Pubs snappyads intempestives

Résolu
luciole761 Messages postés 110 Date d'inscription   Statut Membre Dernière intervention   -  
loloetseb Messages postés 5508 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour,

Cela fait plusieurs jours que des fenêtres de pub snappyads envahiessent mon ordinateur. J'ai mis à la poubelle le dossier snappyads qui était venu s'ajouter à mon dossier programme file mais rien ni fait. Quelqu'un saurait-il me dire comment je peux définitivement supprimer ces pas de pub qui m'empoisonnent la vie.

J'ai fait un scan avec Hijack et vous post le rapport.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:44:26, on 09/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrateur\Bureau\thejack.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.astroburn-search.com/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - C:\Program Files\Visual IP Trace 2007\VisualIPTraceIE.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Program Files\Visual IP Trace 2007\VisualIPTraceIE.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Astroburn Toolbar - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files\Astroburn Toolbar\ABToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P41 "EPSON Stylus Photo RX420 Series (Copie 1)" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe"
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /M "Stylus Photo RX420" /EF "HKCU"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Hyperappel du Petit Larousse 2009.lnk = C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

122 réponses

Précédent
Réponse 81 / 122
Utilisateur anonyme
 
dans les options de kaspersky tu as quarantaine et bien tu supprime tout ce qu il s y trouve

ensuite tu passe a la suite demandée
0
Réponse 82 / 122
luciole761 Messages postés 110 Date d'inscription   Statut Membre Dernière intervention   7
 
Merci pour la manip, j'ai 0 en quarantaine je passe donc à la suite demandée.
0
Réponse 83 / 122
Utilisateur anonyme
 
ok :)
0
Réponse 84 / 122
loloetseb Messages postés 5508 Date d'inscription   Statut Membre Dernière intervention   174
 
Bon a avait bien vu pour les deux lignes.Ca va genhackman ,elle assure la petite luciole
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 85 / 122
Utilisateur anonyme
 
oui j'espere que MBAM sera "positif" :)
0
Réponse 86 / 122
Utilisateur anonyme
 
oui j'espere que MBAM sera "positif" :)
0
Réponse 87 / 122
luciole761 Messages postés 110 Date d'inscription   Statut Membre Dernière intervention   7
 
et voici le rapport tant attendu!!!

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1753
Windows 5.1.2600 Service Pack 3

12/02/2009 19:46:22
mbam-log-2009-02-12 (19-46-22).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|M:\|)
Eléments examinés: 324877
Temps écoulé: 1 hour(s), 38 minute(s), 29 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


Il me semble pas mal qu'est ce que vous en pensez???
0
Réponse 88 / 122
Utilisateur anonyme
 
non il est pas bien du tout
0
Réponse 89 / 122
luciole761 Messages postés 110 Date d'inscription   Statut Membre Dernière intervention   7
 
bon que faut il que je fasse afin qu'il soit bon??? pourtant il me semblait que je ne voyais rien d'infecté??? tant pis on continu
0
Réponse 90 / 122
Utilisateur anonyme
 
si toi tu as tres bien fait ce demandé c est la suite des choses qui n est pas bien

il aurait dû detecter des choses et les supprimer par ton action :(

on continue relance rsit stp(uniquement le log.txt
0
Réponse 91 / 122
luciole761 Messages postés 110 Date d'inscription   Statut Membre Dernière intervention   7
 
voici rapport

Logfile of random's system information tool 1.05 (written by random/random)
Run by HP_Administrateur at 2009-02-12 20:37:31
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 121 GB (66%) free of 184 GB
Total RAM: 1982 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:37:36, on 12/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrateur\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrateur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - C:\Program Files\Visual IP Trace 2007\VisualIPTraceIE.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Program Files\Visual IP Trace 2007\VisualIPTraceIE.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P41 "EPSON Stylus Photo RX420 Series (Copie 1)" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe"
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\RunOnce: [OTMoveIt] C:\Documents and Settings\HP_Administrateur\Bureau\OTMoveIt3.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /M "Stylus Photo RX420" /EF "HKCU"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Hyperappel du Petit Larousse 2009.lnk = C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
0
Réponse 92 / 122
Utilisateur anonyme
 
---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :(si tu l as deja passe a la suite)*
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> *Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :





:processes
explorer.exe

:drivers
azrygqzv
aon9nn53

:files
C:\WINDOWS\system32\drivers\azrygqzv.sys
C:\WINDOWS\system32\drivers\aon9nn53.sys
C:\Tgl0beSCRIPT
C:\Poker
C:\Documents and Settings\HP_Administrateur\Application Data\Flood Light Games
C:\Documents and Settings\All Users\Application Data\NeptunesAdve
C:\WINDOWS\system32\sycvezomsitfno.dll-uninst.exe
C:\WINDOWS\system32\xmlinst.exe
C:\Documents and Settings\HP_Administrateur\Application Data\Astroburn
C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]




---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 93 / 122
luciole761 Messages postés 110 Date d'inscription   Statut Membre Dernière intervention   7
 
Voici le rapport

========== PROCESSES ==========
Process explorer.exe killed successfully.
Error: Unable to interpret <:drivers> in the current context!
Error: Unable to interpret <azrygqzv> in the current context!
Error: Unable to interpret <aon9nn53> in the current context!
========== FILES ==========
File/Folder C:\WINDOWS\system32\drivers\azrygqzv.sys not found.
File/Folder C:\WINDOWS\system32\drivers\aon9nn53.sys not found.
File/Folder C:\Tgl0beSCRIPT not found.
File/Folder C:\Poker not found.
File/Folder C:\Documents and Settings\HP_Administrateur\Application Data\Flood Light Games not found.
File/Folder C:\Documents and Settings\All Users\Application Data\NeptunesAdve not found.
File/Folder C:\WINDOWS\system32\sycvezomsitfno.dll-uninst.exe not found.
File/Folder C:\WINDOWS\system32\xmlinst.exe not found.
File/Folder C:\Documents and Settings\HP_Administrateur\Application Data\Astroburn not found.
File/Folder C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\etilqs_C1XU4ucLwgup4MZ55o1A scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~ROMFN_000009C4 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\cch~32605b77.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~32606055.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~32611f88.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~32612824.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~32614600.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~32614b5b.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~32619e92.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~3261a36b.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~3261bba5.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~3261c06f.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~32620824.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~32621013.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~333b567e.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~333b608a.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~36730458.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~36730b0a.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~3680b35c.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~3680d39b.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~368867e8.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~36889015.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~3688c6b5.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~3688d18f.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~3694eac5.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~3695215d.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~36a0d95b.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cch~36a0ef3f.htp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_384.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\uoxi18p5.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\uoxi18p5.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\uoxi18p5.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\uoxi18p5.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\uoxi18p5.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02122009_214821

Files moved on Reboot...
File C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\etilqs_C1XU4ucLwgup4MZ55o1A not found!
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\WCESLog.log moved successfully.
File C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\~ROMFN_000009C4 not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\cch~32605b77.htp not found!
File C:\WINDOWS\temp\cch~32606055.htp not found!
File C:\WINDOWS\temp\cch~32611f88.htp not found!
File C:\WINDOWS\temp\cch~32612824.htp not found!
File C:\WINDOWS\temp\cch~32614600.htp not found!
File C:\WINDOWS\temp\cch~32614b5b.htp not found!
File C:\WINDOWS\temp\cch~32619e92.htp not found!
File C:\WINDOWS\temp\cch~3261a36b.htp not found!
File C:\WINDOWS\temp\cch~3261bba5.htp not found!
File C:\WINDOWS\temp\cch~3261c06f.htp not found!
File C:\WINDOWS\temp\cch~32620824.htp not found!
File C:\WINDOWS\temp\cch~32621013.htp not found!
File C:\WINDOWS\temp\cch~333b567e.htp not found!
File C:\WINDOWS\temp\cch~333b608a.htp not found!
File C:\WINDOWS\temp\cch~36730458.htp not found!
File C:\WINDOWS\temp\cch~36730b0a.htp not found!
File C:\WINDOWS\temp\cch~3680b35c.htp not found!
File C:\WINDOWS\temp\cch~3680d39b.htp not found!
File C:\WINDOWS\temp\cch~368867e8.htp not found!
File C:\WINDOWS\temp\cch~36889015.htp not found!
File C:\WINDOWS\temp\cch~3688c6b5.htp not found!
File C:\WINDOWS\temp\cch~3688d18f.htp not found!
File C:\WINDOWS\temp\cch~3694eac5.htp not found!
File C:\WINDOWS\temp\cch~3695215d.htp not found!
File C:\WINDOWS\temp\cch~36a0d95b.htp not found!
File C:\WINDOWS\temp\cch~36a0ef3f.htp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_384.dat not found!
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\uoxi18p5.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\uoxi18p5.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\uoxi18p5.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\uoxi18p5.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\uoxi18p5.default\urlclassifier3.sqlite moved successfully.
0
Réponse 94 / 122
Utilisateur anonyme
 
bon alors la on a un souci , refais le en mode sans echec stp
0
Réponse 95 / 122
luciole761 Messages postés 110 Date d'inscription   Statut Membre Dernière intervention   7
 
En mode sans échec je ne trouve plus otmoveit????? je trouve juste les rapports sous C:
0
Réponse 96 / 122
luciole761 Messages postés 110 Date d'inscription   Statut Membre Dernière intervention   7
 
Ca y est j'ai réussi, voici donc le rapport

========== PROCESSES ==========
Process explorer.exe killed successfully.
Error: Unable to interpret <:drivers > in the current context!
Error: Unable to interpret <azrygqzv > in the current context!
Error: Unable to interpret <aon9nn53 > in the current context!
========== FILES ==========
File/Folder C:\WINDOWS\system32\drivers\azrygqzv.sys not found.
File/Folder C:\WINDOWS\system32\drivers\aon9nn53.sys not found.
File/Folder C:\Tgl0beSCRIPT not found.
File/Folder C:\Poker not found.
File/Folder C:\Documents and Settings\HP_Administrateur\Application Data\Flood Light Games not found.
File/Folder C:\Documents and Settings\All Users\Application Data\NeptunesAdve not found.
File/Folder C:\WINDOWS\system32\sycvezomsitfno.dll-uninst.exe not found.
File/Folder C:\WINDOWS\system32\xmlinst.exe not found.
File/Folder C:\Documents and Settings\HP_Administrateur\Application Data\Astroburn not found.
File/Folder C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02122009_223601
0
Réponse 97 / 122
loloetseb Messages postés 5508 Date d'inscription   Statut Membre Dernière intervention   174
 
Ah elle s'accroche de plus en plus les bebetes.Bonsoir luciole
0
Réponse 98 / 122
Utilisateur anonyme
 
-- Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.
-- Ne pas utiliser en dehors de ce cas de figure : dangereux!

Lors de son exécution,
ComboFix va vérifier si la Console de récupération Microsoft Windows est installée. Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir pré-installée sur votre PC avant toute suppression de nuisibles.
Elle vous permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de vous aider plus facilement si jamais votre ordinateur rencontre un problème après une tentative de nettoyage.

<gras>Suivez les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows</gras>

et lorsque cela vous est demandé, acceptez le Contrat de Licence Utilisateur Final pour installer la Console de récupération Microsoft Windows.
Sous XP
https://support.microsoft.com/en-us/help/310994
Sous Vista
http://www.commentcamarche.net/faq/sujet 13735 console de recuperation vista sur cd bootable
**Note importante: Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.



Télécharges ComboFix à partir d'un de ces liens :
En premier
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

A lire
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


Et important, enregistre le sous "moi.exe" sur le bureau.

Avant d'utiliser ComboFix :

? Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
? Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.


Une fois fait, sur ton bureau double-clic sur moi.exe

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

? Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

? Reviens sur le forum, et

copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

0
Réponse 99 / 122
luciole761 Messages postés 110 Date d'inscription   Statut Membre Dernière intervention   7
 
Bonjour,

J'ai effectué les manip demandées mais depuis ce matin je ne peux plus faire fonctionner l'ordinateur, il ne s'allume plus qu'en mode sans échec. je suis en ce moment sur un autre ordinateur, dans l'attente de toute suggestions de votre part. merci d'avance pour l'aide que vous pourrez m'apporter.
0
Réponse 100 / 122
luciole761 Messages postés 110 Date d'inscription   Statut Membre Dernière intervention   7
 
Voici le rapport que donne combofix

ComboFix 09-02-12.03 - HP_Administrateur 2009-02-13 19:38:08.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1982.1704 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\HP_Administrateur\Bureau\moi1.exe
Commutateurs utilisés :: C:\Documents and Settings\HP_Administrateur\Bureau\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Mozilla Firefox\components\65c3601b-beee-0b8d-ba57-07e51585bb61.dll
C:\Program Files\Mozilla Firefox\components\sycvezomsitfno.dll
C:\WINDOWS\system32\404Fix.exe
C:\WINDOWS\system32\Agent.OMZ.Fix.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\IEDFix.C.exe
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\o4Patch.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe
.
---- Exécution préalable -------
.
C:\Program Files\Mozilla Firefox\components\65c3601b-beee-0b8d-ba57-07e51585bb61.dll
C:\Program Files\Mozilla Firefox\components\sycvezomsitfno.dll
C:\WINDOWS\system32\404Fix.exe
C:\WINDOWS\system32\Agent.OMZ.Fix.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\IEDFix.C.exe
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\o4Patch.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-13 au 2009-02-13 ))))))))))))))))))))))))))))))))))))
.

2009-02-11 22:22 . 2009-02-11 22:22 <REP> d-------- C:\Program Files\CCleaner
2009-02-11 21:25 . 2009-02-11 21:25 <REP> d-------- C:\_OTMoveIt
2009-02-11 19:39 . 2009-02-12 11:45 <REP> d-------- C:\rsit
2009-02-11 12:34 . 2009-02-11 12:36 <REP> d-------- C:\Rooter$
2009-02-11 01:53 . 2009-02-11 01:53 579,584 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2009-02-11 01:50 . 2009-02-11 01:51 <REP> d-------- C:\WINDOWS\ERUNT
2009-02-11 01:39 . 2009-02-11 02:36 <REP> d-------- C:\SDFix
2009-02-10 11:16 . 2009-02-11 21:27 <REP> d-------- C:\Program Files\Ad-remover
2009-02-09 22:52 . 2009-02-09 23:00 101,287 --a------ C:\WINDOWS\system32\drivers\klin.dat
2009-02-09 22:52 . 2009-02-09 23:00 89,601 --a------ C:\WINDOWS\system32\drivers\klick.dat
2009-02-09 22:51 . 2009-02-09 22:51 <REP> d-------- C:\Program Files\Kaspersky Lab
2009-02-09 22:51 . 2009-02-12 22:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-02-09 22:51 . 2009-02-13 09:25 5,132,320 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2009-02-09 22:51 . 2009-02-13 09:25 688,160 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2009-02-09 22:51 . 2009-02-13 09:25 41,176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2009-02-09 22:51 . 2009-02-13 09:25 3,432 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2009-02-09 22:45 . 2009-02-09 22:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-09 09:27 . 2009-02-11 21:06 <REP> d-------- C:\Program Files\Navilog1
2009-02-09 09:16 . 2009-02-10 11:13 <REP> d-------- C:\ToolBar SD
2009-02-06 17:40 . 2009-02-06 17:40 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\DAEMON Tools
2009-02-06 17:39 . 2009-02-06 17:39 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2009-02-06 17:39 . 2009-02-06 17:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2009-02-06 17:38 . 2009-02-06 17:40 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\DAEMON Tools Lite
2009-02-03 22:52 . 2004-03-10 16:36 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2009-02-03 22:52 . 2004-03-10 16:36 69,632 --a------ C:\WINDOWS\system32\xmltok.dll
2009-02-03 22:52 . 2004-03-10 16:36 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
2009-02-03 22:52 . 2004-03-10 16:36 35,840 --a------ C:\WINDOWS\system32\comdlg32.oca
2009-02-03 22:52 . 2004-03-10 16:36 29,184 --a------ C:\WINDOWS\system32\MSINET.oca
2009-02-03 16:41 . 2009-02-03 16:41 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\SecretIslandFraBF
2009-01-26 20:13 . 2009-01-26 20:39 <REP> d-------- C:\Documents and Settings\HP_Administrateur\dwhelper
2009-01-20 15:21 . 2009-01-20 15:21 <REP> d-------- C:\Program Files\Virtools
2009-01-20 15:21 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2009-01-20 15:21 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2009-01-16 09:58 . 2009-02-12 10:44 51 --a------ C:\WINDOWS\npornap.INI
2009-01-15 23:54 . 2009-01-25 18:00 <REP> d-------- C:\Program Files\BFG
2009-01-15 23:54 . 2009-01-15 23:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-12 20:41 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\LimeWire
2009-02-12 19:24 --------- d-----w C:\Program Files\LimeWire
2009-02-12 19:24 --------- d-----w C:\Program Files\Incomplete
2009-02-12 11:02 --------- d-----w C:\Program Files\Real
2009-02-12 08:20 --------- d-----w C:\Program Files\Mystery P.I. Vegas Deluxe
2009-02-12 08:18 --------- d-----w C:\Program Files\eMule
2009-02-12 08:15 --------- d-----w C:\Program Files\Fichiers communs\Apple
2009-02-11 20:47 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2009-02-11 09:19 38,496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2009-02-11 02:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-02-09 22:00 33,808 ----a-w C:\WINDOWS\system32\drivers\klbg.sys
2009-02-09 08:22 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\uTorrent
2009-02-06 20:50 --------- d-----w C:\Program Files\Messenger Plus! Live
2009-02-03 21:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2009-01-20 07:27 --------- d-----w C:\Program Files\Rastafarai Script V4-4
2009-01-15 12:51 --------- d-----w C:\Program Files\Magic Encyclopedia
2009-01-15 12:51 --------- d-----w C:\Program Files\Cluedo
2009-01-10 20:48 --------- d-----w C:\Program Files\Java
2009-01-09 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Flood Light Games
2009-01-06 08:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpinTop Games
2009-01-04 20:38 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\GamesCafe
2008-12-28 08:22 --------- d-----w C:\Program Files\GameHouse
2008-12-23 15:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\JollyBear
2008-12-23 15:47 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\PlayFirst
2008-12-20 09:19 --------- d-----w C:\Program Files\Microsoft Carioca
2008-12-15 08:05 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\EPSON
2008-09-22 14:22 59,432 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2008-09-04 09:35 3,072 --sha-w C:\Program Files\Thumbs.db
2008-06-02 08:23 52 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
2008-05-03 21:55 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 10:34 5724184]
"EPSON Stylus Photo RX420 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 02:00 98304]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 20:45 1211176]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 03:33 15360]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-12-09 09:39 160592]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-12-29 11:40 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:34 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 23:50 7311360]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 09:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 22:34 249856]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 06:11 49152]
"EPSON Stylus Photo RX420 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 02:00 98304]
"EPSON Stylus Photo RX420 Series (Copie 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 02:00 98304]
"MsgCenterExe"="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" [2008-05-04 17:19 69632]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-05-04 17:19 185896]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" [2007-06-26 16:58 61440]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 13:09 102400]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 14:09 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-11-20 13:20 290088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-01-10 21:48 136600]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 02:15 77312 C:\WINDOWS\arpwrmsg.exe]
"nwiz"="nwiz.exe" [2006-05-09 23:50 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-05-09 23:50 86016 C:\WINDOWS\system32\nvmctray.dll]

C:\Documents and Settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-02 17:30:15 27136]
PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-01-02 17:30:15 27136]

C:\Documents and Settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-02 17:30:15 27136]
PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-01-02 17:30:15 27136]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Hyperappel du Petit Larousse 2009.lnk - C:\_OTMoveIt\MovedFiles\02122009_214101\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe [2008-10-31 11:46:08 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Rastafarai Script V4-4\\RasTaFaRai-ScRipT.exe"=
"C:\\SnowXtreM\\mirc.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

S0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 17:29:38 33808]
S0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-10-04 09:53:45 28544]
S2 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257;C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted [2004-08-10 12:00:00 14336]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\drivers\klfltdev.sys [2008-03-13 18:02:46 26640]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\drivers\klim5.sys [2008-04-30 17:06:48 24592]
S3 ovt530;Webcam Classic;C:\WINDOWS\system32\drivers\ov530vid.sys [2008-07-27 08:58:18 161792]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\drivers\sis163u.sys [2008-05-03 22:57:21 217088]
.
Contenu du dossier 'Tâches planifiées'

2009-02-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{EFEED92A-A33D-4873-BA8F-32BAA631E54D} - (no file)


.
------- Examen supplémentaire -------
.
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
FF - ProfilePath - C:\Documents and Settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\uoxi18p5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - prefs.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=

---- PARAMETRES FIREFOX ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
C:\Program Files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.bookmark_page", false);
C:\Program Files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.current_page", false);
C:\Program Files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("pref.browser.homepage.disable_button.restore_default", false);
C:\Program Files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importBookmarksHTML", true);
C:\Program Files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.places.importDefaults", false);
C:\Program Files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.search.selectedEngine", "xeoo.com");
C:\Program Files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("keyword.URL", "http://xeoo.com/?p=url&a=firefox&k=");
C:\Program Files\Mozilla Firefox\defaults\profile\prefs.js - user_pref("browser.startup.homepage", "http://www.xeoo.com/?p=h&a=firefox");
.
0

Discussions similaires

apparation intempestives de pub type site de rencontre et photo dans le même ton
Crokino -
Crokino -

6 réponses
Publicités : même son coupé, elles sont à fond
Leboss104 -
loisou17 -

5 réponses
Problème de son dans les pubs
SoleneH -
fanou10 -

3 réponses
Pubs sites de rencontre intempestives
ant44 -
Malekal_morte- -

11 réponses
Publicité s'ouvre toute seule ! ?
RRD91 -
Vinz -

52 réponses