VIRUSSSS SUITE A TELECHARGEMENT

Apres une longue attente.., voici le rapport obtenu:

GenProc @echo off ::========== GenProc.bat 03/03/2007 - narco4 & jean-chretien1 ========= ::========== Merci à S!RI pour la détection des Rootkits! ==========
mode con cols=80 lines=20 & Title GenProc & color 1f
::========== Déclaration des variables =========
set CheminBatch=%cd% set Page=%CheminBatch%\Page set outil=%CheminBatch%\outil set GenProcVersion=2.500 set Arguments=%CheminBatch%\Arguments set Canned=%CheminBatch%\Canned set ChangeLog=%CheminBatch%\ChangeLog set PATH=%PATH%;%CheminBatch%\outil
::========== Vérification de l'ancienneté de GenProc ==========
call "%outil%\CompareDate.bat"
::========== Préparation de Debug.txt ==========
cd "%Arguments%" echo Initialisation GenProc %GenProcVersion% [%date%] à [%time:~,8%] > Debug.txt
echo. >> Debug.txt echo *** Variables initiales SET et temporaires *** >> Debug.txt echo. >> Debug.txt set >> Debug.txt echo. >> Debug.txt echo. *** Liste des composants GenProc *** >> Debug.txt echo. >> Debug.txt dir /b /d /s "%CheminBatch%" >> Debug.txt echo. >> Debug.txt echo *** Liste des étapes franchies avec succès *** >> Debug.txt echo. >> Debug.txt
::========= Verifications version ==========
cd "%outil%" echo OSVers >> "%Arguments%\Debug.txt" call OSVers.bat
::========== Test de l'UAC ==========
echo UAC >> "%Arguments%\Debug.txt" if %OS%==Vista ( reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" > UAC0.txt findstr "0x*" UAC0.txt > UAC1.txt find "0x1" UAC1.txt > NUL if not errorlevel 1 ( call UAC.vbs ) )
::========== Activation Windows Script Host ==========
echo EnableWSH >> "%Arguments%\Debug.txt" call EnableWSH.bat
::========== Verification manque fichiers ==========
echo ManqueFichiers >> "%Arguments%\Debug.txt" cd "%outil%" for /f "tokens=*" %%a in (Arborescence.txt) do if not exist "%CheminBatch%\%%a" Page 1
GenProc ( echo %CheminBatch%\%%a manquant >> "%Arguments%\Debug.txt" goto ManqueFichiers )
goto Inutiles
:ManqueFichiers cd %SystemDrive% echo strComputer = ".">ManqueFichiers.vbs echo Set objWMIService = GetObject("winmgmts:" _>>ManqueFichiers.vbs echo ^& "{impersonationLevel=impersonate}!\\" _>>ManqueFichiers.vbs echo ^& strComputer ^&"\root\cimv2")>>ManqueFichiers.vbs echo Set colProcessList = objWMIService.ExecQuery _>>ManqueFichiers.vbs echo ("Select * from Win32_Process Where Name = 'cmd.exe'")>>ManqueFichiers.vbs echo For Each objProcess in colProcessList>>ManqueFichiers.vbs echo objProcess.Terminate()>>ManqueFichiers.vbs echo Next>>ManqueFichiers.vbs echo Sub RunUrl(sUrl, bMaximized)>>ManqueFichiers.vbs echo Dim oShell>>ManqueFichiers.vbs echo Set oShell = WScript.CreateObject("WSCript.shell")>>ManqueFichiers.vbs echo If bMaximized = True Then>>ManqueFichiers.vbs echo oShell.run sUrl, ^3>>ManqueFichiers.vbs echo Else>>ManqueFichiers.vbs echo oShell.run sUrl, ^1>>ManqueFichiers.vbs echo Set oShell = Nothing>>ManqueFichiers.vbs echo End if>>ManqueFichiers.vbs echo End Sub>>ManqueFichiers.vbs echo MsgBox " "^&VbCrLf^&" Il manque un ou plusieurs fichiers !"^& _ >>ManqueFichiers.vbs echo VbCrLf^&" nécessaires au fonctionnement du programme. "^&VbCrLf^&" "^& _ >>ManqueFichiers.vbs echo VbCrLf^&"Veuillez :"^&VbCrLf^&" "^& _ >>ManqueFichiers.vbs echo VbCrLf^&"1 - Cliqer sur OK pour afficher l'aide"^& _ >>ManqueFichiers.vbs echo VbCrLf^&"2 - Supprimer la totalité du dossier GenProc ainsi que le fichier GenProc.zip "^&VbCrLf^&" "^& _ >>ManqueFichiers.vbs echo VbCrLf^&" ",vbSystemModal+vbExclamation," GenProc" >>ManqueFichiers.vbs echo RunUrl ("http://www.alt-shift-return.org/Info/GenProc-HowTo.html"), true>>ManqueFichiers.vbs call ManqueFichiers.vbs )
::========== Suppression des lignes inutiles selon l'OS ==========
:Inutiles echo sed.bat >> "%Arguments%\Debug.txt" call sed.bat
::========= verification AV Norton ==========
echo AVNorton >> "%Arguments%\Debug.txt" if exist Norton.txt goto info tasklist.exe | find /i "ccApp.exe" > NUL if not errorlevel 1 ( echo Norton > Norton.txt call Norton.vbs )
::========== Vérification premier lancement de GenProc ==========
:info if exist 1.txt goto suite call info.vbs echo 1 >1.txt :suite cls echo
Page 2
GenProc ________________________________________________________________________________ echo GenProc *** narco4 ~ jean chretien1 *** [%GenProcVersion%] echo ________________________________________________________________________________ echo ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ» echo º º echo º º echo º ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ º echo º ³ Veuillez patienter pendant que GenProc teste diverses infections³ º echo º ³ Ceci peut durer de 30 secondes a 1 minute trente environ ³ º echo º ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ º echo º º echo º º echo ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ
::========== Appel de Var.bat & Supprime_Du_Debut (Supression debut) ==========
echo Var.bat >> "%Arguments%\Debug.txt" call Var.bat & call Supprime_Du_Debut.bat
::========= Initialiation compteur d'étapes GenProc ==========
set ComptProc=1
::========== Nombre de lancements de GenProc ==========
echo Lancements >> "%Arguments%\Debug.txt" call Lancements.bat
::========== Initialisation Argument.txt ==========
echo. >> "%Arguments%\Argument.txt" echo # Détections [%nbre3%] GenProc %GenProcVersion% %date% à %time:~,8% >> "%Arguments%\Argument.txt"
::========== Téléchargements ==========
echo ^<head^> > "%Page%\GenProc[%nbre3%].html" echo ^<link rel="stylesheet" media="screen" type="text/css" title="design" href="GenProcPage/design.css" /^> >> "%Page%\GenProc[%nbre3%].html" echo ^<title^>Rapport GenProc [%nbre3%]^</title^> >> "%Page%\GenProc[%nbre3%].html" echo ^</head^> >> "%Page%\GenProc[%nbre3%].html" echo ^<body^> >> "%Page%\GenProc[%nbre3%].html" echo ^<center^>^<img src="GenProcPage/2.gif" /^> ^</center^>^<br /^>^<br /^> >> "%Page%\GenProc[%nbre3%].html"
::========== Test résident Spybot Tea Timer ==========
echo Protections résidentes >> "%Arguments%\Debug.txt" echo TeaTimer >> "%Arguments%\Debug.txt" tasklist.exe | find /i "TeaTimer.exe" > NUL if not errorlevel 1 ( Page 3
GenProc type "%Canned%\TeaTimer.txt" >> "%Page%\GenProc[%nbre3%].html" )
::========= Test résident SpywareTerminator =========
echo SpywareTerminator >> "%Arguments%\Debug.txt" tasklist.exe | find /i "sp_rsser.exe" > NUL if not errorlevel 1 ( type "%Canned%\SpywareTerminator.txt" >> "%Page%\GenProc[%nbre3%].html" )
::========== Test résident A-Squared ==========
echo ASquared >> "%Arguments%\Debug.txt" tasklist.exe | find /i "a2service.exe" > NUL if not errorlevel 1 ( type "%Canned%\A-Squared.txt" >> "%Page%\GenProc[%nbre3%].html" )
::========== Vérification présence CCleaner ==========
echo VerifCCleaner >> "%Arguments%\Debug.txt" if not exist CCleanerOK.txt ( if exist "%ProgramFiles%\CCleaner" ( type "%Canned%\CCleaner_48H.txt" >> "%Page%\GenProc[%nbre3%].html" echo CCleanerOk >> "%outil%\CCleanerOK.txt" ) )
::========== Téléchargements ==========
echo ^<div class="decalage"^>^<img src="GenProcPage/4.gif" /^>^<em class="etapes"^>Etape %ComptProc%^</em^>/ Télécharge :^</div^>^<br /^> >> "%Page%\GenProc[%nbre3%].html"
:: if not exist "%outil%\CCleanerOK.txt" ( if not exist "%ProgramFiles%\CCleaner" (type "%Canned%\CCleaner_Dl.txt" >> "%Page%\GenProc[%nbre3%].html" echo CCleanerOk >> "%outil%\CCleanerOK.txt" )
::========== Tests infections ==========
echo Tests infections >> "%Arguments%\Debug.txt" cd "%ChangeLog%" ::========== Rustock =========
:Rustock_Test echo Rustock >> "%Arguments%\Debug.txt" set ComptRustock=0 setlocal enabledelayedexpansion for /f " tokens=*" %%i in (RustockLog.txt) do call :RustockChch "%%i"& if "!ComptRustock!"=="1" goto :eof goto Bagle_Test :RustockChch "%outil%\swreg.exe" add "HKLM\System\CurrentControlSet\Services\%~1" >nul "%outil%\swreg.exe" save "HKLM\System\CurrentControlSet\Services\%~1" "%outil%\tmp.hiv" >nul "%outil%\swreg.exe" delete "HKLM\System\CurrentControlSet\Services\%~1" >nul if exist "%outil%\tmp.hiv" goto :eof set ComptRustock=1 echo inf >> "%outil%\inf.txt" if exist "%outil%\stp.txt" del "%outil%\stp.txt" Page 4
GenProc type "%Canned%\Rustock_Dl.txt" >> "%Page%\GenProc[%nbre3%].html" echo Rustock: le %date% à %time:~,8% %1 present! >> "%Arguments%\Argument.txt" goto Notepad
::========= Bagle ==========
:Bagle_Test echo Bagle >> "%Arguments%\Debug.txt" set ComptBagle=0 setlocal enabledelayedexpansion for /f " tokens=*" %%i in (BagleLog.txt) do call :BagleChch "%%i"& if "!ComptBagle!"=="1" goto :eof goto Haxfix_Test :BagleChch if not exist "%~1" goto :eof set ComptBagle=1 echo inf >>"%outil%\inf.txt" if exist "%outil%\stp.txt" del "%outil%\stp.txt" type "%Canned%\Bagle2_Dl.txt" >> "%Page%\GenProc[%nbre3%].html" echo Bagle:le %date% à %time:~,8% %1 >> "%Arguments%\Argument.txt" goto Notepad
::========== Haxfix ==========
:Haxfix_Test echo Haxfix >> "%Arguments%\Debug.txt" set ComptHaxfix=0 if %OS%==Vista goto WareOut_Test if exist "%outil%\HaxfixOK.txt" goto lop_test setlocal enabledelayedexpansion for /f " tokens=*" %%i in (HaxfixLog.txt) do call :HaxfixChch "%%i"& if "!ComptHaxfix!"=="1" goto :eof goto WareOut_Test :HaxfixChch if not exist "%~1" goto :eof set ComptHaxfix=1 echo inf >>"%outil%\inf.txt" if exist "%outil%\stp.txt" del "%outil%\stp.txt" type "%Canned%\Haxfix_Dl.txt" >> "%Page%\GenProc[%nbre3%].html" echo Haxdoor:le %date% à %time:~,8% %1 >> "%Arguments%\Argument.txt" echo HaxFix > "%outil%\HaxfixOK.txt" goto Notepad
::========== WareOut ==========
:WareOut_Test echo WareOut >> "%Arguments%\Debug.txt" set ComptWareOut=0 cd "%outil%" for /f "tokens=*" %%a in ('reg query "HKLM\SYSTEM" ^| find "ControlSet"') do echo %%a | sed "s/ $//g;s/$/\\Services\\Tcpip\\Parameters\\Interfaces/g;s/$/\r/g" > ControlSet.txt for /f "tokens=*" %%b in (ControlSet.txt) do reg query %%b | find "{" > Interfaces.txt for /f "tokens=*" %%c in (Interfaces.txt) do reg query %%c | find "85.255" > NUL >NUL & if not errorlevel 1 ( echo inf >>"%outil%\inf.txt" if exist "%outil%\stp.txt" del "%outil%\stp.txt" type "%Canned%\WORT_Dl.txt" >> "%Page%\GenProc[%nbre3%].html" set ComptWareOut=1 echo WareOut:le %date% à %time:~,8% >> "%Arguments%\Argument.txt" echo [%%c] >> "%Arguments%\Argument.txt" Page 5
GenProc reg query %%c | find "85.255" >> "%Arguments%\Argument.txt" goto lop_Test ) reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins" 2>NUL>nul if not errorlevel 1 ( echo inf >>"%outil%\inf.txt" if exist "%outil%\stp.txt" del "%outil%\stp.txt" type "%Canned%\WORT_Dl.txt" >> "%Page%\GenProc[%nbre3%].html" echo WareOut:le %date% à %time:~,8% HKLM\....\ruins >> "%Arguments%\Argument.txt" set /a ComptWareOut=%ComptWareOut%+1 goto lop_Test ) reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls" 2>NUL>nul if not errorlevel 1 ( echo inf >>"%outil%\inf.txt" if exist "%outil%\stp.txt" del "%outil%\stp.txt" type "%Canned%\WORT_Dl.txt" >> "%Page%\GenProc[%nbre3%].html" echo WareOut:le %date% à %time:~,8% HKLM\....\Urls >> "%Arguments%\Argument.txt" set /a ComptWareOut=%ComptWareOut%+1 goto lop_Test ) setlocal enabledelayedexpansion cd "%ChangeLog%" for /f " tokens=*" %%i in (WareOutLog.txt) do call :WareOutChch "%%i"& if "!ComptWareOut!"=="1" goto :eof goto lop_Test
:WareOutChch if not exist "%~1" goto :eof set ComptWareOut=1 echo inf >>"%outil%\inf.txt" if exist "%outil%\stp.txt" del "%outil%\stp.txt" type "%Canned%\WORT_Dl.txt" >> "%Page%\GenProc[%nbre3%].html" echo WareOut:le %date% à %time:~,8% %1 >> "%Arguments%\Argument.txt"
::========== Lop ==========
:lop_Test echo lop >> "%Arguments%\Debug.txt" set ComptLop=0 setlocal enabledelayedexpansion for /f " tokens=*" %%i in (LopLog.txt) do call :LopChch "%%i"& if " !ComptLop!"=="1" goto :eof goto Navipromo_Test :LopChch if not exist "%~1" goto :eof set ComptLop=1 echo inf >>"%outil%\inf.txt" if exist "%outil%\stp.txt" del "%outil%\stp.txt" type "%Canned%\Lop_Dl.txt" >> "%Page%\GenProc[%nbre3%].html" echo Lop:le %date% à %time:~,8% %1 >> "%Arguments%\Argument.txt
::========== Navipromo ==========
:Navipromo_Test echo Navipromo >> "%Arguments%\Debug.txt" set ComptNavipromo=0 setlocal enabledelayedexpansion reg query "HKCU\Software\Lanconfig" 2>NUL>nul if not errorlevel 1 ( echo inf >>"%outil%\inf.txt" if exist "%outil%\stp.txt" del "%outil%\stp.txt" echo Infection Navipromo>>"%Systemdrive%\gennavi.txt" Page 6
GenProc type "%Canned%\Navilog1_Dl.txt" >> "%Page%\GenProc[%nbre3%].html" echo Navipromo:le %date% à %time:~,8% HKCU\....\Lanconfig >> "%Arguments%\Argument.txt" set /a ComptNavipromo=%ComptNavipromo%+1 goto WinSoftware_Test ) for /f " tokens=*" %%i in (NaviLog.txt) do call :NaviChch "%%i"& if " !ComptNavipromo!"=="1" goto :eof goto WinSoftware_Test :NaviChch if not exist "%~1" goto :eof set ComptNavipromo=1 echo inf >>"%outil%\inf.txt" if exist "%outil%\stp.txt" del "%outil%\stp.txt" echo Infection Navipromo>>"%Systemdrive%\gennavi.txt" type "%Canned%\Navilog1_Dl.txt" >> "%Page%\GenProc[%nbre3%].html" echo Navipromo:le %date% à %time:~,8% %1 >> "%Arguments%\Argument.txt"
::========== WinSoftware ==========
:WinSoftware_Test echo WinSoftware >> "%Arguments%\Debug.txt" set ComptWinSoftware=0 setlocal enabledelayedexpansion for /f " tokens=*" %%i in (WinSoftware.txt) do call :WinSoftChch "%%i"& if " !ComptWinSoftware!"=="1" goto :eof goto ToolbarSD_Test :WinSoftChch if not exist "%~1" goto :eof set ComptWinSoftware=1 echo inf >>"%outil%\inf.txt" if exist "%outil%\stp.txt" del "%outil%\stp.txt" type "%Canned%\bfu_Dl.txt" >> "%Page%\GenProc[%nbre3%].html" type "%Canned%\Winsoftware_bfu_Dl.txt" >> "%Page%\GenProc[%nbre3%].html" echo Winsoftware:le %date% à %time:~,8% %1 >> "%Arguments%\Argument.txt" set /a ComptWinSoftware=%ComptWinSoftware%+1
::========== ToolbarSD ==========
:ToolbarSD_Test echo ToolbarSD >> "%Arguments%\Debug.txt" set ComptToolbarSD=0 setlocal enabledelayedexpansion for /f " tokens=*" %%i in (ToolbarSDLog.txt) do call :ToolbarSDChch "%%i"& if "!ComptToolbarSD!"=="1" goto :eof goto Vundo_Test :ToolbarSDChch if not exist "%~1" goto :eof set ComptToolbarSD=1 echo inf >>"%outil%\inf.txt" if exist "%outil%\stp.txt" del "%outil%\stp.txt" type "%Canned%\ToolbarSD_Dl.txt" >> "%Page%\GenProc[%nbre3%].html" echo Toolbar:le %date% à %time:~,8% %1 >> "%Arguments%\Argument.txt"
::========== Vundo ==========
:Vundo_Test echo Vundo >> "%Arguments%\Debug.txt" set ComptVundo=0 if %OS%==XP ( findstr /C:"Microsoft Windows Recovery Conçole" %SystemDrive%\boot.ini > NUL if errorlevel 1 (set CannedVundo="%Canned%\Vundo_Recovery_Dl.txt") else (set Page 7
GenProc CannedVundo="%Canned%\Vundo_Dl.txt")) else (set CannedVundo="%Canned%\Vundo_Dl.txt") setlocal enabledelayedexpansion reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" | findstr /I /R "rundll32\.exe.*\".*system32\\.*\.dll\",[bsae]" >NUL if not errorlevel 1 ( set ComptVundo=1 echo inf >>"%outil%\inf.txt" if exist "%outil%\stp.txt" del "%outil%\stp.txt" type %CannedVundo% >> "%Page%\GenProc[%nbre3%].html" echo Vundo:le %date% à %time:~,8% RegExp >> "%Arguments%\Argument.txt" goto Smitfraud_Test ) for /f " tokens=*" %%i in (VundoLog.txt) do call :VundoChch "%%i"& if "!ComptVundo!"=="1" goto :eof goto Smitfraud_Test :VundoChch if not exist "%~1" goto :eof set ComptVundo=1 echo inf >>"%outil%\inf.txt" if exist "%outil%\stp.txt" del "%outil%\stp.txt" type %CannedVundo% >> "%Page%\GenProc[%nbre3%].html" echo Vundo:le %date% à %time:~,8% %1 >> "%Arguments%\Argument.txt"
::========== Smitfraud ==========
:Smitfraud_Test echo Smitfraud >> "%Arguments%\Debug.txt" set ComptSmitfraud=0 setlocal enabledelayedexpansion for /f " tokens=*" %%i in (SmitLog.txt) do call :SmitChch "%%i"& if "!ComptSmitfraud!"=="1" goto :eof goto SDfix :SmitChch if not exist "%~1" goto :eof set ComptSmitfraud=1 echo inf >>"%outil%\inf.txt" if exist "%outil%\stp.txt" del "%outil%\stp.txt" type "%Canned%\SmitfraudFix_Dl.txt" >> "%Page%\GenProc[%nbre3%].html" echo Smitfraud:le %date% à %time:~,8% %1 >> "%Arguments%\Argument.txt"
::========== SDfix ==========
:SDfix echo SDfix >> "%Arguments%\Debug.txt" set ComptSDfix=0 if %OS%==Vista goto FixWebHancer for /f " tokens=*" %%i in (SDfixLog.txt) do call :SDfixChch "%%i"& if "!ComptSDfix!"=="1" goto :eof goto FixWebHancer :SDfixChch if not exist "%~1" goto :eof set ComptSDfix=1 echo inf >>"%outil%\inf.txt" if exist "%outil%\stp.txt" del "%outil%\stp.txt" type "%Canned%\SDfix_Dl.txt" >> "%Page%\GenProc[%nbre3%].html" echo SDfix:le %date% à %time:~,8% %1 >> "%Arguments%\Argument.txt"
::========== FixWebHancer ==========
:FixWebHancer echo WebHancer >> "%Arguments%\Debug.txt" Page 8
GenProc set ComptFixWebHancer=0 setlocal enabledelayedexpansion for /f " tokens=*" %%i in (FixWebHancerLog.txt) do call :FixWebHancerChch "%%i"& if "!ComptFixWebHancer!"=="1" goto :eof goto RemGAIN :FixWebHancerChch if not exist "%~1" goto :eof set ComptFixWebHancer=1 echo inf >> "%outil%\inf.txt" if exist "%outil%\stp.txt" del "%outil%\stp.txt" type "%Canned%\FixWebHancer_Dl.txt" >> "%Page%\GenProc[%nbre3%].html" echo WebHancer:le %date% à %time:~,8% %1 >> "%Arguments%\Argument.txt"
::========= RemGAIN ==========
:RemGAIN echo RemGain >> "%Arguments%\Debug.txt" set ComptRemGAIN=0 setlocal enabledelayedexpansion reg query "HKLM\SOFTWARE\Gator.com" 2>NUL>nul if not errorlevel 1 ( echo inf >>"%outil%\inf.txt" if exist "%outil%\stp.txt" del "%outil%\stp.txt" type "%Canned%\RemGAIN_Dl.txt" >> "%Page%\GenProc[%nbre3%].html" echo Gator:le %date% à %time:~,8% HKLM\SOFTWARE\Gator.com >> "%Arguments%\Argument.txt" set /a ComptRemGAIN=%ComptRemGAIN%+1 goto FxNdotN ) for /f " tokens=*" %%i in (RemGainLog.txt) do call :RemGainChch "%%i"& if "!ComptRemGAIN!"=="1" goto :eof goto FxNdotN :RemGainChch if not exist "%~1" goto :eof set ComptRemGAIN=1 echo inf >>"%outil%\inf.txt" if exist "%outil%\stp.txt" del "%outil%\stp.txt" type "%Canned%\RemGAIN_Dl.txt" >> "%Page%\GenProc[%nbre3%].html" echo Gator:le %date% à %time:~,8% %1 >> "%Arguments%\Argument.txt"
::========== FxNdotN =========
:FxNdotN echo NewDotNet >> "%Arguments%\Debug.txt" set ComptFxNdotN=0 setlocal enabledelayedexpansion for /f " tokens=*" %%i in (FxNdotNLog.txt) do call :FxNdotNChch "%%i"& if "!ComptFxNdotN!"=="1" goto :eof goto Purity_Test :FxNdotNChch if not exist "%~1" goto :eof set ComptFxNdotN=1 echo inf >> "%outil%\inf.txt" if exist "%outil%\stp.txt" del "%outil%\stp.txt" type "%Canned%\FxNdotN_Dl.txt" >> "%Page%\GenProc[%nbre3%].html" echo FxNdotN:le %date% à %time:~,8% %1 >> "%Arguments%\Argument.txt"
::========= Purity =========
:Purity_Test echo Purity >> "%Arguments%\Debug.txt" set ComptPurity=0 Page 9
GenProc setlocal enabledelayedexpansion for /f " tokens=*" %%i in (PurityLog.txt) do call :PurityChch "%%i"& if " !ComptPurity!"=="1" goto :eof goto Look2Me :PurityChch if not exist "%~1" goto :eof set ComptPurity=1 echo inf >>"%outil%\inf.txt" if exist "%outil%\stp.txt" del "%outil%\stp.txt" type "%Canned%\Purity_Dl.txt" >> "%Page%\GenProc[%nbre3%].html" echo Purity:le %date% à %time:~,8% %1 >> "%Arguments%\Argument.txt"
::========= Look2Me =========
:Look2Me echo Look2Me >> "%Arguments%\Debug.txt" setlocal enabledelayedexpansion set ComptLook2Me=0 if exist %SystemRoot%\system32\guard.tmp ( echo inf >>"%outil%\inf.txt" if exist "%outil%\stp.txt" del "%outil%\stp.txt" type "%Canned%\Look2me_Dl.txt" >> "%Page%\GenProc[%nbre3%].html" echo Look2me:le %date% à %time:~,8% %SystemRoot%\system32\guard.tmp >> "%Arguments%\Argument.txt" set /a ComptLook2Me=%ComptLook2Me%+1 goto MSNfix ) reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" > "%outil%\WinlogonNotify_Reg.txt" for /f " tokens=*" %%i in (Look2MeLog.txt) do call :Look2MeChch "%%i" & if "!ComptLook2Me!"=="1" goto :eof goto MSNfix :Look2MeChch findstr /i /C:"\%~1" "%outil%\WinlogonNotify_Reg.txt" > NUL & if errorlevel 1 goto :eof set ComptLook2Me=1 echo inf >>"%outil%\inf.txt" if exist "%outil%\stp.txt" del "%outil%\stp.txt" type "%Canned%\Look2me_Dl.txt" >> "%Page%\GenProc[%nbre3%].html" echo Look2Me:le %date% à %time:~,8% %1 >> "%Arguments%\Argument.txt"
::========== MSNfix ==========
:MSNfix echo MSNFix >> "%Arguments%\Debug.txt" set ComptMSNfix=0 for /f " tokens=*" %%i in (MSNfixLog.txt) do call :MSNChch "%%i"& if "!ComptMSNfix!"=="1" goto :eof goto Flash_Disinfector :MSNChch if not exist "%~1" goto :eof set ComptMSNfix=1 echo inf >>"outil%\inf.txt" if exist "%outil%\stp.txt" del "outil%\stp.txt" type "%Canned%\MSNFix_Dl.txt" >> "%Page%\GenProc[%nbre3%].html" echo MSNFix:le %date% à %time:~,8% %1 >> "%Arguments%\Argument.txt"
::========== Flash_Disinfector =========
:Flash_Disinfector echo Flash >> "%Arguments%\Debug.txt" set ComptFlash=0 Page 10
GenProc setlocal enabledelayedexpansion for /f " tokens=*" %%i in (FlashLog.txt) do call :FlashChch "%%i"& if "!ComptFlash!"=="1" goto :eof goto Yoog_Test :FlashChch if not exist "%~1" goto :eof set ComptFlash=1 echo inf >>"%outil%\inf.txt" if exist "%outil%\stp.txt" del "%outil%\stp.txt" type "%Canned%\Flash_Disinfector_Dl.txt" >> "%Page%\GenProc[%nbre3%].html" echo Flash:le %date% à %time:~,8% %1 >> "%Arguments%\Argument.txt"
::========== Yoog_Test =========
:Yoog_Test echo Yoog >> "%Arguments%\Debug.txt" set ComptYoog=0 setlocal enabledelayedexpansion for /f " tokens=*" %%i in (YoogLog.txt) do call :YoogChch "%%i"& if "!ComptYoog!"=="1" goto :eof goto YoogFFProfile :YoogChch if not exist "%~1" goto :eof set ComptYoog=1 echo inf >>"%outil%\inf.txt" if exist "%outil%\stp.txt" del "%outil%\stp.txt" type "%Canned%\Yoog_Dl.txt" >> "%Page%\GenProc[%nbre3%].html" echo Yoog:le %date% à %time:~,8% %1 >> "%Arguments%\Argument.txt" goto MSE
:YoogFFProfile if not exist "%AppData%\Mozilla\Firefox\profiles.ini" goto MSE type "%AppData%\Mozilla\Firefox\profiles.ini" | find "Path" | sed.exe "s/Path=Profiles\///g" >> PathFF.txt for /f "tokens=*" %%a in (PathFF.txt) do echo %AppData%\Mozilla\Firefox\Profiles\%%a\>> Profils_FF.txt for /f "tokens=*" %%a in (Profils_FF.txt) do for /f "tokens=*" %%b in (YoogLogFF.txt) do echo %%a%%b >> YoogLog1.txt for /f " tokens=*" %%i in (YoogLog1.txt) do call :YoogChch2 "%%i"& if "!ComptYoog!"=="1" goto :eof goto MSE :YoogChch2 if not exist "%~1" goto :eof set ComptYoog=1 echo inf >>"%outil%\inf.txt" if exist "%outil%\stp.txt" del "%outil%\stp.txt" type "%Canned%\Yoog_Dl.txt" >> "%Page%\GenProc[%nbre3%].html" echo Yoog:le %date% à %time:~,8% %1 >> "%Arguments%\Argument.txt"
::======== Mode sans échec ========
:MSE echo ^<br /^>^<div class="decalage2"^>^<img src="GenProcPage/important.gif" alt="important" title="important" /^>^<strong^> Redémarre en mode sans échec comme indiqué^</strong^>^<a href= "https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/" target="_blank"^>^<em^> ICI ^</em^>^</a^> ; Choisis ta session courante *** ^<em class="mse"^>%USERNAME%^</em^> *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[%nbre3%]" sur ton bureau).^</div^>^<br /^>^<br /^> >> "%Page%\GenProc[%nbre3%].html" set /a ComptProc=%ComptProc%+1
::========== Bilan Tests =========
Page 11
GenProc
:Bilan_Tests echo Bilan >> "%Arguments%\Debug.txt"
if not %ComptWareOut%==0 goto Desinfections if not %ComptLop%==0 goto Desinfections if not %ComptSmitfraud%==0 goto Desinfections if not %ComptSDfix%==0 goto Desinfections if not %ComptVundo%==0 goto Desinfections if not %ComptNavipromo%==0 goto Desinfections if not %ComptWinSoftware%==0 goto Desinfections if not %ComptToolbarSD%==0 goto Desinfections if not %ComptFixWebHancer%==0 goto Desinfections if not %ComptRemGAIN%==0 goto Desinfections if not %ComptFxNdotN%==0 goto Desinfections if not %ComptPurity%==0 goto Desinfections if not %ComptLook2Me%==0 goto Desinfections if not %ComptMSNfix%==0 goto Desinfections if not %ComptFlash%==0 goto Desinfections if not %ComptYoog%==0 goto Desinfections
::========== Scan en ligne =========
if exist "%ProgramFiles%\Eset" (set ScanAntivirus="%Canned%\ScanAntivirusPanda.txt") else (set ScanAntivirus="%Canned%\ScanAntivirusNod32.txt")
::========== Préparation rapport html ==========
cd "%Page%" echo ^<head^> > GenProc[%nbre3%].html echo ^<link rel="stylesheet" media="screen" type="text/css" title="design" href="GenProcPage/design.css" /^> >> GenProc[%nbre3%].html echo ^<title^>Rapport GenProc [%nbre3%]^</title^> >> GenProc[%nbre3%].html echo ^</head^> >> GenProc[%nbre3%].html echo ^<body^> >> GenProc[%nbre3%].html echo ^<center^>^<img src="GenProcPage/2.gif" /^>^</center^>^<br /^>^<br /^> >> GenProc[%nbre3%].html echo ^<center^>^<strong^>GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante : ^</center^>^</strong^>^<br /^>^<br /^> >> GenProc[%nbre3%].html
::========== Appel de Curl_HJT.bat & call supprime.bat ==========
cd "%outil%" call Curl_HJT.bat & call supprime.bat echo cURL_HJT >> "%Arguments%\Debug.txt" if exist Suspect.txt ( echo Fais scanner le^(s^) fichier^(s^) suivant^(s^) sur ce site ^<a href="https://www.virustotal.com/gui/" target="_blank"^>https://www.virustotal.com/gui/^</a^> :^<br /^>^<br /^> >> "%Page%\GenProc[%nbre3%].html" type Suspect.txt >> "%Page%\GenProc[%nbre3%].html" echo ^<br /^> >> "%Page%\GenProc[%nbre3%].html" echo et poste le^(s^) rapport^(s^) obtenu^(s^) dans ta prochaine réponse.^<br /^> >> "%Page%\GenProc[%nbre3%].html" goto site )
if exist stp.txt ( goto scan ) if exist inf.txt ( echo stp > stp.txt type "%Canned%\ToolCleaner.txt" >> "%Page%\GenProc[%nbre3%].html" ) :scan Page 12
GenProc type %ScanAntivirus% >> "%Page%\GenProc[%nbre3%].html"
:site ::========== Afichage des deux sites ==========
echo ^<center^>----------------------------------------------------------------------^</center^> >> "%Page%\GenProc[%nbre3%].html" echo ^<center^>Sites officiels GenProc : ^<a href= "http://www.alt-shift-return.org/Info/GenProc-HowTo.html" target="_blank"^>^<em class ="site"^>alt-shift-return.org^</em^>^</a^> et ^<a href= "http://ww11.genproc.com/" target="_blank"^>^<em class ="site"^>GenProc.com^</em^>^</a^>^</center^>^</body^> >> "%Page%\GenProc[%nbre3%].html" echo ^<center^>----------------------------------------------------------------------^</center^>^<br /^> >> "%Page%\GenProc[%nbre3%].html" cd "%Arguments%" echo. >> Debug.txt echo ScanAntivirus >> Debug.txt echo Rapport GenProc %GenProcVersion% [%nbre3%] - %date% à %time:~,8% - Windows %OS% > GenProc[%nbre3%].txt echo. >> GenProc[%nbre3%].txt cd "%outil%" sed.exe -f commandes.sed "%Page%\GenProc[%nbre3%].html" >> "%Arguments%\GenProc[%nbre3%].txt"
::========== Construction premier vbs ========
echo strComputer = ".">message.vbs echo Set objWMIService = GetObject("winmgmts:" _>>message.vbs echo ^& "{impersonationLevel=impersonate}!\\" _>>message.vbs echo ^& strComputer ^&"\root\cimv2")>>message.vbs echo Set colProcessList = objWMIService.ExecQuery _>>message.vbs echo ("Select * from Win32_Process Where Name = 'cmd.exe'")>>message.vbs echo For Each objProcess in colProcessList>>message.vbs echo objProcess.Terminate()>>message.vbs echo Set objWMIService = Nothing>>message.vbs echo Set colProcessList = Nothing>>message.vbs echo Next>>message.vbs echo Dim Shell, DesktopPath, URL>>message.vbs echo Set Shell = CreateObject("WScript.Shell")>>message.vbs echo DesktopPath = Shell.SpecialFolders("Desktop")>>message.vbs echo Set URL = Shell.CreateShortcut(DesktopPath ^& "\Rapport - GenProc[%nbre3%].URL")>>message.vbs echo URL.TargetPath = "%Page%\GenProc[%nbre3%].html">>message.vbs echo URL.Save >>message.vbs echo dim WShshell>>message.vbs echo Set WShshell = WScript.CreateObject("WScript.Shell") >>message.vbs echo Wshshell.Run "Son.vbs">>message.vbs echo If MsgBox (""^&VbCrLf^&"La recherche est terminée ^!"^&VbCrLf^&" "^& _ >>message.vbs echo VbCrLf^&"- Cliquez sur Oui si vous vous faîtes aider sur un forum" ^& _>>message.vbs echo VbCrLf^&"- Cliquez sur Non si vous vous debrouillez tout seul"^&VbCrLf^&" "^& _ >>message.vbs echo VbCrLf^&"Merci d'avoir utilisé GenProc ^!",vbYesNo+vbSystemModal+Vbquestion,"GenProc") = vbYes Then>>message.vbs echo Wshshell.Run """%Arguments%\GenProc[%nbre3%].txt""",3,true>>message.vbs echo else>>message.vbs echo call "%Page%\GenProc[%nbre3%].html" > Web.bat echo Wshshell.Run "Web.bat", True>>message.vbs echo Set WShshell = Nothing>>message.vbs echo End If>>message.vbs call message.vbs
::========= Fin si aucunes infections =========
Page 13
GenProc
::======== Désinfections =========
:Desinfections echo Desinfections >> "%Arguments%\Debug.txt"
cd "%Page%" :: # Purity_Exec
if not %ComptPurity%==0 ( echo ^<div class="decalage"^>^<img src="GenProcPage/4.gif" /^>^<em class="etapes"^>Etape %ComptProc%^</em^>/ ^</div^>^<br /^> >>GenProc[%nbre3%].html type "%Canned%\Purity_Exec.txt" >>GenProc[%nbre3%].html set /a ComptProc=%ComptProc%+1 )
:: # Navipromo_Exec
if not %ComptNavipromo%==0 ( echo ^<div class="decalage"^>^<img src="GenProcPage/4.gif" /^>^<em class="etapes"^>Etape %ComptProc%^</em^>/ ^</div^>^<br /^> >>GenProc[%nbre3%].html type "%Canned%\Navilog1_Exec.txt" >>GenProc[%nbre3%].html set /a ComptProc=%ComptProc%+1 )
:: # WinSoftware_Exec
if not %ComptWinSoftware%==0 ( echo ^<div class="decalage"^>^<img src="GenProcPage/4.gif" /^>^<em class="etapes"^>Etape %ComptProc%^</em^>/ ^</div^>^<br /^> >>GenProc[%nbre3%].html type "%Canned%\Winsoftware_bfu_Exec.txt" >>GenProc[%nbre3%].html set /a ComptProc=%ComptProc%+1 )
:: # ToolbarSD_Exec
if not %ComptToolbarSD%==0 ( echo ^<div class="decalage"^>^<img src="GenProcPage/4.gif" /^>^<em class="etapes"^>Etape %ComptProc%^</em^>/ ^</div^>^<br /^> >>GenProc[%nbre3%].html type "%Canned%\ToolbarSD_Exec.txt" >>GenProc[%nbre3%].html set /a ComptProc=%ComptProc%+1 )
:: # Smitfraud_Exec
if not %ComptSmitfraud%==0 ( echo ^<div class="decalage"^>^<img src="GenProcPage/4.gif" /^>^<em class="etapes"^>Etape %ComptProc%^</em^>/ ^</div^>^<br /^> >>GenProc[%nbre3%].html type "%Canned%\SmitfraudFix_Exec.txt" >>GenProc[%nbre3%].html set /a ComptProc=%ComptProc%+1 )
:: # SDfix_Exec
if not %ComptSDfix%==0 ( echo ^<div class="decalage"^>^<img src="GenProcPage/4.gif" /^>^<em class="etapes"^>Etape %ComptProc%^</em^>/ ^</div^>^<br /^> >>GenProc[%nbre3%].html type "%Canned%\SDfix_Exec.txt" >>GenProc[%nbre3%].html set /a ComptProc=%ComptProc%+1 )
Page 14
:: # FixWebHancer_Exec
if not %ComptFixWebHancer%==0 ( echo ^<div class="decalage"^>^<img src="GenProcPage/4.gif" /^>^<em class="etapes"^>Etape %ComptProc%^</em^>/ ^</div^>^<br /^> >>GenProc[%nbre3%].html type "%Canned%\FixWebHancer_Exec.txt" >>GenProc[%nbre3%].html set /a ComptProc=%ComptProc%+1 )
:: # RemGAIN_Exec
if not %ComptRemGAIN%==0 ( echo ^<div class="decalage"^>^<img src="GenProcPage/4.gif" /^>^<em class="etapes"^>Etape %ComptProc%^</em^>/ ^</div^>^<br /^> >>GenProc[%nbre3%].html type "%Canned%\RemGAIN_Exec.txt" >>GenProc[%nbre3%].html set /a ComptProc=%ComptProc%+1)
:: # FxNdotN_Exec
if not %ComptFxNdotN%==0 ( echo ^<div class="decalage"^>^<img src="GenProcPage/4.gif" /^>^<em class="etapes"^>Etape %ComptProc%^</em^>/ ^</div^>^<br /^> >>GenProc[%nbre3%].html type "%Canned%\FxNdotN_Exec.txt" >>GenProc[%nbre3%].html set /a ComptProc=%ComptProc%+1 )
:: # Look2Me_Exec
if not %ComptLook2Me%==0 ( echo ^<div class="decalage"^>^<img src="GenProcPage/4.gif" /^>^<em class="etapes"^>Etape %ComptProc%^</em^>/ ^</div^>^<br /^> >>GenProc[%nbre3%].html type "%Canned%\Look2me_Exec.txt" >>GenProc[%nbre3%].html set /a ComptProc=%ComptProc%+1 )
:: # MSNfix_Exec
if not %ComptMSNfix%==0 ( echo ^<div class="decalage"^>^<img src="GenProcPage/4.gif" /^>^<em class="etapes"^>Etape %ComptProc%^</em^>/ ^</div^>^<br /^> >>GenProc[%nbre3%].html type "%Canned%\MSNfix_Exec.txt" >>GenProc[%nbre3%].html set /a ComptProc=%ComptProc%+1 )
:: # Flash_Exec
if not %ComptFlash%==0 ( echo ^<div class="decalage"^>^<img src="GenProcPage/4.gif" /^>^<em class="etapes"^>Etape %ComptProc%^</em^>/ ^</div^>^<br /^> >>GenProc[%nbre3%].html type "%Canned%\Flash_Disinfector_Exec.txt" >>GenProc[%nbre3%].html set /a ComptProc=%ComptProc%+1 )
:: # Lop_Exec
if not %ComptLop%==0 ( echo ^<div class="decalage"^>^<img src="GenProcPage/4.gif" /^>^<em class="etapes"^>Etape %ComptProc%^</em^>/ ^</div^>^<br /^> >>GenProc[%nbre3%].html type "%Canned%\Lop_Exec.txt" >>GenProc[%nbre3%].html set /a ComptProc=%ComptProc%+1 ) Page 15
GenProc
GenProc
:: # WareOut_Exec
if not %ComptWareOut%==0 ( echo ^<div class="decalage"^>^<img src="GenProcPage/4.gif" /^>^<em class="etapes"^>Etape %ComptProc%^</em^>/ ^</div^>^<br /^> >>GenProc[%nbre3%].html type "%Canned%\WORT_Exec.txt" >>GenProc[%nbre3%].html set /a ComptProc=%ComptProc%+1 )
:: # Yoog_Exec
if not %ComptYoog%==0 ( echo ^<div class="decalage"^>^<img src="GenProcPage/4.gif" /^>^<em class="etapes"^>Etape %ComptProc%^</em^>/ ^</div^>^<br /^> >>GenProc[%nbre3%].html type "%Canned%\Yoog_Exec.txt" >>GenProc[%nbre3%].html set /a ComptProc=%ComptProc%+1 )
:: # Vundo_Exec
if not %ComptVundo%==0 ( echo ^<div class="decalage"^>^<img src="GenProcPage/4.gif" /^>^<em class="etapes"^>Etape %ComptProc%^</em^>/ ^</div^>^<br /^> >>GenProc[%nbre3%].html type "%Canned%\Vundo_Exec.txt" >>GenProc[%nbre3%].html set /a ComptProc=%ComptProc%+1 )
::========= CCleaner =========
echo ^<div class="decalage"^>^<img src="GenProcPage/4.gif" /^>^<em class="etapes"^>Etape %ComptProc%^</em^>/ ^</div^>^<br /^> >>GenProc[%nbre3%].html type "%Canned%\CCleaner_Exec.txt" >> GenProc[%nbre3%].html set /a ComptProc=%ComptProc%+1
::========== Rapports à poster ==========
echo Rapports >> "%CheminBatch%\Arguments\Debug.txt" echo ^<div class="decalage"^>^<img src="GenProcPage/4.gif" /^>^<em class="etapes"^>Etape %ComptProc%^</em^>/ ^</div^>^<br /^> >>GenProc[%nbre3%].html echo ^<div class="decalage1"^>^<img src="GenProcPage/1.gif" /^> Redémarre normalement et poste, dans la même réponse : ^<br /^>^</div^> >>GenProc[%nbre3%].html if not %ComptVundo%==0 ( echo ^<div class="decalage1"^>- Le contenu du rapport situé dans ^<strong^>%SystemDrive%\Combofix.txt^</strong^>;^</div^> >>GenProc[%nbre3%].html ) if not %ComptSmitfraud%==0 ( echo ^<div class="decalage1"^>- Le rapport ^<strong^>SmitfraudFix^</strong^> que tu as sauvegardé sur ton bureau ;^</div^> >>GenProc[%nbre3%].html ) if not %ComptSDfix%==0 ( echo ^<div class="decalage1"^>- Le contenu du fichier ^<strong^>Report.txt^</strong^>;^</div^> >>GenProc[%nbre3%].html ) if not %ComptNavipromo%==0 ( echo ^<div class="decalage1"^>- Le contenu du fichier ^<strong^>cleannavi.txt^</strong^> qui se trouve dans Poste de travail ^> Disque %Systemdrive%\ ^</div^> >>GenProc[%nbre3%].html ) if not %ComptFixWebHancer%==0 ( echo ^<div class="decalage1"^>- Le contenu du fichier ^<strong^>FixWebHancer.log^</strong^> qui se trouve sur ton bureau ;^</div^> Page 16
GenProc >>GenProc[%nbre3%].html ) if not %ComptRemGAIN%==0 ( echo ^<div class="decalage1"^>- Le contenu du fichier ^<strong^>RemGAIN.log^</strong^> qui se trouve sur ton bureau ;^</div^> >>GenProc[%nbre3%].html ) if not %ComptFxNdotN%==0 ( echo ^<div class="decalage1"^>- Le contenu du fichier ^<strong^>FxNdotN.log^</strong^> qui se trouve sur ton bureau ;^</div^> >>GenProc[%nbre3%].html ) if not %ComptLook2Me%==0 ( echo ^<div class="decalage1"^>- Le contenu du rapport ^<strong^>Look2Me-Destroyer.txt^</strong^> situé sur le Bureau ;^</div^> >>GenProc[%nbre3%].html ) if not %ComptMSNfix%==0 ( echo ^<div class="decalage1"^>- Le contenu du rapport ^<strong^>msnfix.txt^</strong^> situé dans %SystemRoot% ;^</div^> >>GenProc[%nbre3%].html ) if not %ComptPurity%==0 ( echo ^<div class="decalage1"^>- Le contenu du rapport ^<strong^>Purity.txt^</strong^> situé dans le dossier Purity, sur ton Bureau ;^</div^> >>GenProc[%nbre3%].html ) if not %ComptToolbarSD%==0 ( echo ^<div class="decalage1"^>- Le contenu du rapport ^<strong^>%SystemDrive%\TB.txt^</strong^> ;^</div^> >>GenProc[%nbre3%].html ) if not %ComptLop%==0 ( echo ^<div class="decalage1"^>- Le contenu du rapport ^<strong^>%SystemDrive%\lopR.txt^</strong^> ;^</div^> >>GenProc[%nbre3%].html ) if not %ComptWareOut%==0 ( echo ^<div class="decalage1"^>- Le contenu du rapport ^<strong^>%SystemDrive%\Wort\WORT_report.txt^</strong^> ;^</div^> >>GenProc[%nbre3%].html ) if not %ComptYoog%==0 ( echo ^<div class="decalage1"^>- Le contenu du rapport ^<strong^>Yoog^</strong^> sauvegardé sur le bureau ;^</div^> >>GenProc[%nbre3%].html ) echo ^<div class="decalage1"^>- Un nouveau rapport ^<a href= "http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm"target="_blank"^>^<em^>HijackThis^</em^>^ </a^> ;^</div^> >>GenProc[%nbre3%].html echo ^<br /^>^<div class="decalage1"^> Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.^</div^>^<br /^> >>GenProc[%nbre3%].html echo ^<center^>----------------------------------------------------------------------^</center^> >>GenProc[%nbre3%].html
::========= Ajout-Suppression de programmes + Arguments ========
cd "%Arguments%" echo AjoutSupp >> Debug.txt echo GenProc lancé [%nbre3%] fois > Uninstall.txt echo. >> Uninstall.txt call "%outil%\Uninstall.bat" cd "%Arguments%" copy Uninstall.txt Uninstall.html >nul echo ^<head^> >> Uninstall.html echo ^<link rel="stylesheet" media="screen" type="text/css" title="design" href="design.css" /^> >> Uninstall.html Page 17
GenProc echo ^<title^>Liste Uninstall^</title^> >> Uninstall.html echo ^</head^> >> Uninstall.html cd "%outil%" sed.exe -i "s/$/<br \/>/g" "%Arguments%\Uninstall.html" cd "%Arguments%" copy Argument.txt Argument.html >nul echo ^<head^> >> Argument.html echo ^<link rel="stylesheet" media="screen" type="text/css" title="design" href="design.css" /^> >> Argument.html echo ^<title^>Arguments^</title^> >> Argument.html echo ^</head^> >> Argument.html cd "%outil%" sed.exe -i "s/$/<br \/>/g" "%Arguments%\Argument.html" echo ^<center^>^<a href= "file:///%Arguments%/Uninstall.html"target="_blank"^>^<em class ="site"^>Liste Ajout-Suppression de programmes^</a^>^</em^> - ^<a href= "file:///%Arguments%/Argument.html" target="_blank"^>^<em class ="site"^>Arguments de la procédure^</a^>^</em^>^</center^>^<br /^> >> "%Page%\GenProc[%nbre3%].html" echo ^<center^>^<a href= "file:///%Arguments%/GenProc[%nbre3%].txt"target="_blank"^>^<em class ="site"^>retour au rapport GenProc.txt^</a^>^</em^> >> "%Arguments%\Uninstall.html" echo ^<center^>Sites officiels GenProc : ^<a href= "http://www.alt-shift-return.org/Info/GenProc-HowTo.html"target="_blank"^>^<em class ="site"^>alt-shift-return.org^</em^>^</a^> et ^<a href= "http://ww11.genproc.com/" target="_blank"^<em class ="site"^>GenProc.com^</em^>^</a^>^</center^>^</body^> >> "%Page%\GenProc[%nbre3%].html"
:Notepad cd "%Arguments%" echo Notepad >> Debug.txt & echo. >> Debug.txt & echo ================================= >> Debug.txt & echo. >> Debug.txt echo Rapport GenProc %GenProcVersion% [%nbre3%] - %date% à %time:~,8% - Windows %OS% > GenProc[%nbre3%].txt echo. >> GenProc[%nbre3%].txt cd "%outil%" sed.exe -f commandes.sed "%Page%\GenProc[%nbre3%].html" >> "%Arguments%\GenProc[%nbre3%].txt" echo ---------------------------------------------------------------------->> "%Arguments%\GenProc[%nbre3%].txt" echo. >> "%Arguments%\GenProc[%nbre3%].txt" type "%Arguments%\Argument.txt" >> "%Arguments%\GenProc[%nbre3%].txt" call supprime.bat
::======== Deuxième vbs =========
echo strComputer = ".">message.vbs echo Set objWMIService = GetObject("winmgmts:" _>>message.vbs echo ^& "{impersonationLevel=impersonate}!\\" _>>message.vbs echo ^& strComputer ^&"\root\cimv2")>>message.vbs echo Set colProcessList = objWMIService.ExecQuery _>>message.vbs echo ("Select * from Win32_Process Where Name = 'cmd.exe'")>>message.vbs echo For Each objProcess in colProcessList>>message.vbs echo objProcess.Terminate()>>message.vbs echo Set objWMIService = Nothing>>message.vbs echo Set colProcessList = Nothing>>message.vbs echo Next>>message.vbs echo Dim Shell, DesktopPath, URL>>message.vbs echo Set Shell = CreateObject("WScript.Shell")>>message.vbs echo DesktopPath = Shell.SpecialFolders("Desktop")>>message.vbs echo Set URL = Shell.CreateShortcut(DesktopPath ^& "\Rapport - GenProc[%nbre3%].URL")>>message.vbs echo URL.TargetPath = "%Page%\GenProc[%nbre3%].html">>message.vbs echo URL.Save >>message.vbs echo dim WShshell>>message.vbs echo Set WShshell = WScript.CreateObject("WScript.Shell") >>message.vbs Page 18
GenProc echo Wshshell.Run "Son.vbs">>message.vbs echo If MsgBox (""^&VbCrLf^&"Une ou plusieurs infections détectées ^!"^&VbCrLf^&" "^& _ >>message.vbs echo VbCrLf^&"- Cliquez sur Oui si vous vous faîtes aider sur un forum" ^& _>>message.vbs echo VbCrLf^&"- Cliquez sur Non si vous vous debrouillez tout seul"^&VbCrLf^&" "^& _ >>message.vbs echo VbCrLf^&"Merci d'avoir utilisé GenProc ^!",vbYesNo+vbSystemModal+VBquestion,"GenProc") = vbYes Then>>message.vbs echo Wshshell.Run """%Arguments%\GenProc[%nbre3%].txt""",3,true>>message.vbs echo else>>message.vbs echo call "%Page%\GenProc[%nbre3%].html" > Web.bat echo Wshshell.Run "Web.bat", True>>message.vbs echo Set WShshell = Nothing>>message.vbs echo End If>>message.vbs call message.vbs
Page 19

Bonjour,

Merci pour ton mail et desolee de repondre si tard.
J'ai fait un scan qui m'a detecte 3 virus et depuis il tourne bcp mieux.
J'ai essaye de faire en mode sans echec mais cela ne marche pas bien.
Est-ce que je peux faire la suite sans proceder en modee sans echec?
Merci de ta reponse.

mince je reesaye alors !!!

j essaye d ouvrir genproc.bat, mais il ne veut pas l ouvrir, alors j avais fait print file et ca m avais donne l autre compte rendu !!

ca fait deja 1H qu il recherche les elements infectes, je vais le laisser finir et je te donnerai le rapport demain.
Merci pour ton aide precieuse, a demain j espere

rebonjour
j ai les rapports a la suites de malwarebytes

premier rapport

Malwarebytes' Anti-Malware 1.35
Version de la base de données: 1919
Windows 5.1.2600 Service Pack 3

31/03/2009 08:11:36
mbam-log-2009-03-31 (08-11-36).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 140183
Temps écoulé: 3 hour(s), 12 minute(s), 54 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 33
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 14
Fichier(s) infecté(s): 11

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Somefox (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eklxkqeulnfcpvk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\InstallProgram (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\audrey\Application Data\FunWebProducts (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\audrey\Application Data\FunWebProducts\Data (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\audrey\Application Data\FunWebProducts\Data\audrey (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Program Files\PCPrivacyCleaner (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\wadv07nt.sys (Rootkit.Agent.V) -> Quarantined and deleted successfully.
C:\WINDOWS\ServicePackFiles\i386\wadv07nt.sys (Rootkit.Agent.V) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History\allowed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History\notallow (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regsvr32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

deuxieme rapport :
Malwarebytes' Anti-Malware 1.35
Version de la base de données: 1919
Windows 5.1.2600 Service Pack 3

31/03/2009 17:41:50
mbam-log-2009-03-31 (17-41-50).txt

Type de recherche: Examen rapide
Eléments examinés: 1
Temps écoulé: 8 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

REBONJOUR
C EST LA DEUXIEME FOIS QUE JE FAIS LE SCAN AVEC SUPERANTISPYWARE ET A LA FIN DU SCAN IL NE ME PERMET PAS DE CONTINUER, TOUT EST BLOQUE QUE DOIS JE FAIRE ???

OK JE FAIS CA ET JE TE TIENS AU COURANT
MERCI

rebonjour
j ai passe ma journee d hier et aujourd hui a scanner mon ordi et essaye d avoir un rapport mais a chaque fois juste a la fin il ne veut pas me donner le rapport. Par contre je sais qu il y a un virus trijan.downloader.wma et un adware.agent.BN je ne sais pas si ca peut vous aider mais je n arrive pas, je suis un peu bloquee.
Que dois je faire ???
merci

Rapport hijachthis apres multiples tentatives.
je fais de suite l autre.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:39:58, on 02/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [OlStatusMon] "C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: olMntrService - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

RAPPORT SMITFRAUD
SmitFraudFix v2.405

Rapport fait à 21:04:09,84, 02/04/2009
Executé à partir de C:\Documents and Settings\audrey\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\AVG\AVG8\aAvgApi.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\audrey


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\audrey\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\audrey\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\audrey\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: 802.11g Wireless MiniPCI Card - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{BC7F7F9C-D2C9-48EB-ADF4-07CAF61ACE7B}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BC7F7F9C-D2C9-48EB-ADF4-07CAF61ACE7B}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BC7F7F9C-D2C9-48EB-ADF4-07CAF61ACE7B}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{BC7F7F9C-D2C9-48EB-ADF4-07CAF61ACE7B}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

RAPPORT EXE
-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1500MHz )
BIOS : BIOS Date: 11/22/04 11:52:29 Ver: 08.00.10
USER : audrey ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090403-0] 4.8.1335 (Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:53 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 04/04/2009|18:16 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\audrey\Cookies\audrey@myway[1].txt

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 04/04/2009|18:19 - Option : [1]

-----------\\ Fin du rapport a 18:19:56,82

RAPPORT TOOLBAR


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) M processor 1500MHz )
BIOS : BIOS Date: 11/22/04 11:52:29 Ver: 08.00.10
USER : audrey ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090405-0] 4.8.1335 (Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:53 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 05/04/2009|19:22 )

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\audrey\Cookies\audrey@myway[1].txt

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 04/04/2009|18:19 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 05/04/2009|19:34 - Option : [2]

-----------\\ Fin du rapport a 19:34:29,15

RAPPORT 1 RSIT

info.txt logfile of random's system information tool 1.06 2009-04-05 20:18:33

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
HijackThis 2.0.2-->"C:\Documents and Settings\audrey\Local Settings\Temporary Internet Files\Content.IE5\VUPA0NPF\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LimeWire PRO 4.14.0-->"C:\Program Files\LimeWire\uninstall.exe"
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x40c UNINSTALL
Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech QuickCam-->MsiExec.exe /I{0496D9E9-224B-4AFA-8F37-23B98D52F1EB}
Ma-Config.com plugin-->MsiExec.exe /I{6F06A42D-525C-49ED-8622-E16790956CD8}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! pour Windows XP-->MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 8-->MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Package de base Microsoft de service de chiffrement pour cartes à puce-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Panneau de configuration MobileMe-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -l0x040c -removeonly
RON Tool Offersfortoday-->C:\WINDOWS\system32\blfwdylywmhqqhhdp.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoftK56 Data Fax CARP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6\HXFSETUP.EXE -U -IVEN_8086&DEV_24C6
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VIA Gestionnaire de périphériques de plate-forme-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WlanUtility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07DEC7A1-F8D2-4DBB-900B-A2F9302647BB}\Setup.exe" -l0x40c
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Security center information======

AV: AVG Anti-Virus Free
AV: avast! antivirus 4.8.1335 [VPS 090405-0]

======System event log======

Computer Name: CALINE
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{BC7F7F9C-D2C9-48EB-ADF4-07CAF61ACE7B} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.

Record Number: 16320
Source Name: Tcpip
Time Written: 20090329191226.000000+660
Event Type: Informations
User:

Computer Name: CALINE
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{BC7F7F9C-D2C9-48EB-ADF4-07CAF61ACE7B} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.

Record Number: 16319
Source Name: Tcpip
Time Written: 20090329191211.000000+660
Event Type: Informations
User:

Computer Name: CALINE
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{BC7F7F9C-D2C9-48EB-ADF4-07CAF61ACE7B} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.

Record Number: 16318
Source Name: Tcpip
Time Written: 20090329191151.000000+660
Event Type: Informations
User:

Computer Name: CALINE
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{BC7F7F9C-D2C9-48EB-ADF4-07CAF61ACE7B} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.

Record Number: 16317
Source Name: Tcpip
Time Written: 20090329191141.000000+660
Event Type: Informations
User:

Computer Name: CALINE
Event Code: 1003
Message: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir
du serveur DHCP) pour la carte réseau dont l'adresse réseau est 00E098D86FFC. Il s'est
produit l'erreur suivante :
L'opération a été annulée par l'utilisateur.
.
Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du
serveur d'adresse réseau (DHCP).

Record Number: 16316
Source Name: Dhcp
Time Written: 20090329191121.000000+660
Event Type: Avertissement
User:

=====Application event log=====

Computer Name: CALINE
Event Code: 103
Message: MsnMsgr (2768) \\.\C:\Documents and Settings\audrey\Local Settings\Application Data\Microsoft\Messenger\geranny@hotmail.fr\SharingMetadata\Working\database_22A4_EBBB_A4EB_9019\dfsr.db: Le moteur de base de données a arrêté une instance (0).

Record Number: 5111
Source Name: ESENT
Time Written: 20090302214453.000000+660
Event Type: Informations
User:

Computer Name: CALINE
Event Code: 102
Message: MsnMsgr (2768) \\.\C:\Documents and Settings\audrey\Local Settings\Application Data\Microsoft\Messenger\geranny@hotmail.fr\SharingMetadata\Working\database_22A4_EBBB_A4EB_9019\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).

Record Number: 5110
Source Name: ESENT
Time Written: 20090302214407.000000+660
Event Type: Informations
User:

Computer Name: CALINE
Event Code: 100
Message: MsnMsgr (2768) Le moteur de base de données 5.01.2600.5512 est démarré.

Record Number: 5109
Source Name: ESENT
Time Written: 20090302214407.000000+660
Event Type: Informations
User:

Computer Name: CALINE
Event Code: 101
Message: MsnMsgr (2768) Le moteur de base de données est arrêté.

Record Number: 5108
Source Name: ESENT
Time Written: 20090302173104.000000+660
Event Type: Informations
User:

Computer Name: CALINE
Event Code: 103
Message: MsnMsgr (2768) \\.\C:\Documents and Settings\audrey\Local Settings\Application Data\Microsoft\Messenger\geranny@hotmail.fr\SharingMetadata\Working\database_22A4_EBBB_A4EB_9019\dfsr.db: Le moteur de base de données a arrêté une instance (0).

Record Number: 5107
Source Name: ESENT
Time Written: 20090302173104.000000+660
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 9 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0905
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

RAPPORT 2 RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by audrey at 2009-04-05 20:16:22
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 55 GB (72%) free of 76 GB
Total RAM: 511 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:22, on 05/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\AVG\AVG8\aAvgApi.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\audrey\Bureau\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\audrey.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [PV92TRAY] PV92Tray.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [OlStatusMon] "C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: olMntrService - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

JAI DESINSTALLE AVAST, JAI DU REDEMARRER MON PC A LA FIN DE LA DESINSTALLATION, CE QUE JAI FAIT MAIS MAINTENANT IL RESTE EN ECRAN NOIR JAI ESSAYE MEME EN MODE SANS ECHEC MAIS RIEN A FAIRE!!! TOUT EST NOIR
QUE DOIS JE FAIRE ????

C EST ENCORE PIRE !! QUAND JE L ALLUME CA ME MARQUE REBOOT AND SELECT PROPER BOOT DEVICE AND PRESS A KEY, J APPUIE SUR UNE TOUCHE ET CA ME REMET LA MEME CHOSE.PLUS RIEN NE MARCHE.
QUE DOIS JE FAIRE ???

JAI ESSAYE MAIS EN VAIN !!! MAINTENANT IL RESTE BLOQUER A LA PAGE DE DEMARRAGE IL NE VA MEME PLUS JUSQUA WINDOWS. JE VIENS D ALLER CHEZ UN INFORMATICIEN JE LUI AI LAISSE MON PC !!!
MERCI POUR VOTRE AIDE ET DE VOTRE TEMPS PASSE !!!
BONNE CONTINUATION