Virus Travaillez plus - Besoin d'aide

Question

Bonjour,


  Voilà, ça fait un moment que mon PC subit les effets du virus travaillez plus, et ça ralentit pas mal ma machine. Je voulais savoir si qqun qui s'y connait pouvait m'aider à le retirer svp.


  En réalité, j'ai deux ordis touchés par ce virus, dont un professionnel et qui risque de contaminer mes contacts.


J'attends vos réponses,


Merci d'avance


Coklin

gen-hackman · Accepted Answer

ouep...mais j'aurais voulu retablir certaines valeurs de secu , les host s'il y a lieu et avoir un aprecu des fichiers cachés avant

gen-hackman · Answer

salut :


Télécharge SDFix sur ton bureau : 
ici :SDFix 
ou ici SDFix 
ou ici SDFix 

--> Double-clique sur SDFix.exe et choisis "Install" . 

Tuto 

Puis une fois l'installe faite , 

Impératif : Démarrer en mode sans echec . 

/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\ 

Comment aller en Mode sans échec : 
1) Redémarre ton ordi . 
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" . 
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage . 
4) Choisis la première option : Sans Échec , et valide en tapant sur [Entrée] . 
5) Choisis ton compte habituel ( et pas Administrateur ). 
attention : pas de connexion possible en mode sans échec , donc copie ou imprime bien la manipe pour éviter les erreurs ... 


Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double-clique sur RunThis.bat pour lancer l'outil . 
-->Tapes Y pour lancer le script ... 
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc : 
presses une touche pour redémarrer quand il te le sera demandé . 

Le PC va mettre du temps avant de démarrer ( c'est normal ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche . 

Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier 
C:\SDFix sous le nom "Report.txt". 

Poste ce dernier dans ta prochaine réponse

Si SDfix ne se lance pas (ça arrive!) 

* Démarrer->Exécuter 

* Copie/colle ceci : 

%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe 

* Clique sur ok, et valide. 

* Redémarre et essaye de nouveau de lancer SDfix.

chimay8 · Answer

sdfix?

usbfix,non?

chimay8 · Answer

ouais!

bonne initiative!

coklin · Answer

Re Gen-Hackman,


Voici le rapport de SDFix: 


[b]SDFix: Version 1.240 [/b]
Run by Julie CHAPON on 30/04/2009 at 13:48

Microsoft Windows XP [version 5.1.2600]
Running From: C:\Documents and Settings\Julie CHAPON\Bureau\Antivirus\SDFix\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]: 

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:
 


                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-30 14:26:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL France"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\Julie CHAPON\Bureau\Logiciels\LimeWire\LimeWire.exe"="C:\Documents and Settings\Julie CHAPON\Bureau\Logiciels\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\River Past\Video Cleaner\VideoCleaner.exe"="C:\Program Files\River Past\Video Cleaner\VideoCleaner.exe:*:Enabled:River Past Video Cleaner"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Documents and Settings\Julie CHAPON\Bureau\Logiciels\Bit Torrent\BitTorrent\bittorrent.exe"="C:\Documents and Settings\Julie CHAPON\Bureau\Logiciels\Bit Torrent\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\WINDOWS\system32\Ati2evxx.exe"="C:\WINDOWS\system32\Ati2evxx.exe:*:Enabled:ENABLE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Mon  2 Oct 2006         4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 16 Jun 2008       105,984 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\~WRL0002.tmp"
Sat  9 Aug 2008        21,504 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\~WRL0022.tmp"
Sat  9 Aug 2008        21,504 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\~WRL0747.tmp"
Sat  9 Aug 2008        21,504 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\~WRL1215.tmp"
Sat  9 Aug 2008       105,472 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\~WRL1500.tmp"
Sat  9 Aug 2008        36,352 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\~WRL1589.tmp"
Tue  5 Aug 2008        23,552 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\~WRL1881.tmp"
Mon 16 Jun 2008       107,008 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\~WRL2476.tmp"
Sun 15 Jun 2008        26,112 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\~WRL2909.tmp"
Sat  9 Aug 2008        23,552 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\~WRL3233.tmp"
Sat  9 Aug 2008        37,888 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\~WRL3542.tmp"
Mon 16 Jun 2008       187,904 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\~WRL3760.tmp"
Mon  9 Jul 2007        27,136 ...H. --- "C:\Documents and Settings\Julie CHAPON\Mes documents\~WRL0004.tmp"
Thu 11 Oct 2007     1,401,856 ...H. --- "C:\Documents and Settings\Julie CHAPON\Mes documents\~WRL0754.tmp"
Tue  5 Aug 2008        21,504 ...H. --- "C:\Documents and Settings\Julie CHAPON\Mes documents\~WRL1982.tmp"
Thu 23 Oct 2008        53,760 ...H. --- "C:\Documents and Settings\Julie CHAPON\Mes documents\~WRL2088.tmp"
Tue  5 Aug 2008        20,480 ...H. --- "C:\Documents and Settings\Julie CHAPON\Mes documents\~WRL2501.tmp"
Wed 10 Oct 2007     1,361,408 ...H. --- "C:\Documents and Settings\Julie CHAPON\Mes documents\~WRL2879.tmp"
Fri  3 Apr 2009     9,942,520 A..H. --- "C:\Program Files\Google\Picasa3\setup.exe"
Sat  3 Feb 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 19 Nov 2008        24,064 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Fotomas\~WRL0754.tmp"
Sat  8 Nov 2008        29,696 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Stages\~WRL0347.tmp"
Sat  8 Nov 2008        29,696 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Stages\~WRL0584.tmp"
Sun  2 Nov 2008        28,672 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Stages\~WRL0673.tmp"
Sat  8 Nov 2008        29,184 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Stages\~WRL0805.tmp"
Sat  8 Nov 2008        29,696 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Stages\~WRL1249.tmp"
Sat  8 Nov 2008        30,208 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Stages\~WRL1436.tmp"
Fri 11 Aug 2006        23,040 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Stages\~WRL2954.tmp"
Sat  8 Nov 2008        29,696 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Stages\~WRL3321.tmp"
Sat  8 Nov 2008        29,696 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Stages\~WRL3429.tmp"
Sat  8 Nov 2008        29,696 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Stages\~WRL3438.tmp"
Mon 12 Feb 2007     3,096,576 A..H. --- "C:\Documents and Settings\Julie CHAPON\Application Data\U3	emp\Launchpad Removal.exe"
Wed 29 Apr 2009        32,256 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T6\~WRL0650.tmp"
Wed 29 Apr 2009        32,256 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T6\~WRL0960.tmp"
Wed 29 Apr 2009        32,768 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T6\~WRL0962.tmp"
Tue 28 Apr 2009        25,088 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T6\~WRL1418.tmp"
Wed 29 Apr 2009        28,672 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T6\~WRL1458.tmp"
Wed 29 Apr 2009        31,744 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T6\~WRL2226.tmp"
Tue 28 Apr 2009        25,088 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T6\~WRL2733.tmp"
Wed 29 Apr 2009        32,256 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T6\~WRL2956.tmp"
Wed 29 Apr 2009        32,256 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T6\~WRL3581.tmp"
Mon  4 Dec 2006        31,232 A..H. --- "C:\Documents and Settings\Julie CHAPON\Mes documents\AEH\Colles\~WRL0130.tmp"
Mon  4 Dec 2006        20,992 A..H. --- "C:\Documents and Settings\Julie CHAPON\Mes documents\AEH\Colles\~WRL0859.tmp"
Mon  4 Dec 2006        30,208 A..H. --- "C:\Documents and Settings\Julie CHAPON\Mes documents\AEH\Colles\~WRL1208.tmp"
Mon  4 Dec 2006        25,600 A..H. --- "C:\Documents and Settings\Julie CHAPON\Mes documents\AEH\Colles\~WRL2035.tmp"
Mon  4 Dec 2006        24,064 A..H. --- "C:\Documents and Settings\Julie CHAPON\Mes documents\AEH\Colles\~WRL2337.tmp"
Mon  4 Dec 2006        28,160 A..H. --- "C:\Documents and Settings\Julie CHAPON\Mes documents\AEH\Colles\~WRL3413.tmp"
Mon  4 Dec 2006        30,720 A..H. --- "C:\Documents and Settings\Julie CHAPON\Mes documents\AEH\Colles\~WRL3465.tmp"
Mon  4 Dec 2006        24,576 A..H. --- "C:\Documents and Settings\Julie CHAPON\Mes documents\AEH\Colles\~WRL3600.tmp"
Mon  4 Dec 2006        26,624 A..H. --- "C:\Documents and Settings\Julie CHAPON\Mes documents\AEH\Colles\~WRL3611.tmp"
Fri  8 Dec 2006       102,400 A..H. --- "C:\Documents and Settings\Julie CHAPON\Mes documents\AEH\Fiches livres\~WRL0609.tmp"
Sun 10 Dec 2006       104,960 A..H. --- "C:\Documents and Settings\Julie CHAPON\Mes documents\AEH\Fiches livres\~WRL2659.tmp"
Mon  2 Oct 2006         4,348 ...H. --- "C:\Documents and Settings\Julie CHAPON\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Mon  4 Dec 2006            20 A..H. --- "C:\Documents and Settings\Julie CHAPON\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Tue 15 Aug 2006           312 A.SH. --- "C:\Documents and Settings\Julie CHAPON\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Sun  8 Mar 2009        36,352 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T5\Compta\~WRL0067.tmp"
Sun  8 Mar 2009        36,352 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T5\Compta\~WRL0651.tmp"
Mon  9 Mar 2009        36,352 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T5\Compta\~WRL0965.tmp"
Mon  9 Mar 2009        36,864 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T5\Compta\~WRL1420.tmp"
Sun  8 Mar 2009        35,840 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T5\Compta\~WRL2058.tmp"
Sun  8 Mar 2009        35,328 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T5\Compta\~WRL2489.tmp"
Sun  8 Mar 2009        27,648 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T5\Compta\~WRL2783.tmp"
Sun  8 Mar 2009        29,184 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T5\Compta\~WRL3978.tmp"
Sat 28 Feb 2009        31,232 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T5\Espagnol\~WRL1780.tmp"
Mon  2 Mar 2009        35,840 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T5\Espagnol\~WRL3828.tmp"
Mon  2 Mar 2009        28,672 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T5\Strat‚gie\~WRL0015.tmp"
Mon  2 Mar 2009        28,672 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T5\Strat‚gie\~WRL0376.tmp"
Mon  2 Mar 2009        25,088 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T5\Strat‚gie\~WRL0467.tmp"
Mon  2 Mar 2009        26,112 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T5\Strat‚gie\~WRL0793.tmp"
Mon  2 Mar 2009        27,136 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T5\Strat‚gie\~WRL2235.tmp"
Mon  2 Mar 2009        29,184 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T5\Strat‚gie\~WRL3298.tmp"
Mon  2 Mar 2009        24,064 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T5\Strat‚gie\~WRL4027.tmp"
Sun 12 Apr 2009        24,576 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T6\Espagnol\~WRL0668.tmp"
Sun 12 Apr 2009        26,624 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T6\Espagnol\~WRL1269.tmp"
Sun 12 Apr 2009        28,160 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T6\Espagnol\~WRL1342.tmp"
Sun 12 Apr 2009        25,600 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T6\Espagnol\~WRL1476.tmp"
Sun 12 Apr 2009        24,064 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T6\Espagnol\~WRL2527.tmp"
Sun 12 Apr 2009        25,600 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T6\Espagnol\~WRL3401.tmp"
Sun 12 Apr 2009        24,576 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T6\Espagnol\~WRL3498.tmp"
Sun 12 Apr 2009        28,160 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T6\Espagnol\~WRL3523.tmp"
Sun 12 Apr 2009        25,088 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T6\Espagnol\~WRL3729.tmp"
Sun 12 Apr 2009        26,112 ...H. --- "C:\Documents and Settings\Julie CHAPON\Bureau\Cours 2Šme ann‚e\T6\Espagnol\~WRL3752.tmp"

[b]Finished![/b]


J'attends ta réponse pour la suite

@+

gen-hackman · Answer

ok maintenant :

######## | XP _ Instal & recherche | #######


Telecharge et install UsbFix (de C_XX & Chiquitine29)

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau .

# Choisi l option 1 ( Recherche )

# Laisse travailler l outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra.

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) 

# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
          Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
          Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

coklin · Answer

Voici le résultat de la recherche:


############################## [ UsbFix V3.014 ]

# User : Julie CHAPON (Administrateurs) # JULIE
# Update on 27/04/09 by C_XX & Chiquitine29
# Start at: 15:02:22 | 30/04/2009

# Mobile AMD Sempron(tm) Processor 3000+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled
# AV : Bitdefender Antivirus 8.0 [ (!) Disabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ]
# FW : Bitdefender Firewall[ (!) Disabled ]8.0

# C:\ # Disque fixe local # 37,25 Go (2,93 Go free) # NTFS
# D:\ # Disque CD-ROM
# F:\ # Disque fixe local # 149,01 Go (1,21 Go free) [WD Passport] # FAT32

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\3M\PostIt\PsnLite.exe
C:\PROGRA~1\3M\PostIt\PSNGive.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [  Registre # Startup ]

HKCU_Main:  "Local Page"="C:\WINDOWS\system32\blank.htm" 
HKCU_Main:  "Search Page"="https://www.google.com/?gws_rd=ssl" 
HKCU_Main:  "Start Page"="Travaillez plus.com" 
HKCU_Main:  "Window Title"="Au travail !Arrˆtez de surfer!" 
HKLM_logon: "Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\antinul.vbe," 
HKLM_logon: "DefaultUserName"="Julie CHAPON" 
HKLM_logon: "AltDefaultUserName"="Julie CHAPON" 
HKLM_logon: "LegalNoticeCaption"="" 
HKLM_logon: "LegalNoticeText"="" 
HKLM_Run:    ATIPTA="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" 
HKLM_Run:    SunJavaUpdateSched=C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe 
HKLM_Run:    HP Software Update=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe 
HKLM_Run:    SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 
HKLM_Run:    hpWirelessAssistant=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe 
HKLM_Run:    LSBWatcher=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe 
HKLM_Run:    eabconfg.cpl=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start 
HKLM_Run:    Cpqset=C:\Program Files\HPQ\Default Settings\cpqset.exe 
HKLM_Run:    REGSHAVE=C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN 
HKLM_Run:    WinampAgent=C:\Program Files\Winamp\winampa.exe 
HKLM_Run:    iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe" 
HKLM_Run:    Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup 
HKLM_Run:    avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min 
HKLM_Run:    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents= 
HKCU_Run:    CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe  
HKCU_Run:    MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background  
HKCU_Run:    BitTorrent DNA="C:\Program Files\DNA\btdna.exe"  
HKCU_Run:    HKEY_CURRENT_USER\software\microsoft\windows\currentversionun\AdobeUpdater=  

################## [ Informations ]


################## [ Fichiers # Dossiers infectieux ]

Found ! F:\autorun.inf  

################## [ Registre # Clés Run infectieuses ]


################## [ Registre # Mountpoints2 ]

HKCU\Software\Microsoft\....\MountPoints2\{04295e2c-8f8f-11dc-b1a4-0014a577e283}\Shell\Auto\command  
HKCU\Software\Microsoft\....\MountPoints2\{04295e2c-8f8f-11dc-b1a4-0014a577e283}\Shell\AutoRun\command  
HKCU\Software\Microsoft\....\MountPoints2\{44424188-3818-11db-b036-0014a577e283}\Shell\AutoRun\command  
HKCU\Software\Microsoft\....\MountPoints2\{44424188-3818-11db-b036-0014a577e283}\Shell\open\Command  
HKCU\Software\Microsoft\....\MountPoints2\{4c7209ec-ca81-11dc-b23c-0014a577e283}\Shell\AutoRun\command  
HKCU\Software\Microsoft\....\MountPoints2\{6921f4f4-949c-11dd-b2ed-0014a577e283}\Shell\AutoRun\command  
HKCU\Software\Microsoft\....\MountPoints2\{95c03e1e-4643-11db-b04d-0014a577e283}\Shell\Auto\command  
HKCU\Software\Microsoft\....\MountPoints2\{95c03e1e-4643-11db-b04d-0014a577e283}\Shell\AutoRun\command  
HKCU\Software\Microsoft\....\MountPoints2\{95c03e1e-4643-11db-b04d-0014a577e283}\Shell\explore\Command  
HKCU\Software\Microsoft\....\MountPoints2\{95c03e1e-4643-11db-b04d-0014a577e283}\Shell\open\Command  
HKCU\Software\Microsoft\....\MountPoints2\{e7419844-ae64-11dd-b2f6-0014a577e283}\Shell\AutoRun\command  
HKCU\Software\Microsoft\....\MountPoints2\{f2f3ba86-f9e1-11dd-b325-0014a577e283}\Shell\AutoRun\command  

################## [ ! Fin du rapport # UsbFix V3.014 ! ] 


Juste pour te prévenir que je pars vers 16h30 de chez moi et je ne reviendrai que lundi.

Ca ne te dérange pas si une fois parti on reprend la semaine prochaine?

A tout de suite

Coklin

gen-hackman · Answer

pas de soucis :


######## | Suppression | ########

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir

# Double clic sur le raccourci UsbFix présent sur ton bureau

# choisi l option 2 ( Suppression )

# Ton bureau disparaitra et le pc redémarrera .

# Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.

# Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) 


######### | Désinstallation | #######


# Double clic sur le raccourci UsbFix présent sur ton bureau

# Choisi l option Désinstaller  ....

coklin · Answer

############################## [ UsbFix V3.014 ]

# User : Julie CHAPON (Administrateurs) # JULIE
# Update on 27/04/09 by C_XX & Chiquitine29
# Start at: 15:18:18 | 30/04/2009

# Mobile AMD Sempron(tm) Processor 3000+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled
# AV : Bitdefender Antivirus 8.0 [ (!) Disabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ]
# FW : Bitdefender Firewall[ (!) Disabled ]8.0

# C:\ # Disque fixe local # 37,25 Go (2,93 Go free) # NTFS
# D:\ # Disque CD-ROM
# F:\ # Disque fixe local # 149,01 Go (1,21 Go free) [WD Passport] # FAT32

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe

################## [ Fichiers # Dossiers infectieux ]

Deleted ! F:\autorun.inf    

################## [ Registre # Clés Run infectieuses ]


################## [ Registre # Mountpoints2 ]

Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{04295e2c-8f8f-11dc-b1a4-0014a577e283}\Shell\Auto\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{04295e2c-8f8f-11dc-b1a4-0014a577e283}\Shell\AutoRun\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{44424188-3818-11db-b036-0014a577e283}\Shell\AutoRun\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{44424188-3818-11db-b036-0014a577e283}\Shell\open\Command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{4c7209ec-ca81-11dc-b23c-0014a577e283}\Shell\AutoRun\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{6921f4f4-949c-11dd-b2ed-0014a577e283}\Shell\AutoRun\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{95c03e1e-4643-11db-b04d-0014a577e283}\Shell\Auto\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{95c03e1e-4643-11db-b04d-0014a577e283}\Shell\AutoRun\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{95c03e1e-4643-11db-b04d-0014a577e283}\Shell\explore\Command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{95c03e1e-4643-11db-b04d-0014a577e283}\Shell\open\Command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{e7419844-ae64-11dd-b2f6-0014a577e283}\Shell\AutoRun\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{f2f3ba86-f9e1-11dd-b325-0014a577e283}\Shell\AutoRun\command   

################## [ Listing des fichiers présent ]

[17/08/2006 23:07|--a--c---|0] - C:\AdobeDebug.txt
[08/07/2006 08:10|-rahsc---|216] - C:\boot.ini
[05/08/2004 10:00|-rahsc---|4952] - C:\Bootfont.bin
[06/03/2007 23:29|--a--c---|184] - C:\drwtsn32.log
[?|?|?] - C:\hiberfil.sys
[30/04/2009 14:54|--a--c---|146661] - C:\hpfr5550.log
[09/07/2006 09:45|-rahsc---|0] - C:\IO.SYS
[15/06/2008 18:26|--a--c---|37376] - C:\Monoprix.doc
[09/07/2006 09:45|-rahsc---|0] - C:\MSDOS.SYS
[05/08/2004 10:00|-rahs----|47564] - C:
tdetect.com
[06/01/2009 13:02|-rahs----|252240] - C:
tldr
[?|?|?] - C:\pagefile.sys
[14/09/2006 22:00|--ah-c---|268] - C:\sqmdata00.sqm
[03/11/2006 19:35|--ah-c---|232] - C:\sqmdata01.sqm
[04/11/2006 13:38|--ah-c---|232] - C:\sqmdata02.sqm
[03/02/2007 15:14|--ah-c---|232] - C:\sqmdata03.sqm
[11/02/2007 00:07|--ah-c---|268] - C:\sqmdata04.sqm
[11/02/2007 00:52|--ah-c---|268] - C:\sqmdata05.sqm
[09/09/2008 19:24|--ah-c---|268] - C:\sqmdata06.sqm
[04/08/2008 19:48|--ah-c---|232] - C:\sqmdata07.sqm
[05/08/2008 20:51|--ah-c---|268] - C:\sqmdata08.sqm
[15/12/2008 20:25|--ah-c---|268] - C:\sqmdata09.sqm
[04/01/2009 23:25|--ah-c---|268] - C:\sqmdata10.sqm
[27/01/2009 11:43|--ah-c---|268] - C:\sqmdata11.sqm
[27/01/2009 15:16|--ah-c---|268] - C:\sqmdata12.sqm
[28/02/2009 13:03|--ah-c---|268] - C:\sqmdata13.sqm
[04/02/2009 01:56|--ah-c---|268] - C:\sqmdata14.sqm
[30/04/2009 00:02|--ah-c---|268] - C:\sqmdata15.sqm
[30/04/2009 13:32|--ah-c---|268] - C:\sqmdata16.sqm
[14/09/2006 22:00|--ah-c---|244] - C:\sqmnoopt00.sqm
[03/11/2006 19:35|--ah-c---|244] - C:\sqmnoopt01.sqm
[04/11/2006 13:38|--ah-c---|244] - C:\sqmnoopt02.sqm
[03/02/2007 15:14|--ah-c---|244] - C:\sqmnoopt03.sqm
[11/02/2007 00:07|--ah-c---|244] - C:\sqmnoopt04.sqm
[11/02/2007 00:52|--ah-c---|244] - C:\sqmnoopt05.sqm
[09/09/2008 19:24|--ah-c---|244] - C:\sqmnoopt06.sqm
[04/08/2008 19:48|--ah-c---|244] - C:\sqmnoopt07.sqm
[05/08/2008 20:51|--ah-c---|244] - C:\sqmnoopt08.sqm
[15/12/2008 20:25|--ah-c---|244] - C:\sqmnoopt09.sqm
[04/01/2009 23:25|--ah-c---|244] - C:\sqmnoopt10.sqm
[27/01/2009 11:43|--ah-c---|244] - C:\sqmnoopt11.sqm
[27/01/2009 15:16|--ah-c---|244] - C:\sqmnoopt12.sqm
[28/02/2009 13:03|--ah-c---|244] - C:\sqmnoopt13.sqm
[04/02/2009 01:56|--ah-c---|244] - C:\sqmnoopt14.sqm
[30/04/2009 00:02|--ah-c---|244] - C:\sqmnoopt15.sqm
[30/04/2009 13:32|--ah-c---|244] - C:\sqmnoopt16.sqm
[30/04/2009 15:19|--a--c---|5859] - C:\UsbFix.txt
[07/12/2008 19:27|--ah-----|4096] - F:\._.Trashes
[16/11/2007 09:04|--a------|4805120] - F:\WDSync.exe
[07/12/2008 13:46|--a------|1311298] - F:\Fond2.psd
[07/12/2008 21:03|--ah-----|44692] - F:\._Fond2.psd
[07/12/2008 13:46|--a------|1311300] - F:\Fond3.psd
[15/06/2008 18:26|--a------|37376] - F:\Monoprix.doc
[07/12/2008 21:03|--ah-----|44692] - F:\._Fond3.psd
[21/09/2007 11:59|--a------|470111979] - F:\Photoshop_cs3 FR.rar
[06/12/2008 01:39|--a------|126718885] - F:\pag1bis.psd
Le rapport de USBFix (suppression des fichiers infectés)

[16/03/2009 16:29|--ahs----|8192] - F:\Thumbs.db

################## [ Vaccination ]

# C:\autorun.inf -> Folder created by UsbFix.  
# F:\autorun.inf -> Folder created by UsbFix.  

################## [ Cracks / Keygens / Serials ]

C:\Documents and Settings\Julie CHAPON\Bureau\Logiciels\Photoshop\Complete Adobe Keygens Collection\ZWT\After Effects CS3 Keygen +Activation ZWT.exe  
C:\Documents and Settings\Julie CHAPON\Bureau\Logiciels\Photoshop\Complete Adobe Keygens Collection\ZWT\Fireworks CS3 keygen + Activation ZWT.exe  
C:\Documents and Settings\Julie CHAPON\Bureau\Logiciels\Photoshop\Complete Adobe Keygens Collection\ZWT\Photoshop CS3 Extended Keygen + Activation ZWT.exe  

################## [ ! Fin du rapport # UsbFix V3.014 ! ]

gen-hackman · Answer

Télécharges et installes le logiciel de diagnostic : 

ici Hijackthis 
ou ici Hijackthis
ou ici Hijackthis


1- Cliques sur le setup pour lancer l'installe : laisses toi guider et ne modifies pas les paramètres d'installation . 
A la fin de l'installe , le prg ce lance automatiquement : fermes le en cliquant sur la croix rouge . 
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme : 
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " . 

tuto pour utilisation :(merci balltrap34) 
Regardes ici, c'est parfaitement expliqué en images , 

2- !! Déconnectes toi et fermes toute tes applications en cours !! 

Cliques sur le raccourci du bureau pour lancer le prg : 

S'il ne se lance pas clique ici

fais un scan HijackThis en cliquant sur : "Do a system scan and save a logfile"

coklin · Answer

Voici le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:32:55, on 30/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PostIt\PsnLite.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://assets.photobox.com/assets/aurigma/ImageUploader4.cab?20080908082415
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

gen-hackman · Answer

réouvre hijackthis 
fais scan only 
coches ces lignes sur leur gauche:
 

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe 
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe  
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background 
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" 
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) 


tu les coches et tu clic sur "fix checked"

et tu fermes le programme. 

ensuite :

supprime manuellement ce fichier si toujours existant :

C:\Windows\System32\Antinul.vbe

ensuite :

Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau. 

! Déconnecte toi et ferme toutes tes applications en cours ! 

Double-clique sur " RSIT.exe " pour le lancer . 

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " . 

* Devant l'option "List files/folders created ..." , tu choisis : 2 months 

* clique ensuite sur " Continue " pour lancer l'analyse ... 


-> laisse faire le scan et ne touche pas au PC ... 


Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note). 

Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ... 

Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum 


( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )

coklin · Answer

Voici le rapport log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Julie CHAPON at 2009-04-30 15:49:58
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 3 GB (8%) free of 38 GB
Total RAM: 638 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:50:00, on 30/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Julie CHAPON\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Julie CHAPON.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PostIt\PsnLite.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://assets.photobox.com/assets/aurigma/ImageUploader4.cab?20080908082415
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

coklin · Answer

Et le rapport info.txt: 

info.txt logfile of random's system information tool 1.06 2009-04-30 15:50:02

======Uninstall list======

-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Fichiers communs\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Fichiers communs\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Fichiers communs\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}
Adobe Reader 7.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Mobile Device Support-->MsiExec.exe /I{A43B2A2F-1DB5-47F9-A608-F11A4835D7CB}
Apple Software Update-->MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c 
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Blackboard Backpack 3.0-->MsiExec.exe /I{A081DDB9-9451-4031-8672-868AD8E47049}
BSPlayer-->"C:\Program Files\Webteh\BSplayer\uninstall.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDex extraction audio-->"C:\Program Files\CDex_150\uninstall.exe"
Conexant AC-Link Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -ICPL309BA.INF
Connexion Facile à Internet-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1036 
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FinePixViewer Ver.4.2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE" 
FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE" 
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp deskjet 5550 series-->rundll32 hpzcon06.dll,VendorJettison hp deskjet 5550 series
HP Help and Support-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x40c  -removeonly
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP User Guides 0012-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{984DED38-AD2A-4143-8412-C3827A920BE5}\setup.exe" -l0x40c  -removeonly
HP Wireless Assistant 1.01 C1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x40c  hpquninst
ImageMixer VCD2 for FinePix-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{934E9442-D305-4ACF-AD87-A6C11D677CB9}\setup.exe" 
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{9357AE3A-B2ED-4138-BB9B-0564352C3F0A}
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
L&H TTS3000 Français-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSFRF.inf, Uninstall
LimeWire 4.14.10-->"C:\Documents and Settings\Julie CHAPON\Bureau\Logiciels\LimeWire\uninstall.exe"
LiveUpdate BVRP Software-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x40c 
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
Microsoft Works-->MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
MicroStaff WINASPI-->C:\PROGRA~1\WINASPI\uninst.exe
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Panneau de contrôle ATI-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" 
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Post-it® Software Notes Lite-->"C:\Program Files\3M\PostIt\Uninstall.exe" -Prog"C:\Program Files\3M\PostIt\PsnLite.exe" -INI"C:\Program Files\3M\PostIt\uninst.ini"
Quick Launch Buttons 5.20 D2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x40c  -uninst
RAW FILE CONVERTER LE-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x40c 
River Past Video Cleaner-->C:\WINDOWS\Video Cleaner Uninstaller.exe
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Skype™ Beta 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378\HXFSETUP.EXE -U -Icpl309bk.inf
Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Téléchargement PHOTOWAYS 2.0.5-->"C:\Program Files\Téléchargement PHOTOWAYS\uninstall.exe"
Texas Instruments PCIxx21/x515 drivers.-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FF6F491D-BC82-4DCC-A72F-1824957C6466} /l1036 
VideoLAN VLC media player 0.8.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live Sign-in Assistant-->MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Xvid 1.1.2 final uninstall-->"C:\Program Files\Xvid Koepi\unins000.exe"
XviD-1.0-Beta2 Video Codec 05122003 (Koepi's developer build)-->"C:\Program Files\XviD\UninstXviD.exe"

=====HijackThis Backups=====

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [2009-04-30]
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe [2009-04-30]
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [2009-04-30]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-04-30]
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe [2009-04-30]

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Bitdefender Antivirus (disabled)
AV: Avira AntiVir PersonalEdition Classic
FW: Bitdefender Firewall (disabled)

======System event log======

Computer Name: JULIE
Event Code: 7036
Message: Le service Acquisition d'image Windows (WIA) est entré dans l'état : en cours d'exécution.

Record Number: 22652
Source Name: Service Control Manager
Time Written: 20090220082311.000000+060
Event Type: Informations
User: 

Computer Name: JULIE
Event Code: 8033
Message: L'explorateur a forcé une élection sur le réseau \Device\NetBT_Tcpip_{7498537C-7F44-4B7A-B6E8-B2C8E7CE37B3} car un maître explorateur a été arrêté.

Record Number: 22651
Source Name: BROWSER
Time Written: 20090220082306.000000+060
Event Type: Informations
User: 

Computer Name: JULIE
Event Code: 4202
Message: Le système a détecté que la carte réseau Broadcom...- Miniport d'ordonnancement de paquets était déconnectée du réseau,
et la configuration réseau de la carte a été abandonnée. Si la carte
réseau n'était pas déconnectée, ceci peut indiquer un disfonctionnement.
Contactez le fabricant pour des pilotes mis à jour.

Record Number: 22650
Source Name: Tcpip
Time Written: 20090220082305.000000+060
Event Type: Informations
User: 

Computer Name: JULIE
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : arrêté.

Record Number: 22649
Source Name: Service Control Manager
Time Written: 20090219235520.000000+060
Event Type: Informations
User: 

Computer Name: JULIE
Event Code: 7036
Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.

Record Number: 22648
Source Name: Service Control Manager
Time Written: 20090219235519.000000+060
Event Type: Informations
User: 

=====Application event log=====

Computer Name: JULIE
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 20818
Source Name: SecurityCenter
Time Written: 20081022142357.000000+120
Event Type: Informations
User: 

Computer Name: JULIE
Event Code: 1
Message: 
Record Number: 20817
Source Name: Bonjour Service
Time Written: 20081022142357.000000+120
Event Type: Informations
User: 

Computer Name: JULIE
Event Code: 4
Message: The LightScribe Service started successfully.

Record Number: 20816
Source Name: LightScribeService
Time Written: 20081022142356.000000+120
Event Type: Informations
User: 

Computer Name: JULIE
Event Code: 101
Message: MsnMsgr (3572) Le moteur de base de données est arrêté.

Record Number: 20815
Source Name: ESENT
Time Written: 20081022000303.000000+120
Event Type: Informations
User: 

Computer Name: JULIE
Event Code: 103
Message: MsnMsgr (3572) \.\C:\Documents and Settings\Julie CHAPON\Local Settings\Application Data\Microsoft\Messenger\chapon-julie@hotmail.fr\SharingMetadata\Working\database_4064_2ECF_10E7_7428\dfsr.db: Le moteur de base de données a arrêté une instance (0).

Record Number: 20814
Source Name: ESENT
Time Written: 20081022000303.000000+120
Event Type: Informations
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\

-----------------EOF-----------------

coklin · Answer

Je vais te laisser, je m'en vais pour Prague.


Je te recontacte lundi, ok?

Bon week-end et merci de ton aide!


Coklin

gen-hackman · Answer

d accord pas de soucis

coklin · Answer

Je suis rentré et prêt à entamer la suite.

J'attends tes instructions...

PS : t'as passé un bon week-end?

gen-hackman · Answer

---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort. 

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau : 

---> Double-clique sur OTMoveIt3.exe afin de le lancer. 

---> Copie (Ctrl+C) le texte suivant ci-dessous : 





:processes 
explorer.exe

:services
amd64si
fips32cup
i386si
ksi32sk
netsik
nicsk32
port135sik
securentm
systemntmi
ws2_32sik

:files
C:\WINDOWS\system32\drivers\i386si.sys
C:\WINDOWS\system32\drivers\fips32cup.sys
C:\WINDOWS\system32\drivers\amd64si.sys
C:\WINDOWS\system32\drivers\ksi32sk.sys
C:\WINDOWS\system32\drivers
etsik.sys
C:\WINDOWS\system32\drivers
icsk32.sys
C:\WINDOWS\system32\drivers\port135sik.sys
C:\WINDOWS\system32\drivers\securentm.sys
C:\WINDOWS\system32\drivers\systemntmi.sys
C:\WINDOWS\system32\drivers\ws2_32sik.sys
 
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"HP Software Update"=-
"Cpqset"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=-
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95c03e1e-4643-11db-b04d-0014a577e283}\shell\find\command]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95c03e1e-4643-11db-b04d-0014a577e283}\shell\install\command]


:commands 
[purity] 
[emptytemp] 
[start explorer] 
[reboot] 





---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved. 

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3. 

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. 
Accepte en cliquant sur YES. 

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\ 
Le nom du rapport correspond au moment de sa création : date_heure.log

coklin · Answer

Bonsoir Gen-hackman,


   Excuse moi de ne te répondre que maintenant, j'ai été très occupé cette semaine. Voici le rapport de MoveIt:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========

Service\Driver amd64si deleted successfully.

Service\Driver fips32cup deleted successfully.

Service\Driver i386si deleted successfully.

Service\Driver ksi32sk deleted successfully.

Service\Driver netsik deleted successfully.

Service\Driver nicsk32 deleted successfully.

Service\Driver port135sik deleted successfully.

Service\Driver securentm deleted successfully.

Service\Driver systemntmi deleted successfully.

Service\Driver ws2_32sik deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\drivers\i386si.sys not found.
File/Folder C:\WINDOWS\system32\drivers\fips32cup.sys not found.
File/Folder C:\WINDOWS\system32\drivers\amd64si.sys not found.
File/Folder C:\WINDOWS\system32\drivers\ksi32sk.sys not found.
File/Folder C:\WINDOWS\system32\drivers
etsik.sys not found.
File/Folder C:\WINDOWS\system32\drivers
icsk32.sys not found.
File/Folder C:\WINDOWS\system32\drivers\port135sik.sys not found.
File/Folder C:\WINDOWS\system32\drivers\securentm.sys not found.
File/Folder C:\WINDOWS\system32\drivers\systemntmi.sys not found.
File/Folder C:\WINDOWS\system32\drivers\ws2_32sik.sys not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HP Software Update deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Cpqset deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\BitTorrent DNA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\SecurityProviders deleted successfully.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\"SecurityProviders"|"msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\JULIEC~1\LOCALS~1\Temp\etilqs_MZ7REcDO6dBG1pE scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JULIEC~1\LOCALS~1\Temp\etilqs_pd6rr3jbpqPWFdq scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JULIEC~1\LOCALS~1\Temp\etilqs_uQswJUelAo8nkU5 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JULIEC~1\LOCALS~1\Temp\~DF2A87.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JULIEC~1\LOCALS~1\Temp\~DF4F05.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Julie CHAPON\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05082009_210449

Files moved on Reboot...
File C:\DOCUME~1\JULIEC~1\LOCALS~1\Temp\etilqs_MZ7REcDO6dBG1pE not found!
File C:\DOCUME~1\JULIEC~1\LOCALS~1\Temp\etilqs_pd6rr3jbpqPWFdq not found!
File C:\DOCUME~1\JULIEC~1\LOCALS~1\Temp\etilqs_uQswJUelAo8nkU5 not found!
C:\DOCUME~1\JULIEC~1\LOCALS~1\Temp\~DF2A87.tmp moved successfully.
File C:\DOCUME~1\JULIEC~1\LOCALS~1\Temp\~DF4F05.tmp not found!


J'attends tes instructions pour la suite.

gen-hackman · Answer

super salut relances rsit stp

coklin · Answer

Et qu'est-ce que c'est censé me donner. Je l'ai relancé, mais je n'ai que le rapport qui s'affiche.


Peux-tu m'aider stp?


Coklin

gen-hackman · Answer

et bien postes le rapport qui s affiche !!     :)

coklin · Answer

Voici le rapport, je pensais que c'était le même que celui posté plus haut...

Logfile of random's system information tool 1.06 (written by random/random)
Run by Julie CHAPON at 2009-05-13 00:26:08
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 4 GB (11%) free of 38 GB
Total RAM: 638 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:26:16, on 13/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Julie CHAPON\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\3M\PostIt\PsnLite.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\PROGRA~1\3M\PostIt\PSNGive.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\Julie CHAPON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Julie CHAPON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Julie CHAPON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Julie CHAPON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Julie CHAPON\Bureau\Logiciels antivirus\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Julie CHAPON.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Julie CHAPON\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PostIt\PsnLite.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://assets.photobox.com/assets/aurigma/ImageUploader4.cab?20080908082415
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

gen-hackman · Answer

Télécharge TOOLBAR S&D ( de Eric_71/Team IDN ) sur ton bureau : 


!! Déconnecte toi,desactive tes protections résidentes, et ferme toutes tes applications en cours le temps de la manip. !! 

* Double-clique sur ToolBar SD.exe pour lancer l'outil et laisse toi guider ...
 
--> Tapes  ( option " recherche " ) puis tape sur [Entrée].  

Un rapport sera généré à la fin du processus : poste son contenu dans ta prochaine réponse 

( le rapport est en outre sauvegardé ici -> C:\TB.txt ) 

Tutoriel

coklin · Answer

Rebonjour Gen-Hackman,


  Excuse moi de ne pas te répondre plus régulièrement que cela, il se trouve que je n'ai pas mon ordinateur en permanence chez moi.


  Voici le rapport de recherche généré:


   -----------\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free : Mobile AMD Sempron(tm) Processor 3000+ )
   BIOS : Ver 1.00PARTTBL
   USER : Julie CHAPON ( Administrator )
   BOOT : Normal boot
   Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Not Activated)
   Firewall  : Bitdefender Firewall 8.0 (Not Activated)
   C:\ (Local Disk) - NTFS - Total:37 Go (Free:3 Go)
   D:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [1] ( 17/05/2009|19:14 )

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
   C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.js
   C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.xul
   C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.dtd
   C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.properties
   C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\SearchSettingsFF.dll
   C:\DOCUME~1\JULIEC~1\APPLIC~1\Search Settings
   C:\DOCUME~1\JULIEC~1\APPLIC~1\Search Settings\kb128
   C:\DOCUME~1\JULIEC~1\APPLIC~1\Search Settings\kb128	emp
   C:\DOCUME~1\JULIEC~1\APPLIC~1\Search Settings\kb128	emp\ws-14381.log

   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Start Page"="https://www.google.fr/?gws_rd=ssl"
   "Search Page"="https://www.google.com/?gws_rd=ssl"
   "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
   "SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
   "Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Start Page"="https://www.msn.com/fr-fr"


   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\JULIEC~1\Bureau\Logiciels\Photoshop\Complete Adobe Keygens Collection
   C:\DOCUME~1\JULIEC~1\Bureau\Logiciels\Photoshop\Complete Adobe Keygens Collection\ZWT
   C:\DOCUME~1\JULIEC~1\Bureau\Logiciels\Photoshop\Complete Adobe Keygens Collection\ZWT\After Effects CS3 Keygen +Activation ZWT.exe
   C:\DOCUME~1\JULIEC~1\Bureau\Logiciels\Photoshop\Complete Adobe Keygens Collection\ZWT\Fireworks CS3 keygen + Activation ZWT.exe
   C:\DOCUME~1\JULIEC~1\Bureau\Logiciels\Photoshop\Complete Adobe Keygens Collection\ZWT\Photoshop CS3 Extended Keygen + Activation ZWT.exe



   1 - "C:\ToolBar SD\TB_1.txt" - 17/05/2009|19:16 - Option : [1]

   -----------\  Fin du rapport a 19:16:32,20


Merci encore de ton aide.

coklin · Answer

Salut Gen-Hackman, 


   As-tu  reçu mon dernier post? Parce que ça bug parfois.

Coklin

gen-hackman · Answer

salut désole pour l attente

relances Toolbar SD option 2 cette fois ci

coklin · Answer

Salut,


  Merci de m'avoir répondu. J'ai suivi ta dernière instruction et voici le rapport généré:


   -----------\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free : Mobile AMD Sempron(tm) Processor 3000+ )
   BIOS : Ver 1.00PARTTBL
   USER : Julie CHAPON ( Administrator )
   BOOT : Normal boot
   Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
   Firewall  : Bitdefender Firewall 8.0 (Not Activated)
   C:\ (Local Disk) - NTFS - Total:37 Go (Free:3 Go)
   D:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [2] ( 20/05/2009|21:20 )

   -----------\ SUPPRESSION

   Supprime! - C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
   Supprime! - C:\DOCUME~1\JULIEC~1\APPLIC~1\Search Settings\kb128
   Supprime! - C:\DOCUME~1\JULIEC~1\APPLIC~1\Search Settings

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Start Page"="https://www.google.fr/?gws_rd=ssl"
   "Search Page"="https://www.google.com/?gws_rd=ssl"
   "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
   "SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
   "Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Start Page"="https://www.msn.com/fr-fr/"


   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\JULIEC~1\Bureau\Logiciels\Photoshop\Complete Adobe Keygens Collection
   C:\DOCUME~1\JULIEC~1\Bureau\Logiciels\Photoshop\Complete Adobe Keygens Collection\ZWT
   C:\DOCUME~1\JULIEC~1\Bureau\Logiciels\Photoshop\Complete Adobe Keygens Collection\ZWT\After Effects CS3 Keygen +Activation ZWT.exe
   C:\DOCUME~1\JULIEC~1\Bureau\Logiciels\Photoshop\Complete Adobe Keygens Collection\ZWT\Fireworks CS3 keygen + Activation ZWT.exe
   C:\DOCUME~1\JULIEC~1\Bureau\Logiciels\Photoshop\Complete Adobe Keygens Collection\ZWT\Photoshop CS3 Extended Keygen + Activation ZWT.exe



   1 - "C:\ToolBar SD\TB_1.txt" - 17/05/2009|19:16 - Option : [1]
   2 - "C:\ToolBar SD\TB_2.txt" - 20/05/2009|21:24 - Option : [2]

   -----------\  Fin du rapport a 21:24:42,78



Merci

gen-hackman · Answer

ok relances rsit pour contrôle stp

coklin · Answer

Voici le rapport RSIT que tu m'as demandé:


Logfile of random's system information tool 1.06 (written by random/random)
Run by Julie CHAPON at 2009-05-20 21:57:52
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 4 GB (9%) free of 38 GB
Total RAM: 638 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:59:24, on 20/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Julie CHAPON\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\3M\PostIt\PsnLite.exe
C:\PROGRA~1\3M\PostIt\PSNGive.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Julie CHAPON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Julie CHAPON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Julie CHAPON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Julie CHAPON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Julie CHAPON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Julie CHAPON\Bureau\Logiciels antivirus\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Julie CHAPON.exe
C:\Documents and Settings\Julie CHAPON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Julie CHAPON\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PostIt\PsnLite.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://assets.photobox.com/assets/aurigma/ImageUploader4.cab?20080908082415
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

gen-hackman · Answer

relances hijackthis coche cette ligne sur sa gauche puis "fix checked"

R3 - Default URLSearchHook is missing

ensuite :



---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :





:processes
explorer.exe

:services
bdpredir
BDRSDRV
bdfdll
BDFSDR
Bonjour Service

:files
C:\WINDOWS	asks\GoogleUpdateTaskUserS-1-5-21-3330808349-3511939307-3220093389-1007.job
C:\WINDOWS	asks\Symantec NetDetect.job 
C:\Program Files\Softwin

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoWinKeys"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoLogOff"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95c03e1e-4643-11db-b04d-0014a577e283}\shell\find\command]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95c03e1e-4643-11db-b04d-0014a577e283}\shell\install\command]


:commands
[purity]
[emptytemp]
[start explorer]
[reboot]





---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

coklin · Answer

Voici le rapport fourni par MoveIt:


========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========

Service\Driver bdpredir deleted successfully.

Service\Driver BDRSDRV deleted successfully.

Service\Driver bdfdll deleted successfully.
Service\Driver BDFSDR not found.
Service\Driver BDFSDR not found.
Service\Driver Bonjour Service stopped successfully.
Service\Driver Bonjour Service deleted successfully.
========== FILES ==========
C:\WINDOWS	asks\GoogleUpdateTaskUserS-1-5-21-3330808349-3511939307-3220093389-1007.job moved successfully.
C:\WINDOWS	asks\Symantec NetDetect.job moved successfully.
C:\Program Files\Softwin\BitDefender10\Skin\Ochre moved successfully.
C:\Program Files\Softwin\BitDefender10\Skin\Default moved successfully.
C:\Program Files\Softwin\BitDefender10\Skin moved successfully.
C:\Program Files\Softwin\BitDefender10\Script moved successfully.
C:\Program Files\Softwin\BitDefender10\Firewall\Profiles moved successfully.
C:\Program Files\Softwin\BitDefender10\Firewall moved successfully.
C:\Program Files\Softwin\BitDefender10 moved successfully.
C:\Program Files\Softwin moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\msnmsgr deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\NoWinKeys deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\NoLogOff deleted successfully.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\"C:\Program Files\Internet Explorer\IEXPLORE.EXE"|"C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer" /E : value set successfully!
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95c03e1e-4643-11db-b04d-0014a577e283}\shell\find\command\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95c03e1e-4643-11db-b04d-0014a577e283}\shell\install\command\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\JULIEC~1\LOCALS~1\Temp\etilqs_xssJh3qdSgQbKf7MDnIi scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JULIEC~1\LOCALS~1\Temp\~DF4C97.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JULIEC~1\LOCALS~1\Temp\~DF7E1A.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JULIEC~1\LOCALS~1\Temp\~DFCDF2.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Julie CHAPON\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Julie CHAPON\Local Settings\Application Data\Mozilla\Firefox\Profiles\yofr8xm9.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Julie CHAPON\Local Settings\Application Data\Mozilla\Firefox\Profiles\yofr8xm9.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Julie CHAPON\Local Settings\Application Data\Mozilla\Firefox\Profiles\yofr8xm9.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Julie CHAPON\Local Settings\Application Data\Mozilla\Firefox\Profiles\yofr8xm9.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Julie CHAPON\Local Settings\Application Data\Mozilla\Firefox\Profiles\yofr8xm9.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully
 
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05212009_095206

Bonne journée

gen-hackman · Answer

impec...salut...toujours des soucis ou on peut nettoyer ?

Virus Travaillez plus - Besoin d'aide

33 réponses

Votre réponse

Discussions similaires

Newsletters