Suis infecté par un virus?

pat -
pat - 28 avr. 2009 à 21:58

Bonjour,

Depuis quelque jours mon PC rame pas mal et chauffe un peu plus que d'ordinaire... Suis je infecté par une vilaine bêbête?

D'avance Merci a ceux qui vont se pencher sur mon soucis

Voila un rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:55:14, on 21/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Patrice CATTELAIN\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O13 - Gopher Prefix:
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Afficher la suite

A voir également:

Suis infecté par un virus?
Virus mcafee - Accueil - Piratage
Virus facebook demande d'amis - Accueil - Facebook
Virus informatique - Guide
Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
Undisclosed-recipients virus - Guide

9 réponses

Réponse 1 / 9

Utilisateur anonyme

Bonsoir pat
Fais un scan avec cet antispyware :
Telecharges malwarebytes + tutoriel :

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´installes; mets le a jour...(onglet mise a jour)
Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.si il t´es demandé de redemarrer > click sur "oui".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copies et colles le rapport stp.
a+

pat

Bonsoir archet9;

Tout d'abord merci pour ta réponse très rapide...

Voila le rapport du scan avec malwarebytes :

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2021
Windows 6.0.6001 Service Pack 1

21/04/2009 22:14:02
mbam-log-2009-04-21 (22-14-02).txt

Type de recherche: Examen rapide
Eléments examinés: 67400
Temps écoulé: 3 minute(s), 38 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Réponse 2 / 9

Utilisateur anonyme

ok...
Affiche les fichiers et dossiers cachés …
Pour ce faire, tu vas dans un dossier, par ex. "Mes Images".
Ensuite, clique sur > Outils > Options des dossiers ...
clique sur l' onglet « Affichage » et ...
coche ---> Afficher les fichiers et dossiers cachés
décoche > Masquer les extensions des fichiers dont le type est connu
décoche > Masquer les fichiers protégés du système d' exploitation (recommandé).
« Appliquer » et « OK ».

Rends-toi dans > Démarrer > Panneau de config. > Ajout/suppres… de prog.

Supprime, si tu le(s) trouves > Search Settings
Ensuite, va dans > Démarrer > Poste de travail > C:\

C:\Program Files\Search Settings

Supprime le(s) programme(s) en gras, si tu le(s) trouves.

Vide la Corbeille.

Remet les fichiers et dossiers cachés dans leur configuration

ENSUITE:

télécharge RSIT (de random/random) sur le bureau ici :
http://images.malwareremoval.com/random/RSIT.exe

- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenu des deux rapports, log.txt et info.txt(réduit dans la barre des tâches) à la fin de l’analyse

Les rapports sont dans le dossier ici C:\rsit

a+

pat

RE : archet9

J'ai supprimé le Search Settings dans Panneau de config. > Ajout/suppres… de prog.
Mais rien trouvé dans C:\Program

A plus

Réponse 3 / 9

Utilisateur anonyme

OK....la suite demadée stp....
a+

pat

Je n'ai pas vraiment compris la dernière réponse...
Suis je débarrassé de la bête noir?
J'ai l'impression que ça va déjà mieux...

Si oui merci de ton aide

Réponse 4 / 9

Utilisateur anonyme

Relis la fin du post : 3 et appliques stp...!!!!
a+

pat

Toutes mes excuses je n'avais pas tout vue... désolé

Voila le rapport info.txt

info.txt logfile of random's system information tool 1.06 2009-04-21 23:22:37

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Windows\UNRecode.exe /UNINSTALL
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
Apple Software Update-->MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x40c
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{497A1721-088F-41EF-8876-B43C9DA5528B}\Setup.exe" -l0x40c
ASL_HS_Installer32-->MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Barre d'outils MSN-->C:\Program Files\MSN Toolbar\01.01.2607.0\fr\mtbs.exe c
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
CamStudio 2.02 Fr-->"C:\Program Files\CamStudio\unins000.exe"
CamTrack-->"C:\Program Files\DigitalPeers\CamTrack\unins000.exe"
Canon Inkjet Printer Driver Add-On Module-->C:\Program Files\Common Files\Canon\IJ\InboxPrnV100\SETUP.EXE -R
Canon MP Navigator 2.0-->"C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.0\uninst.ini
Canon MP170-->"C:\Windows\system32\CanonIJ Uninstaller Information\{91175441-4E5D-4e13-B116-828FD352CDB2}\DelDrv.exe" /U:{91175441-4E5D-4e13-B116-828FD352CDB2} /L0x000c
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CD Jaquette 5.0-->"C:\JSAL Software\CD Jaquette\uninstall.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -IwisR30B7.INF
CopyToDVD 4-->"C:\Program Files\VSO\unins001.exe"
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Free Window Registry Repair-->C:\PROGRA~1\FREEWI~1\UNWISE.EXE C:\PROGRA~1\FREEWI~1\INSTALL.LOG
Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
Gestionnaire pour appareils Windows Mobile-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
GIMP 2.4.6-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Glary Utilities 2.8.0.366-->"C:\Program Files\Glary Utilities\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Users\Patrice CATTELAIN\Desktop\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{21E62565-8639-457C-B64C-A3FF0A8B4D80}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Easy Setup - Core-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /I{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}
HP Image Zone Express-->MsiExec.exe /X{B314F1F2-49DF-41DD-A1B4-DC4192EC1021}
HP Pavilion Webcam Driver for Vista v061.001.00005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CA81D12-9EC2-4082-972B-43ECA63F41F2}\setup.exe" -l0x40c -removeonly
HP Quick Launch Buttons 6.10 B9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x40c uninst
HP QuickPlay 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guide 42-->MsiExec.exe /I{EED81D76-80ED-443D-90B3-FC5E838D2F5F}
HP Wireless Assistant-->MsiExec.exe /I{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
jv16 PowerTools 1.3-->"C:\Program Files\jv16 PowerTools\unins000.exe"
K-Lite Codec Pack 3.6.5 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Ma-Config.com-->MsiExec.exe /X{560BD6E0-0BA6-43AF-B423-E1DF4D2EB3C3}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee Clean Up Tool-->C:\Users\PATRIC~1\DOWNLO~1\UNWISE.EXE
Media Player Classic 6.4.8.3-->C:\Program Files\Media Player Classic\mpc_uninst.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office FrontPage 2003-->MsiExec.exe /I{9017040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office OneNote 2003-->MsiExec.exe /I{90A1040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003-->MsiExec.exe /I{903B040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003-->MsiExec.exe /I{9051040C-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
Mise à jour du pilote du Gestionnaire pour appareils Windows Mobile-->MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Neuf - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe
Neuf - Media Center-->C:\Program Files\Neuf\Media Center\uninstall.exe
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
NVIDIA ForceWare Network Access Manager-->"C:\Program Files\InstallShield Installation Information\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}\setup.exe" -runfromtemp -l0x040c -removeonly
NVIDIA ForceWare Network Access Manager-->MsiExec.exe /I{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PC SECURITY TEST 2008-->"C:\Program Files\AxBx\PC Security Test 2008\unins000.exe"
PHOTOfunSTUDIO -viewer--->C:\Program Files\InstallShield Installation Information\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}\setup.exe -runfromtemp -l0x040c -z"Uninstall" -removeonly
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
Pots-->C:\Program Files\Pots\Uninstal.exe
PrintMaster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DD144C1-5EAD-4D55-80A1-ACAF893A4FFE}\setup.exe" anything
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Smart Data Recovery v3.1-->"C:\Program Files\Smart Data Recovery\unins001.exe"
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TuneUp Utilities 2007-->MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vodafone WCDMA Composite Device Drive Software-->C:\Windows\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
VSO CopyToDVD 4-->"C:\Program Files\VSO\unins000.exe"
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

======Hosts File======

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 081226-0]
AS: Spybot - Search and Destroy (outdated)
AS: AVG Anti-Spyware (disabled) (outdated)
AS: Windows Defender
AS: avast! antivirus 4.8.1229 [VPS 081226-0]

======System event log======

Computer Name: PC-de-Patrice
Event Code: 10002
Message: Le module d’extensibilité WLAN s’est arrêté.

Chemin d’accès du module : C:\Windows\System32\bcmihvsrv.dll

Record Number: 126529
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090420210702.537200-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Patrice
Event Code: 4001
Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement.

Record Number: 126530
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090420210703.941200-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Patrice
Event Code: 15016
Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur.
Record Number: 126547
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090421185651.351821-000
Event Type: Erreur
User:

Computer Name: PC-de-Patrice
Event Code: 7000
Message: Le service Planificateur LiveUpdate automatique n'a pas pu démarrer en raison de l'erreur :
Le chemin d'accès spécifié est introuvable.
Record Number: 126598
Source Name: Service Control Manager
Time Written: 20090421185710.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Patrice
Event Code: 7026
Message: Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger :
InCDPass
InCDRm
Record Number: 126629
Source Name: Service Control Manager
Time Written: 20090421185717.000000-000
Event Type: Erreur
User:

=====Application event log=====

Computer Name: PC-de-Patrice
Event Code: 8194
Message: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005. Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.

Opération :
Données du rédacteur en cours de collecte

Contexte :
ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
Nom du rédacteur: System Writer
ID d’instance du rédacteur: {4e29421b-dffd-41f3-a08b-f7b0ffc23c39}
Record Number: 23363
Source Name: VSS
Time Written: 20090420194441.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Patrice
Event Code: 8194
Message: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005. Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.

Opération :
Données du rédacteur en cours de collecte

Contexte :
ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
Nom du rédacteur: System Writer
ID d’instance du rédacteur: {58730d5a-3733-403a-aaf9-2b3205e8027f}
Record Number: 23395
Source Name: VSS
Time Written: 20090420195733.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Patrice
Event Code: 8194
Message: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005. Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.

Opération :
Données du rédacteur en cours de collecte

Contexte :
ID de classe du rédacteur: {e8132975-6f93-4464-a53e-1050253ae220}
Nom du rédacteur: System Writer
ID d’instance du rédacteur: {58730d5a-3733-403a-aaf9-2b3205e8027f}
Record Number: 23398
Source Name: VSS
Time Written: 20090420200130.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Patrice
Event Code: 1000
Message: Application défaillante Pmw.exe, version 3.0.0.825, horodatage 0x3c0c9511, module défaillant Toolbar.dll, version 0.0.0.0, horodatage 0x3c0a2522, code d’exception 0xc0000005, décalage d’erreur 0x0000213b, ID du processus 0xef4, heure de début de l’application 0x01c9c1f191c2ee93.
Record Number: 23400
Source Name: Application Error
Time Written: 20090420200157.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Patrice
Event Code: 8194
Message: Erreur du service de cliché instantané des volumes : erreur lors de l’interrogation de l’interface IVssWriterCallback. hr = 0x80070005. Cette erreur est souvent due à des paramètres de sécurité incorrects dans le processus du rédacteur ou du demandeur.

Opération :
Données du rédacteur en cours de collecte

Contexte :
ID de classe du réd

Et le rapport log.txt :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Patrice CATTELAIN at 2009-04-21 23:22:14
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 55 GB (38%) free of 147 GB
Total RAM: 2046 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:22:31, on 21/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Patrice CATTELAIN\Downloads\RSIT.exe
C:\Users\Patrice CATTELAIN\Desktop\Patrice CATTELAIN.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O13 - Gopher Prefix:
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 9

Utilisateur anonyme

Si tu veux bien on continura demain reveil à 4 heures 30 pour moi

Merci en attendant et bonne nuit
Ok no problem...je connais!!!.... mais j 'ai la chance d'être en conger cette semaine...
Donc...Quand tu rentreras du boulot bien crevé...tu auras encore ceci a faire:(lol)
Télécharges et installes USBFIX
http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe UsbFix de C_XX & Chiquitine29

Branches tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectées sans les ouvrir # Double clic sur le raccourci UsbFix présent sur ton bureau .

# Choisis l'option 1 ( Recherche ) # Laisse travailler l'outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra.

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

A+

pat

Bonsoir archet9

Voila le rapport UsbFix

############################## [ UsbFix V3.010 ]

# User : Patrice CATTELAIN (Administrateurs) # PC-DE-PATRICE
# Update on 19/04/09 by C_XX & Chiquitine29
# Start at: 21:50:41 | 22/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# AMD Turion(tm) 64 X2 Mobile Technology TL-50
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1229 [VPS 081226-0] 4.8.1229 [ Enabled | Updated ]

# C:\ # Disque fixe local # 143,79 Go (54,13 Go free) # NTFS
# D:\ # Disque fixe local # 5,26 Go (1,2 Go free) [HP_RECOVERY] # NTFS
# E:\ # Disque CD-ROM
# G:\ # Disque amovible # 3,73 Go (3,71 Go free) [UDISK] # FAT32

############################## [ Processus actifs ]

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\alg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## [ Registre # Startup ]

HKCU_Main: "Search Page"="https://actus.sfr.fr"
HKCU_Main: "Start Page"="http://home.neuf.fr/"
HKLM_logon: "Userinit"="C:\\Windows\\system32\\userinit.exe,"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
HKLM_Run: avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM_Run: NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=

################## [ Informations ]

# -> ( Value | Good = 0x0 Bad = 0x1 )

# HKCU\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)

################## [ Fichiers # Dossiers infectieux ]

################## [ Registre # Clés Run infectieuses ]

# -> Not Found !

################## [ Registre # Mountpoints2 ]

HKCU\Software\Microsoft\....\MountPoints2\{1201fd4e-e606-11dc-9723-001b241f2e76}\Shell\Auto\command
HKCU\Software\Microsoft\....\MountPoints2\{1201fd4e-e606-11dc-9723-001b241f2e76}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{176fe331-28db-11dc-b502-001b241f2e76}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{9801943a-48fe-11dd-9701-001b241f2e76}\Shell\Auto\command
HKCU\Software\Microsoft\....\MountPoints2\{9801943a-48fe-11dd-9701-001b241f2e76}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{bca3c402-04c0-11dc-be92-001b241f2e76}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{f0731faa-59f3-11dc-a05b-001b241f2e76}\Shell\Auto\command
HKCU\Software\Microsoft\....\MountPoints2\{f0731faa-59f3-11dc-a05b-001b241f2e76}\Shell\AutoRun\command

################## [ ! Fin du rapport # UsbFix V3.010 ! ]

Réponse 6 / 9

Utilisateur anonyme

Branches tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau

# choisis l'option 2 ( Suppression )

# Ton bureau disparaitra et le pc redémarrera .

# Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

a+

pat

Voila le rapport UsbFix, option 2

############################## [ UsbFix V3.010 ]

# User : Patrice CATTELAIN (Administrateurs) # PC-DE-PATRICE
# Update on 19/04/09 by C_XX & Chiquitine29
# Start at: 22:48:47 | 22/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/

# AMD Turion(tm) 64 X2 Mobile Technology TL-50
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1229 [VPS 081226-0] 4.8.1229 [ Enabled | Updated ]

# C:\ # Disque fixe local # 143,79 Go (54,01 Go free) # NTFS
# D:\ # Disque fixe local # 5,26 Go (1,2 Go free) [HP_RECOVERY] # NTFS
# E:\ # Disque CD-ROM
# G:\ # Disque amovible # 3,73 Go (3,71 Go free) [UDISK] # FAT32

############################## [ Processus actifs ]

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\runonce.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\PresentationSettings.exe

################## [ Fichiers # Dossiers infectieux ]

################## [ Registre # Clés Run infectieuses ]

# -> Not Found !

################## [ Registre # Startup ]

HKCU_Main: "Search Page"="https://actus.sfr.fr"
HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
HKCU_Main: "Window Title"=""
HKLM_logon: "Userinit"="C:\\Windows\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"=""
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
HKLM_Run: avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM_Run: NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=

################## [ Registre # Mountpoints2 ]

Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{1201fd4e-e606-11dc-9723-001b241f2e76}\Shell\Auto\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{1201fd4e-e606-11dc-9723-001b241f2e76}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{176fe331-28db-11dc-b502-001b241f2e76}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{9801943a-48fe-11dd-9701-001b241f2e76}\Shell\Auto\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{9801943a-48fe-11dd-9701-001b241f2e76}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{bca3c402-04c0-11dc-be92-001b241f2e76}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{f0731faa-59f3-11dc-a05b-001b241f2e76}\Shell\Auto\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{f0731faa-59f3-11dc-a05b-001b241f2e76}\Shell\AutoRun\command

################## [ Listing des fichiers présent ]

C:\autoexec.bat
C:\UpdaterforApp.ini
D:\Desktop.ini
D:\Folder.htt

################## [ Vaccination ]

# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
# G:\autorun.inf -> Folder created by UsbFix.

################## [ ! Fin du rapport # UsbFix V3.010 ! ]

@+

pat > pat

archet comme hier soir, il est l'heure pour moi...
J'attend tes instructions pour demain soir...

Bonne soirée à demain

Pat

Utilisateur anonyme > pat

No ....problem
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

A+ et bon courage au boulot...

pat > Utilisateur anonyme

Bonsoir archet9

Je n'ai malheureusement pas pu venir avant!

Voila le rapport ComboFix

ComboFix 09-04-25.A3 - Patrice CATTELAIN 26/04/2009 19:05.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2046.1121 [GMT 2:00]
Lancé depuis: c:\users\Patrice CATTELAIN\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081226-0] *On-access scanning enabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Patrice CATTELAIN\AppData\Roaming\inst.exe
c:\windows\patch.exe
c:\windows\system32\abfcfeef5_z.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-26 au 2009-4-26 ))))))))))))))))))))))))))))))))))))
.

2009-04-22 20:50 . 2009-04-22 20:50 -------- d-sha-r C:\autorun.inf
2009-04-22 19:50 . 2009-04-22 20:50 -------- d-----w C:\UsbFix
2009-04-21 21:22 . 2009-04-21 21:22 -------- d-----w C:\rsit
2009-04-21 19:43 . 2009-04-21 19:51 -------- d-----w c:\program files\Free Window Registry Repair
2009-04-21 19:39 . 2009-04-21 19:39 -------- d-----w c:\users\All Users\NortonInstaller
2009-04-21 19:39 . 2009-04-21 19:39 -------- d-----w c:\programdata\NortonInstaller
2009-04-20 20:20 . 2009-04-20 20:20 -------- d-----w c:\program files\Pots
2009-04-20 20:02 . 2009-04-20 20:02 -------- d-----w c:\program files\Common Files\Broderbund
2009-04-19 10:55 . 2009-04-19 10:56 -------- d-----w c:\program files\Common Files\Adobe
2009-04-19 10:44 . 2009-04-19 10:44 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-19 10:44 . 2009-04-19 10:44 1409 ----a-w c:\windows\QTFont.for
2009-04-15 13:15 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-15 13:15 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-15 13:15 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-14 19:03 . 2001-09-06 09:13 73728 ----a-w c:\windows\system32\ImageServerMI.dll
2009-04-14 19:03 . 2000-06-20 09:32 392192 ----a-w c:\windows\system32\ltkrn11n.dll
2009-04-14 19:03 . 2000-06-20 09:32 262656 ----a-w c:\windows\system32\LTDIS11n.dll
2009-04-14 19:03 . 2000-06-20 09:32 127488 ----a-w c:\windows\system32\ltimg11n.dll
2009-04-14 19:03 . 2000-06-20 09:32 118784 ----a-w c:\windows\system32\ltfil11n.DLL
2009-04-04 20:33 . 2008-06-19 14:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-04-04 20:32 . 2009-04-04 20:32 -------- d-----w c:\program files\Panda Security
2009-04-04 13:57 . 2009-04-04 13:57 -------- d-----w c:\program files\AxBx
2009-04-04 10:36 . 2009-04-04 10:36 -------- d-----w c:\users\All Users\eMule
2009-04-04 10:36 . 2009-04-04 10:36 -------- d-----w c:\programdata\eMule
2009-04-04 10:36 . 2009-04-04 10:36 -------- d-----w c:\users\Patrice CATTELAIN\AppData\Local\eMule

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 16:59 . 2006-11-02 15:48 672322 ----a-w c:\windows\System32\perfh00C.dat
2009-04-26 16:59 . 2006-11-02 15:48 124434 ----a-w c:\windows\System32\perfc00C.dat
2009-04-22 20:50 . 2009-04-22 20:48 5335 ----a-w C:\UsbFix.txt
2009-04-21 20:10 . 2008-08-11 14:52 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-21 18:57 . 2008-08-13 16:14 58643 ----a-w c:\users\All Users\nvModes.dat
2009-04-21 18:57 . 2008-08-13 16:14 58643 ----a-w c:\programdata\nvModes.dat
2009-04-20 20:06 . 2007-05-18 07:26 -------- d-----w c:\program files\Broderbund
2009-04-20 20:01 . 2007-03-30 19:27 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-17 19:10 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-14 20:13 . 2008-12-22 12:09 -------- d-----w c:\users\Patrice CATTELAIN\AppData\Roaming\dvdcss
2009-04-14 18:49 . 2008-08-13 15:23 -------- d-----w c:\program files\ma-config.com
2009-04-14 18:49 . 2008-08-13 15:23 -------- d-----w c:\programdata\ma-config.com
2009-04-14 15:16 . 2008-12-17 14:54 -------- d-----w c:\users\Patrice CATTELAIN\AppData\Roaming\Canon
2009-04-11 19:28 . 2008-05-21 19:30 -------- d-----w c:\users\Patrice CATTELAIN\AppData\Roaming\gtk-2.0
2009-04-09 20:41 . 2008-10-05 07:12 -------- d-----w c:\program files\Lavasoft
2009-04-09 20:40 . 2007-05-17 20:27 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-07 03:09 . 2008-11-16 12:12 -------- d-----w c:\program files\Camfrog
2009-04-06 13:32 . 2008-08-11 14:52 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2008-08-11 14:52 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-04 22:00 . 2008-08-22 15:33 -------- d-----w c:\users\Patrice CATTELAIN\AppData\Roaming\Spyware Terminator
2009-04-04 22:00 . 2008-08-22 15:33 -------- d-----w c:\program files\Spyware Terminator
2009-04-04 19:02 . 2008-08-22 15:33 -------- d-----w c:\programdata\Spyware Terminator
2009-04-04 10:36 . 2008-01-12 08:48 -------- d-----w c:\program files\eMule
2009-04-04 09:46 . 2008-08-09 18:48 -------- d-----w c:\program files\a-squared Free
2009-03-17 14:22 . 2007-06-23 16:14 -------- d-----w c:\programdata\NVIDIA
2009-03-17 14:12 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-03-17 14:12 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-03-17 14:12 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-03-17 13:48 . 2009-03-17 13:48 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-03-17 03:38 . 2009-04-15 13:14 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-15 13:14 13824 ----a-w c:\windows\System32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 13:14 24064 ----a-w c:\windows\System32\amxread.dll
2009-03-15 21:55 . 2009-03-15 21:55 -------- d-----w c:\users\Patrice CATTELAIN\AppData\Roaming\vlc
2009-03-14 19:06 . 2007-05-17 16:17 124976 ----a-w c:\users\Patrice CATTELAIN\AppData\Local\GDIPFONTCACHEV1.DAT
2009-03-14 18:55 . 2009-03-07 20:08 -------- d-----w c:\users\Patrice CATTELAIN\AppData\Roaming\DeepBurner
2009-03-14 18:55 . 2008-02-18 19:37 -------- d-----w c:\users\Patrice CATTELAIN\AppData\Roaming\Vso
2009-03-14 18:54 . 2008-02-18 19:57 -------- d-----w c:\programdata\VSO
2009-03-14 18:54 . 2007-11-11 18:51 -------- d-----w c:\programdata\WLInstaller
2009-03-14 18:54 . 2008-02-18 19:37 -------- d-----w c:\program files\VSO
2009-03-14 18:51 . 2009-03-14 09:58 -------- d-----w c:\users\Patrice CATTELAIN\AppData\Roaming\IObit
2009-03-14 18:37 . 2007-03-30 19:34 -------- d-----w c:\program files\Common Files\Roxio Shared
2009-03-14 18:35 . 2007-03-30 19:34 -------- d-----w c:\programdata\Roxio
2009-03-14 18:21 . 2007-03-30 19:31 -------- d-----w c:\program files\Roxio
2009-03-14 09:58 . 2009-03-14 09:58 -------- d-----w c:\program files\IObit
2009-03-13 04:13 . 2008-08-09 17:31 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-11 04:23 . 2008-02-18 19:43 -------- d-----w c:\users\Patrice CATTELAIN\AppData\Roaming\CopyToDvd
2009-03-07 21:45 . 2008-02-18 19:38 47360 ----a-w c:\users\Patrice CATTELAIN\AppData\Roaming\pcouffin.sys
2009-03-07 21:40 . 2009-03-07 20:19 -------- d-----w c:\program files\AVS4YOU
2009-03-07 21:38 . 2009-03-07 20:19 -------- d-----w c:\program files\Common Files\AVSMedia
2009-03-07 21:00 . 2009-03-07 21:00 -------- d-----w c:\program files\CDBurnerXP
2009-03-07 20:59 . 2009-03-07 20:36 -------- d-----w c:\program files\SlySoft
2009-03-07 20:49 . 2007-07-07 11:59 -------- d-----w c:\program files\Canon
2009-03-07 20:45 . 2009-03-07 20:07 -------- d-----w c:\program files\Astonsoft
2009-03-07 20:43 . 2009-03-07 20:43 -------- d-----w c:\users\Patrice CATTELAIN\AppData\Roaming\ImgBurn
2009-03-07 20:19 . 2009-03-07 20:19 -------- d-----w c:\users\Patrice CATTELAIN\AppData\Roaming\AVS4YOU
2009-03-07 20:19 . 2009-03-07 20:19 -------- d-----w c:\programdata\AVS4YOU
2009-03-07 09:20 . 2009-02-20 17:12 -------- d-----w c:\program files\FlySim
2009-03-03 04:46 . 2009-04-15 13:14 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 13:14 3547632 ----a-w c:\windows\System32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 13:14 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:39 . 2009-04-15 13:14 183296 ----a-w c:\windows\System32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 13:14 551424 ----a-w c:\windows\System32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 13:14 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 13:14 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 04:37 . 2009-04-15 13:14 98304 ----a-w c:\windows\System32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 13:14 54784 ----a-w c:\windows\System32\iasads.dll
2009-03-03 04:37 . 2009-04-15 13:14 44032 ----a-w c:\windows\System32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 13:14 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 13:14 17408 ----a-w c:\windows\System32\iashost.exe
2009-03-03 02:28 . 2009-04-15 13:14 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-02-26 20:10 . 2009-02-26 20:10 -------- d-----w c:\program files\MSECache
2009-02-26 15:42 . 2008-03-23 20:02 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-13 08:49 . 2009-04-15 13:14 72704 ----a-w c:\windows\System32\secur32.dll
2009-02-13 08:49 . 2009-04-15 13:14 1255936 ----a-w c:\windows\System32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 13:49 2033152 ----a-w c:\windows\System32\win32k.sys
2008-08-19 15:44 . 2007-07-16 20:07 1356 ----a-w c:\users\Patrice CATTELAIN\AppData\Local\d3d9caps.dat
2008-08-13 15:37 . 2007-05-17 22:02 42614 ----a-w c:\users\Patrice CATTELAIN\AppData\Roaming\nvModes.dat
2008-06-08 13:00 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-06-01 12:25 . 2007-05-17 16:34 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-06-01 12:25 . 2007-05-17 16:34 32768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-06-01 12:25 . 2007-05-17 16:34 16384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-05-17 17:55 . 2007-05-17 17:55 22 --sha-w c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Reminder.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe"
"Windows Mobile-based device management"=%windir%\WindowsMobile\wmdSync.exe
"QlbCtrl"=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"NvSvc"=RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
"Windows Mobile Device Center"=%windir%\WindowsMobile\wmdc.exe
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"hpqSRMon"=c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
"SynTPStart"=c:\program files\Synaptics\SynTP\SynTPStart.exe
"QuickTime Task"="c:\program files\VistaCodecPack\QT\QTTask.exe" -atboottime
"SearchSettings"=c:\program files\Search Settings\SearchSettings.exe
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C9B6F417-7761-44CE-A47C-45B4240A9633}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP
"{F55086F8-694A-4D99-AF63-CE85F7453597}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP
"{84C7C124-3640-4D2F-8E08-7D92190CCCD0}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{2CDB575A-BB49-4297-9402-142980BFCB22}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{53233B06-78DC-4722-9108-5569613A8623}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{63C2D9EF-133A-4C1C-95C6-9304577D56CB}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{6DC26ECC-9734-4AD3-9933-AB6B3D7CF1C1}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"TCP Query User{05C18B2D-CD80-4FF6-BD63-A8CE77FAF8C0}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{590B4F77-AB4C-4AEC-802E-4A219F2FBA2C}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{FC96EBDB-5F28-4868-8167-5746561F464F}"= Profile=Public|c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{360C625E-516D-45CD-B89A-8CBCEC16FECD}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{F7A59330-DFEE-4562-A841-DB1B635B5038}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{12A824BC-DA4D-46DC-9403-C87E2BEA2A7A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D1C2E248-743F-4DB6-822E-E3D9A2652AC2}"= Disabled:UDP:c:\program files\Magentic\bin\MgImp.exe:Magentic
"{B77A9846-ED5B-43EC-8D83-171AD8EB5226}"= Disabled:TCP:c:\program files\Magentic\bin\MgImp.exe:Magentic
"{C119F17D-8922-4D99-8CB1-062D833FB6A1}"= UDP:7561:Emule
"{09C3E9A3-00D6-4FE9-A340-F1879169CAD3}"= TCP:7571:Emule
"{D5375414-E962-4876-8FB5-6593D7B9300C}"= UDP:c:\program files\eMule\LinkCreator.exe:LinkCreator
"{624D5F69-0032-4F5F-A84A-F1DC5A682BDD}"= TCP:c:\program files\eMule\LinkCreator.exe:LinkCreator
"{4D5BB31D-76B3-4F9A-B9CE-6350D82780C6}"= Profile=Public|c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{061B7A97-86E2-4E07-ADEB-82DCFE8E1E13}"= Disabled:UDP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{C513272A-AF58-4B8E-B6FD-FE43125E2A9A}"= Disabled:TCP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{6A0B94B0-D49F-4B33-8748-DF00C63C2208}"= Disabled:UDP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"{522F3C43-9D9E-4408-B94F-D3FBE04652F2}"= Disabled:TCP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"{FA3E0D10-2B34-497A-A07E-B08417F10E25}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{9EAEA96F-88BC-4B1E-88C8-C3BB392AE96E}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"TCP Query User{FFAE9EC9-7AF7-4B19-8860-3CB9F5C41A43}c:\\program files\\internet explorer\\iexplore.exe"= Disabled:UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{1E96C663-AD73-45AF-AD07-ED22C4577A86}c:\\program files\\internet explorer\\iexplore.exe"= Disabled:TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{0B4A232B-9FDC-495F-A86B-42251FDA5838}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{0026EA45-17C4-4608-9827-F5CD9ED7CDD3}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{ACBA6E56-154A-4A53-ABC0-75D222F6259A}"= UDP:7654:emule
"{A1EAE5F2-EB43-4834-883C-DDB00D8BBCDA}"= TCP:7664:emule
"{150CC937-3236-4C2E-9D3C-40CB8FBED7BD}"= UDP:c:\program files\VideoLAN\VLC\vlc.exe:VLC media player
"{78C2C61A-875C-44B1-B354-98D60D9B10D4}"= TCP:c:\program files\VideoLAN\VLC\vlc.exe:VLC media player
"{48C19A80-A478-4B45-B624-7043A5302123}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{674641B3-1645-41A6-8ADE-361D370122E4}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"TCP Query User{B647D21D-6F53-44CE-99F8-C9B1272CDE82}c:\\users\\patrice cattelain\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= UDP:c:\users\patrice cattelain\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"UDP Query User{16042AA3-22E4-409E-B1B7-F64809CCCBD1}c:\\users\\patrice cattelain\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= TCP:c:\users\patrice cattelain\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"TCP Query User{8BE286D5-9832-41D0-A639-282C64BC1E62}c:\\users\\patrice cattelain\\appdata\\local\\temp\\wzse1.tmp\\symnrt.exe"= Disabled:UDP:c:\users\patrice cattelain\appdata\local\temp\wzse1.tmp\symnrt.exe:symnrt.exe
"UDP Query User{875E7C30-510B-429E-B2DF-3419C1BC3056}c:\\users\\patrice cattelain\\appdata\\local\\temp\\wzse1.tmp\\symnrt.exe"= Disabled:TCP:c:\users\patrice cattelain\appdata\local\temp\wzse1.tmp\symnrt.exe:symnrt.exe
"{3583B704-D2F3-450B-8AC2-12CFA718A174}"= Disabled:c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{809D1EA0-471D-4578-B9A0-7AF1FA44209C}"= Disabled:c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{A885EB89-8EA5-4AB1-9E67-0615AC5B1425}c:\\kaspersky\\kavupd.exe"= UDP:c:\kaspersky\kavupd.exe:kavupd
"UDP Query User{DB353537-70A2-4E67-93A5-68C8CB722112}c:\\kaspersky\\kavupd.exe"= TCP:c:\kaspersky\kavupd.exe:kavupd
"{1EA9C9E7-6A9A-4455-869A-2510B73B5C0E}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{DDD4E00B-0F0B-4D9E-B6CC-7C0A6338B21F}"= UDP:c:\program files\DigitalPeers\CamTrack\camtrack.exe:CamTrack
"{4948F906-CCA1-4731-8516-F5F07539748B}"= TCP:c:\program files\DigitalPeers\CamTrack\camtrack.exe:CamTrack
"TCP Query User{617953A5-9572-41BF-B068-3943F6FC9FEE}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{46813DE8-A7A3-415A-941D-E9FF7C2CDA95}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{76B1F85F-CB73-4879-93E1-4A3556F4FE46}c:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= Disabled:UDP:c:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module
"UDP Query User{7AD8FED9-E368-42C2-AC22-DF29EE82E9E9}c:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= Disabled:TCP:c:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module
"{691390A0-0A44-46EA-B606-028CDAE7010A}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{979B6A34-3DF2-41FA-BEBF-38EA763B25AB}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{65F39B3F-8662-4B99-B169-AF4B3A3C54C8}"= UDP:c:\program files\Neuf\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player Neuf Cegetel)
"{D4DC68AC-0B56-4A8A-82DD-30897B1D6532}"= TCP:c:\program files\Neuf\Media Center\httpd\httpd.exe:Serveur de partage Media Center (Player Neuf Cegetel)
"{D1BF41F5-D2EA-4751-80D6-0DF9D95A40D7}"= UDP:c:\users\Patrice CATTELAIN\AppData\Local\Temp\7zSEF1F.tmp\SymNRT.exe:Norton Removal Tool
"{0FD0E637-58FD-4D98-B327-E34650995917}"= TCP:c:\users\Patrice CATTELAIN\AppData\Local\Temp\7zSEF1F.tmp\SymNRT.exe:Norton Removal Tool

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2006-12-22 449536]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-03-15 216232]
R3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\Ndisprot.sys [2008-11-16 29192]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S1 aswSP;avast! Self Protection; [x]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-08-22 141312]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34fc7f1a-e7f1-11dd-9e90-001b2411089a}]
\shell\Setup\command - setup.exe
.
Contenu du dossier 'Tâches planifiées'

2009-04-26 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-03-14 13:45]

2009-04-26 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-11-25 16:58]

2009-03-27 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 22:10]

2009-04-26 c:\windows\Tasks\User_Feed_Synchronization-{E13781E9-93B2-4E5F-94EC-BC5DC80725B4}.job
- c:\windows\system32\msfeedssync.exe [2008-06-06 07:33]
.
.
------- Examen supplémentaire -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
Trusted Zone: secuser.com\www
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\Patrice CATTELAIN\AppData\Roaming\Mozilla\Firefox\Profiles\wxfviclq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.neufportail.fr/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60076&qkw=
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\VistaCodecPack\QT\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\Patrice CATTELAIN\AppData\Roaming\Mozilla\Firefox\Profiles\wxfviclq.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\users\Patrice CATTELAIN\AppData\Roaming\Mozilla\Firefox\Profiles\wxfviclq.default\extensions\OberonGameHost@OberonGames.com\platform\WINNT_x86-msvc\plugins\npOberonGameHost.dll

---- PARAMETRES FIREFOX ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-26 19:11
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000003d
.
Heure de fin: 2009-04-26 19:14
ComboFix-quarantined-files.txt 2009-04-26 17:14

Avant-CF: 58 160 455 680 octets libres
Après-CF: 58 167 562 240 octets libres

319 --- E O F --- 2009-04-26 17:00

Réponse 7 / 9

Utilisateur anonyme

Re....
On continue..
- Télécharges OTMoveIt3 (de Old_Timer) sur ton Bureau.

http://download.bleepingcomputer.com/oldtimer/OTMoveIt3.exe

! Déconnectes toi et fermes toute tes applications en cours !

Double cliques sur "OTMoveIt3.exe" pour ouvrir le prg .
Puis copies ce qui se trouve en citation ci-dessous:

:Processes
explorer.exe

:Services

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RavAV"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}]

:Files
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
c:\program files\Search Settings\SearchSettings.exe
C:\Windows\AdobeR.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

et colles le dans le cadre de gauche de OTMoveIt3 :
Paste Instructions for items to be moved.
(ne touche à rien d'autre !)

-> cliques sur MoveIt! pour lancer la suppression.
-> laisses travailler l'outil ...

( Note : ton bureau va disparaitre puis réapparaitre, c'est normal .)

-> une fois finis , un petite fenêtre s'ouvre : cliques sur " Yes " .

Ton PC va redémarrer de lui même ...

-->Postes le contenu du rapport qui se trouve dans le dossier "C:\_OTMoveIt\MovedFiles"

ENSUITE

Un nouveau rapport RSIT...

a+

pat

Ok

voici le rapport OTMovelt3

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RavAV not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}\\ not found.
========== FILES ==========
File/Folder C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll not found.
File/Folder c:\program files\Search Settings\SearchSettings.exe not found.
File/Folder C:\Windows\AdobeR.exe not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04262009_200155

Files moved on Reboot...
File C:\Windows\temp\_avast4_\Webshlock.txt not found!

Et le rapport RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Patrice CATTELAIN at 2009-04-26 20:10:15
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 55 GB (38%) free of 147 GB
Total RAM: 2046 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:10:41, on 26/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\notepad.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Patrice CATTELAIN\Desktop\RSIT.exe
C:\Users\Patrice CATTELAIN\Desktop\Patrice CATTELAIN.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O13 - Gopher Prefix:
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Réponse 8 / 9

Utilisateur anonyme

Donnes des nouvelles du pc stp?
A+

pat

Il se porte beaucoup mieux, moins lent à ouvrir les fenêtres.

Peux tu me dire ce que c'était?

Réponse 9 / 9

Utilisateur anonyme

Pour finir: desinstaller les outils utilisés

Telecharge ToolsCleaner2--> http://pc-system.fr/
-Une fois téléchargé, installe-le et lance-le
-Clique sur Recherche et laisse le scan se terminer
-Clique sur SUPPRESSION

puis

---> Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

* Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
* Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs tant de fois qu il en trouve a l analyse(Sauvegarde la base de registre).
* Décoche la case plus vieux que 48 h

---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger :
http://www.infos-du-net.com/forum/272480-11-desactiver-activer-restauration-systeme

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
https://www.vulgarisation-informatique.com/creer-point-restauration.php

a+

pat

Voila j'ai passé ToolsCleaner2 et CCleaner
également purgé restauration du système et créer un autre...

Que doit je faire maintenant?

Utilisateur anonyme > pat

Eh bien ...Surfer a ta guise....
PS:tes problèmes etaient liés à search settings....

a+

pat > Utilisateur anonyme

Merci beaucoup archet9 pour ton professionnalisme et ta patience...
Grace à toi je retrouve un PC comme avant...

Encore merci et bonne soirée

@+

Ps : faut-il faire quelque chose pour signaler que mon problème est résolu?

Discussions similaires

Softonic,est-ce un virus ?

Désinstaller Softonic

virus Artemis!

Message Apple virus !!

Erreur 0x800700E1

Suis infecté par un virus?

9 réponses

Votre réponse

Discussions similaires

Newsletters