Search: 01000000
Local Page: C:\Windows\system32\blank.htm
Show_ToolBar: yes
Search Page: hxxp://recherche.neuf.fr/
Enable Browser Extensions: yes
Search Bar: hxxp://recherche.neuf.fr/ie/default.html
Default_Page_URL: hxxp://google.cherche.us/
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=73&bd=Pavilion&pf=laptop
Default_Page_URL: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=73&bd=Pavilion&pf=laptop
Default_Search_URL: hxxp://recherche.neuf.fr/
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\Windows\System32\blank.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
8760 Octet(s) - C:\Ad-Report-SCAN[1].log 
.
25 Fichier(s) - C:\Users\Geoffroy\AppData\Local\Temp 
0 Fichier(s) - C:\Windows\Temp 
129 Fichier(s) - C:\Windows\Prefetch 
.
3 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE 
.
Fin à: 13:40:51 | 19/12/2009 - SCAN[1]
.
============== E.O.F ==============
.

Utilisateur anonyme · Answer

On continue,

Relance AD-Remover avec l'option L, poste le rapport.

Ensuite, refait un RSIT

Geogeodom · Answer

.
======= RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 19.12.2009 à 12:58
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 13:48:57, 19/12/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 2 v6.0.6002
Nom du PC: PC-DE-GEOFFROY | Utilisateur actuel: Geoffroy
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.

C:\Users\Geoffroy\AppData\Local\Temp\cmw
C:\Program Files\Automated Content Enhancer
C:\Program Files\Content Management Wizard
C:\Program Files\Customized Platform Advancer
C:\Program Files\Gameztar Toolbar
C:\Program Files\Internet Today
C:\Program Files\QuestService
C:\Program Files\Textual Content Provider
C:\Program Files\Web Search Operator
C:\Users\Geoffroy\AppData\Local\Internet Today
C:\Users\Geoffroy\AppData\Local\Textual Content Provider
C:\Users\Geoffroy\AppData\LocalLow\Automated Content Enhancer
C:\Users\Geoffroy\AppData\LocalLow\Customized Platform Advancer
C:\Users\Geoffroy\AppData\LocalLow\Textual Content Provider
C:\Users\Geoffroy\AppData\LocalLow\Web Search Operator
C:\ProgramData\{540FDD5A-3C68-4DFB-B9FF-FCEB20538D75}

(!) -- Fichiers temporaires supprimés.
 
.
HKCU\software\appdatalow\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}
HKCU\software\appdatalow\software\Automated Content Enhancer
HKCU\software\appdatalow\software\CMW
HKCU\software\appdatalow\software\Customized Platform Advancer
HKCU\software\appdatalow\software\Media Access Startup
HKCU\software\appdatalow\software\Web Search Operator
HKCU\software\Gameztar Toolbar
HKCU\Software\Microsoft\Explorer\Bars\{B72681C0-A222-4b21-A0E2-53A5A5CA3D411}
HKCU\Software\Microsoft\Explorer\Bars\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} 
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2} 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D74E9DD-8987-448B-B2CB-67FFF2B8A932}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{42C7C39F-3128-4A17-BDB7-91C46032B5B9}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B72681C0-A222-4B21-A0E2-53A5A5CA3D41}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}  ... [b]ERREUR SUPPRESSION !!/b
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB4A577D-BCAD-4B1C-8AF2-9A74B8DD3431}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D74E9DD-8987-448B-B2CB-67FFF2B8A932}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42C7C39F-3128-4A17-BDB7-91C46032B5B9}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B72681C0-A222-4B21-A0E2-53A5A5CA3D41}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB4A577D-BCAD-4B1C-8AF2-9A74B8DD3431}
HKLM\software\appdatalow\software\Automated Content Enhancer
HKLM\software\appdatalow\software\Customized Platform Advancer
HKLM\software\appdatalow\software\Internet Today
HKLM\software\appdatalow\software\Web Search Operator
HKLM\Software\Classes\CLSID\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932}
HKLM\Software\Classes\CLSID\{42C7C39F-3128-4a17-BDB7-91C46032B5B9}
HKLM\Software\Classes\CLSID\{B72681C0-A222-4b21-A0E2-53A5A5CA3D41}
HKLM\Software\Classes\CLSID\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}
HKLM\Software\Classes\CLSID\{EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431}
HKLM\software\classes\ExplorerBar.CMW
HKLM\software\classes\ExplorerBar.CMW.1
HKLM\software\classes\ExplorerBar.FunExplorer
HKLM\software\classes\ExplorerBar.FunExplorer.1
HKLM\software\classes\ExplorerBar.FunRedirector
HKLM\software\classes\ExplorerBar.FunRedirector.1
HKLM\software\classes\ExplorerBar.TCP
HKLM\software\classes\ExplorerBar.TCP.1
HKLM\Software\Classes\Interface\{1081D532-7DE4-40BD-B912-388FA6B27C78}
HKLM\Software\Classes\Interface\{480098C6-F6AD-4C61-9B5C-2BAE228A34D1}
HKLM\Software\Classes\Interface\{6160F76A-1992-4B17-A32D-0C706D159105}
HKLM\Software\Classes\Interface\{629CD6C2-E4C5-4554-AEB8-12E4E2CD40FF}
HKLM\Software\Classes\Interface\{877F3EAB-4462-44DF-8475-6064EAFD7FBF}
HKLM\Software\Classes\TypeLib\{2A743834-05F4-4ED4-8A1C-41332B10AC0C}
HKLM\Software\Classes\TypeLib\{565DD573-549E-4DA9-8CD7-6AE3DF25339A}
HKLM\Software\Classes\TypeLib\{883DFC00-8A21-411D-956C-73A4E4B7D16F}
HKLM\Software\Classes\TypeLib\{AC5AB953-ED25-4F9C-87F0-B086B0178FFA}
HKLM\Software\Classes\TypeLib\{F5B8C69C-9B45-4A6A-9380-DF225C546AE7}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{40574696-DB17-4512-A79C-FB6086F15C65}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42C7C39F-3128-4a17-BDB7-91C46032B5B9}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B72681C0-A222-4b21-A0E2-53A5A5CA3D41}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Internet Today Task 
HKLM\Software\Mozilla\Firefox\Extensions\{8141440E-08F0-4339-9959-5C31C6A69F23} 
HKLM\Software\Mozilla\Firefox\Extensions\{E63605FC-D583-4C81-867F-9457BDB3EA1B} 
HKLM\Software\Mozilla\Firefox\Extensions\{E889F097-B0BE-471B-89AD-B86B6F04B506} 
HKU\s-1-5-21-4211556805-1544538283-630462636-1000\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.6 [fr] *
.
 Nom du profil: zb3kktbf.default (Geoffroy)
.
(Geoffroy, prefs.js) Browser.download.dir, C:\Users\Geoffroy\Downloads
(Geoffroy, prefs.js) Browser.download.lastDir, C:\Users\Geoffroy\Desktop
(Geoffroy, prefs.js) Browser.startup.homepage, hxxp://google.cherche.us/
(Geoffroy, prefs.js) Extensions.enabledItems, {AAF6454A-4000-4015-84C1-6CD844C06B19}:1.0,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546,{9d1f059c-cada-4111-9696-41a62d64e3ba}:0.4.9.1,{fd048119-78ee-487f-8fb1-1668d3a6859b}:2.6.1,{E63605FC-D583-4C81-867F-9457BDB3EA1B}:4.1.0.2080,{8141440E-08F0-4339-9959-5C31C6A69F23}:4.1.0.5290,{E889F097-B0BE-471B-89AD-B86B6F04B506}:4.1.0.1960,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6
(Geoffroy, prefs.js) Keyword.URL, hxxp://r.orange.fr/r?ref=O_toolbar32_hook_syntaxError&url=hxxp%3A//rws.search.ke.voila.fr/RW/A/O_toolbar31?errorigin=noturl&kw=
. 
. 
.
* Internet Explorer Version 8.0.6001.18865 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Do404Search: 01000000
Local Page: C:\Windows\system32\blank.htm
Show_ToolBar: yes
Enable Browser Extensions: yes
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\Windows\System32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
8279 Octet(s) - C:\Ad-Report-CLEAN[1].log 
9129 Octet(s) - C:\Ad-Report-SCAN[1].log 
.
1 Fichier(s) - C:\Users\Geoffroy\AppData\Local\Temp 
0 Fichier(s) - C:\Windows\Temp 
0 Fichier(s) - C:\Windows\Prefetch 
.
22 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
179 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE 
.
Fin à: 14:02:15 | 19/12/2009 - CLEAN[1]
.
============== E.O.F ==============
.

Geogeodom · Answer

Je pense que c'est bon?

Logfile of random's system information tool 1.06 (written by random/random)
Run by Geoffroy at 2009-12-19 14:05:21
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 2
System drive C: has 91 GB (63%) free of 145 GB
Total RAM: 1982 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:05:53, on 19/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Geoffroy\Downloads\RSIT.exe
C:\Program Files	rend micro\Geoffroy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Users\Geoffroy\AppData\Local\Temp\cce4848.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: traduire la page - C:\Users\Geoffroy\AppData\Local\Temp\cce4836.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\Users\Geoffroy\AppData\Local\Temp\cce4847.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix: 
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: QuestService Service - Unknown owner - C:\ProgramData\QuestService\questservice111.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Utilisateur anonyme · Answer

Refait un RSIT !

Geogeodom · Answer

on a posté en même temps presque, j'en refait un quand même?
merci

Utilisateur anonyme · Answer

Non, attend, j'examine !

Utilisateur anonyme · Answer

Désactive ton antivirus le temps de la manip ainsi que ton pare feu si présent

(car il est détecté a tort comme infection)

&#9654; Télécharge et installe List&Kill'em et enregistre le sur ton bureau

double clique ( clic droit "exécuter en tant qu'administrateur pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

une fois terminée , laisse le programme se lancer seul

choisis la langue puis choisis l'option 1 = Mode Recherche

&#9654; laisse travailler l'outil

à l'apparition de la fenêtre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

&#9654; Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'écran "COMPLETED"

tu peux supprimer le rapport catchme.log de ton bureau maintenant.

Geogeodom · Answer

voilà.

List'em by g3n-h@ckm@n 1.1.6.0 

Thx to Chiquitine29.....& CCM team 

User : Geoffroy (Administrateurs) # PC-DE-GEOFFROY
Update on 18/12/2009 by g3n-h@ckm@n ::::: 20:30 
Start at: 14:20:36 | 19/12/2009
Contact : g3n-h@ckm@n sur CCM

AMD Athlon(tm) 64 X2 Dual-Core Processor TK-53
Microsoft® Windows Vista™ Édition Familiale Premium  (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18865
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1229 [VPS 091218-1] 4.8.1229 [ (!) Disabled | Updated ]

C:\ -> Disque fixe local | 141,5 Go (88,56 Go free) | NTFS
D:\ -> Disque fixe local | 7,55 Go (2,16 Go free) [HP_RECOVERY] | NTFS
E:\ -> Disque CD-ROM | 1,56 Go (0 Mo free) [CIVCITY_ROME] | CDFS

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running 

C:\Windows\System32\smss.exe 424
C:\Windows\system32\csrss.exe 500
C:\Windows\system32\csrss.exe 552
C:\Windows\system32\wininit.exe 560
C:\Windows\system32\services.exe 600
C:\Windows\system32\lsass.exe 616
C:\Windows\system32\lsm.exe 628
C:\Windows\system32\winlogon.exe 696
C:\Windows\system32\svchost.exe 796
C:\Windows\system32
vvsvc.exe 852
C:\Windows\system32\svchost.exe 880
C:\Windows\System32\svchost.exe 920
C:\Windows\System32\svchost.exe 1008
C:\Windows\System32\svchost.exe 1076
C:\Windows\system32\svchost.exe 1104
C:\Windows\system32\svchost.exe 1208
C:\Windows\system32\SLsvc.exe 1228
C:\Windows\system32\svchost.exe 1256
C:\Windows\system32\svchost.exe 1468
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1644
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1656
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe 1688
C:\Windows\System32\spoolsv.exe 1948
C:\Windows\system32\svchost.exe 1972
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe 472
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 1512
C:\Windows\system32	askeng.exe 1944
C:\Windows\system32\svchost.exe 760
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 804
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe 592
C:\Windows\system32\svchost.exe 936
C:\Windows\System32\svchost.exe 2080
C:\Windows\system32\SearchIndexer.exe 2116
C:\Windows\system32\DRIVERS\xaudio.exe 2240
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 2268
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe 2596
C:\Windows\system32\wbem\unsecapp.exe 2744
C:\Windows\system32\wbem\wmiprvse.exe 2992
C:\Windows\system32\Dwm.exe 3264
C:\Windows\system32	askeng.exe 3288
C:\Program Files\Windows Defender\MSASCui.exe 3724
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3732
C:\Program Files\HP\QuickPlay\QPService.exe 3748
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe 3764
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe 3780
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe 3788
C:\Program Files\Logitech\SetPoint\KEM.exe 3796
C:\Program Files\Alwil Software\Avast4\ashDisp.exe 3804
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 3828
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe 3852
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe 3928
C:\Program Files\Java\jre6\bin\jusched.exe 2488
C:\Windows\ehome\ehtray.exe 828
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2672
C:\Program Files\Windows Media Player\wmpnscfg.exe 2688
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe 3192
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE 3256
C:\Windows\ehome\ehmsas.exe 1064
C:\Program Files\Windows Media Player\wmpnetwk.exe 3152
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe 2252
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe 3168
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe 3564
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe 4748
C:\Windows\explorer.exe 4112
C:\Windows\system32\SearchProtocolHost.exe 4448
C:\Windows\system32\SearchFilterHost.exe 4272
C:\Windows\system32\SearchProtocolHost.exe 1408
C:\Program Files\List_Kill'em\List_Kill'em.exe 3040
C:\Windows\system32\conime.exe 3820
C:\Windows\system32\cmd.exe 2148
C:\Windows\system32\wbem\wmiprvse.exe 5308
C:\Users\Geoffroy\AppData\Local\Temp\CA41.tmp\pv.exe 4608

======================
Keys "Run" 
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
msnmsgr	REG_SZ         	"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Tok-Cirrhatus	REG_SZ         	
ehTray.exe	REG_SZ         	C:\Windows\ehome\ehTray.exe
swg	REG_SZ         	"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
WMPNSCFG	REG_SZ         	C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
Windows Defender	REG_EXPAND_SZ  	%ProgramFiles%\Windows Defender\MSASCui.exe -hide 
SynTPEnh	REG_SZ         	C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 
QPService	REG_SZ         	"C:\Program Files\HP\QuickPlay\QPService.exe" 
QlbCtrl	REG_EXPAND_SZ  	%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start 
hpWirelessAssistant	REG_EXPAND_SZ  	%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe 
WAWifiMessage	REG_EXPAND_SZ  	%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe 
SetPoint	REG_SZ         	C:\Program Files\Logitech\SetPoint\KEM.EXE 
LogitechVideoRepair	REG_SZ         	C:\Program Files\Logitech\Video\ISStart.exe 
avast!	REG_SZ         	C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 
Adobe Reader Speed Launcher	REG_SZ         	"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" 
HP Software Update	REG_SZ         	C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe 
SSBkgdUpdate	REG_SZ         	"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot 
PaperPort PTD	REG_SZ         	"C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" 
IndexSearch	REG_SZ         	"C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" 
PPort11reminder	REG_SZ         	"C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini 
BrMfcWnd	REG_SZ         	C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN 
ControlCenter3	REG_SZ         	C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun 
NvCplDaemon	REG_SZ         	RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup 
NvMediaCenter	REG_SZ         	RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit 
HP Health Check Scheduler	REG_SZ         	c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe 
SunJavaUpdateSched	REG_SZ         	"C:\Program Files\Java\jre6\bin\jusched.exe" 
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
Launcher	REG_EXPAND_SZ  	%WINDIR%\SMINST\launcher.exe

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] 
ConsentPromptBehaviorAdmin	REG_DWORD      	2 (0x2) 
ConsentPromptBehaviorUser	REG_DWORD      	1 (0x1) 
EnableInstallerDetection	REG_DWORD      	1 (0x1) 
EnableLUA	REG_DWORD      	0 (0x0) 
EnableSecureUIAPaths	REG_DWORD      	1 (0x1) 
EnableVirtualization	REG_DWORD      	1 (0x1) 
PromptOnSecureDesktop	REG_DWORD      	1 (0x1) 
ValidateAdminCodeSignatures	REG_DWORD      	0 (0x0) 
dontdisplaylastusername	REG_DWORD      	0 (0x0) 
legalnoticecaption	REG_SZ         	 
legalnoticetext	REG_SZ         	 
scforceoption	REG_DWORD      	0 (0x0) 
shutdownwithoutlogon	REG_DWORD      	1 (0x1) 
undockwithoutlogon	REG_DWORD      	1 (0x1) 
FilterAdministratorToken	REG_DWORD      	0 (0x0) 
EnableUIADesktopToggle	REG_DWORD      	0 (0x0) 

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
AllowLegacyWebView	REG_DWORD      	1 (0x1) 
AllowUnhashedWebView	REG_DWORD      	1 (0x1) 
BindDirectlyToPropertySetStorage	REG_DWORD      	0 (0x0) 

=============== 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS	REG_SZ         	

===============

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

=============== 
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.msn.com/fr-fr

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.msn.com/fr-fr

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services] 

Ndisuio : 0x3 
EapHost : 0x3 
Wlansvc : 0x2 
SharedAccess : 0x3 
windefend : 0x2 
wuauserv : 0x2 
wscsvc : 0x2 

=========
 

E:\Autorun.inf :
----------------
[autorun]
OPEN=Autorun.exe
ICON=Autorun.exe
=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.

Rapport d'analyse pour le volume C: 

    Taille du volume                	= 141 Go
    Espace libre                    	= 88.57 Go
    tendue d'espace libre la plus grande 	= 46.73 Go
    Pourcentage de fragmentation des fichiers 	= 1 %

    Remarqueÿ: sur les volumes NTFS, les fragments de fichiers de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.

    Il n'est pas n‚cessaire de d‚fragmenter ce volume. 	 

¤¤¤¤¤¤¤¤¤¤ Files/folders :

C:\ProgramData\Documents  
C:\Windows\System32\SET6D86.tmp  
C:\Windows\System32\SETB8B9.tmp  
C:\Windows\System32\SETCE4B.tmp  
C:\Windows\System32\SETEAFF.tmp  
 
¤¤¤¤¤¤¤¤¤¤ Keys : 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Tok-Cirrhatus"  
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988}  
HKLM\SOFTWARE\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}  

================
Other infections
================

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-19 14:26:51
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK 

==========
Programs
==========

Acro Software
Activation Assistant for the 2007 Microsoft Office suites
Ad-Remover
Adobe
Alwil Software
BoontyGames
Brother
CCleaner
Common Files
Conduit
CONEXANT
desktop.ini
directx
EasyBits
Fichiers communs
Firefly Studios
GameShadow
Google
GPLGS
Hewlett-Packard
HP
HPQ
InstallShield Installation Information
Internet Explorer
Java
JRE
Lavasoft
LG Electronics
List_Kill'em
Logitech
Messenger Plus! Live
Microsoft
Microsoft CAPICOM 2.1.0.2
Microsoft Games
Microsoft Office
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft Works
Microsoft.NET
Movie Maker
Mozilla Firefox
Mplayer
MSBuild
MSXML 4.0
myTV
Neuf
Nuance
OpenOffice.org 3
PokerStars
PokerStars.NET
PokerStove
Reference Assemblies
Roxio
ScanSoft
Services en ligne
Synaptics
TI Education
trend micro
TVAnts
Uninstall Information
Universal
VideoLAN
Windows Calendar
Windows Collaboration
Windows Defender
Windows Journal
Windows Live
Windows Live SkyDrive
Windows Mail
Windows Media Player
Windows NT
Windows Photo Gallery
Windows Portable Devices
Windows Sidebar
WordBiz

============
Lecteur C:
============

$RECYCLE.BIN
aaw7boot.log
Ad-Report-CLEAN[1].log
Ad-Report-SCAN[1].log
autoexec.bat
Boonty
boot
bootmgr
config.sys
Documents and Settings
ExtractLog.txt
HattrickOrganizer
HP
IO.SYS
Kill'em
List'em.txt
LogiSetup.log
MCPP
MSDOS.SYS
MSIInstall.log
MSOCache
pagefile.sys
PerfLogs
Program Files
ProgramData
rsit
Securitoo
Setup.log
SwSetup
System Volume Information
System.sav
Users
Windows
 
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials 
 
C:\Program Files\Firefly Studios\CivCity Rome\ui\Patch_BITS.tga 
C:\SwSetup\Inetsec\FR\Support\NCO\Browser\APP\Patch25d.dll 
C:\SwSetup\MSWorks\FR\Install.exe 
C:\Windows\Help\OEM\scripts\HC_ProtectSmartPatch.exe 
 
 
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Utilisateur anonyme · Answer

&#9654; Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),

mais cette fois-ci :

&#9654; choisis l'option 2 = Mode Destruction

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

&#9654; colle le contenu dans ta reponse 

Ensuite, supprime tes cracks (très important !) et refait un RSIT

Geogeodom · Answer

Voilà pour list&kill-em, mais je ne sais pas ce que c'est les craks à supprimer, désolé.

Kill'em by g3n-h@ckm@n 1.1.6.0 
 
User : Geoffroy (Administrateurs) # PC-DE-GEOFFROY
Update on 18/12/2009 by g3n-h@ckm@n ::::: 20:30 
Start at: 14:51:42 | 19/12/2009
Contact : g3n-h@ckm@n sur CCM

AMD Athlon(tm) 64 X2 Dual-Core Processor TK-53
Microsoft® Windows Vista™ Édition Familiale Premium  (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18865
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1229 [VPS 091218-1] 4.8.1229 [ (!) Disabled | Updated ]

C:\ -> Disque fixe local | 141,5 Go (88,56 Go free) | NTFS
D:\ -> Disque fixe local | 7,55 Go (2,16 Go free) [HP_RECOVERY] | NTFS
E:\ -> Disque CD-ROM | 1,56 Go (0 Mo free) [CIVCITY_ROME] | CDFS
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
 
C:\Windows\System32\smss.exe 424
C:\Windows\system32\csrss.exe 500
C:\Windows\system32\csrss.exe 552
C:\Windows\system32\wininit.exe 560
C:\Windows\system32\services.exe 600
C:\Windows\system32\lsass.exe 616
C:\Windows\system32\lsm.exe 628
C:\Windows\system32\winlogon.exe 696
C:\Windows\system32\svchost.exe 796
C:\Windows\system32
vvsvc.exe 852
C:\Windows\system32\svchost.exe 880
C:\Windows\System32\svchost.exe 920
C:\Windows\System32\svchost.exe 1008
C:\Windows\System32\svchost.exe 1076
C:\Windows\system32\svchost.exe 1104
C:\Windows\system32\svchost.exe 1208
C:\Windows\system32\SLsvc.exe 1228
C:\Windows\system32\svchost.exe 1256
C:\Windows\system32\svchost.exe 1468
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1644
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1656
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe 1688
C:\Windows\System32\spoolsv.exe 1948
C:\Windows\system32\svchost.exe 1972
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe 472
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 1512
C:\Windows\system32	askeng.exe 1944
C:\Windows\system32\svchost.exe 760
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 804
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe 592
C:\Windows\system32\svchost.exe 936
C:\Windows\System32\svchost.exe 2080
C:\Windows\system32\SearchIndexer.exe 2116
C:\Windows\system32\DRIVERS\xaudio.exe 2240
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 2268
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe 2596
C:\Windows\system32\wbem\unsecapp.exe 2744
C:\Windows\system32\wbem\wmiprvse.exe 2992
C:\Windows\system32\Dwm.exe 3264
C:\Windows\system32	askeng.exe 3288
C:\Program Files\Windows Defender\MSASCui.exe 3724
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3732
C:\Program Files\HP\QuickPlay\QPService.exe 3748
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe 3764
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe 3780
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe 3788
C:\Program Files\Logitech\SetPoint\KEM.exe 3796
C:\Program Files\Alwil Software\Avast4\ashDisp.exe 3804
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 3828
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe 3852
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe 3928
C:\Program Files\Java\jre6\bin\jusched.exe 2488
C:\Windows\ehome\ehtray.exe 828
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2672
C:\Program Files\Windows Media Player\wmpnscfg.exe 2688
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe 3192
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE 3256
C:\Windows\ehome\ehmsas.exe 1064
C:\Program Files\Windows Media Player\wmpnetwk.exe 3152
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe 2252
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe 3168
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe 3564
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe 4748
C:\Windows\explorer.exe 4112
C:\Windows\system32\conime.exe 3820
C:\Program Files\List_Kill'em\List_Kill'em.exe 3348
C:\Windows\system32\cmd.exe 5384
C:\Windows\system32\SearchProtocolHost.exe 5932
C:\Windows\system32\SearchFilterHost.exe 4264
C:\Windows\system32\wbem\wmiprvse.exe 2168
C:\Users\Geoffroy\AppData\Local\Temp\EC0.tmp\pv.exe 3124
 
Detections : 
========== 
 

¤¤¤¤¤¤¤¤¤¤ Files/folders : 

"C:\ProgramData\Documents"  
C:\Windows\System32\SET6D86.tmp  
C:\Windows\System32\SETB8B9.tmp  
C:\Windows\System32\SETCE4B.tmp  
C:\Windows\System32\SETEAFF.tmp  
 
 
¤¤¤¤¤¤¤¤¤¤ Files/folders deleted : 
  
Quarantine : 

SET6D86.tmp.Kill'em
SETB8B9.tmp.Kill'em
SETCE4B.tmp.Kill'em
SETEAFF.tmp.Kill'em

==============
host file OK !
==============

========
Registry
========
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Tok-Cirrhatus  
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988}  

============
Disk Cleaned
============
 
================
Prefetch cleaned 
================
 
 
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Utilisateur anonyme · Answer

Maintenant,
    * Télécharge USBFix (de Chiquitine29 & C_XX) sur le Bureau.
    * Branche les sources de données externes au PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
    * Double-clique sur le programme UsbFix.exe sur le Bureau, l'installation se fera automatiquement.
    * Choisi l'option 1 (Recherche).
    * Laisse travailler l'outil.
    * Montre le rapport qui s'affiche ensuite !
    * Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:UsbFix.txt).



"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.

Geogeodom · Answer

############################## | UsbFix V6.065 |

User : Geoffroy (Administrateurs) # PC-DE-GEOFFROY
Update on 18/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 15:21:52 | 19/12/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Athlon(tm) 64 X2 Dual-Core Processor TK-53
Microsoft® Windows Vista™ Édition Familiale Premium  (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18865
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1229 [VPS 091218-1] 4.8.1229 [ (!) Disabled | Updated ]

C:\ -> Disque fixe local # 141,5 Go (88,56 Go free) # NTFS
D:\ -> Disque fixe local # 7,55 Go (2,16 Go free) [HP_RECOVERY] # NTFS
E:\ -> Disque CD-ROM # 1,56 Go (0 Mo free) [CIVCITY_ROME] # CDFS

############################## | Processus actifs |

C:\Windows\System32\smss.exe 424
C:\Windows\system32\csrss.exe 500
C:\Windows\system32\csrss.exe 552
C:\Windows\system32\wininit.exe 560
C:\Windows\system32\services.exe 600
C:\Windows\system32\lsass.exe 616
C:\Windows\system32\lsm.exe 628
C:\Windows\system32\winlogon.exe 696
C:\Windows\system32\svchost.exe 796
C:\Windows\system32
vvsvc.exe 852
C:\Windows\system32\svchost.exe 880
C:\Windows\System32\svchost.exe 920
C:\Windows\System32\svchost.exe 1008
C:\Windows\System32\svchost.exe 1076
C:\Windows\system32\svchost.exe 1104
C:\Windows\system32\svchost.exe 1208
C:\Windows\system32\SLsvc.exe 1228
C:\Windows\system32\svchost.exe 1256
C:\Windows\system32\svchost.exe 1468
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1644
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1656
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe 1688
C:\Windows\System32\spoolsv.exe 1948
C:\Windows\system32\svchost.exe 1972
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe 472
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 1512
C:\Windows\system32	askeng.exe 1944
C:\Windows\system32\svchost.exe 760
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 804
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe 592
C:\Windows\system32\svchost.exe 936
C:\Windows\System32\svchost.exe 2080
C:\Windows\system32\SearchIndexer.exe 2116
C:\Windows\system32\DRIVERS\xaudio.exe 2240
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 2268
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe 2596
C:\Windows\system32\wbem\unsecapp.exe 2744
C:\Windows\system32\wbem\wmiprvse.exe 2992
C:\Windows\system32\Dwm.exe 3264
C:\Windows\system32	askeng.exe 3288
C:\Program Files\Windows Defender\MSASCui.exe 3724
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3732
C:\Program Files\HP\QuickPlay\QPService.exe 3748
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe 3764
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe 3780
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe 3788
C:\Program Files\Logitech\SetPoint\KEM.exe 3796
C:\Program Files\Alwil Software\Avast4\ashDisp.exe 3804
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 3828
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe 3852
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe 3928
C:\Program Files\Java\jre6\bin\jusched.exe 2488
C:\Windows\ehome\ehtray.exe 828
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2672
C:\Program Files\Windows Media Player\wmpnscfg.exe 2688
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe 3192
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE 3256
C:\Windows\ehome\ehmsas.exe 1064
C:\Program Files\Windows Media Player\wmpnetwk.exe 3152
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe 2252
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe 3168
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe 3564
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe 4748
C:\Windows\explorer.exe 4112
C:\Windows\system32\conime.exe 3820
C:\Windows\system32\SearchProtocolHost.exe 6068
C:\Windows\system32\SearchFilterHost.exe 3184
C:\Windows\system32\wbem\wmiprvse.exe 5988

################## | Fichiers # Dossiers infectieux |

E:\autorun.inf  

################## | Registre # Clés infectieuses |


################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{aff43405-5a56-11dc-b744-806e6f6e6963}
shell\AutoRun\command =E:\Autorun.exe 

################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # UsbFix V6.065 ! |

Utilisateur anonyme · Answer

* Branche les sources de données externes au PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
    * Double-clique sur le programme UsbFix sur le Bureau.
    * Choisi l'option 2 (Suppression).
    * Le Bureau disparaîtra et le PC redémarrera.
    * Au redémarrage, UsbFix scannera le PC, laisse travailler l'outil.
    * Ensuite, poste le rapport usbFix.txt qui apparaîtra avec le Bureau
    * Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:UsbFix.txt).

Geogeodom · Answer

############################## | UsbFix V6.065 |

User : Geoffroy (Administrateurs) # PC-DE-GEOFFROY
Update on 18/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 15:33:37 | 19/12/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Athlon(tm) 64 X2 Dual-Core Processor TK-53
Microsoft® Windows Vista™ Édition Familiale Premium  (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18865
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1229 [VPS 091218-1] 4.8.1229 [ Enabled | Updated ]

C:\ -> Disque fixe local # 141,5 Go (88,47 Go free) # NTFS
D:\ -> Disque fixe local # 7,55 Go (2,16 Go free) [HP_RECOVERY] # NTFS
E:\ -> Disque CD-ROM # 1,56 Go (0 Mo free) [CIVCITY_ROME] # CDFS

############################## | Processus actifs |

C:\Windows\System32\smss.exe 424
C:\Windows\system32\csrss.exe 500
C:\Windows\system32\wininit.exe 552
C:\Windows\system32\csrss.exe 564
C:\Windows\system32\services.exe 600
C:\Windows\system32\lsass.exe 612
C:\Windows\system32\lsm.exe 620
C:\Windows\system32\winlogon.exe 768
C:\Windows\system32\svchost.exe 796
C:\Windows\system32
vvsvc.exe 844
C:\Windows\system32\svchost.exe 876
C:\Windows\System32\svchost.exe 924
C:\Windows\system32\LogonUI.exe 968
C:\Windows\System32\svchost.exe 1020
C:\Windows\System32\svchost.exe 1096
C:\Windows\system32\svchost.exe 1132
C:\Windows\system32\svchost.exe 1212
C:\Windows\system32\SLsvc.exe 1232
C:\Windows\system32\svchost.exe 1260
C:\Windows\system32undll32.exe 1356
C:\Windows\system32\svchost.exe 1432
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1644
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1660
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe 1692
C:\Windows\System32\spoolsv.exe 1960
C:\Windows\system32\svchost.exe 1984
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe 468
C:\Windows\system32	askeng.exe 724
C:\Program Files\Google\Update\GoogleUpdate.exe 1384
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 1624
C:\Program Files\Google\Update\GoogleUpdate.exe 472
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe 1276
C:\Windows\system32\svchost.exe 568
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 596
C:\Windows\system32\svchost.exe 2076
C:\Windows\System32\svchost.exe 2136
C:\Windows\system32\SearchIndexer.exe 2168
C:\Windows\system32\DRIVERS\xaudio.exe 2236
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 2304
C:\Windows\system32\userinit.exe 2632
C:\Windows\system32\Dwm.exe 2648
C:\Windows\system32\wbem\wmiprvse.exe 2656
C:\Windows\system32	askeng.exe 2732
C:\Windows\Explorer.EXE 2740
C:\Windows\system32unonce.exe 2816
C:\Windows\system32\conime.exe 3012
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe 3172
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 3268
C:\Windows\system32\wbem\unsecapp.exe 3288
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 3308
C:\Windows\system32\wbem\wmiprvse.exe 3616

################## | Fichiers # Dossiers infectieux |

Supprimé ! C:\$Recycle.Bin\S-1-5-21-3976164295-1289554390-3559781336-500 
Supprimé ! C:\$Recycle.Bin\S-1-5-21-4211556805-1544538283-630462636-1000 
Supprimé ! C:\$Recycle.Bin\S-1-5-21-4211556805-1544538283-630462636-500 
Supprimé ! D:\$Recycle.Bin\S-1-5-21-4211556805-1544538283-630462636-1000 
Non supprimé ! E:\autorun.inf 

################## | Registre # Clés infectieuses |


################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{aff43405-5a56-11dc-b744-806e6f6e6963}\Shell\AutoRun\Command  

################## | Listing des fichiers présent |

[19/12/2009 15:32|--a------|668] C:\aaw7boot.log 
[19/12/2009 14:02|--a------|8693] C:\Ad-Report-CLEAN[1].log 
[19/12/2009 13:40|--a------|9129] C:\Ad-Report-SCAN[1].log 
[19/12/2009 14:55|--a------|4] C:\autoexec.bat 
[11/04/2009 07:36|-rahs----|333257] C:\bootmgr 
[18/09/2006 22:43|--a------|10] C:\config.sys 
[29/01/2008 21:55|--a------|167653] C:\ExtractLog.txt 
[04/09/2007 21:11|-rahs----|0] C:\IO.SYS 
[19/12/2009 14:55|--a------|4944] C:\Kill'em.txt 
[19/12/2009 14:45|--a------|13915] C:\List'em.txt 
[10/09/2007 20:16|--a------|90] C:\LogiSetup.log 
[04/09/2007 21:11|-rahs----|0] C:\MSDOS.SYS 
[10/09/2007 20:18|--a------|524622] C:\MSIInstall.log 
[?|?|?] C:\pagefile.sys 
[29/01/2008 21:50|--a------|159] C:\Setup.log 
[19/12/2009 15:38|--a------|4453] C:\UsbFix.txt 
[11/09/2005 16:18|---hs----|340] D:\AUTOMODE 
[03/09/2007 14:59|---hs----|13] D:\BLOCK.RIN 
[04/10/2006 00:02|---hs----|438328] D:\bootmgr 
[03/11/2006 20:43|---hs----|117] D:\Desktop.ini 
[10/09/2002 17:14|---hs----|8134] D:\Folder.htt 
[29/07/2007 07:33|---hs----|698] D:\MASTER.LOG 
[03/11/2005 16:19|---hs----|181736] D:\protect.ed 
[29/07/2007 07:34|---hs----|0] D:\USER 
[23/06/2006 17:53|-r-------|38376] E:\Autorun.exe 
[14/03/2005 16:30|-r-------|45] E:\Autorun.inf 
[21/11/2006 16:49|-r-------|5804032] E:\CivCity Rome.exe 
[02/03/2007 12:19|-r-------|10082901] E:\data1.cab 
[02/03/2007 12:25|-r-------|1422452] E:\data1.hdr 
[02/03/2007 12:25|-r-------|1423668501] E:\data2.cab 
[22/11/2006 11:38|-r-------|341480] E:\dragonfly.dll 
[22/11/2006 11:38|-r-------|108008] E:\dxrenderer.dll 
[22/10/2004 04:16|-r-------|470174] E:\engine32.cab 
[04/05/2004 12:53|-r-------|1645320] E:\gdiplus.dll 
[18/11/2005 09:05|-r-------|13718754] E:\install.wav 
[02/03/2007 12:25|-r-------|704] E:\layout.bin 
[22/11/2006 11:38|-r-------|32744] E:\milessound.dll 
[19/03/2003 05:14|-r-------|499712] E:\msvcp71.dll 
[21/02/2003 13:42|-r-------|348160] E:\msvcr71.dll 
[26/10/2006 12:06|-r-------|40475] E:eadme_de.html 
[26/10/2006 11:57|-r-------|35660] E:eadme_en.html 
[26/10/2006 12:15|-r-------|41592] E:eadme_es.html 
[26/10/2006 12:06|-r-------|42946] E:eadme_fr.html 
[26/10/2006 12:11|-r-------|39892] E:eadme_it.html 
[23/10/2006 12:38|-r-------|35786] E:eadme_us.html 
[16/02/2005 15:35|-r-------|180056] E:\setup.bmp 
[22/10/2004 04:16|-r-------|118736] E:\setup.exe 
[02/03/2007 12:17|-r-------|464834] E:\setup.ibt 
[02/03/2007 12:17|-r-------|539] E:\setup.ini 
[02/03/2007 12:17|-r-------|219162] E:\setup.inx 
[06/09/2004 11:10|-r-------|630784] E:\stlport_vc7150.dll 
[07/12/2004 11:11|-r-------|258352] E:\unicows.dll 

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix.  
# D:\autorun.inf -> Dossier créé par UsbFix.  

################## | Cracks / Keygens / Serials |


################## | Upload | 

Veuillez envoyer le fichier : C:\Users\Geoffroy\Desktop\UsbFix_Upload_Me_PC-de-Geoffroy.zip : https://www.ionos.fr/?affiliate_id=77097 
Merci pour votre contribution .  

################## | ! Fin du rapport # UsbFix V6.065 ! |

Utilisateur anonyme · Answer

Télécharge ça : http://sd-1.archive-host.com/membres/up/54129686243115553/Pour_Geogeodom.bat

Exécute le, puis, la fenêtre se fermera !
Relance USBFix option 1 et montre le rapport !

Geogeodom · Answer

############################## | UsbFix V6.065 |

User : Geoffroy (Administrateurs) # PC-DE-GEOFFROY
Update on 18/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 16:02:30 | 19/12/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Athlon(tm) 64 X2 Dual-Core Processor TK-53
Microsoft® Windows Vista™ Édition Familiale Premium  (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18865
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1229 [VPS 091218-1] 4.8.1229 [ Enabled | Updated ]

C:\ -> Disque fixe local # 141,5 Go (88,45 Go free) # NTFS
D:\ -> Disque fixe local # 7,55 Go (2,16 Go free) [HP_RECOVERY] # NTFS
E:\ -> Disque CD-ROM # 1,56 Go (0 Mo free) [CIVCITY_ROME] # CDFS

############################## | Processus actifs |

C:\Windows\System32\smss.exe 424
C:\Windows\system32\csrss.exe 500
C:\Windows\system32\wininit.exe 552
C:\Windows\system32\csrss.exe 564
C:\Windows\system32\services.exe 600
C:\Windows\system32\lsass.exe 612
C:\Windows\system32\lsm.exe 620
C:\Windows\system32\winlogon.exe 768
C:\Windows\system32\svchost.exe 796
C:\Windows\system32
vvsvc.exe 844
C:\Windows\system32\svchost.exe 876
C:\Windows\System32\svchost.exe 924
C:\Windows\System32\svchost.exe 1020
C:\Windows\System32\svchost.exe 1096
C:\Windows\system32\svchost.exe 1132
C:\Windows\system32\svchost.exe 1212
C:\Windows\system32\SLsvc.exe 1232
C:\Windows\system32\svchost.exe 1260
C:\Windows\system32\svchost.exe 1432
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1644
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1660
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe 1692
C:\Windows\System32\spoolsv.exe 1960
C:\Windows\system32\svchost.exe 1984
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe 468
C:\Windows\system32	askeng.exe 724
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 1624
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe 1276
C:\Windows\system32\svchost.exe 568
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 596
C:\Windows\system32\svchost.exe 2076
C:\Windows\System32\svchost.exe 2136
C:\Windows\system32\SearchIndexer.exe 2168
C:\Windows\system32\DRIVERS\xaudio.exe 2236
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 2304
C:\Windows\system32\Dwm.exe 2648
C:\Windows\system32	askeng.exe 2732
C:\Windows\system32\conime.exe 3012
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe 3172
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 3268
C:\Windows\system32\wbem\unsecapp.exe 3288
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 3308
C:\Windows\system32\wbem\wmiprvse.exe 3616
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe 2856
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe 3280
C:\Windows\explorer.exe 2392
C:\Program Files\Logitech\SetPoint\KEM.exe 2940
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE 3676
C:\Program Files\Windows Media Player\wmpnscfg.exe 2956
C:\Program Files\Windows Media Player\wmpnetwk.exe 2344
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2196
C:\Windows\system32\SearchProtocolHost.exe 1304
C:\Windows\system32\SearchFilterHost.exe 1388
C:\Windows\system32\wbem\wmiprvse.exe 2320

################## | Fichiers # Dossiers infectieux |

E:\autorun.inf  

################## | Registre # Clés infectieuses |


################## | Registre # Mountpoints2 |


################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # UsbFix V6.065 ! |

Utilisateur anonyme · Answer

Comment va l'ordi ?

Relance l'option 2 d'USBFix et montre le rapport !

Refait un RSIT ensuite

Geogeodom · Answer

############################## | UsbFix V6.065 |

User : Geoffroy (Administrateurs) # PC-DE-GEOFFROY
Update on 18/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 16:13:29 | 19/12/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Athlon(tm) 64 X2 Dual-Core Processor TK-53
Microsoft® Windows Vista™ Édition Familiale Premium  (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18865
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1229 [VPS 091218-1] 4.8.1229 [ Enabled | Updated ]

C:\ -> Disque fixe local # 141,5 Go (88,37 Go free) # NTFS
D:\ -> Disque fixe local # 7,55 Go (2,16 Go free) [HP_RECOVERY] # NTFS
E:\ -> Disque CD-ROM # 1,56 Go (0 Mo free) [CIVCITY_ROME] # CDFS

############################## | Processus actifs |

C:\Windows\System32\smss.exe 424
C:\Windows\system32\csrss.exe 500
C:\Windows\system32\wininit.exe 552
C:\Windows\system32\csrss.exe 564
C:\Windows\system32\services.exe 600
C:\Windows\system32\lsass.exe 616
C:\Windows\system32\lsm.exe 624
C:\Windows\system32\winlogon.exe 772
C:\Windows\system32\svchost.exe 796
C:\Windows\system32
vvsvc.exe 848
C:\Windows\system32\svchost.exe 876
C:\Windows\System32\svchost.exe 940
C:\Windows\system32\LogonUI.exe 972
C:\Windows\System32\svchost.exe 1016
C:\Windows\System32\svchost.exe 1092
C:\Windows\system32\svchost.exe 1108
C:\Windows\system32\svchost.exe 1208
C:\Windows\system32\SLsvc.exe 1232
C:\Windows\system32\svchost.exe 1264
C:\Windows\system32undll32.exe 1320
C:\Windows\system32\svchost.exe 1508
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1648
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1672
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe 1692
C:\Windows\System32\spoolsv.exe 1940
C:\Windows\system32\svchost.exe 1964
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe 480
C:\Windows\system32	askeng.exe 1424
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 1488
C:\Windows\system32\svchost.exe 476
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe 416
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1624
C:\Windows\system32\svchost.exe 2092
C:\Windows\System32\svchost.exe 2120
C:\Windows\system32\SearchIndexer.exe 2168
C:\Windows\system32\DRIVERS\xaudio.exe 2240
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 2280
C:\Windows\system32\wbem\wmiprvse.exe 2516
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe 2556
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 2584
C:\Windows\system32\wbem\unsecapp.exe 2596
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 2660
C:\Windows\system32\wbem\wmiprvse.exe 2692
C:\Windows\system32\userinit.exe 3400
C:\Windows\system32\Dwm.exe 3412
C:\Windows\system32	askeng.exe 3456
C:\Windows\Explorer.EXE 3488
C:\Windows\system32unonce.exe 3564
C:\Windows\system32\conime.exe 3920
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe 3932
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe 4052

################## | Fichiers # Dossiers infectieux |

Supprimé ! C:\$Recycle.Bin\S-1-5-21-4211556805-1544538283-630462636-1000 
Supprimé ! D:\$Recycle.Bin\S-1-5-21-4211556805-1544538283-630462636-1000 
Non supprimé ! E:\autorun.inf 

################## | Registre # Clés infectieuses |


################## | Registre # Mountpoints2 |


################## | Listing des fichiers présent |

[19/12/2009 16:12|--a------|892] C:\aaw7boot.log 
[19/12/2009 14:02|--a------|8693] C:\Ad-Report-CLEAN[1].log 
[19/12/2009 13:40|--a------|9129] C:\Ad-Report-SCAN[1].log 
[19/12/2009 14:55|--a------|4] C:\autoexec.bat 
[11/04/2009 07:36|-rahs----|333257] C:\bootmgr 
[18/09/2006 22:43|--a------|10] C:\config.sys 
[29/01/2008 21:55|--a------|167653] C:\ExtractLog.txt 
[04/09/2007 21:11|-rahs----|0] C:\IO.SYS 
[19/12/2009 14:55|--a------|4944] C:\Kill'em.txt 
[19/12/2009 14:45|--a------|13915] C:\List'em.txt 
[10/09/2007 20:16|--a------|90] C:\LogiSetup.log 
[04/09/2007 21:11|-rahs----|0] C:\MSDOS.SYS 
[10/09/2007 20:18|--a------|524622] C:\MSIInstall.log 
[?|?|?] C:\pagefile.sys 
[29/01/2008 21:50|--a------|159] C:\Setup.log 
[19/12/2009 16:18|--a------|4197] C:\UsbFix.txt 
[11/09/2005 16:18|---hs----|340] D:\AUTOMODE 
[03/09/2007 14:59|---hs----|13] D:\BLOCK.RIN 
[04/10/2006 00:02|---hs----|438328] D:\bootmgr 
[03/11/2006 20:43|---hs----|117] D:\Desktop.ini 
[10/09/2002 17:14|---hs----|8134] D:\Folder.htt 
[29/07/2007 07:33|---hs----|698] D:\MASTER.LOG 
[03/11/2005 16:19|---hs----|181736] D:\protect.ed 
[29/07/2007 07:34|---hs----|0] D:\USER 
[23/06/2006 17:53|-r-------|38376] E:\Autorun.exe 
[14/03/2005 16:30|-r-------|45] E:\Autorun.inf 
[21/11/2006 16:49|-r-------|5804032] E:\CivCity Rome.exe 
[02/03/2007 12:19|-r-------|10082901] E:\data1.cab 
[02/03/2007 12:25|-r-------|1422452] E:\data1.hdr 
[02/03/2007 12:25|-r-------|1423668501] E:\data2.cab 
[22/11/2006 11:38|-r-------|341480] E:\dragonfly.dll 
[22/11/2006 11:38|-r-------|108008] E:\dxrenderer.dll 
[22/10/2004 04:16|-r-------|470174] E:\engine32.cab 
[04/05/2004 12:53|-r-------|1645320] E:\gdiplus.dll 
[18/11/2005 09:05|-r-------|13718754] E:\install.wav 
[02/03/2007 12:25|-r-------|704] E:\layout.bin 
[22/11/2006 11:38|-r-------|32744] E:\milessound.dll 
[19/03/2003 05:14|-r-------|499712] E:\msvcp71.dll 
[21/02/2003 13:42|-r-------|348160] E:\msvcr71.dll 
[26/10/2006 12:06|-r-------|40475] E:eadme_de.html 
[26/10/2006 11:57|-r-------|35660] E:eadme_en.html 
[26/10/2006 12:15|-r-------|41592] E:eadme_es.html 
[26/10/2006 12:06|-r-------|42946] E:eadme_fr.html 
[26/10/2006 12:11|-r-------|39892] E:eadme_it.html 
[23/10/2006 12:38|-r-------|35786] E:eadme_us.html 
[16/02/2005 15:35|-r-------|180056] E:\setup.bmp 
[22/10/2004 04:16|-r-------|118736] E:\setup.exe 
[02/03/2007 12:17|-r-------|464834] E:\setup.ibt 
[02/03/2007 12:17|-r-------|539] E:\setup.ini 
[02/03/2007 12:17|-r-------|219162] E:\setup.inx 
[06/09/2004 11:10|-r-------|630784] E:\stlport_vc7150.dll 
[07/12/2004 11:11|-r-------|258352] E:\unicows.dll 

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix.  
# D:\autorun.inf -> Dossier créé par UsbFix.  

################## | Cracks / Keygens / Serials |


################## | Upload | 

Veuillez envoyer le fichier : C:\Users\Geoffroy\Desktop\UsbFix_Upload_Me_PC-de-Geoffroy.zip : https://www.ionos.fr/?affiliate_id=77097 
Merci pour votre contribution .  

################## | ! Fin du rapport # UsbFix V6.065 ! |

Utilisateur anonyme · Answer

Fait un RSIT stp

Geogeodom · Answer

Logfile of random's system information tool 1.06 (written by random/random)
Run by Geoffroy at 2009-12-19 16:23:42
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 2
System drive C: has 90 GB (62%) free of 145 GB
Total RAM: 1982 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:24:12, on 19/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\explorer.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Geoffroy\Downloads\RSIT.exe
C:\Program Files	rend micro\Geoffroy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Users\Geoffroy\AppData\Local\Temp\cce4848.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: traduire la page - C:\Users\Geoffroy\AppData\Local\Temp\cce4836.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\Users\Geoffroy\AppData\Local\Temp\cce4847.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix: 
O15 - Trusted Zone: *.chat-land.org
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: QuestService Service - Unknown owner - C:\ProgramData\QuestService\questservice111.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Geogeodom · Answer

Oui le voilà, c'est parce que je post à chaque étape car j'ai toujours peur d'oublier quelque chose aprés, merci en tout cas.

Sinon l'ordi, je n'ai plus de Pub pour le moment, mais je n'ai pas beaucoup surfé sur le net, mais je pense que c'est pas mal.

Je voulais demander aussi, aprés avoir tout néttoyé, vous pourriez m'aider à faire les bonnes configurations pour internet, pour plus avoir de problemes.

Merci par avance

Utilisateur anonyme · Answer

Oui, bien sur, bon,

• Télécharge Malwarebytes' Anti-Malware (MBAM)
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

* Double clique sur le fichier téléchargé pour lancer le processus d'installation.
* Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
* Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
* Sélectionne "Exécuter un examen complet"
* Clique sur "Rechercher"
* L'analyse démarre, le scan est relativement long, c'est normal.
* A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.



Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
* Ferme tes navigateurs.
* Si des malwares ont été détectés, clique sur Afficher les résultats.
Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
* MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.



NB : Si MBAM te demande à redémarrer, fais-le.

Geogeodom · Answer

Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3393
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

19/12/2009 18:06:28
mbam-log-2009-12-19 (18-06-28).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 277644
Temps écoulé: 1 hour(s), 12 minute(s), 0 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 31
Fichier(s) infecté(s): 11

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{3de88beb-f271-484a-ba71-01d30f439f0c} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{50ad41d2-b1f0-47cc-9ea7-395355eaeebd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8ceb185e-81a5-46d3-bc20-c555d605afbd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a72522ba-9ff3-4c83-abc6-9b476728a396} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5762628-ae15-4ca6-96c4-b00dd17f3419} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d062e03e-65ca-49e4-9b15-31938ba98922} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\QuestService Service (Adware.DoubleD) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-1 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-10 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-11 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-12 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-13 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-14 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-15 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-16 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-17 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-18 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-19 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-2 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-20 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-21 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-22 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-23 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-24 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-25 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-26 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-27 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-28 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-29 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-3 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-30 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-31 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-4 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-5 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-6 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-7 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-8 (Worm.Brontok) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Local Settings\Application Data\Bron.tok-17-9 (Worm.Brontok) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\AUTOMA~1\410~1.529\ACEpx.exe.vir (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\CONTEN~1\110~1.199\cmwpx.exe.vir (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\CUSTOM~1\410~1.196\CPAHelper.exe.vir (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\CUSTOM~1\410~1.196\CPApx.exe.vir (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\INTERN~2\110~1.126\InternetToday.exe.vir (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\INTERN~2\110~1.126\PixelLogExe.exe.vir (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\TEXTUA~1\110~1.181	cppx.exe.vir (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\WEBSEA~1\410~1.208\WSOpx.exe.vir (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Downloads\gameztar_installer(2).exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Users\Geoffroy\Downloads\gameztar_installer.exe (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\searchPlugins\questservice111.xml (Adware.DoubleD) -> Quarantined and deleted successfully.

Utilisateur anonyme · Answer

Refait un RSIT

Geogeodom · Answer

Logfile of random's system information tool 1.06 (written by random/random)
Run by Geoffroy at 2009-12-19 18:20:37
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 2
System drive C: has 90 GB (62%) free of 145 GB
Total RAM: 1982 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:07, on 19/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\System32undll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\Geoffroy\Downloads\RSIT.exe
C:\Program Files	rend micro\Geoffroy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Users\Geoffroy\AppData\Local\Temp\cce4848.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: traduire la page - C:\Users\Geoffroy\AppData\Local\Temp\cce4836.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\Users\Geoffroy\AppData\Local\Temp\cce4847.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix: 
O15 - Trusted Zone: *.chat-land.org
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Utilisateur anonyme · Answer

On va supprimer tout les outils que l'on a utiliser jusqu'à maintenant (ca ne veux pas dire que le désinfection est fini !)

Télécharge toolscleaner sur ton Bureau :
* Double-clique sur ToolsCleaner2.exe et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de ton disque dur (C:\)...colle le dans ta réponse

Geogeodom · Answer

Il se passe quelque chose de bizare, quand je double clique, toolscleaner s'ouvre, puis il ne se passe rien, alors je fais recherche, et au bout de 2-3 minutes ca me met "toolscleaner..... ne répond pas"

Je dois faire quoi?

Utilisateur anonyme · Answer

Attend 5-10 min, si ça bug toujours, dis le moi !

Geogeodom · Answer

c'est bon c'est bien cela?


[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche: 

C:\UsbFix.txt: trouvé !
C:\UsbFix: trouvé !
C:\Rsit: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Program Files\Ad-Remover\BACKUP\Ad-R.exe: trouvé !
C:\Program Files	rend micro\HijackThis.exe: trouvé !
C:\Program Files	rend micro\hijackthis.log: trouvé !
C:\Users\Geoffroy\AppData\Local\Temp\CA41.tmp\catchme.exe: trouvé !
C:\Users\Geoffroy\AppData\Local\Temp\CA41.tmp\mbr.log: trouvé !
C:\Users\Geoffroy\AppData\Local\Temp\CA41.tmp\mbr.exe: trouvé !
C:\Users\Geoffroy\AppData\Local\Temp\EC0.tmp\catchme.exe: trouvé !
C:\Users\Geoffroy\AppData\Local\Temp\EC0.tmp\mbr.exe: trouvé !
C:\Users\Geoffroy\Desktop\HijackThis.exe: trouvé !
C:\Users\Geoffroy\Desktop\Ad-R.exe: trouvé !
C:\Users\Geoffroy\Desktop\hijackthis.log: trouvé !
C:\Users\Geoffroy\Desktop\UsbFix.exe: trouvé !
C:\Users\Geoffroy\Downloads\Rsit.exe: trouvé !

---------------------------------
--> Suppression: 

C:\Program Files\Ad-Remover\BACKUP\Ad-R.exe: supprimé !
C:\Program Files	rend micro\HijackThis.exe: supprimé !
C:\Users\Geoffroy\AppData\Local\Temp\CA41.tmp\catchme.exe: supprimé !
C:\Users\Geoffroy\AppData\Local\Temp\EC0.tmp\catchme.exe: supprimé !
C:\Users\Geoffroy\Desktop\HijackThis.exe: supprimé !
C:\Users\Geoffroy\Desktop\Ad-R.exe: supprimé !
C:\UsbFix.txt: supprimé !
C:\Program Files	rend micro\hijackthis.log: supprimé !
C:\Users\Geoffroy\AppData\Local\Temp\CA41.tmp\mbr.log: supprimé !
C:\Users\Geoffroy\AppData\Local\Temp\CA41.tmp\mbr.exe: supprimé !
C:\Users\Geoffroy\AppData\Local\Temp\EC0.tmp\mbr.exe: supprimé !
C:\Users\Geoffroy\Desktop\hijackthis.log: supprimé !
C:\Users\Geoffroy\Desktop\UsbFix.exe: supprimé !
C:\Users\Geoffroy\Downloads\Rsit.exe: supprimé !
C:\UsbFix: supprimé !
C:\Rsit: supprimé !
C:\Program Files\Ad-remover: supprimé !

Utilisateur anonyme · Answer

Oui, j'y vais donc,

Télécharge Dr.Web CureIt tsur ton Bureau:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Installe-le.
==> branche les USB et Disque dur externes .

Déconnecte toi physiquement d'Internet.

Double clique sur drweb-cureit.exe et autorise l'exécution du scan rapide. Cette étape scanne les fichiers résidants en mémoire. Si l'outil trouve quelque chose, clique sur le bouton Yes quand il demande si tu veux réaprer (cure it). Ce scan est rapide.

* Quand le scan rapide est terminé, il faut changer les réglages par défauts.
* Clique sur le menu Options >> Changer la configuration;
* Clique sur Actions
* Change chaque item sous Objets and Malware en Rapport.
* Ensuite, il faut sélectionner les partitions à scanner.
* Choisis l'option Tous. Un point rouge désigne les disques sélectionnés.
* Clique sur la flèche verte sur la droite, et le scan débutera..
* Clique sur Non pour tous si l'outil demande si tu veux nettoyer/déplacer les fichiers.
* A la fin du scan, du menu principal de l'outil, au haut à gauche, clique sur le menu Fichier et choisis Enregistrer le rapportt
* Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv.
* Ferme Dr.Web Cureit

Poste le rapport dans ta réponse.

==

Courage, beaucoup de travail et le scan de Dr Web Cure It peut être long.

Geogeodom · Answer

Bonjour, 

J'ai un peu de mal pour cette étape. c'est trés long et puis je l'ai fait une fois hier soir, ca a duré longtemps et j'ai pas réussi a enregistrer le rapport car ca a redémarer à la fin, et donc je ne sais pas ou est le rapport.

Faut que je recommence? 

Merci

Utilisateur anonyme · Answer

Il a supprimer combien de virus ?

Geogeodom · Answer

je ne sais pas trop, j'ai relancé le processus, mais bon ca va encore prendre 3 heures. 
On verra d'ici ce temps là.
Je suis connecté sur un autre PC en attendant.

Sinon le rapport d'hier je ne peux pas le retrouver quelque part?
merci

Utilisateur anonyme · Answer

Si, dans C:\Documents and Settings\"ton prénom"\DoctorWeb

Et copie colle le fichier bloc note sur le forum !

Geogeodom · Answer

Merci bien à vous deux, je comprends pas toujours tout, j'espere que je fais quand meme ce qu'il faut.
Merci

Utilisateur anonyme · Answer

Je vais m'en occuper nathandre, t'inquiète !

Utilisateur anonyme · Answer

Geogeodom, poste le rapport qui se trouve sur le chemin indiquer plus haut (message 50)

Geogeodom · Answer

Je crois que j'ai du faire une erreur, car le rapport que je trouve est trés trés long, je n'arrive pas a le mettre dans un message, ca reprend tout les trucs analysé je pense. Je crois que je vais attendre une deuxieme analyse pour poster le résultat, car ca doit pas être bon.

je trouve un rapport cureIT de 9 000 KO 
merci

Utilisateur anonyme · Answer

Non, attend, héberge le sur Miroriii : http://ww7.miroriii.com

Fais parcourir, prend le rapport et héberge le !

Utilisateur anonyme · Answer

Tu as vu mon message ??

Geogeodom · Answer

En fait faut que j'attende, vu que je fais un nouvelle analyse, le rapport en question c'est celui que je suis en train de créer, car il évolu au fur et a mesure de l'analyse, là il est à 10 000 Ko.
je l'envois dés que c'est finis

Utilisateur anonyme · Answer

JE TE PARLE DE L'ANCIEN !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Utilisateur anonyme · Answer

Geogeodom
Tu vas héberger le rapport sur ci joint.fr, car il est trop volumineux pour être posté ici

Geogeodom · Answer

Ne vous inquiétez pas, c'est moi qui me suit pas bien exprimé. En fait j'ai du me tromper, car le seul rapport que j'ai sur Dr.WEB est en fait celui de l'analyse en cours, et donc en fait hier j'ai du bien faire ce qu'on me demandait. 
Donc pour le moment je ne peux pas le poster ou le faire héberger car l'analyse n'est pas terminée. 
Je suis désole de pas toujours comprendre, mais merci de votre aide.

J'hébergerais si j'y parviens le rapport dés que ca sera fini.

Geogeodom · Answer

oups j'ai oublié un pas --> hier je n'ai pas du bien faire ce que l'on me demandait, c'est pour ca que je ne trouve pas le rapport d'hier.

Utilisateur anonyme · Answer

Ok désoler, c'est moi

Geogeodom · Answer

En attendant l'hébergement du rapport, je mets ce que je trouve à la fin :


-----------------------------------------------------------------------------
Statistiques d'analyse
-----------------------------------------------------------------------------
Objets scannés: 494966
Objets infectés: 0
Objets ayant été modifiés: 0
Objets suspects: 0
Adwares détectés: 0
Dialers détectés: 0
Canulars détectés: 0
Riskwares détectés: 0
Hacktools détectés: 0
Désinfecté: 0
Supprimé: 0
Renommé: 0
Déplacé en quarantaine: 0
Ignoré: 0
Vitesse du scan: 0 Kb/s
Durée d'analyse: 06:54:45
-----------------------------------------------------------------------------

Geogeodom · Answer

http://ww7.miroriii.com
              

voilà le lien
Merci

gigi · Answer

telecharge trojan remover( version d essaie il est en anglais )il est efficace,pour les parametre de securite de ton pc c est a vous de ne pas accepter n importe quoi !!! et oui a 80% des pc verolé c est a causes de negligences    bon noel

Utilisateur anonyme · Answer

Gigi, arrête !!!!!!!

Utilisateur anonyme · Answer

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnecte toi, ferme toutes tes applications en cours et DÉSACTIVE TOUTES TES DÉFENSES (anti-virus, antispyware, pare-feu) le temps de la manipulation : en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!

---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

Télécharge le ici : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Tuto ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :

Double-clique sur C-Fix.exe (= combofix.exe ) .

Appuie sur une touche pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

Geogeodom · Answer

j'avais désactivé Avast, mais je ne sais pas si je l'ai bien fait? 
si j'ai pas bien fait ce qu'il fallait, je suis désolé par avance.

ComboFix 09-12-20.04 - Geoffroy 21/12/2009  23:36:52.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6002.2.1252.33.1036.18.1982.1159 [GMT 1:00]
Lancé depuis: c:\users\Geoffroy\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 091221-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 091221-1] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Geoffroy\AppData\Local\Bron.tok.A17.em.bin
c:\users\Geoffroy\AppData\Local\Kosong.Bron.Tok.txt

.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_RDPWD
-------\Service_TDTCP


(((((((((((((((((((((((((((((   Fichiers créés du 2009-11-21 au 2009-12-21  ))))))))))))))))))))))))))))))))))))
.

2009-12-21 22:47 . 2009-12-21 22:47	--------	d-----w-	c:\users\Default\AppData\Local	emp
2009-12-18 23:16 . 2009-12-18 23:16	--------	d-----w-	c:\program files\Lavasoft
2009-12-18 23:02 . 2009-12-18 23:02	--------	d-----w-	c:\program files\CCleaner
2009-12-10 08:38 . 2009-11-09 12:31	24064	----a-w-	c:\windows\system32
shhttp.dll
2009-12-10 08:38 . 2009-11-09 10:36	411648	----a-w-	c:\windows\system32\drivers\http.sys
2009-12-10 08:38 . 2009-11-09 12:30	30720	----a-w-	c:\windows\system32\httpapi.dll
2009-12-09 09:52 . 2009-10-07 11:36	243712	----a-w-	c:\windows\system32astls.dll
2009-11-26 09:24 . 2009-10-29 09:17	2048	----a-w-	c:\windows\system32	zres.dll
2009-11-25 10:15 . 2009-08-11 16:44	1401856	----a-w-	c:\windows\system32\msxml6.dll
2009-11-25 10:15 . 2009-08-11 16:44	1248768	----a-w-	c:\windows\system32\msxml3.dll
2009-11-22 15:53 . 2009-08-05 21:48	54632	----a-w-	c:\windows\system32\drivers\fssfltr.sys
2009-11-22 15:50 . 2006-11-29 12:06	3426072	----a-w-	c:\windows\system32\d3dx9_32.dll

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-21 23:44 . 2009-02-27 18:28	28124	----a-w-	c:\programdata
vModes.dat
2009-12-21 10:33 . 2009-12-18 23:16	--------	d-----w-	c:\programdata\Lavasoft
2009-12-20 14:03 . 2006-11-02 15:48	678956	----a-w-	c:\windows\system32\perfh00C.dat
2009-12-20 14:03 . 2006-11-02 15:48	128004	----a-w-	c:\windows\system32\perfc00C.dat
2009-12-19 17:45 . 2009-12-19 11:22	--------	d-----w-	c:\program files	rend micro
2009-12-19 15:51 . 2009-12-19 15:51	--------	d-----w-	c:\users\Geoffroy\AppData\Roaming\Malwarebytes
2009-12-19 15:51 . 2009-12-19 15:51	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-11-26 09:19 . 2009-11-26 09:19	484976	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbC275.tmp.exe
2009-11-25 09:28 . 2009-11-25 09:28	484976	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb8F55.tmp.exe
2009-11-22 15:52 . 2007-09-06 19:30	--------	d-----w-	c:\program files\Windows Live
2009-11-21 06:40 . 2009-12-09 09:53	916480	----a-w-	c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 09:53	71680	----a-w-	c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 09:53	109056	----a-w-	c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 09:53	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2009-11-18 09:46 . 2009-11-18 09:46	--------	d-----w-	c:\program files\Windows Portable Devices
2009-11-18 09:46 . 2006-11-02 10:25	665600	----a-w-	c:\windows\inf\drvindex.dat
2009-11-18 09:46 . 2009-11-18 09:46	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-06 07:27 . 2007-09-06 19:30	--------	d-----w-	c:\program files\Messenger Plus! Live
2009-11-02 19:42 . 2009-10-02 16:31	195456	------w-	c:\windows\system32\MpSigStub.exe
2009-10-31 20:07 . 2009-10-31 15:29	--------	d-----w-	c:\program files\myTV
2009-10-30 22:34 . 2009-10-30 22:34	--------	d-----w-	c:\programdata\Firefly Studios
2009-10-30 22:32 . 2009-10-30 22:32	8854	----a-r-	c:\users\Geoffroy\AppData\Roaming\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\Uninstall_GameShadow_5A2F371F8B5D46B4833C0612B065BEC7.exe
2009-10-30 22:32 . 2009-10-30 22:32	45056	----a-r-	c:\users\Geoffroy\AppData\Roaming\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe
2009-10-30 22:32 . 2009-10-30 22:32	45056	----a-r-	c:\users\Geoffroy\AppData\Roaming\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
2009-10-30 22:32 . 2009-10-30 22:32	45056	----a-r-	c:\users\Geoffroy\AppData\Roaming\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\ARPPRODUCTICON.exe
2009-10-30 22:32 . 2009-10-30 22:32	--------	d-----w-	c:\program files\GameShadow
2009-10-30 22:23 . 2009-10-30 22:23	--------	d-----w-	c:\program files\Firefly Studios
2009-10-08 21:08 . 2009-11-18 09:30	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-18 09:30	234496	----a-w-	c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-11-18 09:30	4096	----a-w-	c:\windows\system32\oleaccrc.dll
2009-10-01 01:02 . 2009-11-18 09:32	2537472	----a-w-	c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-18 09:33	30208	----a-w-	c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-18 09:32	334848	----a-w-	c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-18 09:32	87552	----a-w-	c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-18 09:33	31232	----a-w-	c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-18 09:32	546816	----a-w-	c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-18 09:32	160256	----a-w-	c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-18 09:32	60928	----a-w-	c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-18 09:32	350208	----a-w-	c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-18 09:32	196608	----a-w-	c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-18 09:32	100864	----a-w-	c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-18 09:33	81920	----a-w-	c:\windows\system32\wpdbusenum.dll
2009-09-25 02:10 . 2009-11-18 09:33	974848	----a-w-	c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-18 09:33	189440	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-18 09:33	321024	----a-w-	c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-18 09:33	1554432	----a-w-	c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-18 09:33	351232	----a-w-	c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-18 09:33	847360	----a-w-	c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-18 09:33	280064	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-18 09:33	135680	----a-w-	c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-18 09:33	195584	----a-w-	c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-18 09:33	829440	----a-w-	c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-18 09:33	369664	----a-w-	c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-18 09:33	252928	----a-w-	c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-18 09:33	519680	----a-w-	c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-18 09:33	486912	----a-w-	c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-18 09:33	161280	----a-w-	c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-18 09:33	218112	----a-w-	c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-18 09:33	1030144	----a-w-	c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-18 09:33	828928	----a-w-	c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-18 09:33	481792	----a-w-	c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-18 09:33	190464	----a-w-	c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-18 09:33	634880	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-18 09:33	37888	----a-w-	c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-18 09:33	793088	----a-w-	c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-18 09:33	1064448	----a-w-	c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-18 09:33	258048	----a-w-	c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-18 09:33	667648	----a-w-	c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-18 09:33	26112	----a-w-	c:\windows\system32\printfilterpipelineprxy.dll
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-27 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-23 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SetPoint"="c:\program files\Logitech\SetPoint\KEM.EXE" [2004-10-28 581632]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2007-9-4 581632]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):09,e3,7d,34,2d,53,ca,01

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [17/05/2008 12:07 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [17/05/2008 12:07 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17/05/2008 12:07 51280]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17/09/2009 21:04 133104]
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\System32\drivers\alcan5ln.sys [12/09/2007 15:04 36048]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [24/09/2008 22:35 21504]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [22/11/2009 16:53 54632]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
------- Examen supplémentaire -------
.
IE: ajouter cette page à vos favoris Orange - c:\users\Geoffroy\AppData\Local\Temp\cce4848.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: traduire la page - c:\users\Geoffroy\AppData\Local\Temp\cce4836.html
IE: traduire le texte sélectionné - c:\users\Geoffroy\AppData\Local\Temp\cce4847.html
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
Trusted Zone: chat-land.org
FF - ProfilePath - c:\users\Geoffroy\AppData\Roaming\Mozilla\Firefox\Profiles\zb3kktbf.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.cherche.us/
FF - prefs.js: keyword.URL - hxxp://r.orange.fr/r?ref=O_toolbar32_hook_syntaxError&url=http%3A//rws.search.ke.voila.fr/RW/A/O_toolbar31?errorigin=noturl&kw=
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652
pCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13
pGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live
pOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-LogitechVideoRepair - c:\program files\Logitech\Video\ISStart.exe
AddRemove-Ad-Remover - c:\program files\Ad-Remover\Uninstall ADR.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-22 00:45
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(3072)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32
vvsvc.exe
c:\windows\system32undll32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\conime.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32undll32.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\Logitech\SetPoint\KHALMNPR.EXE
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Heure de fin: 2009-12-22  00:50:11 - La machine a redémarré
ComboFix-quarantined-files.txt  2009-12-21 23:50

Avant-CF: 92 893 491 200 octets libres
Après-CF: 93 705 555 968 octets libres

- - End Of File - - 6A0733B4DDC46420F6F4378DFCBC5E95

Utilisateur anonyme · Answer

Ok, refait un RSIT

Geogeodom · Answer

J'ai téléchargé Rsit à nouveau comme on l'avait supprimé lors du nettoyage des outils et voilà ce que j'obtiens :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Geoffroy at 2009-12-22 11:50:02
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 2
System drive C: has 89 GB (62%) free of 145 GB
Total RAM: 1982 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:04, on 22/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\System32undll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Geoffroy\Desktop\RSIT.exe
C:\Program Files	rend micro\Geoffroy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Users\Geoffroy\AppData\Local\Temp\cce4848.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: traduire la page - C:\Users\Geoffroy\AppData\Local\Temp\cce4836.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\Users\Geoffroy\AppData\Local\Temp\cce4847.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O15 - Trusted Zone: *.chat-land.org
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Utilisateur anonyme · Answer

Comment va l'ordi ?

Utilisateur anonyme · Answer

Fais ça :
Désactive tes protections

Télécharge OTM de OldTimer sur le bureau :

==> [oldtimer.geekstogo.com/OTM.exe OTM]oldtimer.geekstogo.com/OTM.exe OTM



Double-clique sur OTM.exe sur le bureau

---> sous VISTA: clic droit: exécuter en temps qu'administrateur.

- Assure toi que la case Unregister Dll's and Ocx's soit bien cochée

- Copie le texte qui se trouve en citation et colle le dans le cadre de gauche de OTMoveIt nommé Paste Instructions for Items to be Moved

:files
C:\Program Files\PokerStars.NET\
C:\Program Files\PokerStars 


:commands

[emptytemp]
[reboot]



- Clique sur MoveIt! pour lancer la suppression.
- Ferme OTM

Ton PC va redémarrer pour finir la suppression, si il ne le fais pas lui-même, redémarre le.

Poste le rapport de OTM qui se trouve dans C:\_OTM\MovedFiles.

Réactives tes protections

Geogeodom · Answer

je n'arrive pas a telecherger OTM, ca me met que l'adresse est invalide.

Sinon le PC va plutot bien, je ne vois plus de signe apparant de perturbations.

Merci

Utilisateur anonyme · Answer

http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/

Geogeodom · Answer

All processes killed
========== FILES ==========
C:\Program Files\PokerStars.NET\update folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\slick\chairs folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\slick\base\label folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\slick\base\ctrls folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\slick\base\chips&deck\chips\6 folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\slick\base\chips&deck\chips\5 folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\slick\base\chips&deck\chips\4 folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\slick\base\chips&deck\chips\3 folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\slick\base\chips&deck\chips\2 folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\slick\base\chips&deck\chips\1 folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\slick\base\chips&deck\chips\0 folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\slick\base\chips&deck\chips folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\slick\base\chips&deck folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\slick\base folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\slick folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\simple\label folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\simple folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\preview\lobby folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\preview folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\black	emplates folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\black\lobby folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\black\label folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\black\images folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\black\ctrls folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\black folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\&default folder moved successfully.
C:\Program Files\PokerStars.NET\Themes folder moved successfully.
C:\Program Files\PokerStars.NET\Snd folder moved successfully.
C:\Program Files\PokerStars.NET\Gx	emplates folder moved successfully.
C:\Program Files\PokerStars.NET\Gxeplay folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\lobby\en folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\lobby folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\label folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\fonts folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\ctrls folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\simple\6 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\simple\5 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\simple\4 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\simple\3 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\simple\2 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\simple\1 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\simple\0 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\simple folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\large\6 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\large\5 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\large\4 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\large\3 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\large\2 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\large\1 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\large\0 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\large folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\default\6 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\default\5 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\default\4 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\default\3 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\default\2 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\default\1 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\default\0 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\default folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\chips\6 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\chips\5 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\chips\4 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\chips\3 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\chips\2 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\chips\1 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\chips\0 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\chips folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck folder moved successfully.
C:\Program Files\PokerStars.NET\Gx folder moved successfully.
C:\Program Files\PokerStars.NET\backup\gx	emplates folder moved successfully.
C:\Program Files\PokerStars.NET\backup\gx folder moved successfully.
C:\Program Files\PokerStars.NET\backup folder moved successfully.
C:\Program Files\PokerStars.NET folder moved successfully.
C:\Program Files\PokerStars\update folder moved successfully.
C:\Program Files\PokerStars	hemes\simple\label folder moved successfully.
C:\Program Files\PokerStars	hemes\simple folder moved successfully.
C:\Program Files\PokerStars	hemes\preview\lobby folder moved successfully.
C:\Program Files\PokerStars	hemes\preview folder moved successfully.
C:\Program Files\PokerStars	hemes\black	emplates folder moved successfully.
C:\Program Files\PokerStars	hemes\black\lobby folder moved successfully.
C:\Program Files\PokerStars	hemes\black\label folder moved successfully.
C:\Program Files\PokerStars	hemes\black\images folder moved successfully.
C:\Program Files\PokerStars	hemes\black\ctrls folder moved successfully.
C:\Program Files\PokerStars	hemes\black folder moved successfully.
C:\Program Files\PokerStars	hemes\&default folder moved successfully.
C:\Program Files\PokerStars	hemes folder moved successfully.
C:\Program Files\PokerStars\snd folder moved successfully.
C:\Program Files\PokerStars\gx	emplates folder moved successfully.
C:\Program Files\PokerStars\gxeplay folder moved successfully.
C:\Program Files\PokerStars\gx\lobby\en folder moved successfully.
C:\Program Files\PokerStars\gx\lobby folder moved successfully.
C:\Program Files\PokerStars\gx\label folder moved successfully.
C:\Program Files\PokerStars\gx\fonts folder moved successfully.
C:\Program Files\PokerStars\gx\ctrls folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\simple\6 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\simple\5 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\simple\4 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\simple\3 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\simple\2 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\simple\1 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\simple\0 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\simple folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\large\6 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\large\5 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\large\4 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\large\3 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\large\2 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\large\1 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\large\0 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\large folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\default\6 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\default\5 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\default\4 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\default\3 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\default\2 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\default\1 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\default\0 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\default folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\chips\6 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\chips\5 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\chips\4 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\chips\3 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\chips\2 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\chips\1 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\chips\0 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\chips folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck folder moved successfully.
C:\Program Files\PokerStars\gx folder moved successfully.
C:\Program Files\PokerStars\backup\gx	emplates folder moved successfully.
C:\Program Files\PokerStars\backup\gx folder moved successfully.
C:\Program Files\PokerStars\backup folder moved successfully.
C:\Program Files\PokerStars folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Geoffroy
->Temp folder emptied: 475876 bytes
->Temporary Internet Files folder emptied: 14783591 bytes
->Java cache emptied: 58954749 bytes
->FireFox cache emptied: 56314205 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 2996 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 14391615 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 31494411 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 168,00 mb
 
 
OTM by OldTimer - Version 3.1.3.0 log created on 12222009_122412

Files moved on Reboot...
C:\Users\Geoffroy\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...

Utilisateur anonyme · Answer

J'ai reverifier ton rapport RSIT et ça sent mauvais !! Suis bien les instructions :

Télécharge MBR.exe de GMER : http://www2.gmer.net/mbr/mbr.exe
Placez le fichier sur votre bureau

    * Désactive tous les programmes de protection (antivirus, antispyware etc.)
    * Double-clique sur mbr.exe.. une fenêtre noire va s'ouvrir et se refermer.
    * Un rapport sera généré mbr.log
    * Poste son contenu sur le forum !

Geogeodom · Answer

C'est ca le rapport? 
Mon ordi n'est pas en forme? c'est grave?

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Utilisateur anonyme · Answer

J'ai eu peur, non, c'est bon, tu as pas le rootkit MBR !

Re-Désactive tes protections
Double-clique sur OTM.exe sur le bureau

---> sous VISTA: clic droit: exécuter en temps qu'administrateur.

- Assure toi que la case Unregister Dll's and Ocx's soit bien cochée

- Copie le texte qui se trouve en citation et colle le dans le cadre de gauche de OTMoveIt nommé Paste Instructions for Items to be Moved

:files

C:\Windows\PEV.exe 

:commands


[emptytemp]
[reboot]


- Clique sur MoveIt! pour lancer la suppression.
- Ferme OTM

Ton PC va redémarrer pour finir la suppression, si il ne le fais pas lui-même, redémarre le.

Poste le rapport de OTM qui se trouve dans C:\_OTM\MovedFiles.

Réactives tes protections

Geogeodom · Answer

All processes killed
========== FILES ==========
C:\Windows\PEV.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Geoffroy
->Temp folder emptied: 32237 bytes
->Temporary Internet Files folder emptied: 1503003 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1,00 mb
 
 
OTM by OldTimer - Version 3.1.3.0 log created on 12222009_125116

Files moved on Reboot...
C:\Users\Geoffroy\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...

Utilisateur anonyme · Answer

Fais juste un HJT (qui se trouve ici :  C:\Program Files	rend micro\Geoffroy.exe )

Geogeodom · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:07:00, on 22/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\System32undll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files	rend micro\Geoffroy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Users\Geoffroy\AppData\Local\Temp\cce4848.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: traduire la page - C:\Users\Geoffroy\AppData\Local\Temp\cce4836.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\Users\Geoffroy\AppData\Local\Temp\cce4847.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing)
O15 - Trusted Zone: *.chat-land.org
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Utilisateur anonyme · Answer

Relance HJT, clique sur "Do a system scan only".
Coche ces lignes :


R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file) 
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing)
O15 - Trusted Zone: *.chat-land.org 

Et fait fix checked ! Refait un HJT ensuite

Geogeodom · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12:53, on 22/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\System32undll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files	rend micro\Geoffroy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Users\Geoffroy\AppData\Local\Temp\cce4848.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: traduire la page - C:\Users\Geoffroy\AppData\Local\Temp\cce4836.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\Users\Geoffroy\AppData\Local\Temp\cce4847.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Utilisateur anonyme · Answer

Redémarre l'ordi. Il va bien ?

Geogeodom · Answer

Je viens de redémarrer. 
En apparance je pense que le PC va bien, mais aprés je ne suis pas expert pour juger si il y a des choses encore négatives ou non.

Merci

Utilisateur anonyme · Answer

Comme tu m'as demander plus tôt, on va faire du ménage !

• Finir le nettoyage :
- Nettoye ton ordinateur avec ATFCeaner(à utiliser régulièrement!):

telecharge sur ton bureau:

- AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1

ATF Cleaner
Double-clique ATF-Cleaner.exe afin de lancer le programme.
Sous l'onglet Main, choisis : Select All
Clique sur le bouton Empty Selected, patiente le temp du nettoyage, ok
Si tu utilises le navigateur Firefox :
Clique Firefox au haut et choisis : Select All
Clique le bouton Empty Selected
Patiente le temp du nettoyage
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
Si tu utilises le navigateur Opera :
Clique Opera au haut et choisis : Select All
Clique le bouton Empty Selected
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
Clique Exit, du menu prinicipal, afin de fermer le programme.
Le prochain démarrage du PC sera un peu plus long , le prefetch ayant été vidé.

• Téléchargez TFC par OldTimer sur votre Bureau
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

* Faites un double clic sur TFC.exe pour le lancer.
* L'outil va fermer tous les programmes lors de son exécution, donc vérifiez que vous avez sauvegardé tout votre travail en cours avant de commencer.
* Cliquez sur le bouton Start pour lancer le processus. Selon la fréquence à laquelle vous supprimez vos fichiers temporaires, cela peut durer de quelques secondes à une minute ou deux. Laissez le programme s'exécuter sans l'interrompre.
* Lorsqu'il a terminé, l'outil devrait faire redémarrer votre système. S'il ne le fait pas, veuillez faire redémarrer manuellement le PC vous-même pour parachever le nettoyage.

• naviguer avec FireFox http://www.mozilla-europe.org/fr/firefox/ , JavaScript désactivé quand on sait pas ou on surf, ça peut éviter les IFrames pourries javaScript sur une page web pourries http://www.certa.ssi.gouv.fr/site/CERTA-2008-INF-001/index.html

Les captures ci dessous sont réalisés depuis la 3.0.14 de FireFox , avec la 3.5.* le principe reste le meme malgré que l'interface à cette endroit est quelque peu differente.


http://imagesup.org/image

• Configurer FireFox pour vider cache, cookies ...... à sa fermeture:

http://imagesup.org/image

• Lire sécuriser FireFox:: https://www.malekal.com/securiser-le-navigateur-web-firefox-2/

- Désactive puis réactive la restauration du système :
- Mode d'emploi Windows XP: http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924

• desinstalle ComboFix en copiant|collant la ligne cidessous du cadre dans executer et valide:

Code: Tout sélectionner
    "%userprofile%\Bureau\ComboFix.exe" /uninstall

supprime son dossier restant apres disparition de l'icone de combofix de ton bureau en c:\combofix

Sauvegarde de la ruche systeme

Pratique en cas de ce type d'erreur au demarrage ( http://www.vista-xp.fr/forum/topic183.html ) et rapide à restaurer en console de recuperation: https://www.malekal.com/installer-et-utiliser-la-console-de-recuperation/#mozTocId862261
https://www.malekal.com/tutoriel-erunt/#mozTocId955164

• telecharge ERUNT (ERDNT):
http://www.derfisch.de/lars/erunt.zip
http://www.aumha.org/downloads/erunt.zip
http://dundats.mvps.org/Files/erunt.zip

et dezippe le ,renomme le dossier par ERDNT, coupe_colle le dossier dezippé à cet endroit et pas ailleurs: c:\windows\ , puis double clic sur ERUNT comme sur la capture:

http://imagesup.org/image

* clic ok et dans la fenetre qui apparait comme sur la capture , spécifie le chemin c:\windows\ERDNT en "backup to", pas ailleurs!, un nouveau dossier doit alors être crée, clic ok.

http://imagesup.org/image

*la sauvegarde de la ruche systeme s'opère alors , un dossier de sauvegarde en date de création apparrait en c:\windows\ERDNT\ << vérifier!!

http://imagesup.org/image

Aide en Video :: https://www.malekal.com/fichiers/ERUNT/erunt.avi

*Compacte ton registre si tu veux , double clic sur NTREGOPT . ne touche à rien pendant le compactage , un reboot est demandé , accepte.

Geogeodom · Answer

• desinstalle ComboFix en copiant|collant la ligne cidessous du cadre dans executer et valide: 

Code: Tout sélectionner 


"%userprofile%\Bureau\ComboFix.exe" /uninstall

--> Pour cette étape, je n'y suis pas parvenu, ca me dit que ca n'existe pas dans mon PC quand je copie ca dans exécuter.

Utilisateur anonyme · Answer

Tu as déjà supprimer ComboFix ?

Geogeodom · Answer

non je ne l'ai pas supprimé, l'application est encore sur le bureau, mais j'arrive pas a rentrer les données dans éxécuter

Utilisateur anonyme · Answer

Laisse tombé, on s'occupera de ça après, continu, laisse tomber la commande !

Geogeodom · Answer

Bon voilà, je pense avoir tout fait, en esperant ne rien avoir raté.

Utilisateur anonyme · Answer

On va voir, une petite vérif
Fait un scan avec Hijackthis, si tu l'as plus, télécharge le là : http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

Geogeodom · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:21:16, on 22/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\System32undll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Users\Geoffroy\AppData\Local\Temp\cce4848.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: traduire la page - C:\Users\Geoffroy\AppData\Local\Temp\cce4836.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\Users\Geoffroy\AppData\Local\Temp\cce4847.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Utilisateur anonyme · Answer

* Télécharge JavaRa.zip

 * Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)

 * Double-clique sur le répertoire JavaRa obtenu.

 * Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)

 * Clique sur Search For Updates.

 * Sélectionne Update Using jucheck.exe puis clique sur Search.

 * Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.

 * Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.

 * Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.

 * Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.

 * Note : le rapport se trouve aussi là : ( C:\JavaRa.log )

Ferme l'application

Geogeodom · Answer

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Dec 23 13:26:16 2009

Found and removed: C:\Program Files\Java\jre1.6.0

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: C:\Program Files\Java\jre1.6.0_11

Found and removed: C:\Users\Geoffroy\AppData\LocalLow\Sun\Java\jre1.6.0_11

Found and removed: C:\Users\Geoffroy\AppData\LocalLow\Sun\Java\jre1.6.0_13

Found and removed: C:\Users\Geoffroy\AppData\LocalLow\Sun\Java\jre1.6.0_15

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610000

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610000

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610000

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160000}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\JavaPlugin.160

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Java\jre1.6.0_07\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\

Utilisateur anonyme · Answer

Refait un ToolCleaner2 (si tu l'as garder) Recherche et Suppression !

creafter · Answer

deja si tu a un antivirus fai une analyse ,suprime les virus publicitaire et voila  pas besoin de se prendre la tete avec des logiciel

Geogeodom · Answer

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche: 

C:\Combofix.txt: trouvé !
C:\Combofix: trouvé !
C:\Qoobox: trouvé !
C:\_OTM: trouvé !
C:\Rsit: trouvé !
C:\Program Files	rend micro\HijackThis.exe: trouvé !
C:\Program Files	rend micro\hijackthis.log: trouvé !
C:\Program Files	rend micro\HijackThis: trouvé !
C:\Program Files	rend micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files	rend micro\HijackThis\hijackthis.log: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\Geoffroy\Desktop\HijackThis.lnk: trouvé !
C:\Users\Geoffroy\Desktop\OTM.exe: trouvé !
C:\Users\Geoffroy\Desktop\ComboFix.exe: trouvé !
C:\Users\Geoffroy\Desktop\HJTInstall.exe: trouvé !
C:\Users\Geoffroy\Desktop\mbr.log: trouvé !
C:\Users\Geoffroy\Desktop\mbr.exe: trouvé !
C:\Users\Geoffroy\Desktop\Rsit.exe: trouvé !
C:\Windows\mbr.exe: trouvé !

---------------------------------
--> Suppression: 

C:\Program Files	rend micro\HijackThis.exe: supprimé !
C:\Program Files	rend micro\HijackThis\HijackThis.exe: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Users\Geoffroy\Desktop\HijackThis.lnk: supprimé !
C:\Users\Geoffroy\Desktop\OTM.exe: supprimé !
C:\Users\Geoffroy\Desktop\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Users\Geoffroy\Desktop\HJTInstall.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Program Files	rend micro\hijackthis.log: supprimé !
C:\Program Files	rend micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox\Quarantine\catchme.log: supprimé !
C:\Users\Geoffroy\Desktop\mbr.log: supprimé !
C:\Users\Geoffroy\Desktop\mbr.exe: supprimé !
C:\Users\Geoffroy\Desktop\Rsit.exe: supprimé !
C:\Windows\mbr.exe: supprimé !
C:\Combofix: supprimé !
C:\Qoobox: supprimé !
C:\_OTM: supprimé !
C:\Rsit: supprimé !
C:\Program Files	rend micro\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !

Geogeodom · Answer

Bah moi je suis perdu, je fais ce qu'on me dit pr pas me faire crier lol

Publicités intempestives

95 réponses

Discussions similaires

Newsletters