Sujet Précédent Sujet Suivant

Infecté par un virus publicitaire

Résolu/Fermé
John_83400 - 2 févr. 2009 à 19:01
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 - 3 févr. 2009 à 09:17
Bonjour,

J'ai un problème de virus publicitaire.

Des fenêtres de pub se lancent de manière intempestive.

J'ai fais un scan avec avast avant le demarrage, il a enlevé pas mal de trucs, j'ai passé des utilitaires genrent smartfraudfix et navilog.

C'est mieux mais y'en a encore et dans le hijackthis, ya 3 lignes que je peux pas supprimer et je suis sûr que l'infection vient de la.

Voila le log Hijack This :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:00:22, on 02/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: (no name) - {d0a2250a-60ad-439e-bc18-e11f2d7d6e8d} - C:\WINDOWS\system32\kubiwipi.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SFR-PC] "C:\Program Files\SFR-PC\SFR-PC.exe" /check
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [yilihukaki] Rundll32.exe "C:\WINDOWS\system32\dakotari.dll",s
O4 - HKLM\..\Run: [CPM3d3bc2bf] Rundll32.exe "c:\windows\system32\takihiru.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [yilihukaki] Rundll32.exe "C:\WINDOWS\system32\dakotari.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://dida.univ-tln.fr/qp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://www.neufsecurite.com/Ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL C:\WINDOWS\system32\kitohulo.dll bivtyt.dll C:\WINDOWS\system32\mozulavo.dll c:\windows\system32\takihiru.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\takihiru.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\takihiru.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

Je sais plus quoi faire.

Merci d'avance de votre aide

18 réponses

Réponse 1 / 18
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
2 févr. 2009 à 19:05
Bonsoir,

Télécharges Random's System Information Tool (RSIT) de random/random et enregistre le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe

Double-clique sur " RSIT.exe " pour le lancer .
dans la fenêtre qui va s’ouvrir choisis 2 months pour l'option "List files/folders created ..." ,
cliques ensuite sur " Continue " pour lancer l'analyse ...

Si la dernière version de HijackThis n'est pas trouvée sur ton PC, RSIT la téléchargera et te demandera d'accepter la licence.

Attends jusqu’à la fin de l’analyse.
deux rapports vont être generés.

Poste le contenu de " log.txt ", ainsi que de " info.txt " ( dans la barre des tâches), pour analyse et attends la suite ...

Si tu ne les trouves pas,les rapports sont sauvegardés dans le dossier C:\rsit.

A+
0
Réponse 2 / 18
le rat doteur Messages postés 729 Date d'inscription mercredi 3 septembre 2008 Statut Membre Dernière intervention 27 janvier 2021 185
2 févr. 2009 à 19:05
hello
as tu tenté avec ceci ?

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

0
Réponse 3 / 18
ramiré Messages postés 254 Date d'inscription dimanche 18 janvier 2009 Statut Membre Dernière intervention 12 juin 2009 8
2 févr. 2009 à 19:07
O2 - BHO: (no name) - {d0a2250a-60ad-439e-bc18-e11f2d7d6e8d} - C:\WINDOWS\system32\kubiwipi.dll (file missing)
0
Réponse 4 / 18
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
2 févr. 2009 à 19:12
Si tout le monde donne son avis sur la question, je ne crois pas que la personne va s'y retrouver.

C'est effectivement Malwarebytes qu'il faudra faire passer mais il faut auparavant plus d'informations sur l'infection Vundo.

@+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 18
le rat doteur Messages postés 729 Date d'inscription mercredi 3 septembre 2008 Statut Membre Dernière intervention 27 janvier 2021 185
2 févr. 2009 à 19:23
-- cool
tout le monde à le droit de répondre c'est pas parceque TU as répondus que le sujet est privé ;))
mais je pense que nos messages sont tombés dans la meme minute ... voilà tout

La 1'cause de soucis informatique se situe entre le clavier et le siège...
Possibilités de réponses via les sites officiels (microsoft et etc)
N'oubliez pas de faire 1 clic sur "résolu" ou sur "ok" 
si c'est le cas 
0
John_83400
2 févr. 2009 à 19:30
pardon pour l'attente, ma box a buggé. voila le log,

Logfile of random's system information tool 1.05 (written by random/random)
Run by PHILIPPE at 2009-02-02 19:08:22
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 58 GB (65%) free of 89 GB
Total RAM: 1014 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:24, on 02/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Documents and Settings\PHILIPPE.ORTENSE\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\PHILIPPE.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: (no name) - {d0a2250a-60ad-439e-bc18-e11f2d7d6e8d} - C:\WINDOWS\system32\kubiwipi.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SFR-PC] "C:\Program Files\SFR-PC\SFR-PC.exe" /check
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [yilihukaki] Rundll32.exe "C:\WINDOWS\system32\dakotari.dll",s
O4 - HKLM\..\Run: [CPM3d3bc2bf] Rundll32.exe "c:\windows\system32\takihiru.dll",a
O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\DOCUME~1\PHILIP~1.ORT\LOCALS~1\Temp\MsgPlusUninstall.exe" /Cleanup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [yilihukaki] Rundll32.exe "C:\WINDOWS\system32\dakotari.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://dida.univ-tln.fr/qp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://www.neufsecurite.com/Ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL C:\WINDOWS\system32\kitohulo.dll bivtyt.dll C:\WINDOWS\system32\mozulavo.dll c:\windows\system32\takihiru.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\takihiru.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\takihiru.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
0
Réponse 6 / 18
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
2 févr. 2009 à 19:31
Pas de problème, le rat doteur pour le droit d'expression. Cool.

Citation : <ital>mais je pense que nos messages sont tombés dans l meme minute ... voilà tout </ita>
C'était le cas.

@+
0
Réponse 7 / 18
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
2 févr. 2009 à 19:33
Tu télécharges MalwareBytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tu l'installes. Choisis les options par défaut.
A la fin de l’installation, il te sera demandé de mettre à jour MalwareBytes et de l’éxecuter .
Accepte. Après la, mise à jour, le logiciel va s’ouvrir.

Dans l’onglet Recherche, sélectionne Exécuter un examen complet.
Clique sur recherche. Tu ne sélectionnes que les disques durs de l’ordinateur.
Clique sur lancer l’examen.

A la fin de la recherche, comme il est demandé, clique sur afficher les résultats.
Si des infections sont trouvées, clique sur Supprimer la sélection.
Tu postes le rapport dans ton prochain message.

Note : Il est possible que l'ordinateur demande de rédemarrer l'ordinateur pour supprimer l'infection.

Si tu ne retrouves pas le rapport, ouvre MalwareBytes et regarde dans l’onglet Rapport/logs. Il y est. Clique dessus et choisir ouvrir.

Le scan dure en moyenne 50 mn.

A+
0
John_83400
2 févr. 2009 à 19:38
Merci,

Ca y est j'ai lancé le scan, je poste le rapport dès que c'est fini.
0
John_83400 > John_83400
2 févr. 2009 à 20:48
Voila le rapport, ça à l'air de lui avoir fait du bien!!


Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1716
Windows 5.1.2600 Service Pack 3

02/02/2009 20:44:20
mbam-log-2009-02-02 (20-44-20).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 150681
Temps écoulé: 1 hour(s), 5 minute(s), 53 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 81

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\dakotari.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mozulavo.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\takihiru.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d0a2250a-60ad-439e-bc18-e11f2d7d6e8d} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d0a2250a-60ad-439e-bc18-e11f2d7d6e8d} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yilihukaki (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm3d3bc2bf (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\mozulavo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\mozulavo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\mozulavo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\takihiru.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\takihiru.dll -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Documents and Settings\PHILIPPE.ORTENSE\Application Data\DriveCleaner 2006 Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\Documents and Settings\PHILIPPE.ORTENSE\Application Data\DriveCleaner 2006 Free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\babonasi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\isanobab.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bozikuyo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oyukizob.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\butabefu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ufebatub.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fujatoki.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ikotajuf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gadataji.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ijatadag.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gezafuje.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ejufazeg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\miliyepa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\apeyilim.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nohiyizi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iziyihon.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\raripizu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uzipirar.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sagobuho.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ohubogas.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sufakini.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\inikafus.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tadofuvo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ovufodat.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tijevilu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ulivejit.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vabuwida.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\adiwubav.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\viberisa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\asirebiv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wavenimu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uminevaw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wuwagebe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ebegawuw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yohajizi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\izijahoy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zanelupo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opulenaz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dakotari.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\takihiru.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mozulavo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Downloads\Software\InstallAVg_770522170802(1).exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Downloads\Software\InstallAVg_770522170802.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\Alwil Software\Avast4\DATA\moved\IGWVHG.DLL.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090202-121854-387.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090202-161856-107.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP493\A0201562.dll (Adware.Shopper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP535\A0229815.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP535\A0229828.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP535\A0229816.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0230497.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0230528.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP536\A0230530.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ayzqjj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bikehizi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dabezoda.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dskrhc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\foweriyo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fuhazepi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gifekuwe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\givinoye.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hegubagu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jenuhisu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\losesafa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lunegogu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mehoguhi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\piyuzuju.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qbijgn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rivesogo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sonesenu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\szyfxl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\telopezo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tugokubu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wogutopa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zahatahe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zapasuku.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zgkuwb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yunukino.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\PHILIPPE.ORTENSE\Application Data\DriveCleaner 2006 Free\Logs\update.log (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yujukumi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\eoRezo (Rogue.Eorezo) -> Delete on reboot.
0
Réponse 8 / 18
ramiré Messages postés 254 Date d'inscription dimanche 18 janvier 2009 Statut Membre Dernière intervention 12 juin 2009 8
2 févr. 2009 à 20:52
belle péche john!bon courage verni29!
0
Réponse 9 / 18
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
2 févr. 2009 à 20:52
Oui, Malwarebytes a nettoyé une bonne partie de l'infection.

Poste moi un rapport RSIT ( il n'y aura qu'un seul fichier cette fois-ci ).

A+
0
John_83400
2 févr. 2009 à 20:58
Voila le RSIT, en faisant un hjt, j'ai remarqué qu'il restait un truc bizarre en HKUS et j'ai viré la clé correspondante.

Voila le log (clean j'espère)

Logfile of random's system information tool 1.05 (written by random/random)
Run by PHILIPPE at 2009-02-02 20:56:16
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 58 GB (65%) free of 89 GB
Total RAM: 1014 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:56:17, on 02/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\PHILIPPE.ORTENSE\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\PHILIPPE.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SFR-PC] "C:\Program Files\SFR-PC\SFR-PC.exe" /check
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://dida.univ-tln.fr/qp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://www.neufsecurite.com/Ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL C:\WINDOWS\system32\kitohulo.dll bivtyt.dll ,
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe


End of file - 11451 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Connexion facile à Internet.job
C:\WINDOWS\tasks\HPCeeSchedule.job
C:\WINDOWS\tasks\Norton Security Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-27 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-27 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-27 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-27 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-11-03 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-03 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-03 118784]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2005-11-08 61952]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-11-11 761945]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2005-12-12 94208]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2005-12-07 409600]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"EoEngine"= []
"ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
"SFR-PC"=C:\Program Files\SFR-PC\SFR-PC.exe [2008-11-05 872536]
"ArcSoft Connection Service"=C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-11-20 178688]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3e08f123]
C:\WINDOWS\system32\motipewo.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPM3d3bc2bf]
c:\windows\system32\takihiru.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yilihukaki]
C:\WINDOWS\system32\dakotari.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL C:\WINDOWS\system32\kitohulo.dll bivtyt.dll , "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-03 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\kitohulo.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\Fichiers communs\Symantec Shared\CCAPP.EXE"="C:\Program Files\Fichiers communs\Symantec Shared\CCAPP.EXE:*:Enabled:ccApp"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqSTE08"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe"="C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe:*:Enabled:symlcsvc"
"C:\WINDOWS\system32\HPZipm12.exe"="C:\WINDOWS\system32\HPZipm12.exe:*:Enabled:HPZipm12"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"="C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe:*:Enabled:PSFree"
"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ctfmon"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE"="C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE:*:Enabled:navapsvc"
"C:\Program Files\Internet Explorer\iedw.exe"="C:\Program Files\Internet Explorer\iedw.exe:*:Enabled:iedw"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:wmplayer"
"C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"="C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe:*:Enabled:dpps2"
"C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"="C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe:*:Enabled:HP Wireless Assistant"
"C:\Program Files\Fichiers communs\Symantec Shared\CCSETMGR.EXE"="C:\Program Files\Fichiers communs\Symantec Shared\CCSETMGR.EXE:*:Enabled:ccSetMgr"
"C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe"="C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe:*:Enabled:EabServr"
"C:\Program Files\Spyware Doctor\pctsAuxs.exe"="C:\Program Files\Spyware Doctor\pctsAuxs.exe:*:Enabled:pctsAuxs"
"C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe"="C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe:*:Enabled:ALUSchedulerSvc"
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe:*:Enabled:GoogleDesktop"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv"
"C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 2 months======

2009-02-02 19:36:20 ----D---- C:\Documents and Settings\PHILIPPE.ORTENSE\Application Data\Malwarebytes
2009-02-02 19:36:12 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-02 19:36:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-02 19:16:12 ----A---- C:\lopR.txt
2009-02-02 19:15:33 ----D---- C:\Lop SD
2009-02-02 19:08:22 ----D---- C:\rsit
2009-02-02 19:01:59 ----SH---- C:\WINDOWS\system32\mabemime.dll
2009-02-02 19:01:58 ----SH---- C:\WINDOWS\system32\vefukufe.dll
2009-02-02 19:01:57 ----SH---- C:\WINDOWS\system32\fafaropu.dll
2009-02-02 18:49:18 ----A---- C:\cleannavi.txt
2009-02-02 18:40:39 ----A---- C:\fixnavi.txt
2009-02-02 18:38:50 ----D---- C:\Program Files\Navilog1
2009-02-02 18:14:45 ----A---- C:\WINDOWS\system32\tmp.txt
2009-02-02 18:14:33 ----A---- C:\rapport.txt
2009-02-02 16:15:39 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-02 12:36:20 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-02-02 12:36:18 ----D---- C:\Program Files\Alwil Software
2009-02-02 12:12:51 ----D---- C:\Program Files\CleanUp!
2009-02-02 12:01:23 ----D---- C:\Program Files\AVSMedia
2009-02-02 12:01:22 ----D---- C:\Program Files\Bonjour
2009-02-02 12:01:21 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-02-02 12:01:14 ----D---- C:\WINDOWS\InCD
2009-02-02 12:01:09 ----D---- C:\Program Files\Smart Projects
2009-02-02 12:01:08 ----D---- C:\Program Files\iWizz
2009-02-02 12:01:05 ----D---- C:\Program Files\Fichiers communs\SureThing Shared
2009-02-02 12:01:04 ----D---- C:\Program Files\Fichiers communs\TiVo Shared
2009-02-02 12:00:44 ----D---- C:\WINDOWS\STK02N
2009-02-02 12:00:44 ----D---- C:\Documents and Settings\PHILIPPE.ORTENSE\Application Data\InstallShield
2009-02-02 11:59:47 ----D---- C:\Program Files\Windows Live Favorites
2009-02-02 11:59:44 ----D---- C:\Program Files\Common Files
2009-02-02 11:59:37 ----D---- C:\Program Files\Spyware Doctor
2009-02-02 11:59:37 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-01-30 22:34:54 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2009-01-30 14:41:11 ----D---- C:\Program Files\Trend Micro
2009-01-30 14:33:54 ----D---- C:\Program Files\CleanUp!(2)
2009-01-30 14:17:25 ----A---- C:\WINDOWS\system32\nsf4B.tmp
2009-01-30 14:17:20 ----A---- C:\WINDOWS\system32\nst47.tmp
2009-01-30 14:17:19 ----A---- C:\WINDOWS\system32\nsk46.tmp
2009-01-30 14:17:17 ----A---- C:\WINDOWS\system32\nso45.tmp
2009-01-30 14:17:15 ----A---- C:\WINDOWS\system32\nsu43.tmp
2009-01-30 14:17:13 ----A---- C:\WINDOWS\system32\nsb42.tmp
2009-01-30 14:17:12 ----A---- C:\WINDOWS\system32\nsp41.tmp
2009-01-30 14:17:10 ----A---- C:\WINDOWS\system32\nsc40.tmp
2009-01-30 14:17:09 ----A---- C:\WINDOWS\system32\nsf3F.tmp
2009-01-30 14:15:40 ----D---- C:\WINDOWS\pss
2009-01-30 09:49:18 ----SH---- C:\WINDOWS\system32\owepitom.ini
2009-01-28 21:43:33 ----A---- C:\WINDOWS\ieResetIcons.exe
2009-01-28 07:35:35 ----SH---- C:\WINDOWS\system32\ubizomad.ini
2009-01-26 17:55:29 ----D---- C:\Documents and Settings\PHILIPPE.ORTENSE\Application Data\ArcSoft
2009-01-26 17:55:28 ----D---- C:\Documents and Settings\All Users\Application Data\ArcSoft
2009-01-26 17:49:38 ----A---- C:\WINDOWS\system32\unicows.dll
2009-01-26 17:46:34 ----D---- C:\Program Files\Fichiers communs\ArcSoft
2009-01-26 17:46:34 ----D---- C:\Program Files\ArcSoft
2009-01-26 11:22:53 ----SH---- C:\WINDOWS\system32\orumuheg.ini
2009-01-25 20:37:06 ----A---- C:\WINDOWS\system32\diyrufhp.tmp
2009-01-22 20:04:38 ----SH---- C:\WINDOWS\system32\ofogiriz.ini
2009-01-22 10:54:19 ----D---- C:\Downloads
2009-01-22 07:04:24 ----SH---- C:\WINDOWS\system32\iloyozap.ini
2009-01-20 20:07:22 ----SH---- C:\WINDOWS\system32\odorisuj.ini
2009-01-12 11:47:37 ----SH---- C:\WINDOWS\system32\efunudoj.ini
2009-01-09 09:21:52 ----SH---- C:\WINDOWS\system32\apazimiz.ini
2009-01-08 02:58:40 ----SH---- C:\WINDOWS\system32\ajezukiv.ini
2009-01-07 10:30:25 ----SH---- C:\WINDOWS\system32\adepagul.ini
2009-01-06 16:35:08 ----SH---- C:\WINDOWS\system32\ubebefid.ini
2009-01-06 04:49:03 ----SH---- C:\WINDOWS\system32\ekeduwam.ini
2009-01-06 04:26:32 ----SH---- C:\WINDOWS\system32\igerafep.ini
2009-01-06 04:04:02 ----SH---- C:\WINDOWS\system32\urazedoz.ini
2009-01-05 18:24:23 ----D---- C:\Program Files\Microsoft Silverlight
2009-01-05 15:49:51 ----SH---- C:\WINDOWS\system32\ayipoman.ini
2009-01-04 20:08:18 ----SH---- C:\WINDOWS\system32\izazanuh.ini
2009-01-01 12:41:19 ----SH---- C:\WINDOWS\system32\idinokij.ini
2008-12-31 10:57:26 ----SH---- C:\WINDOWS\system32\adupuhow.ini
2008-12-30 20:24:44 ----D---- C:\Program Files\Microsoft Windows OneCare Live
2008-12-30 10:22:06 ----SH---- C:\WINDOWS\system32\ovunafed.ini
2008-12-30 07:16:04 ----SH---- C:\WINDOWS\system32\elakamam.ini
2008-12-29 11:49:31 ----SH---- C:\WINDOWS\system32\ihufetus.ini
2008-12-28 21:50:23 ----SH---- C:\WINDOWS\system32\ebinoyam.ini
2008-12-28 09:56:03 ----SH---- C:\WINDOWS\system32\atusanot.ini
2008-12-27 12:32:19 ----SH---- C:\WINDOWS\system32\iyuyezep.ini
2008-12-11 22:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 22:00:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 21:59:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 21:00:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-11 01:33:26 ----A---- C:\WINDOWS\system32\dtu100.dll
2008-12-11 01:33:26 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-12-09 03:28:52 ----A---- C:\WINDOWS\system32\dpv11.dll
2008-12-09 03:28:52 ----A---- C:\WINDOWS\system32\dpus11.dll
2008-12-09 03:28:52 ----A---- C:\WINDOWS\system32\dpuGUI11.dll
2008-12-09 03:28:52 ----A---- C:\WINDOWS\system32\dpu11.dll
2008-12-05 22:11:56 ----D---- C:\Program Files\SFR-PC
2008-12-04 20:14:43 ----D---- C:\Program Files\Fichiers communs\DirectX
2008-12-04 20:14:33 ----A---- C:\WINDOWS\system32\SIntfNT.dll
2008-12-04 20:14:33 ----A---- C:\WINDOWS\system32\SIntf32.dll
2008-12-04 20:14:33 ----A---- C:\WINDOWS\system32\SIntf16.dll
2008-12-04 20:14:01 ----D---- C:\Program Files\directx

======List of files/folders modified in the last 2 months======

2009-02-02 20:47:16 ----D---- C:\Program Files\Mozilla Firefox
2009-02-02 20:46:53 ----D---- C:\WINDOWS\Temp
2009-02-02 20:46:35 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-02 20:46:30 ----ASH---- C:\hpqp.ini
2009-02-02 20:46:29 ----A---- C:\XP_TV.ini
2009-02-02 20:45:38 ----D---- C:\WINDOWS\system32\drivers
2009-02-02 20:45:38 ----D---- C:\WINDOWS\system32
2009-02-02 20:45:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-02 19:36:11 ----D---- C:\Program Files
2009-02-02 19:22:54 ----D---- C:\WINDOWS\Tasks
2009-02-02 19:15:34 ----D---- C:\WINDOWS\Prefetch
2009-02-02 19:13:39 ----SHD---- C:\WINDOWS\Installer
2009-02-02 19:13:39 ----HD---- C:\Config.Msi
2009-02-02 19:13:36 ----D---- C:\Program Files\Fichiers communs\Adobe
2009-02-02 19:13:36 ----D---- C:\Program Files\Adobe
2009-02-02 19:13:33 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-02-02 19:06:41 ----D---- C:\Program Files\Symantec
2009-02-02 19:06:38 ----D---- C:\Program Files\Fichiers communs\Symantec Shared
2009-02-02 19:06:12 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-02-02 18:52:03 ----D---- C:\WINDOWS
2009-02-02 16:31:25 ----RASH---- C:\boot.ini
2009-02-02 16:31:25 ----A---- C:\WINDOWS\win.ini
2009-02-02 16:31:25 ----A---- C:\WINDOWS\system.ini
2009-02-02 16:25:24 ----SHD---- C:\RECYCLER
2009-02-02 16:15:56 ----D---- C:\Documents and Settings
2009-02-02 13:46:39 ----D---- C:\WINDOWS\system32\config
2009-02-02 12:29:37 ----D---- C:\Program Files\Fichiers communs
2009-02-02 12:11:50 ----HD---- C:\WINDOWS\inf
2009-02-02 12:08:36 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-02 12:05:22 ----D---- C:\WINDOWS\Downloaded Program Files
2009-02-02 12:01:59 ----D---- C:\WINDOWS\system32\wbem
2009-02-02 12:01:59 ----D---- C:\WINDOWS\Registration
2009-02-02 12:01:25 ----D---- C:\Program Files\Apple Software Update
2009-02-02 11:59:51 ----D---- C:\Program Files\Windows Live Toolbar
2009-02-02 11:59:51 ----D---- C:\Program Files\Partitio
2009-02-02 11:58:56 ----D---- C:\WINDOWS\system32\Restore
2009-02-02 11:49:51 ----A---- C:\WINDOWS\imsins.BAK
2009-02-02 11:31:11 ----D---- C:\WINDOWS\Minidump
2009-01-31 18:17:43 ----D---- C:\WINDOWS\network diagnostic
2009-01-30 22:27:17 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-01-30 22:20:24 ----D---- C:\Program Files\MSN
2009-01-30 20:51:12 ----D---- C:\Program Files\Neuf
2009-01-30 14:39:18 ----D---- C:\temp
2009-01-30 14:26:37 ----D---- C:\Program Files\Yahoo!
2009-01-30 14:26:16 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-30 14:17:25 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-01-30 14:17:24 ----D---- C:\Program Files\Windows Media Player
2009-01-30 14:13:46 ----D---- C:\Program Files\Google
2009-01-30 14:13:46 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-01-30 14:12:31 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-30 14:12:26 ----D---- C:\WINDOWS\twain_32
2009-01-30 14:10:52 ----D---- C:\Program Files\HPQ
2009-01-30 13:55:50 ----D---- C:\Program Files\Fichiers communs\InstallShield
2009-01-30 13:55:18 ----D---- C:\Program Files\Sonic
2009-01-30 13:48:46 ----D---- C:\Program Files\Ahead
2009-01-30 13:43:11 ----D---- C:\Program Files\DivX
2009-01-30 13:35:10 ----D---- C:\Program Files\Lavasoft
2009-01-30 09:55:57 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-28 21:51:27 ----D---- C:\WINDOWS\Help
2009-01-28 21:51:26 ----D---- C:\WINDOWS\system32\fr-fr
2009-01-28 21:51:26 ----D---- C:\Program Files\Internet Explorer
2009-01-28 21:45:54 ----D---- C:\WINDOWS\ie7updates
2009-01-28 21:43:48 ----D---- C:\WINDOWS\WBEM
2008-12-30 20:26:16 ----SD---- C:\WINDOWS\system32\Microsoft
2008-12-28 09:49:45 ----D---- C:\coktel
2008-12-17 23:21:14 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-06 11:32:46 ----D---- C:\Program Files\neuf Talk

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 IkSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-11-03 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-11-03 81288]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-03-16 27664]
R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2003-12-30 28080]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-03-28 266552]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-11-03 157696]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2005-11-08 533504]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-08-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-08-22 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-03 1353820]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-11-11 191936]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-01-31 1428096]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-22 718464]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-03-16 99568]
S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-08-18 56648]
S3 catchme;catchme; \??\C:\DOCUME~1\PHILIP~1.ORT\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DTVFW;DVB-T USB adapter firmware; C:\WINDOWS\system32\DRIVERS\dtvfw.sys []
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2005-11-19 20096]
S3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMCIRDA;Pilote de périphérique SMC IrCC Miniport; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-23 36937]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-03-28 11480]
S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-03-28 171928]
S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-03-28 37016]
S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-03-28 47192]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-03-28 18904]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbdtv;DVB-T TV Tuner; C:\WINDOWS\System32\Drivers\usbdtv.sys []
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe [2008-11-19 109056]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-08 168432]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2005-11-28 98304]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2004-03-16 876656]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2005-11-15 73728]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-11-03 1079176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-27 29744]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe [2007-03-28 206552]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------
0
Réponse 10 / 18
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
2 févr. 2009 à 21:18
Télécharge OTMoveIt3 (de Old_Timer) sur ton Bureau.
http://oldtimer.geekstogo.com/OTMoveIt3.exe

Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste Instructions for Items to be Moved.

:Processes
explorer.exe

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"EoEngine"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3e08f123]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPM3d3bc2bf]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yilihukaki]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL C:\WINDOWS\system32"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=hex(7):73,63,65,63,6c,69,0a,0a

:Files
C:\WINDOWS\system32\mabemime.dll
C:\WINDOWS\system32\vefukufe.dll
C:\WINDOWS\system32\fafaropu.dll
C:\WINDOWS\system32\tmp.txt
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\system32\owepitom.ini
C:\WINDOWS\system32\ubizomad.ini
C:\WINDOWS\system32\orumuheg.ini
C:\WINDOWS\system32\orumuheg.ini
C:\WINDOWS\system32\diyrufhp.tmp
C:\WINDOWS\system32\ofogiriz.ini
C:\WINDOWS\system32\iloyozap.ini
C:\WINDOWS\system32\odorisuj.ini
C:\WINDOWS\system32\efunudoj.ini
C:\WINDOWS\system32\apazimiz.ini
C:\WINDOWS\system32\ajezukiv.ini
C:\WINDOWS\system32\adepagul.ini
C:\WINDOWS\system32\ubebefid.ini
C:\WINDOWS\system32\ekeduwam.ini
C:\WINDOWS\system32\igerafep.ini
C:\WINDOWS\system32\urazedoz.ini
C:\WINDOWS\system32\ayipoman.ini
C:\WINDOWS\system32\izazanuh.ini
C:\WINDOWS\system32\idinokij.ini
C:\WINDOWS\system32\adupuhow.ini
C:\WINDOWS\system32\ovunafed.ini
C:\WINDOWS\system32\elakamam.ini
C:\WINDOWS\system32\ihufetus.ini
C:\WINDOWS\system32\ebinoyam.ini
C:\WINDOWS\system32\atusanot.ini
C:\WINDOWS\system32\iyuyezep.ini


:Commands
[emptytemp]
[Reboot]

clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Ton ordinateur va redémarrer pour supprimer les fichiers.

Poste le rapport qui s'ouvrira après le redémarrage.
Sinon,il est situé dans C:\_OTMoveIt\MovedFiles. ( fichier .log )
0
John_83400
2 févr. 2009 à 21:34
Ca marche pas, il bloque à la ligne

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL C:\WINDOWS\system32"

Le processus explorer.exe, est bien arrété, (plus de Bureau et de Menu Démarrer), par contre il marque "Unable to stop service Seekeen Service.

Après, donc, les 4 premières clés ça passe et ça bloque (ne répond pas) à la 5e.

...
0
Réponse 11 / 18
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
2 févr. 2009 à 21:36
OK, recommence avec ce script.

Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste Instructions for Items to be Moved.

:Processes
explorer.exe

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersio­n\Run]
"EoEngine"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3e08f123]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPM3d3bc2bf]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yilihukaki]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=hex(7):73,63,65,63,6c,69,0a,0a

:Files
C:\WINDOWS\system32\mabemime.dll
C:\WINDOWS\system32\vefukufe.dll
C:\WINDOWS\system32\fafaropu.dll
C:\WINDOWS\system32\tmp.txt
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\system32\owepitom.ini
C:\WINDOWS\system32\ubizomad.ini
C:\WINDOWS\system32\orumuheg.ini
C:\WINDOWS\system32\orumuheg.ini
C:\WINDOWS\system32\diyrufhp.tmp
C:\WINDOWS\system32\ofogiriz.ini
C:\WINDOWS\system32\iloyozap.ini
C:\WINDOWS\system32\odorisuj.ini
C:\WINDOWS\system32\efunudoj.ini
C:\WINDOWS\system32\apazimiz.ini
C:\WINDOWS\system32\ajezukiv.ini
C:\WINDOWS\system32\adepagul.ini
C:\WINDOWS\system32\ubebefid.ini
C:\WINDOWS\system32\ekeduwam.ini
C:\WINDOWS\system32\igerafep.ini
C:\WINDOWS\system32\urazedoz.ini
C:\WINDOWS\system32\ayipoman.ini
C:\WINDOWS\system32\izazanuh.ini
C:\WINDOWS\system32\idinokij.ini
C:\WINDOWS\system32\adupuhow.ini
C:\WINDOWS\system32\ovunafed.ini
C:\WINDOWS\system32\elakamam.ini
C:\WINDOWS\system32\ihufetus.ini
C:\WINDOWS\system32\ebinoyam.ini
C:\WINDOWS\system32\atusanot.ini
C:\WINDOWS\system32\iyuyezep.ini


:Commands
[emptytemp]
[Reboot]

clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Ton ordinateur va redémarrer pour supprimer les fichiers.

Poste le rapport qui s'ouvrira après le redémarrage.
Sinon,il est situé dans C:\_OTMoveIt\MovedFiles. ( fichier .log )
0
John_83400
2 févr. 2009 à 21:41
Désolé, mais c'est exactement pareil, au même endroit.

Pourtant, je fais tout bien comme tu m'as dit
0
Réponse 12 / 18
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
2 févr. 2009 à 21:47
On va enlever cette ligne pour déjà supprimer ces différents fichiers.

Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste Instructions for Items to be Moved.

:Processes
explorer.exe

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersio­­n\Run]
"EoEngine"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3e08f123]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPM3d3bc2bf]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yilihukaki]

:Files
C:\WINDOWS\system32\mabemime.dll
C:\WINDOWS\system32\vefukufe.dll
C:\WINDOWS\system32\fafaropu.dll
C:\WINDOWS\system32\tmp.txt
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\system32\owepitom.ini
C:\WINDOWS\system32\ubizomad.ini
C:\WINDOWS\system32\orumuheg.ini
C:\WINDOWS\system32\orumuheg.ini
C:\WINDOWS\system32\diyrufhp.tmp
C:\WINDOWS\system32\ofogiriz.ini
C:\WINDOWS\system32\iloyozap.ini
C:\WINDOWS\system32\odorisuj.ini
C:\WINDOWS\system32\efunudoj.ini
C:\WINDOWS\system32\apazimiz.ini
C:\WINDOWS\system32\ajezukiv.ini
C:\WINDOWS\system32\adepagul.ini
C:\WINDOWS\system32\ubebefid.ini
C:\WINDOWS\system32\ekeduwam.ini
C:\WINDOWS\system32\igerafep.ini
C:\WINDOWS\system32\urazedoz.ini
C:\WINDOWS\system32\ayipoman.ini
C:\WINDOWS\system32\izazanuh.ini
C:\WINDOWS\system32\idinokij.ini
C:\WINDOWS\system32\adupuhow.ini
C:\WINDOWS\system32\ovunafed.ini
C:\WINDOWS\system32\elakamam.ini
C:\WINDOWS\system32\ihufetus.ini
C:\WINDOWS\system32\ebinoyam.ini
C:\WINDOWS\system32\atusanot.ini
C:\WINDOWS\system32\iyuyezep.ini
C:\WINDOWS\system32\kitohulo.dll
C:\WINDOWS\system32\bivtyt.dll

:Commands
[emptytemp]
[Reboot]

clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Ton ordinateur va redémarrer pour supprimer les fichiers.

Poste le rapport qui s'ouvrira après le redémarrage.
Sinon,il est situé dans C:\_OTMoveIt\MovedFiles. ( fichier .log )
0
John_83400
2 févr. 2009 à 21:57
Voila, ça a pas tout marché mais il est allé au bout et ça a rebooté :

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersio­­­n\Run not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3e08f123\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPM3d3bc2bf\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yilihukaki\\ not found.
========== FILES ==========
LoadLibrary failed for C:\WINDOWS\system32\mabemime.dll
C:\WINDOWS\system32\mabemime.dll NOT unregistered.
C:\WINDOWS\system32\mabemime.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\vefukufe.dll
C:\WINDOWS\system32\vefukufe.dll NOT unregistered.
C:\WINDOWS\system32\vefukufe.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\fafaropu.dll
C:\WINDOWS\system32\fafaropu.dll NOT unregistered.
C:\WINDOWS\system32\fafaropu.dll moved successfully.
C:\WINDOWS\system32\tmp.txt moved successfully.
C:\WINDOWS\system32\diyrufhp.tmp moved successfully.
C:\WINDOWS\system32\nsb42.tmp moved successfully.
C:\WINDOWS\system32\nsc40.tmp moved successfully.
C:\WINDOWS\system32\nsf3F.tmp moved successfully.
C:\WINDOWS\system32\nsf4B.tmp moved successfully.
C:\WINDOWS\system32\nsk46.tmp moved successfully.
C:\WINDOWS\system32\nso45.tmp moved successfully.
C:\WINDOWS\system32\nsp41.tmp moved successfully.
C:\WINDOWS\system32\nst47.tmp moved successfully.
C:\WINDOWS\system32\nsu43.tmp moved successfully.
C:\WINDOWS\system32\owepitom.ini moved successfully.
C:\WINDOWS\system32\ubizomad.ini moved successfully.
C:\WINDOWS\system32\orumuheg.ini moved successfully.
File/Folder C:\WINDOWS\system32\orumuheg.ini not found.
File/Folder C:\WINDOWS\system32\diyrufhp.tmp not found.
C:\WINDOWS\system32\ofogiriz.ini moved successfully.
C:\WINDOWS\system32\iloyozap.ini moved successfully.
C:\WINDOWS\system32\odorisuj.ini moved successfully.
C:\WINDOWS\system32\efunudoj.ini moved successfully.
C:\WINDOWS\system32\apazimiz.ini moved successfully.
C:\WINDOWS\system32\ajezukiv.ini moved successfully.
C:\WINDOWS\system32\adepagul.ini moved successfully.
C:\WINDOWS\system32\ubebefid.ini moved successfully.
C:\WINDOWS\system32\ekeduwam.ini moved successfully.
C:\WINDOWS\system32\igerafep.ini moved successfully.
C:\WINDOWS\system32\urazedoz.ini moved successfully.
C:\WINDOWS\system32\ayipoman.ini moved successfully.
C:\WINDOWS\system32\izazanuh.ini moved successfully.
C:\WINDOWS\system32\idinokij.ini moved successfully.
C:\WINDOWS\system32\adupuhow.ini moved successfully.
C:\WINDOWS\system32\ovunafed.ini moved successfully.
C:\WINDOWS\system32\elakamam.ini moved successfully.
C:\WINDOWS\system32\ihufetus.ini moved successfully.
C:\WINDOWS\system32\ebinoyam.ini moved successfully.
C:\WINDOWS\system32\atusanot.ini moved successfully.
C:\WINDOWS\system32\iyuyezep.ini moved successfully.
File/Folder C:\WINDOWS\system32\kitohulo.dll not found.
File/Folder C:\WINDOWS\system32\bivtyt.dll not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\PHILIP~1.ORT\LOCALS~1\Temp\etilqs_ycuFaWEr5MLtsJXdgyAY scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7bc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\PHILIPPE.ORTENSE\Local Settings\Application Data\Mozilla\Firefox\Profiles\qyugpa84.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\PHILIPPE.ORTENSE\Local Settings\Application Data\Mozilla\Firefox\Profiles\qyugpa84.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\PHILIPPE.ORTENSE\Local Settings\Application Data\Mozilla\Firefox\Profiles\qyugpa84.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\PHILIPPE.ORTENSE\Local Settings\Application Data\Mozilla\Firefox\Profiles\qyugpa84.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\PHILIPPE.ORTENSE\Local Settings\Application Data\Mozilla\Firefox\Profiles\qyugpa84.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02022009_215237

Files moved on Reboot...
File C:\DOCUME~1\PHILIP~1.ORT\LOCALS~1\Temp\etilqs_ycuFaWEr5MLtsJXdgyAY not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_7bc.dat scheduled to be moved on reboot.
C:\Documents and Settings\PHILIPPE.ORTENSE\Local Settings\Application Data\Mozilla\Firefox\Profiles\qyugpa84.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\PHILIPPE.ORTENSE\Local Settings\Application Data\Mozilla\Firefox\Profiles\qyugpa84.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\PHILIPPE.ORTENSE\Local Settings\Application Data\Mozilla\Firefox\Profiles\qyugpa84.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\PHILIPPE.ORTENSE\Local Settings\Application Data\Mozilla\Firefox\Profiles\qyugpa84.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\PHILIPPE.ORTENSE\Local Settings\Application Data\Mozilla\Firefox\Profiles\qyugpa84.default\urlclassifier3.sqlite moved successfully.
0
Réponse 13 / 18
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
2 févr. 2009 à 21:59
poste moi un nouveau rapport RSIT.

A+
0
John_83400
2 févr. 2009 à 22:01
Voila, m'sieur

Logfile of random's system information tool 1.05 (written by random/random)
Run by PHILIPPE at 2009-02-02 22:00:34
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 58 GB (65%) free of 89 GB
Total RAM: 1014 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:00:42, on 02/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\PHILIPPE.ORTENSE\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\PHILIPPE.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SFR-PC] "C:\Program Files\SFR-PC\SFR-PC.exe" /check
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://dida.univ-tln.fr/qp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://www.neufsecurite.com/Ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe


End of file - 11341 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Connexion facile à Internet.job
C:\WINDOWS\tasks\HPCeeSchedule.job
C:\WINDOWS\tasks\Norton Security Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-27 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-27 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-27 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-27 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-11-03 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-03 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-03 118784]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2005-11-08 61952]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-11-11 761945]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2005-12-12 94208]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2005-12-07 409600]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"EoEngine"= []
"ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
"SFR-PC"=C:\Program Files\SFR-PC\SFR-PC.exe [2008-11-05 872536]
"ArcSoft Connection Service"=C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-11-20 178688]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-03 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\kitohulo.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\Fichiers communs\Symantec Shared\CCAPP.EXE"="C:\Program Files\Fichiers communs\Symantec Shared\CCAPP.EXE:*:Enabled:ccApp"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqSTE08"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe"="C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe:*:Enabled:symlcsvc"
"C:\WINDOWS\system32\HPZipm12.exe"="C:\WINDOWS\system32\HPZipm12.exe:*:Enabled:HPZipm12"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"="C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe:*:Enabled:PSFree"
"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ctfmon"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE"="C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE:*:Enabled:navapsvc"
"C:\Program Files\Internet Explorer\iedw.exe"="C:\Program Files\Internet Explorer\iedw.exe:*:Enabled:iedw"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:wmplayer"
"C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"="C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe:*:Enabled:dpps2"
"C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"="C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe:*:Enabled:HP Wireless Assistant"
"C:\Program Files\Fichiers communs\Symantec Shared\CCSETMGR.EXE"="C:\Program Files\Fichiers communs\Symantec Shared\CCSETMGR.EXE:*:Enabled:ccSetMgr"
"C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe"="C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe:*:Enabled:EabServr"
"C:\Program Files\Spyware Doctor\pctsAuxs.exe"="C:\Program Files\Spyware Doctor\pctsAuxs.exe:*:Enabled:pctsAuxs"
"C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe"="C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe:*:Enabled:ALUSchedulerSvc"
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe:*:Enabled:GoogleDesktop"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv"
"C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 2 months======

2009-02-02 21:25:46 ----D---- C:\_OTMoveIt
2009-02-02 19:36:20 ----D---- C:\Documents and Settings\PHILIPPE.ORTENSE\Application Data\Malwarebytes
2009-02-02 19:36:12 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-02 19:36:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-02 19:16:12 ----A---- C:\lopR.txt
2009-02-02 19:15:33 ----D---- C:\Lop SD
2009-02-02 19:08:22 ----D---- C:\rsit
2009-02-02 18:49:18 ----A---- C:\cleannavi.txt
2009-02-02 18:40:39 ----A---- C:\fixnavi.txt
2009-02-02 18:38:50 ----D---- C:\Program Files\Navilog1
2009-02-02 18:14:33 ----A---- C:\rapport.txt
2009-02-02 16:15:39 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-02 12:36:20 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-02-02 12:36:18 ----D---- C:\Program Files\Alwil Software
2009-02-02 12:12:51 ----D---- C:\Program Files\CleanUp!
2009-02-02 12:01:23 ----D---- C:\Program Files\AVSMedia
2009-02-02 12:01:22 ----D---- C:\Program Files\Bonjour
2009-02-02 12:01:21 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-02-02 12:01:14 ----D---- C:\WINDOWS\InCD
2009-02-02 12:01:09 ----D---- C:\Program Files\Smart Projects
2009-02-02 12:01:08 ----D---- C:\Program Files\iWizz
2009-02-02 12:01:05 ----D---- C:\Program Files\Fichiers communs\SureThing Shared
2009-02-02 12:01:04 ----D---- C:\Program Files\Fichiers communs\TiVo Shared
2009-02-02 12:00:44 ----D---- C:\WINDOWS\STK02N
2009-02-02 12:00:44 ----D---- C:\Documents and Settings\PHILIPPE.ORTENSE\Application Data\InstallShield
2009-02-02 11:59:47 ----D---- C:\Program Files\Windows Live Favorites
2009-02-02 11:59:44 ----D---- C:\Program Files\Common Files
2009-02-02 11:59:37 ----D---- C:\Program Files\Spyware Doctor
2009-02-02 11:59:37 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-01-30 22:34:54 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2009-01-30 14:41:11 ----D---- C:\Program Files\Trend Micro
2009-01-30 14:33:54 ----D---- C:\Program Files\CleanUp!(2)
2009-01-30 14:15:40 ----D---- C:\WINDOWS\pss
2009-01-28 21:43:33 ----A---- C:\WINDOWS\ieResetIcons.exe
2009-01-26 17:55:29 ----D---- C:\Documents and Settings\PHILIPPE.ORTENSE\Application Data\ArcSoft
2009-01-26 17:55:28 ----D---- C:\Documents and Settings\All Users\Application Data\ArcSoft
2009-01-26 17:49:38 ----A---- C:\WINDOWS\system32\unicows.dll
2009-01-26 17:46:34 ----D---- C:\Program Files\Fichiers communs\ArcSoft
2009-01-26 17:46:34 ----D---- C:\Program Files\ArcSoft
2009-01-22 10:54:19 ----D---- C:\Downloads
2009-01-05 18:24:23 ----D---- C:\Program Files\Microsoft Silverlight
2008-12-30 20:24:44 ----D---- C:\Program Files\Microsoft Windows OneCare Live
2008-12-11 22:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 22:00:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 21:59:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 21:00:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-11 01:33:26 ----A---- C:\WINDOWS\system32\dtu100.dll
2008-12-11 01:33:26 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-12-09 03:28:52 ----A---- C:\WINDOWS\system32\dpv11.dll
2008-12-09 03:28:52 ----A---- C:\WINDOWS\system32\dpus11.dll
2008-12-09 03:28:52 ----A---- C:\WINDOWS\system32\dpuGUI11.dll
2008-12-09 03:28:52 ----A---- C:\WINDOWS\system32\dpu11.dll
2008-12-05 22:11:56 ----D---- C:\Program Files\SFR-PC
2008-12-04 20:14:43 ----D---- C:\Program Files\Fichiers communs\DirectX
2008-12-04 20:14:33 ----A---- C:\WINDOWS\system32\SIntfNT.dll
2008-12-04 20:14:33 ----A---- C:\WINDOWS\system32\SIntf32.dll
2008-12-04 20:14:33 ----A---- C:\WINDOWS\system32\SIntf16.dll
2008-12-04 20:14:01 ----D---- C:\Program Files\directx

======List of files/folders modified in the last 2 months======

2009-02-02 21:55:58 ----D---- C:\Program Files\Mozilla Firefox
2009-02-02 21:55:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-02 21:55:37 ----ASH---- C:\hpqp.ini
2009-02-02 21:55:34 ----A---- C:\XP_TV.ini
2009-02-02 21:54:39 ----D---- C:\WINDOWS\Temp
2009-02-02 21:53:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-02 21:52:49 ----D---- C:\WINDOWS\system32
2009-02-02 20:45:38 ----D---- C:\WINDOWS\system32\drivers
2009-02-02 19:36:11 ----D---- C:\Program Files
2009-02-02 19:32:02 ----HD---- C:\Config.Msi
2009-02-02 19:22:54 ----D---- C:\WINDOWS\Tasks
2009-02-02 19:15:34 ----D---- C:\WINDOWS\Prefetch
2009-02-02 19:13:39 ----SHD---- C:\WINDOWS\Installer
2009-02-02 19:13:36 ----D---- C:\Program Files\Fichiers communs\Adobe
2009-02-02 19:13:36 ----D---- C:\Program Files\Adobe
2009-02-02 19:13:33 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-02-02 19:06:41 ----D---- C:\Program Files\Symantec
2009-02-02 19:06:38 ----D---- C:\Program Files\Fichiers communs\Symantec Shared
2009-02-02 19:06:12 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-02-02 18:52:03 ----D---- C:\WINDOWS
2009-02-02 16:31:25 ----RASH---- C:\boot.ini
2009-02-02 16:31:25 ----A---- C:\WINDOWS\win.ini
2009-02-02 16:31:25 ----A---- C:\WINDOWS\system.ini
2009-02-02 16:25:24 ----SHD---- C:\RECYCLER
2009-02-02 16:15:56 ----D---- C:\Documents and Settings
2009-02-02 13:46:39 ----D---- C:\WINDOWS\system32\config
2009-02-02 12:29:37 ----D---- C:\Program Files\Fichiers communs
2009-02-02 12:11:50 ----HD---- C:\WINDOWS\inf
2009-02-02 12:08:36 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-02 12:05:22 ----D---- C:\WINDOWS\Downloaded Program Files
2009-02-02 12:01:59 ----D---- C:\WINDOWS\system32\wbem
2009-02-02 12:01:59 ----D---- C:\WINDOWS\Registration
2009-02-02 12:01:25 ----D---- C:\Program Files\Apple Software Update
2009-02-02 11:59:51 ----D---- C:\Program Files\Windows Live Toolbar
2009-02-02 11:59:51 ----D---- C:\Program Files\Partitio
2009-02-02 11:58:56 ----D---- C:\WINDOWS\system32\Restore
2009-02-02 11:49:51 ----A---- C:\WINDOWS\imsins.BAK
2009-02-02 11:31:11 ----D---- C:\WINDOWS\Minidump
2009-01-31 18:17:43 ----D---- C:\WINDOWS\network diagnostic
2009-01-30 22:27:17 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-01-30 22:20:24 ----D---- C:\Program Files\MSN
2009-01-30 20:51:12 ----D---- C:\Program Files\Neuf
2009-01-30 14:39:18 ----D---- C:\temp
2009-01-30 14:26:37 ----D---- C:\Program Files\Yahoo!
2009-01-30 14:26:16 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-30 14:17:25 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-01-30 14:17:24 ----D---- C:\Program Files\Windows Media Player
2009-01-30 14:13:46 ----D---- C:\Program Files\Google
2009-01-30 14:13:46 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-01-30 14:12:31 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-30 14:12:26 ----D---- C:\WINDOWS\twain_32
2009-01-30 14:10:52 ----D---- C:\Program Files\HPQ
2009-01-30 13:55:50 ----D---- C:\Program Files\Fichiers communs\InstallShield
2009-01-30 13:55:18 ----D---- C:\Program Files\Sonic
2009-01-30 13:48:46 ----D---- C:\Program Files\Ahead
2009-01-30 13:43:11 ----D---- C:\Program Files\DivX
2009-01-30 13:35:10 ----D---- C:\Program Files\Lavasoft
2009-01-30 09:55:57 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-28 21:51:27 ----D---- C:\WINDOWS\Help
2009-01-28 21:51:26 ----D---- C:\WINDOWS\system32\fr-fr
2009-01-28 21:51:26 ----D---- C:\Program Files\Internet Explorer
2009-01-28 21:45:54 ----D---- C:\WINDOWS\ie7updates
2009-01-28 21:43:48 ----D---- C:\WINDOWS\WBEM
2008-12-30 20:26:16 ----SD---- C:\WINDOWS\system32\Microsoft
2008-12-28 09:49:45 ----D---- C:\coktel
2008-12-17 23:21:14 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-06 11:32:46 ----D---- C:\Program Files\neuf Talk

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 IkSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-11-03 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-11-03 81288]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-03-16 27664]
R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2003-12-30 28080]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-03-28 266552]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-11-03 157696]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2005-11-08 533504]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-08-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-08-22 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-03 1353820]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-11-11 191936]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-01-31 1428096]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-22 718464]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-03-16 99568]
S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-08-18 56648]
S3 catchme;catchme; \??\C:\DOCUME~1\PHILIP~1.ORT\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DTVFW;DVB-T USB adapter firmware; C:\WINDOWS\system32\DRIVERS\dtvfw.sys []
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2005-11-19 20096]
S3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMCIRDA;Pilote de périphérique SMC IrCC Miniport; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-23 36937]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-03-28 11480]
S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-03-28 171928]
S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-03-28 37016]
S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-03-28 47192]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-03-28 18904]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbdtv;DVB-T TV Tuner; C:\WINDOWS\System32\Drivers\usbdtv.sys []
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe [2008-11-19 109056]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-08 168432]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2005-11-28 98304]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2004-03-16 876656]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2005-11-15 73728]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-11-03 1079176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-27 29744]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe [2007-03-28 206552]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------
0
Réponse 14 / 18
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
2 févr. 2009 à 22:07
1) Ouvre le bloc-notes ( demarrer --> tous les programmes --> accessoires --> bloc-notes ) et copie le texte en citation ci-dessous.
Attention , pas de ligne blanche avant REGEDIT4 et une ligne entre REGEDIT4 et la suite.

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=hex(7): 73,63,65,63,6c,69,0a,0a

Menu Fichier --> enregistrer sous --> une boite de dialogue va s'ouvrir
Il y a deux lignes en bas de la fenetre :
- la première pour le nom : tape fix.reg
- la deuxième pour le type : clique sur l'onglet pour faire apparaitre tous les fichiers (*.* )

il te reste alors à choisir l'emplacement où tu vas l'enregistrer.
Clique sur le flêche en haut jusqu'à arriver au bureau.

Click droit sur le fichier fix.reg puis choisis fusionner

2) Puis poste moi un nouveau rapport RSIT.

A+
0
John_83400
2 févr. 2009 à 22:10
C'est fait

Logfile of random's system information tool 1.05 (written by random/random)
Run by PHILIPPE at 2009-02-02 22:10:18
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 58 GB (65%) free of 89 GB
Total RAM: 1014 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:19, on 02/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\PHILIPPE.ORTENSE\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\PHILIPPE.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SFR-PC] "C:\Program Files\SFR-PC\SFR-PC.exe" /check
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://dida.univ-tln.fr/qp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://www.neufsecurite.com/Ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe


End of file - 11341 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-27 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-27 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-27 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-27 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-11-03 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-03 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-03 118784]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2005-11-08 61952]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-11-11 761945]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2005-12-12 94208]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2005-12-07 409600]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"EoEngine"= []
"ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
"SFR-PC"=C:\Program Files\SFR-PC\SFR-PC.exe [2008-11-05 872536]
"ArcSoft Connection Service"=C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-11-20 178688]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-03 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\Fichiers communs\Symantec Shared\CCAPP.EXE"="C:\Program Files\Fichiers communs\Symantec Shared\CCAPP.EXE:*:Enabled:ccApp"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqSTE08"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe"="C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe:*:Enabled:symlcsvc"
"C:\WINDOWS\system32\HPZipm12.exe"="C:\WINDOWS\system32\HPZipm12.exe:*:Enabled:HPZipm12"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"="C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe:*:Enabled:PSFree"
"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ctfmon"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE"="C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE:*:Enabled:navapsvc"
"C:\Program Files\Internet Explorer\iedw.exe"="C:\Program Files\Internet Explorer\iedw.exe:*:Enabled:iedw"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:wmplayer"
"C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"="C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe:*:Enabled:dpps2"
"C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"="C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe:*:Enabled:HP Wireless Assistant"
"C:\Program Files\Fichiers communs\Symantec Shared\CCSETMGR.EXE"="C:\Program Files\Fichiers communs\Symantec Shared\CCSETMGR.EXE:*:Enabled:ccSetMgr"
"C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe"="C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe:*:Enabled:EabServr"
"C:\Program Files\Spyware Doctor\pctsAuxs.exe"="C:\Program Files\Spyware Doctor\pctsAuxs.exe:*:Enabled:pctsAuxs"
"C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe"="C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe:*:Enabled:ALUSchedulerSvc"
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe:*:Enabled:GoogleDesktop"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv"
"C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 2 months======

2009-02-02 21:25:46 ----D---- C:\_OTMoveIt
2009-02-02 19:36:20 ----D---- C:\Documents and Settings\PHILIPPE.ORTENSE\Application Data\Malwarebytes
2009-02-02 19:36:12 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-02 19:36:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-02 19:16:12 ----A---- C:\lopR.txt
2009-02-02 19:15:33 ----D---- C:\Lop SD
2009-02-02 19:08:22 ----D---- C:\rsit
2009-02-02 18:49:18 ----A---- C:\cleannavi.txt
2009-02-02 18:40:39 ----A---- C:\fixnavi.txt
2009-02-02 18:38:50 ----D---- C:\Program Files\Navilog1
2009-02-02 18:14:33 ----A---- C:\rapport.txt
2009-02-02 16:15:39 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-02 12:36:20 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-02-02 12:36:18 ----D---- C:\Program Files\Alwil Software
2009-02-02 12:12:51 ----D---- C:\Program Files\CleanUp!
2009-02-02 12:01:23 ----D---- C:\Program Files\AVSMedia
2009-02-02 12:01:22 ----D---- C:\Program Files\Bonjour
2009-02-02 12:01:21 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-02-02 12:01:14 ----D---- C:\WINDOWS\InCD
2009-02-02 12:01:09 ----D---- C:\Program Files\Smart Projects
2009-02-02 12:01:08 ----D---- C:\Program Files\iWizz
2009-02-02 12:01:05 ----D---- C:\Program Files\Fichiers communs\SureThing Shared
2009-02-02 12:01:04 ----D---- C:\Program Files\Fichiers communs\TiVo Shared
2009-02-02 12:00:44 ----D---- C:\WINDOWS\STK02N
2009-02-02 12:00:44 ----D---- C:\Documents and Settings\PHILIPPE.ORTENSE\Application Data\InstallShield
2009-02-02 11:59:47 ----D---- C:\Program Files\Windows Live Favorites
2009-02-02 11:59:44 ----D---- C:\Program Files\Common Files
2009-02-02 11:59:37 ----D---- C:\Program Files\Spyware Doctor
2009-02-02 11:59:37 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-01-30 22:34:54 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2009-01-30 14:41:11 ----D---- C:\Program Files\Trend Micro
2009-01-30 14:33:54 ----D---- C:\Program Files\CleanUp!(2)
2009-01-30 14:15:40 ----D---- C:\WINDOWS\pss
2009-01-28 21:43:33 ----A---- C:\WINDOWS\ieResetIcons.exe
2009-01-26 17:55:29 ----D---- C:\Documents and Settings\PHILIPPE.ORTENSE\Application Data\ArcSoft
2009-01-26 17:55:28 ----D---- C:\Documents and Settings\All Users\Application Data\ArcSoft
2009-01-26 17:49:38 ----A---- C:\WINDOWS\system32\unicows.dll
2009-01-26 17:46:34 ----D---- C:\Program Files\Fichiers communs\ArcSoft
2009-01-26 17:46:34 ----D---- C:\Program Files\ArcSoft
2009-01-22 10:54:19 ----D---- C:\Downloads
2009-01-05 18:24:23 ----D---- C:\Program Files\Microsoft Silverlight
2008-12-30 20:24:44 ----D---- C:\Program Files\Microsoft Windows OneCare Live
2008-12-11 22:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 22:00:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 21:59:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 21:00:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-11 01:33:26 ----A---- C:\WINDOWS\system32\dtu100.dll
2008-12-11 01:33:26 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-12-09 03:28:52 ----A---- C:\WINDOWS\system32\dpv11.dll
2008-12-09 03:28:52 ----A---- C:\WINDOWS\system32\dpus11.dll
2008-12-09 03:28:52 ----A---- C:\WINDOWS\system32\dpuGUI11.dll
2008-12-09 03:28:52 ----A---- C:\WINDOWS\system32\dpu11.dll
2008-12-05 22:11:56 ----D---- C:\Program Files\SFR-PC
2008-12-04 20:14:43 ----D---- C:\Program Files\Fichiers communs\DirectX
2008-12-04 20:14:33 ----A---- C:\WINDOWS\system32\SIntfNT.dll
2008-12-04 20:14:33 ----A---- C:\WINDOWS\system32\SIntf32.dll
2008-12-04 20:14:33 ----A---- C:\WINDOWS\system32\SIntf16.dll
2008-12-04 20:14:01 ----D---- C:\Program Files\directx

======List of files/folders modified in the last 2 months======

2009-02-02 22:07:54 ----D---- C:\WINDOWS\Tasks
2009-02-02 21:55:58 ----D---- C:\Program Files\Mozilla Firefox
2009-02-02 21:55:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-02 21:55:37 ----ASH---- C:\hpqp.ini
2009-02-02 21:55:34 ----A---- C:\XP_TV.ini
2009-02-02 21:54:39 ----D---- C:\WINDOWS\Temp
2009-02-02 21:53:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-02 21:52:49 ----D---- C:\WINDOWS\system32
2009-02-02 20:45:38 ----D---- C:\WINDOWS\system32\drivers
2009-02-02 19:36:11 ----D---- C:\Program Files
2009-02-02 19:32:02 ----HD---- C:\Config.Msi
2009-02-02 19:15:34 ----D---- C:\WINDOWS\Prefetch
2009-02-02 19:13:39 ----SHD---- C:\WINDOWS\Installer
2009-02-02 19:13:36 ----D---- C:\Program Files\Fichiers communs\Adobe
2009-02-02 19:13:36 ----D---- C:\Program Files\Adobe
2009-02-02 19:13:33 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-02-02 19:06:41 ----D---- C:\Program Files\Symantec
2009-02-02 19:06:38 ----D---- C:\Program Files\Fichiers communs\Symantec Shared
2009-02-02 19:06:12 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-02-02 18:52:03 ----D---- C:\WINDOWS
2009-02-02 16:31:25 ----RASH---- C:\boot.ini
2009-02-02 16:31:25 ----A---- C:\WINDOWS\win.ini
2009-02-02 16:31:25 ----A---- C:\WINDOWS\system.ini
2009-02-02 16:25:24 ----SHD---- C:\RECYCLER
2009-02-02 16:15:56 ----D---- C:\Documents and Settings
2009-02-02 13:46:39 ----D---- C:\WINDOWS\system32\config
2009-02-02 12:29:37 ----D---- C:\Program Files\Fichiers communs
2009-02-02 12:11:50 ----HD---- C:\WINDOWS\inf
2009-02-02 12:08:36 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-02 12:05:22 ----D---- C:\WINDOWS\Downloaded Program Files
2009-02-02 12:01:59 ----D---- C:\WINDOWS\system32\wbem
2009-02-02 12:01:59 ----D---- C:\WINDOWS\Registration
2009-02-02 12:01:25 ----D---- C:\Program Files\Apple Software Update
2009-02-02 11:59:51 ----D---- C:\Program Files\Windows Live Toolbar
2009-02-02 11:59:51 ----D---- C:\Program Files\Partitio
2009-02-02 11:58:56 ----D---- C:\WINDOWS\system32\Restore
2009-02-02 11:49:51 ----A---- C:\WINDOWS\imsins.BAK
2009-02-02 11:31:11 ----D---- C:\WINDOWS\Minidump
2009-01-31 18:17:43 ----D---- C:\WINDOWS\network diagnostic
2009-01-30 22:27:17 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-01-30 22:20:24 ----D---- C:\Program Files\MSN
2009-01-30 20:51:12 ----D---- C:\Program Files\Neuf
2009-01-30 14:39:18 ----D---- C:\temp
2009-01-30 14:26:37 ----D---- C:\Program Files\Yahoo!
2009-01-30 14:26:16 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-30 14:17:25 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-01-30 14:17:24 ----D---- C:\Program Files\Windows Media Player
2009-01-30 14:13:46 ----D---- C:\Program Files\Google
2009-01-30 14:13:46 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-01-30 14:12:31 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-30 14:12:26 ----D---- C:\WINDOWS\twain_32
2009-01-30 14:10:52 ----D---- C:\Program Files\HPQ
2009-01-30 13:55:50 ----D---- C:\Program Files\Fichiers communs\InstallShield
2009-01-30 13:55:18 ----D---- C:\Program Files\Sonic
2009-01-30 13:48:46 ----D---- C:\Program Files\Ahead
2009-01-30 13:43:11 ----D---- C:\Program Files\DivX
2009-01-30 13:35:10 ----D---- C:\Program Files\Lavasoft
2009-01-30 09:55:57 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-28 21:51:27 ----D---- C:\WINDOWS\Help
2009-01-28 21:51:26 ----D---- C:\WINDOWS\system32\fr-fr
2009-01-28 21:51:26 ----D---- C:\Program Files\Internet Explorer
2009-01-28 21:45:54 ----D---- C:\WINDOWS\ie7updates
2009-01-28 21:43:48 ----D---- C:\WINDOWS\WBEM
2008-12-30 20:26:16 ----SD---- C:\WINDOWS\system32\Microsoft
2008-12-28 09:49:45 ----D---- C:\coktel
2008-12-17 23:21:14 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-06 11:32:46 ----D---- C:\Program Files\neuf Talk

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 IkSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-11-03 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-11-03 81288]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-03-16 27664]
R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2003-12-30 28080]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-03-28 266552]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-11-03 157696]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2005-11-08 533504]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-08-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-08-22 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-03 1353820]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-11-11 191936]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-01-31 1428096]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-22 718464]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-03-16 99568]
S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-08-18 56648]
S3 catchme;catchme; \??\C:\DOCUME~1\PHILIP~1.ORT\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DTVFW;DVB-T USB adapter firmware; C:\WINDOWS\system32\DRIVERS\dtvfw.sys []
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2005-11-19 20096]
S3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMCIRDA;Pilote de périphérique SMC IrCC Miniport; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-23 36937]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-03-28 11480]
S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-03-28 171928]
S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-03-28 37016]
S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-03-28 47192]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-03-28 18904]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbdtv;DVB-T TV Tuner; C:\WINDOWS\System32\Drivers\usbdtv.sys []
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe [2008-11-19 109056]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-08 168432]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2005-11-28 98304]
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2004-03-16 876656]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2005-11-15 73728]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-11-03 1079176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-27 29744]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe [2007-03-28 206552]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------
0
Réponse 15 / 18
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
2 févr. 2009 à 22:14
Nickel,

Il fallait correctement nettoyé cette clé. :-)

lance un scan complet avec Avast.

Pour obtenir un rapport lors d'un scan d'Avast, il faut faire ceci :

- click droit sur l'icone d'Avast dans la barre des taches --> clique sur la flèche au-dessus du curseur pour lancer le scan
- choisir réglages --> fichier de rapport --> cocher créer un fichier
- les rapports ( .txt ) seront sauvegardés ( par défaut ) dans C:\program files\Awil Software\Avast4\DATA\report

Fais ce réglage pour obtenir le rapport.

Puis lance un scan complet de tes disques durs et poste le rapport.

A+
0
John_83400
2 févr. 2009 à 22:19
ca y est le scan avast est lancé.

Ca à l'air d'aller en tout cas.

Un grand merci à toi, pour le temps que tu m'as accordé et bravo pour tes compétences.

A tout à l'heure pour le log du scan.
0
John_83400
2 févr. 2009 à 23:04
Ca y est c'est fini, il en a encore sorti pas mal, mais toujours de System Volume Information, c'est grave docteur ?

Rapport avast!
* Ce fichier est généré automatiquement
*
* Tâche utilisée 'Interface utilisateur simplifiée'
* Débuté le lundi 2 février 2009 22:17:25
* VPS : 090202-0, 02/02/2009
*

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230897.dll [L] Win32:Rootkit-gen [Rtk] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230898.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230899.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230900.dll [L] Win32:Spyware-gen [Trj] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230901.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230902.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230903.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230904.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230905.dll [L] Win32:Spyware-gen [Trj] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230906.dll [L] Win32:Adware-gen [Adw] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230907.dll [L] Win32:Rootkit-gen [Rtk] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230908.dll [L] Win32:Adware-gen [Adw] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230909.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230910.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230911.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230912.dll [L] Win32:Trojan-gen {Other} (0)
Durant le transfert du fichier vers la zone de quarantaine, l'erreur suivante s'est produite : Espace insuffisant sur le disque
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230913.dll [L] Win32:Spyware-gen [Trj] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230914.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230915.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230916.dll [L] Win32:Spyware-gen [Trj] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230917.dll [L] Win32:Spyware-gen [Trj] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230918.dll [L] Win32:Rootkit-gen [Rtk] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230919.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230920.dll [L] Win32:Adware-gen [Adw] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230921.dll [L] Win32:Spyware-gen [Trj] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230922.dll [L] Win32:Spyware-gen [Trj] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230923.dll [L] Win32:Adware-gen [Adw] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230924.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230925.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230926.dll [L] Win32:Spyware-gen [Trj] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230927.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230928.dll [L] Win32:Adware-gen [Adw] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230929.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230930.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230931.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230932.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230933.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230934.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230935.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230936.dll [L] Win32:Spyware-gen [Trj] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230937.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230938.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230939.dll [L] Win32:Spyware-gen [Trj] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230940.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230941.dll [L] Win32:Spyware-gen [Trj] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230942.dll [L] Win32:Rootkit-gen [Rtk] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230943.dll [L] Win32:Adware-gen [Adw] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230944.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230945.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230946.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230947.dll [L] Win32:Spyware-gen [Trj] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230948.dll [L] Win32:Rootkit-gen [Rtk] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230949.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230950.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230951.dll [L] Win32:Spyware-gen [Trj] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230952.dll [L] Win32:Rootkit-gen [Rtk] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230953.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230954.dll [L] Win32:Spyware-gen [Trj] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230955.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230956.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230957.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230958.dll [L] Win32:Spyware-gen [Trj] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230959.dll [L] Win32:Spyware-gen [Trj] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230960.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230961.dll [L] Win32:Spyware-gen [Trj] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230962.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230963.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230964.dll [L] Win32:Spyware-gen [Trj] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230965.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230966.dll [L] Win32:Spyware-gen [Trj] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230967.dll [L] Win32:Spyware-gen [Trj] (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230968.dll [L] Win32:Trojan-gen {Other} (0)
Fichier supprimé avec succès...
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP539\A0230969.dll [L] Win32:Spyware-gen [Trj] (0)
Fichier supprimé avec succès...
Fichiers infectés : 73
Total des fichiers : 95804
Total des dossiers : 10696
Taille totale : 38,9 GB

*
* Tâche terminée : lundi 2 février 2009 22:58:45
* Programme était en exécution 41 minute(s), 20 seconde(s)
*
0
Réponse 16 / 18
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
2 févr. 2009 à 23:14
une question : as-tu l'utilité de toutes les barres d'outil installées sur ton PC ?
Tu peux en désinstaller via le panneau de config.

1) Lance Hijackthis et tu choisis " Do a system scan only ".
Tu sélectionnes les lignes suivantes :

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default )
O18 - Filter hijack: text/html - (no CLSID) - (no file)

Tu choisis l'option " Fixchecked" en bas de la page.

2) Il reste des traces de Norton.
Utilise l'outil suivant pour nettoyer cela.
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

3) Mets à jour Acrobat Reader. Il est la cible d'attaques et il est important d'avoir la dernière version sur son PC.
https://get2.adobe.com/fr/reader/otherversions/

4) Télécharges IE7 et installe-le.
https://www.pcastuces.com/logitheque/default.htm

5) Tu vas vérifier pour ta version de Java.
Pour cela, tu vas installer JavaRa qui tu pourras garder ou désinstaller après.
Ce logiciel va aussi nettoyer et enlever toutes les anciennes versions présentes.

Télécharge JavaRa de PaulMcLain et Fred De Vries.
http://raproducts.org/click/click.php?id=1

Click droit sur l’archive JavaRa.zip et extraire sur le bureau.
Un dossier sera crée. L’ouvrir et double-cliquer sur JavaRa.exe pour le lancer

Choisis la langue ( anglais )
Une fenêtre va s’ouvrir ou tu auras le choix entre mettre à jour et supprimer les anciennes versions de Java.

- Mise à jour :
clique sur Search for Updates et choisis l’option Update Using jucheck.exe. Il te sera précisé si il existe ou pas de nouvelle version à installer sur ton PC.
Si oui, clique sur Installer puis suis les invites.

- Suppression des anciennes versions :
Relance JavaRa.exe s’il le faut et choisis Remove Older Versions.
Suis les invites.
Il te sera précisé de la suppression les versions trouvées et supprimées.

Un rapport a été crée. Poste le.

A+
0
John_83400
2 févr. 2009 à 23:41
Voila, j'ai fait tout ce que t'as dit: voila le log javara

JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Feb 02 23:39:29 2009

Found and removed: C:\Program Files\Java\jre1.5.0_06

Found and removed: C:\Program Files\Java\jre1.5.0_10

Found and removed: C:\Program Files\Java\jre1.5.0_11

Found and removed: C:\Program Files\Java\jre1.6.0_01

Found and removed: C:\Program Files\Java\jre1.6.0_02

Found and removed: C:\Program Files\Java\jre1.6.0_03

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: Software\JavaSoft\Java2D\1.5.0_10

Found and removed: Software\JavaSoft\Java2D\1.5.0_11

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaPlugin.150_10

Found and removed: SOFTWARE\Classes\JavaPlugin.150_11

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150100}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150110}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_11

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: Software\Classes\JavaPlugin.160_02

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_01

Found and removed: Software\JavaSoft\Java2D\1.6.0_02

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_11\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Feb 02 23:40:27 2009

------------------------------------

Finished reporting.
0
Réponse 17 / 18
John_83400
2 févr. 2009 à 23:59
J'ai tout bien fait.
Tu dois être couché a cette heure tardive.
En tout cas mon pc tourne super bien

Merci encore pour la désinfection et les conseils supplémentaires.

T'es un vrai pro!

Je coche résolu.

A bientôt.

MERCI!!
0
Réponse 18 / 18
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
3 févr. 2009 à 09:17
On termine.

1) Télécharge ToolsCleaner .sur le bureau
http://pc-system.fr/

Double-clique sur ToolsCleaner2.exe --> Recherche --> Suppression.
Il est possible que ton bureau disparaisse.

Fais un copier/coller du rapport qui se trouve dans C:\TCleaner.txt.

2) Utilise CCleaner et les deux options nettoyeur et registre.
u trouveras sans difficulté ce logiciel en téléchargement.

3) Il faut enfin recréer un point de restauration propre pour pouvoir l'utiliser en cas de problème sur ton PC.

- Désactivation de la restauration système :

Panneau de configuration --> Système --> Restauration du système
cocher " Désactiver la restauration .... " ( si elle est cochée sinon la décocher -- > valider -- > cocher )

Une fenêtre va s'ouvrir pour t'avertir que les poins de restauration existants seront supprimés.
Accepte.

Décoche ensuite « Désactiver la restauration .... » pour réactiver la restauration système

- Création d'un nouveau point de restauration :

Pour recréer un point de restauration :

Démarrer --> Programmes --> Accessoires --> Outils système --> Restauration système

Choisis "Créer un point de restauration". Suis les invites.

Si tu as des questions , n'hésite pas à les poser.

A+
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Virus détecté
Koony -
MisteryBean -

6 réponses
y a t'il des virus qu'avast ne detecte pas
davivid -
Utilisateur anonyme -

24 réponses
Mon ordinateur a été infecté par un virus ou
henry4002 -
jorginho67 -

6 réponses
Virus non détecté par mon anti-virus ?
F2L -
cabrier -

12 réponses