Mon pc es tinfecté , c'est sûr mais par quoi? - Page 2

Résolu
Précédent
  • 1
  • 2
Réponse 21 / 40
sylevin Messages postés 25 Statut Membre
 
Bonjour 'ai été un peu long mais pas pu faire autrement
voilà le rapport OTMovie

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder J:\autorunner.exe not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e075c25b-0cb8-11dd-a87c-4d6564696130}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea623b9e-04b9-11dd-a86a-4d6564696130}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Nous\LOCALS~1\Temp\etilqs_bH7x62QMwQ2ESmshjHIZ scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Nous\Local Settings\Application Data\Mozilla\Firefox\Profiles\86gsozqy.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nous\Local Settings\Application Data\Mozilla\Firefox\Profiles\86gsozqy.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nous\Local Settings\Application Data\Mozilla\Firefox\Profiles\86gsozqy.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nous\Local Settings\Application Data\Mozilla\Firefox\Profiles\86gsozqy.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nous\Local Settings\Application Data\Mozilla\Firefox\Profiles\86gsozqy.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nous\Local Settings\Application Data\Mozilla\Firefox\Profiles\86gsozqy.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02032009_182542
0
Réponse 22 / 40
sylevin Messages postés 25 Statut Membre
 
maintenant le rapport rsit
Logfile of random's system information tool 1.05 (written by random/random)
Run by Nous at 2009-02-03 18:39:56
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 48 GB (65%) free of 73 GB
Total RAM: 511 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:40:10, on 03/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\perso\telechargement\anti troyes\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Nous.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.mypoiskovik.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.mypoiskovik.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mwtfxr.t.muxa.cc/h.php?aid=227 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mwtfxr.t.muxa.cc/s.php?aid=227 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://mwtfxr.t.muxa.cc/s.php?aid=227 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mwtfxr.t.muxa.cc/h.php?aid=227 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mwtfxr.t.muxa.cc/s.php?aid=227 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.mypoiskovik.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://mwtfxr.t.muxa.cc/h.php?aid=227 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://camtrace.net8.nerim.net/lib/download/AxisCamControl.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03827806-7676-4CDB-B15F-8580280B80A0}: NameServer = 81.253.149.9 80.10.246.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{03827806-7676-4CDB-B15F-8580280B80A0}: NameServer = 81.253.149.9 80.10.246.132
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: Kaspersky Anti-Virus (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Program Files\AVPersonal\AVWUPSRV.EXE (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
0
Réponse 23 / 40
Utilisateur anonyme
 
Télécharge SDFix sur ton bureau :
ici http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.
ou ici http://download.bleepingcomputer.com/andymanchesta/SDFix.exe­
ou ici http://sdfix.net/SDFix.exe

--> Double-clique sur SDFix.exe et choisis "Install" .

( tuto ici : https://www.malekal.com/slenfbot-still-an-other-irc-bot/ )

Puis une fois l'installe faite ,

Impératif : Démarrer en mode sans echec .

/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Comment aller en Mode sans échec :
1) Redémarre ton ordi .
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage .
4) Choisis la première option : Sans Échec , et valide en tapant sur [Entrée] .
5) Choisis ton compte habituel ( et pas Administrateur ).
attention : pas de connexion possible en mode sans échec , donc copie ou imprime bien la manipe pour éviter les erreurs ...

Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double-clique sur RunThis.bat pour lancer l'outil .
-->Tapes Y pour lancer le script ...
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presses une touche pour redémarrer quand il te le sera demandé .

Le PC va mettre du temps avant de démarrer ( c'est normale ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche .

Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier
C:\SDFix sous le nom "Report.txt".

Poste ce dernier dans ta prochaine réponse accompagné d'un nouveau rapport Hijakcthis pour analyse

0
Réponse 24 / 40
sylevin Messages postés 25 Statut Membre
 
Bonsoir , j'ai fais ce quetu m'a dis , sauf qu'après le passage de SDfix, je me suis retrouvé avec une bureau type sans echec avec chois admin et perso ,plus de connexion internet ,un affichage ( couleur contrast etc ... ) d'un autre age , donc j'ai fait une restauration systeme , au point de restauration quej'ai fais peu de temps avant la manip..........
que est le programme pour la suite ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 40
Utilisateur anonyme
 
tu devais rentrer dans ta session pour effectuer le nettoyage

desactive le tea-timer de spybot si ce n est fait et :

-- Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.
-- Ne pas utiliser en dehors de ce cas de figure : dangereux!

Lors de son exécution,
ComboFix va vérifier si la Console de récupération Microsoft Windows est installée. Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir pré-installée sur votre PC avant toute suppression de nuisibles.
Elle vous permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de vous aider plus facilement si jamais votre ordinateur rencontre un problème après une tentative de nettoyage.

Suivez les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows

et lorsque cela vous est demandé, acceptez le Contrat de Licence Utilisateur Final pour installer la Console de récupération Microsoft Windows.

Sous XP
https://support.microsoft.com/en-us/help/310994
Sous Vista
http://www.commentcamarche.net/faq/sujet 13735 console de recuperation vista sur cd bootable
**Note importante: Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.

Télécharges ComboFix à partir d'un de ces liens :
En premier
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

A lire
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Et important, enregistre le sur le bureau.

Avant d'utiliser ComboFix :

? Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

? Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

? Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

? Reviens sur le forum, et

copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

0
Réponse 26 / 40
Utilisateur anonyme
 
tu devais rentrer dans ta session pour effectuer le nettoyage

desactive le tea-timer de spybot si ce n est fait et :

-- Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.
-- Ne pas utiliser en dehors de ce cas de figure : dangereux!

Lors de son exécution,
ComboFix va vérifier si la Console de récupération Microsoft Windows est installée. Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir pré-installée sur votre PC avant toute suppression de nuisibles.
Elle vous permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de vous aider plus facilement si jamais votre ordinateur rencontre un problème après une tentative de nettoyage.

Suivez les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows

et lorsque cela vous est demandé, acceptez le Contrat de Licence Utilisateur Final pour installer la Console de récupération Microsoft Windows.

Sous XP
https://support.microsoft.com/en-us/help/310994
Sous Vista
http://www.commentcamarche.net/faq/sujet 13735 console de recuperation vista sur cd bootable
**Note importante: Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.

Télécharges ComboFix à partir d'un de ces liens :
En premier
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

A lire
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Et important, enregistre le sous...."moi.exe" sur le bureau.

Avant d'utiliser ComboFix :

? Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

? Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur moi.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

? Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

? Reviens sur le forum, et

copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

0
Réponse 27 / 40
sylevin Messages postés 25 Statut Membre
 
voilà le rapport je suis pas en avance mais boulot boulot
ComboFix 09-02-10.01 - Nous 2009-02-10 19:44:21.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.511.230 [GMT 1:00]
Lancé depuis: c:\documents and settings\Nous\Bureau\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\wind.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-10 au 2009-02-10 ))))))))))))))))))))))))))))))))))))
.

2009-02-05 21:57 . 2009-02-05 21:57 13,824 --a------ C:\achat auto.xls
2009-02-03 22:12 . 2009-02-10 19:49 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-03 22:12 . 2009-02-03 22:12 1,409 --a------ c:\windows\QTFont.for
2009-02-03 18:25 . 2009-02-03 18:25 <REP> d-------- C:\_OTMoveIt
2009-01-28 21:08 . 2009-01-29 17:58 <REP> d-------- c:\program files\Navilog1
2009-01-28 19:27 . 2009-02-03 18:40 <REP> d-------- C:\rsit
2009-01-27 20:25 . 2009-01-27 20:25 <REP> d-------- c:\program files\Trend Micro
2009-01-27 19:32 . 2009-01-27 19:32 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-01-27 19:30 . 2009-01-27 19:30 <REP> d-------- c:\windows\ERUNT
2009-01-27 19:25 . 2009-02-03 22:09 <REP> d-------- C:\SDFix
2009-01-25 22:11 . 2009-01-25 22:11 <REP> d-------- c:\documents and settings\Nous\Application Data\Malwarebytes
2009-01-25 22:10 . 2009-01-26 18:23 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-25 22:10 . 2009-01-25 22:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-25 22:10 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-25 22:10 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-25 18:43 . 2009-01-25 18:44 <REP> d-------- c:\program files\Trojan Killer
2009-01-25 17:56 . 2009-01-25 22:03 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-25 17:47 . 2009-01-25 17:47 <REP> d-------- c:\program files\Trojan Remover
2009-01-25 17:47 . 2009-01-25 17:47 <REP> d-------- c:\documents and settings\Nous\Application Data\Simply Super Software
2009-01-25 17:47 . 2009-01-25 17:47 <REP> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-01-25 17:47 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2009-01-25 17:47 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2009-01-25 17:47 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2009-01-25 17:47 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2009-01-25 17:47 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2009-01-23 22:17 . 2009-01-27 19:10 <REP> d-------- c:\windows\CAVTemp
2009-01-22 21:09 . 2009-01-22 21:09 921 --a------ c:\windows\ACROREAD.INI
2009-01-13 09:54 . 2003-05-02 10:25 <REP> d-------- c:\documents and settings\Administrateur\WINDOWS
2009-01-13 09:54 . 2003-05-02 11:00 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2009-01-13 09:54 . 2003-05-02 11:00 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-01-13 09:54 . 2003-05-02 10:04 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2009-01-13 09:54 . 2003-05-02 10:55 <REP> dr------- c:\documents and settings\Administrateur\Mes documents
2009-01-13 09:54 . 2003-05-02 11:00 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2009-01-13 09:54 . 2003-05-07 11:48 <REP> dr------- c:\documents and settings\Administrateur\Favoris
2009-01-13 09:54 . 2003-05-06 15:19 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-01-13 09:54 . 2003-05-02 13:37 <REP> d-------- c:\documents and settings\Administrateur\Application Data\InterVideo
2009-01-13 09:54 . 2003-05-02 10:55 <REP> d-------- c:\documents and settings\Administrateur\Application Data\InterTrust
2009-01-13 09:54 . 2009-02-03 22:09 <REP> d-------- c:\documents and settings\Administrateur
2009-01-12 22:00 . 2009-01-12 22:00 <REP> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-01-12 22:00 . 2009-01-12 22:00 <REP> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-01-12 22:00 . 2009-01-12 22:00 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-01-12 22:00 . 2009-01-12 22:00 <REP> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 18:49 --------- d-----w c:\program files\Wanadoo
2009-02-10 18:49 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-02-10 18:46 376,748 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-02-10 18:46 28,050,208 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-02-10 18:46 117,212 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-02-10 18:46 1,238,816 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-02-05 17:55 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-03 17:11 89,601 ----a-w c:\windows\system32\drivers\klick.dat
2009-02-03 17:11 101,287 ----a-w c:\windows\system32\drivers\klin.dat
2009-01-29 05:42 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-18 14:05 --------- d-----w c:\program files\eMule
2009-01-12 20:38 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-11 11:55 --------- d-----w c:\documents and settings\Nous\Application Data\Winamp
2008-12-16 20:29 --------- d-----w c:\program files\ConvertHelper
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2007-07-30 16:09 81,920 ----a-w c:\documents and settings\Nous\Application Data\ezpinst.exe
2007-07-30 16:09 47,360 ----a-w c:\documents and settings\Nous\Application Data\pcouffin.sys
2005-11-05 20:14 37 ----a-w c:\documents and settings\Nous\getfile.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="c:\progra~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-04 267048]
"Name of App"="c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2008-07-07 675935]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-02-05 206088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"PcSync"="c:\program files\Nokia\Connectivity Cable Driver\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.xvid"= xvid.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"nwiz"=nwiz.exe /install
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"LogitechVideoTray"=c:\program files\Logitech\Video\LogiTray.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"WOOWATCH"=c:\progra~1\Wanadoo\Watch.exe
"PCSuiteTrayApplication"=c:\program files\Nokia\Connectivity Cable Driver\Nokia PC Suite 6\LaunchApplication.exe -startup
"LogitechVideoRepair"=c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TribalWeb.net\\tribalweb.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12859:TCP"= 12859:TCP:BitComet 12859 TCP
"12859:UDP"= 12859:UDP:BitComet 12859 UDP
"7144:TCP"= 7144:TCP:BitComet 7144 TCP
"7144:UDP"= 7144:UDP:BitComet 7144 UDP
"22460:TCP"= 22460:TCP:BitComet 22460 TCP
"22460:UDP"= 22460:UDP:BitComet 22460 UDP

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2003-08-20 9344]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R2 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2003-08-20 455552]
R2 FastPara;FastPara;c:\windows\system32\drivers\fastpara.sys [2003-07-02 4832]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2003-05-02 814277]
S2 AVWUpSrv;AntiVir Update;"c:\program files\AVPersonal\AVWUPSRV.EXE" --> c:\program files\AVPersonal\AVWUPSRV.EXE [?]
S3 bfastfao;bfastfao;\??\c:\docume~1\Nous\LOCALS~1\Temp\bfastfao.sys --> c:\docume~1\Nous\LOCALS~1\Temp\bfastfao.sys [?]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\System32\ZDCndis5.SYS --> c:\windows\System32\ZDCndis5.SYS [?]
.
Contenu du dossier 'Tâches planifiées'

2009-02-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2009-01-30 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -

HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
MSConfigStartUp-acdojwm - c:\windows\suoacmm.exe
MSConfigStartUp-asrrkks - c:\windows\ohreyss.exe
MSConfigStartUp-bjpdryy - c:\windows\mulavcq.exe
MSConfigStartUp-bsnmsgw - c:\windows\tdmqcrx.exe
MSConfigStartUp-bunqosv - c:\windows\ohreyss.exe
MSConfigStartUp-bwdjkpw - c:\windows\tdmqcrx.exe
MSConfigStartUp-bxxxoax - c:\windows\mulavcq.exe
MSConfigStartUp-cbgfigu - c:\windows\suoacmm.exe
MSConfigStartUp-cdonfmf - c:\windows\mulavcq.exe
MSConfigStartUp-cehiaxc - c:\windows\mulavcq.exe
MSConfigStartUp-ciycgvs - c:\windows\eoxryfn.exe
MSConfigStartUp-cyvctux - c:\windows\syonagc.exe
MSConfigStartUp-dxdskhc - c:\windows\mulavcq.exe
MSConfigStartUp-ekcqtqd - c:\windows\suoacmm.exe
MSConfigStartUp-ekjsmjp - c:\windows\mulavcq.exe
MSConfigStartUp-ensfsor - c:\windows\xiixwil.exe
MSConfigStartUp-erowpxk - c:\windows\ohreyss.exe
MSConfigStartUp-fbxrskf - c:\windows\tdmqcrx.exe
MSConfigStartUp-fclqrjn - c:\windows\ohreyss.exe
MSConfigStartUp-fivohmw - c:\windows\ohreyss.exe
MSConfigStartUp-fiwycwr - c:\windows\xiixwil.exe
MSConfigStartUp-ftmjqgo - c:\windows\ohreyss.exe
MSConfigStartUp-fxnyhgt - c:\windows\tdmqcrx.exe
MSConfigStartUp-gffcale - c:\windows\pvgtwlw.exe
MSConfigStartUp-gfvugow - c:\windows\vwtpttf.exe
MSConfigStartUp-gtpyhrx - c:\windows\ohreyss.exe
MSConfigStartUp-hibntug - c:\windows\ohreyss.exe
MSConfigStartUp-hvhspvs - c:\windows\mulavcq.exe
MSConfigStartUp-ibuswch - c:\windows\pyivdci.exe
MSConfigStartUp-ikkreuq - c:\windows\kkqophl.exe
MSConfigStartUp-ipusbuk - c:\windows\pvgtwlw.exe
MSConfigStartUp-irkpcrl - c:\windows\mulavcq.exe
MSConfigStartUp-iwraryp - c:\windows\ohreyss.exe
MSConfigStartUp-kamjvos - c:\windows\pvgtwlw.exe
MSConfigStartUp-kikwjvr - c:\windows\kkqophl.exe
MSConfigStartUp-kjackpt - c:\windows\mulavcq.exe
MSConfigStartUp-kmeljis - c:\windows\xiixwil.exe
MSConfigStartUp-kmgapbv - c:\windows\pvgtwlw.exe
MSConfigStartUp-kpcorpo - c:\windows\xiixwil.exe
MSConfigStartUp-kwbetlj - c:\windows\ohreyss.exe
MSConfigStartUp-kxhdojk - c:\windows\xiixwil.exe
MSConfigStartUp-ldtcctn - c:\windows\mulavcq.exe
MSConfigStartUp-lejtptm - c:\windows\mulavcq.exe
MSConfigStartUp-lqsbobd - c:\windows\ohreyss.exe
MSConfigStartUp-ltdokyo - c:\windows\yoynhss.exe
MSConfigStartUp-mkbclex - c:\windows\mulavcq.exe
MSConfigStartUp-mmxyqmq - c:\windows\mulavcq.exe
MSConfigStartUp-nefqgjc - c:\windows\xiixwil.exe
MSConfigStartUp-nhyiiie - c:\windows\xiixwil.exe
MSConfigStartUp-ntqfcrw - c:\windows\xiixwil.exe
MSConfigStartUp-oakxdoj - c:\windows\ohreyss.exe
MSConfigStartUp-oapeygs - c:\windows\mulavcq.exe
MSConfigStartUp-oapjula - c:\windows\ohreyss.exe
MSConfigStartUp-oaxykcp - c:\windows\pvgtwlw.exe
MSConfigStartUp-oeljhow - c:\windows\pvgtwlw.exe
MSConfigStartUp-ogqdncj - c:\windows\vwtpttf.exe
MSConfigStartUp-oxvqgfa - c:\windows\ohreyss.exe
MSConfigStartUp-pcodiwu - c:\windows\pyivdci.exe
MSConfigStartUp-pnbpabe - c:\windows\suoacmm.exe
MSConfigStartUp-pskohqj - c:\windows\ohreyss.exe
MSConfigStartUp-qthcywj - c:\windows\xiixwil.exe
MSConfigStartUp-qwubluu - c:\windows\xiixwil.exe
MSConfigStartUp-rbuxgge - c:\windows\tdmqcrx.exe
MSConfigStartUp-rgwmhqv - c:\windows\kkqophl.exe
MSConfigStartUp-rinhnsw - c:\windows\xiixwil.exe
MSConfigStartUp-rkaoaqq - c:\windows\pvgtwlw.exe
MSConfigStartUp-rxmqlqj - c:\windows\tdmqcrx.exe
MSConfigStartUp-sdglrcd - c:\windows\ohreyss.exe
MSConfigStartUp-snirujb - c:\windows\xiixwil.exe
MSConfigStartUp-tkqpvky - c:\windows\mulavcq.exe
MSConfigStartUp-toqlwjk - c:\windows\mulavcq.exe
MSConfigStartUp-tpcoqjh - c:\windows\tdmqcrx.exe
MSConfigStartUp-uiekqmr - c:\windows\pvgtwlw.exe
MSConfigStartUp-ukqtawa - c:\windows\ohreyss.exe
MSConfigStartUp-uqkepht - c:\windows\pvgtwlw.exe
MSConfigStartUp-usrsfuw - c:\windows\mulavcq.exe
MSConfigStartUp-uwiotxa - c:\windows\vwtpttf.exe
MSConfigStartUp-uwjbwky - c:\windows\eoxryfn.exe
MSConfigStartUp-uxulgqu - c:\windows\suoacmm.exe
MSConfigStartUp-vcnpqsn - c:\windows\xiixwil.exe
MSConfigStartUp-vellunm - c:\windows\suoacmm.exe
MSConfigStartUp-vgtpmac - c:\windows\pvgtwlw.exe
MSConfigStartUp-vjglbok - c:\windows\pvgtwlw.exe
MSConfigStartUp-Vpvxyel - c:\windows\beeicpe.exe
MSConfigStartUp-vxbwmtr - c:\windows\ohreyss.exe
MSConfigStartUp-wbiarup - c:\windows\suoacmm.exe
MSConfigStartUp-wfmwvub - c:\windows\suoacmm.exe
MSConfigStartUp-wgghlyh - c:\windows\eoxryfn.exe
MSConfigStartUp-wgiqcey - c:\windows\tdmqcrx.exe
MSConfigStartUp-wmkoawc - c:\windows\eoxryfn.exe
MSConfigStartUp-wmwygnb - c:\windows\xiixwil.exe
MSConfigStartUp-xhdwivl - c:\windows\vwtpttf.exe
MSConfigStartUp-xqrwtbi - c:\windows\ohreyss.exe
MSConfigStartUp-yakvuhy - c:\windows\ohreyss.exe
MSConfigStartUp-yccmhdd - c:\windows\suoacmm.exe
MSConfigStartUp-ycjnyoi - c:\windows\xiixwil.exe
MSConfigStartUp-yltwbkh - c:\windows\pvgtwlw.exe
MSConfigStartUp-yvvadyq - c:\windows\pvgtwlw.exe

.
------- Examen supplémentaire -------
.
uWindow Title =
uDefault_Page_URL = hxxp://www.google.fr/
uStart Page = hxxp://%6D%77%74%66%78%72%2E%74%2E%6D%75%78%61%2E%63%63/%68%2E%70%68%70?%61%69%64=227
uSearch Page = hxxp://mypoiskovik.com/index.htm
uSearch Bar = hxxp://mypoiskovik.com/sp.htm
mStart Page = hxxp://%6D%77%74%66%78%72%2E%74%2E%6D%75%78%61%2E%63%63/%68%2E%70%68%70?%61%69%64=227
mWindow Title =
mSearch Bar = hxxp://%6D%77%74%66%78%72%2E%74%2E%6D%75%78%61%2E%63%63/%73%2E%70%68%70?%61%69%64=227
uCustomizeSearch =
uSearchAssistant = hxxp://%6D%77%74%66%78%72%2E%74%2E%6D%75%78%61%2E%63%63/%73%2E%70%68%70?%61%69%64=227
uSearchURL,(Default) = hxxp://mypoiskovik.com/index.htm
IE: &Add animation to IncrediMail Style Box - c:\progra~1\INCRED~1\bin\resources\WebMenuImg.htm
IE: &Search - ?p=ZNfox000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\NetLimiter\nl_lsp.dll
Trusted Zone: nerim.net\.camtrace.net8
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: fdjeux - hxxps://www.fdjeux.net/classes/fdjeux.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: teleir_cert - hxxps://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
FF - ProfilePath - c:\documents and settings\Nous\Application Data\Mozilla\Firefox\Profiles\86gsozqy.default\
FF - prefs.js: browser.search.selectedEngine - eBay France
FF - prefs.js: browser.startup.homepage - hxxp://ww.google.fr
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA2&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava11.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava12.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJPI140_03.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOJI610.dll
FF - plugin: c:\program files\Panda Security\NanoScan\Plugins\npnanoscan.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 19:48:56
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-2153398128-532932920-852341791-1005\Software\Microsoft\Internet Explorer\Main]
@Denied: (A C D 2 3 6) (Administrators)
@Denied: (A C D 2 3 6) (S-1-5-21-2153398128-532932920-852341791-1005)
@Denied: (A C D 2 3 6) (LocalSystem)
@Allowed: (Read) (Administrators)
@Allowed: (Read) (S-1-5-21-2153398128-532932920-852341791-1005)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (LocalSystem)
@SACL=
"NoUpdateCheck"=dword:00000001
"NoJITSetup"=dword:00000001
"Disable Script Debugger"="yes"
"Show_ChannelBand"="No"
"Anchor Underline"="yes"
"Cache_Update_Frequency"="Once_Per_Session"
"Display Inline Images"="yes"
"Do404Search"=hex:01,00,00,00
"Local Page"="c:\\WINDOWS\\System32\\blank.htm"
"Save_Session_History_On_Exit"="no"
"Show_FullURL"="no"
"Show_StatusBar"="yes"
"Show_ToolBar"="yes"
"Show_URLinStatusBar"="yes"
"Show_URLToolBar"="yes"
"Use_DlgBox_Colors"="yes"
"FullScreen"="no"
"Window_Placement"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,00,83,ff,ff,00,83,
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,fc,ff,ff,ff,fc,ff,ff,ff,04,04,00,00,04,03,00,\
"Save Directory"=""
"NotifyDownloadComplete"="no"
"Error Dlg Displayed On Every Error"="no"
"Use FormSuggest"="no"
"AddToFavoritesExpanded"=dword:00000001
"Print_Background"=""
"Enable Browser Extensions"="yes"
"FormSuggest PW Ask"="no"
"FormSuggest Passwords"="no"
"AutoSearch"=dword:00000005
"Window Title"=""
"Default_Page_URL"="https://www.google.fr/?gws_rd=ssl"
"Use Search Asst"="no"
"ShowedCheckBrowser"="Yes"
"Check_Associations"="No"
"Start Page"="http://%6D%77%74%66%78%72%2E%74%2E%6D%75%78%61%2E%63%63/..."
"Search Page"="https://www.mypoiskovik.com/"
"Search Bar"="https://www.mypoiskovik.com/"

[HKEY_USERS\S-1-5-21-2153398128-532932920-852341791-1005\Software\Microsoft\Internet Explorer\Search]
@Denied: (A C D 2 3 6) (Administrators)
@Denied: (A C D 2 3 6) (S-1-5-21-2153398128-532932920-852341791-1005)
@Denied: (A C D 2 3 6) (LocalSystem)
@Allowed: (Read) (Administrators)
@Allowed: (Read) (S-1-5-21-2153398128-532932920-852341791-1005)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (LocalSystem)
"CustomizeSearch"=""
"SearchAssistant"="http://%6D%77%74%66%78%72%2E%74%2E%6D%75%78%61%2E%63%63/..."

[HKEY_USERS\S-1-5-21-2153398128-532932920-852341791-1005\Software\Microsoft\Internet Explorer\SearchUrl]
@Denied: (A C D 2 3 6) (Administrators)
@Denied: (A C D 2 3 6) (S-1-5-21-2153398128-532932920-852341791-1005)
@Denied: (A C D 2 3 6) (LocalSystem)
@Allowed: (Read) (Administrators)
@Allowed: (Read) (S-1-5-21-2153398128-532932920-852341791-1005)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (LocalSystem)
@SACL=
"provider"="gogl"
@="https://www.mypoiskovik.com/"

[HKEY_USERS\S-1-5-21-2153398128-532932920-852341791-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@SACL=
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'lsass.exe'(876)
c:\program files\NetLimiter\nl_lsp.dll
c:\windows\system32\nl_msgc.dll

- - - - - - - > 'explorer.exe'(3244)
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Connectivity Cable Driver\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Connectivity Cable Driver\Nokia PC Suite 6\PCSCM.dll
c:\program files\PC Connectivity Solution\ConnAPI.DLL
c:\program files\Nokia\Connectivity Cable Driver\Nokia PC Suite 6\Lang\PhoneBrowser_fre.nlr
c:\program files\Nokia\Connectivity Cable Driver\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\FTRTSVC.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Heure de fin: 2009-02-10 19:54:28 - La machine a redémarré [Nous]
ComboFix-quarantined-files.txt 2009-02-10 18:54:04

Avant-CF: 47,802,142,720 octets libres
Après-CF: 47,655,698,432 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn

408 --- E O F --- 2009-01-14 19:03:28

merci pour l'aide
0
Réponse 28 / 40
Utilisateur anonyme
 
---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :



:processes
explorer.exe

:reg
[HKEY_USERS\S-1-5-21-2153398128-532932920-852341791-1005\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="https://www.google.fr/?gws_rd=ssl"
"Search Bar"="http.www.google.fr/"
[HKEY_USERS\S-1-5-21-2153398128-532932920-852341791-1005\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"=""
[HKEY_USERS\S-1-5-21-2153398128-532932920-852341791-1005\Software\Microsoft\Internet Explorer\SearchUrl]
@="https://www.google.fr/?gws_rd=ssl"

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 29 / 40
sylevin Messages postés 25 Statut Membre
 
Voilà le rapport
========= PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Unable to set value : HKEY_USERS\S-1-5-21-2153398128-532932920-852341791-1005\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"http://www.google.fr/" /E!
Unable to set value : HKEY_USERS\S-1-5-21-2153398128-532932920-852341791-1005\Software\Microsoft\Internet Explorer\Main\\"Search Page"|"http://www.google.fr/" /E!
Unable to set value : HKEY_USERS\S-1-5-21-2153398128-532932920-852341791-1005\Software\Microsoft\Internet Explorer\Main\\"Search Bar"|"http.www.google.fr/" /E!
Unable to set value : HKEY_USERS\S-1-5-21-2153398128-532932920-852341791-1005\Software\Microsoft\Internet Explorer\Search\\"SearchAssistant"|"" /E!
Unable to set value : HKEY_USERS\S-1-5-21-2153398128-532932920-852341791-1005\Software\Microsoft\Internet Explorer\SearchUrl\\@|"http://www.google.fr" /E!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Nous\LOCALS~1\Temp\etilqs_HQYnIubel1OdLq1NIZ6c scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\cch~5719609f.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~57196afe.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~572cae2a.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~572cb88b.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~57530911.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~5753d073.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~5757f220.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~5757fcb4.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~5837582c.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~5837bc32.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~583c9dcc.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~583dbc14.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~951c3123.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~951c3b96.htp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Nous\Local Settings\Application Data\Mozilla\Firefox\Profiles\86gsozqy.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nous\Local Settings\Application Data\Mozilla\Firefox\Profiles\86gsozqy.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nous\Local Settings\Application Data\Mozilla\Firefox\Profiles\86gsozqy.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nous\Local Settings\Application Data\Mozilla\Firefox\Profiles\86gsozqy.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nous\Local Settings\Application Data\Mozilla\Firefox\Profiles\86gsozqy.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nous\Local Settings\Application Data\Mozilla\Firefox\Profiles\86gsozqy.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02142009_085918

Files moved on Reboot...
File C:\DOCUME~1\Nous\LOCALS~1\Temp\etilqs_HQYnIubel1OdLq1NIZ6c not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\cch~5719609f.htp not found!
File C:\WINDOWS\temp\cch~57196afe.htp not found!
File C:\WINDOWS\temp\cch~572cae2a.htp not found!
File C:\WINDOWS\temp\cch~572cb88b.htp not found!
File C:\WINDOWS\temp\cch~57530911.htp not found!
File C:\WINDOWS\temp\cch~5753d073.htp not found!
File C:\WINDOWS\temp\cch~5757f220.htp not found!
File C:\WINDOWS\temp\cch~5757fcb4.htp not found!
File C:\WINDOWS\temp\cch~5837582c.htp not found!
File C:\WINDOWS\temp\cch~5837bc32.htp not found!
File C:\WINDOWS\temp\cch~583c9dcc.htp not found!
File C:\WINDOWS\temp\cch~583dbc14.htp not found!
File C:\WINDOWS\temp\cch~951c3123.htp not found!
File C:\WINDOWS\temp\cch~951c3b96.htp not found!
C:\Documents and Settings\Nous\Local Settings\Application Data\Mozilla\Firefox\Profiles\86gsozqy.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Nous\Local Settings\Application Data\Mozilla\Firefox\Profiles\86gsozqy.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Nous\Local Settings\Application Data\Mozilla\Firefox\Profiles\86gsozqy.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Nous\Local Settings\Application Data\Mozilla\Firefox\Profiles\86gsozqy.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Nous\Local Settings\Application Data\Mozilla\Firefox\Profiles\86gsozqy.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Nous\Local Settings\Application Data\Mozilla\Firefox\Profiles\86gsozqy.default\XUL.mfl moved successfully.
0
Réponse 30 / 40
Utilisateur anonyme
 
---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :


:processes
explorer.exe

:files
C:\DOCUME~1\Nous\LOCALS~1\Temp\bfastfao.sys

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acdojwm]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\asrrkks]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bjpdryy]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bsnmsgw]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bunqosv]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bwdjkpw]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bxxxoax]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cbgfigu]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdonfmf]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cehiaxc]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ciycgvs]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cyvctux]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dxdskhc]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ekcqtqd]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ekjsmjp]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ensfsor]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\erowpxk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fbxrskf]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fclqrjn]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fivohmw]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fiwycwr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftmjqgo]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fxnyhgt]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gffcale]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gfvugow]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gtpyhrx]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hibntug]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hvhspvs]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibuswch]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ikkreuq]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipusbuk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\irkpcrl]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iwraryp]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kamjvos]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kikwjvr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kjackpt]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kmeljis]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kmgapbv]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kpcorpo]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kwbetlj]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kxhdojk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ldtcctn]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lejtptm]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lqsbobd]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ltdokyo]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mkbclex]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmxyqmq]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nefqgjc]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nhyiiie]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntqfcrw]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oakxdoj]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oapeygs]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oapjula]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oaxykcp]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oeljhow]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ogqdncj]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oxvqgfa]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pcodiwu]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pnbpabe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pskohqj]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qthcywj]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qwubluu]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rbuxgge]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rgwmhqv]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rinhnsw]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rkaoaqq]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rxmqlqj]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sdglrcd]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snirujb]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkqpvky]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toqlwjk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tpcoqjh]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uiekqmr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ukqtawa]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uqkepht]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\usrsfuw]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uwiotxa]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uwjbwky]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uxulgqu]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vcnpqsn]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vellunm]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vgtpmac]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vjglbok]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vpvxyel]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vxbwmtr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wbiarup]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wfmwvub]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wgghlyh]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wgiqcey]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wmkoawc]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wmwygnb]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xhdwivl]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xqrwtbi]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yakvuhy]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yccmhdd]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ycjnyoi]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yltwbkh]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yvvadyq]

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 31 / 40
sylevin Messages postés 25 Statut Membre
 
la suite
========= PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\DOCUME~1\Nous\LOCALS~1\Temp\bfastfao.sys not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\acdojwm\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\asrrkks\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bjpdryy\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bsnmsgw\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bunqosv\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bwdjkpw\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bxxxoax\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cbgfigu\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdonfmf\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cehiaxc\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ciycgvs\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cyvctux\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dxdskhc\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ekcqtqd\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ekjsmjp\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ensfsor\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\erowpxk\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fbxrskf\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fclqrjn\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fivohmw\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fiwycwr\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftmjqgo\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fxnyhgt\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gffcale\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gfvugow\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gtpyhrx\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hibntug\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hvhspvs\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibuswch\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ikkreuq\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipusbuk\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\irkpcrl\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iwraryp\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kamjvos\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kikwjvr\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kjackpt\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kmeljis\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kmgapbv\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kpcorpo\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kwbetlj\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kxhdojk\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ldtcctn\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lejtptm\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lqsbobd\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ltdokyo\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mkbclex\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmxyqmq\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nefqgjc\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nhyiiie\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntqfcrw\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oakxdoj\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oapeygs\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oapjula\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oaxykcp\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oeljhow\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ogqdncj\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oxvqgfa\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pcodiwu\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pnbpabe\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pskohqj\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qthcywj\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qwubluu\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rbuxgge\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rgwmhqv\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rinhnsw\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rkaoaqq\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rxmqlqj\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sdglrcd\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snirujb\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkqpvky\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toqlwjk\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tpcoqjh\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uiekqmr\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ukqtawa\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uqkepht\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\usrsfuw\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uwiotxa\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uwjbwky\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uxulgqu\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vcnpqsn\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vellunm\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vgtpmac\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vjglbok\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vpvxyel\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vxbwmtr\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wbiarup\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wfmwvub\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wgghlyh\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wgiqcey\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wmkoawc\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wmwygnb\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xhdwivl\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xqrwtbi\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yakvuhy\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yccmhdd\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ycjnyoi\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yltwbkh\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yvvadyq\\ not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Nous\LOCALS~1\Temp\etilqs_OfIClmgg0mnp2yTZOVnB scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Nous\Local Settings\Application Data\Mozilla\Firefox\Profiles\86gsozqy.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nous\Local Settings\Application Data\Mozilla\Firefox\Profiles\86gsozqy.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nous\Local Settings\Application Data\Mozilla\Firefox\Profiles\86gsozqy.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nous\Local Settings\Application Data\Mozilla\Firefox\Profiles\86gsozqy.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nous\Local Settings\Application Data\Mozilla\Firefox\Profiles\86gsozqy.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02152009_090124
0
Réponse 32 / 40
Utilisateur anonyme
 
Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

-> http://images.malwareremoval.com/random/RSIT.exe

! Déconnecte toi et ferme toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer .

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

* Devant l'option "List files/folders created ..." , tu choisis : 2 months

* clique ensuite sur " Continue " pour lancer l'analyse ...

-> laisse faire le scan et ne touche pas au PC ...

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum

( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )

0
Réponse 33 / 40
sylevin Messages postés 25 Statut Membre
 
le Log txt du jour
Logfile of random's system information tool 1.05 (written by random/random)
Run by Nous at 2009-02-18 18:10:40
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 47 GB (64%) free of 73 GB
Total RAM: 511 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:10:51, on 18/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Nous\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Nous.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mypoiskovik.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mypoiskovik.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mwtfxr.t.muxa.cc/h.php?aid=227 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mwtfxr.t.muxa.cc/s.php?aid=227 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://mwtfxr.t.muxa.cc/s.php?aid=227 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://mwtfxr.t.muxa.cc/h.php?aid=227 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://mwtfxr.t.muxa.cc/s.php?aid=227 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://mypoiskovik.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://mwtfxr.t.muxa.cc/h.php?aid=227 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe r
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Connectivity Cable Driver\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://camtrace.net8.nerim.net/lib/download/AxisCamControl.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: Kaspersky Anti-Virus (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Program Files\AVPersonal\AVWUPSRV.EXE (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
0
Réponse 34 / 40
sylevin Messages postés 25 Statut Membre
 
par contre le info txt etaitdeja present
info.txt logfile of random's system information tool 1.05 2009-01-28 19:28:14

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee 5.0 Standard Trial-->MsiExec.exe /I{B46C94D4-5582-4597-B73F-90D079D7FB60}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Download Manager 1.2 (Supprimer uniquement)-->"C:\Program Files\Fichiers communs\Adobe\ESD\uninst.exe"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Ahead InCD EasyWrite Reader-->C:\WINDOWS\UNMrw.exe /UNINSTALL
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Mobile Device Support-->MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Barre d'outils MSN-->C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\mtbs.exe c
BitComet 0.70-->C:\Program Files\BitComet_0.7\uninst.exe
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDex extraction audio-->"C:\Program Files\CDex_170b2\uninstall.exe"
CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Composants Internet Partagés de Westwood-->C:\Westwood\Internet\UnstllAP.EXE
ConvertHelper 2.1-->"C:\Program Files\ConvertHelper\unins000.exe"
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
CrazyTalk for Skype-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8865B208-4759-4308-8DB5-3C18D2F568E2}\Setup.exe" -l0x40c /uninstall
DivX 5.0.2 Pro Bundle-->C:\WINDOWS\unvise32.exe C:\Program Files\DivX\uninstal.log
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Cover Gold-->"C:\WINDOWS\DVD Cover Gold\uninstall.exe" "/U:C:\Program Files\DVD Cover Gold\Uninstall\uninstall.xml"
DVD Decrypter 3.5.4.0 Fr-->C:\Program Files\DVD Decrypter\UnInstall_DVDdecrypt.exe
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVDInfoPro-->MsiExec.exe /I{ABEA55DF-9DB4-48C4-8280-2DD6383F981F}
EAX Unified-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
Favorit-->"c:\documents and settings\nous\local settings\application data\ahnjkq.exe" -uninstall
foobar2000-->"C:\Program Files\foobar2000\uninstall.exe"
FW LiveUpdate-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3961F42F-8571-456D-8007-29EB816D072E}\setup.exe" -l0x9 -removeonly
Google Desktop Search-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSearchSetup.exe -uninstall
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IBS-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\NovaLogic\IBS\Uninst.isu"
InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
IncrediMail Xe-->C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log
Indeo® Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" -c"C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll"
InterVideo WinDVD 4-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}
Jasc Paint Shop Pro 8-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.0_03-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC1E4C93-C1E7-11D6-9D10-00010240CE95}\Setup.exe" Anytext
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
KeyMaestro Input Device Driver V2.0.1-32A2 MUL-->C:\WINDOWS\System32\KMUninst.exe
K-Lite Codec Pack-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Logiciel WebCam de Labtec-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c
LUMIX Simple Viewer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}\setup.exe" -l0x40c
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Matroska Playback Pack-->C:\Program Files\Matroska Playback Pack\uninstall.exe
Media Player Classic fr-->"C:\Program Files\Media Player Classic\uninstall.exe"
Messenger Plus! 3-->"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
MFCDLL Shared Library - Retail Version-->MsiExec.exe /I{51D569E2-8A28-11D2-B962-006097C4DE24}
Microsoft (R) C Runtime Library-->MsiExec.exe /I{51D569E0-8A28-11D2-B962-006097C4DE24}
Microsoft (R) C++ Runtime Library-->MsiExec.exe /I{51D569E3-8A28-11D2-B962-006097C4DE24}
Microsoft .NET Framework (French) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1036)
Microsoft .NET Framework (French)-->MsiExec.exe /X{6B908BF7-A583-4962-B068-69657D87CD56}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 CD-ROM 2-->MsiExec.exe /I{0004040C-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Premium-->MsiExec.exe /I{0000040C-78E1-11D2-B60F-006097C998E7}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 3.0-->MsiExec.exe /I{930E3A4D-70B7-4D0D-AF8D-0B351A9B55BE}
Navigateur Wanadoo-->C:\PROGRA~1\Wanadoo\Shell.exe inst\uninst_FTBrowser.shl
Nero Suite-->C:\Program Files\Fichiers communs\Ahead\Uninstall\Setup.exe /uninstall
NetLimiter 1.30 (remove only)-->"C:\Program Files\NetLimiter\nluninst.exe"
Nokia Connectivity Cable Driver-->MsiExec.exe /X{0FF1922C-B6C4-40BB-AF30-BEF75A482444}
Nokia PC Suite-->MsiExec.exe /I{D89AC4DF-7A00-4D0B-BA99-D582C7974A09}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Outil de connexion Wanadoo-->C:\PROGRA~1\Wanadoo\MessageDesinstallation.exe Wanadoo
Panda NanoScan-->C:\Program Files\Panda Security\NanoScan\nanounst.exe
PC Connectivity Solution-->MsiExec.exe /I{AB2347E4-153B-4194-AA3B-97C0A662B369}
Plitote Simplex CP/DP-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\TWAIN_32\Simplex\Uninst.isu
Pochette Express 2-->C:\Program Files\Pochette Express 2\uninstall.exe
Programme de gestion Camera de Labtec®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SAGEM F@st 800-840-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\setup.exe" -l0x40c
SiS Audio Driver-->C:\Program Files\SiS7012\Uninst\uninst2k.exe PCI\VEN_1039&DEV_7012
Skype 3.0-->"C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Tracks Eraser Pro v4.02-->"C:\Program Files\Acesoft\Tracks Eraser Pro\unins000.exe"
TribalWeb.net-->"C:\Program Files\TribalWeb.net\unins000.exe"
Trojan Killer 1.4-->"C:\Program Files\Trojan Killer\unins000.exe"
Trojan Remover 6.7.5-->"C:\Program Files\Trojan Remover\unins000.exe"
Wanadoo Messager-->C:\PROGRA~1\WANADO~1\UNWISE.EXE C:\PROGRA~1\WANADO~1\INSTALL.LOG
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_6B630EE2E66584353C6CD8683D447072872F34D8\pccswpddriver.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Kaspersky Anti-Virus

System event log

Computer Name: MEILLERFAMILY
Event Code: 7001
Message: Le service Client DHCP dépend du service NetBT qui n'a pas pu démarrer en raison de l'erreur :
Un périphérique attaché au système ne fonctionne pas correctement.

Record Number: 5
Source Name: Service Control Manager
Time Written: 20090125184128.000000+060
Event Type: erreur
User:

Computer Name: MEILLERFAMILY
Event Code: 10005
Message: DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem avec les arguments ""
pour démarrer le serveur :
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Record Number: 4
Source Name: DCOM
Time Written: 20090125184049.000000+060
Event Type: erreur
User: AUTORITE NT\SYSTEM

Computer Name: MEILLERFAMILY
Event Code: 10005
Message: DCOM a reçu l'erreur "%1084" lors de la mise en route du service netman avec les arguments ""
pour démarrer le serveur :
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Record Number: 3
Source Name: DCOM
Time Written: 20090125184046.000000+060
Event Type: erreur
User: MEILLERFAMILY\Nous

Computer Name: MEILLERFAMILY
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.

Record Number: 2
Source Name: EventLog
Time Written: 20090125184009.000000+060
Event Type: Informations
User:

Computer Name: MEILLERFAMILY
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20090125184009.000000+060
Event Type: Informations
User:

Application event log

Computer Name: MEILLERFAMILY
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 5
Source Name: usnjsvc
Time Written: 20080719081253.000000+120
Event Type:
User:

Computer Name: MEILLERFAMILY
Event Code: 0
Message:
Record Number: 4
Source Name: iPod Service
Time Written: 20080719081049.000000+120
Event Type: Informations
User:

Computer Name: MEILLERFAMILY
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 3
Source Name: SecurityCenter
Time Written: 20080719081003.000000+120
Event Type: Informations
User:

Computer Name: MEILLERFAMILY
Event Code: 1
Message:
Record Number: 2
Source Name: Bonjour Service
Time Written: 20080719081001.000000+120
Event Type: Informations
User:

Computer Name: MEILLERFAMILY
Event Code: 4097
Message:
Record Number: 1
Source Name: AVWUpSrv
Time Written: 20080719081000.000000+120
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\;C:\Program Files\Bonjour\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------
0
Réponse 35 / 40
Utilisateur anonyme
 
---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :



:processes
explorer.exe

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="https://www.google.fr/?gws_rd=ssl"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="https://www.google.fr/?gws_rd=ssl"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.fr/?gws_rd=ssl"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.google.fr/?gws_rd=ssl"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="https://www.google.fr/?gws_rd=ssl"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="https://www.google.fr/?gws_rd=ssl"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.fr/?gws_rd=ssl"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="https://www.google.fr/?gws_rd=ssl"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"(Default)"="https://www.google.fr/?gws_rd=ssl"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"HomeOldSP"=-

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 36 / 40
sylevin Messages postés 25 Statut Membre
 
Hello , voilà voilà
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Unable to set value : HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\"Search Bar"|"https://www.google.fr/?gws_rd=ssl" /E!
Unable to set value : HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\"Search Page"|"https://www.google.fr/?gws_rd=ssl" /E!
Unable to set value : HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"https://www.google.fr/?gws_rd=ssl" /E!
Unable to set value : HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\"Default_Page_URL"|"https://www.google.fr/?gws_rd=ssl" /E!
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\"Search Bar"|"https://www.google.fr/?gws_rd=ssl" /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\"Search Page"|"https://www.google.fr/?gws_rd=ssl" /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"https://www.google.fr/?gws_rd=ssl" /E : value set successfully!
Unable to set value : HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\"SearchAssistant"|"https://www.google.fr/?gws_rd=ssl" /E!
Unable to set value : HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\"(Default)"|"https://www.google.fr/?gws_rd=ssl" /E!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\HomeOldSP deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Nous\LOCALS~1\Temp\etilqs_KBFsutUZA1VYUjvTba1l scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\cch~609a5f45e.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~609a5fe4a.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~609a6f361.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~609a805cf.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~609a82f96.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~609a83b69.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~609b0dee1.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~609b0e9b2.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~609b11b13.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~609b17070.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~609cd808c.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~609cd97b8.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~609f12115.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~609f12b0b.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~614017cef.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~614018a05.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~61483ddc6.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~61483e767.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~6148484a7.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~614848e80.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~614bb8a23.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~614bb9418.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~614bbbaba.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~614bbc4aa.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~614bbeda0.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~614bbf7b9.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~614bc26e5.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~614bc3117.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~614bd4588.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~614bd4f13.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~614bd7c02.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~614bdd63e.htp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02192009_204831
0
Réponse 37 / 40
Utilisateur anonyme
 
copies ceci dans un doc.txt , redemarre en mode sans echec , et copie-le dans otmoveit ensuite reviens me poster le rapport stp :


:processes
explorer.exe

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://www.google.fr/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.fr/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.fr/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.fr/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.fr/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"(Default)"="http://www.google.fr/"

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]
0
Réponse 38 / 40
sylevin Messages postés 25 Statut Membre
 
Bonsoir , je n'ai plus le temps de m'occuper a fond de mon PC. il remarche a peu pres normalement , je te remercie beaucoup pour tout ,
pour l'instant je vais "cloturer" le post
meric encore
0
Réponse 39 / 40
Utilisateur anonyme
 
bon ben tu y reviendras car on a rien nettoyé on a fait que desinfecter :)

bon surf quand mem e au plaisir :)
0
Réponse 40 / 40
Utilisateur anonyme
 
tant pis ok bon surf mais on a uniquement desinfecrté et non nettoyé enfin si tu ne tiens pas a finir...

Au plaisir
0
Précédent
  • 1
  • 2