Impossible de lancer certain exe

Résolu
dannydan Messages postés 64 Statut Membre -  
 djack et les virus -
Bonjour,
Je viens vers car je suis un peu paumer la !

Je ne comprend pas trop mon probleme .
J'ai fait un scan avec malwarebyte , spybot en mode sans echec .
apparament je n'ai pas d'exe suspect qui tourne dans le "taskmanager" !
En mode normal il m'est toujours impossible de lancer :
- regedit
- HijackThis.exe
- antivir
et peut etre d'autre . . .
pour antivir c la derniere version que je viend de DL suite a mon probleme .
En attandant une reponse (SVP) je vais redemarrer en mode sans echec et tenter
de lancer entivir .
Par avance merci de votre reponse .
Configuration: Windows XP Internet Explorer 7.0

29 réponses

  • 1
  • 2
  1. Amigafreeze Messages postés 17 Statut Membre
     
    Salut,

    tu as tu te faire véroler par le virus BEAGLE.
    cherche sur ce site en tapant : pas une application win32 valide.

    J'ai eu le même soucis et tout est rentré dans l'ordre.
    0
  2. dannydan Messages postés 64 Statut Membre
     
    Merci de ta reponse .
    Mais je ne pense pas que ce soit le probleme .
    car en fait je n'ai pas de message d'erreur quand je veut lancer une appli .
    elle se lance pas c tout .
    Et je rappele que c juste certaine appli qui ce lance pas !
    spybot se lance lui !
    Qaund je veut lancer Avira le processus apparait dans le task manager
    mais rien ne se passe !!
    SVP . Si vous pouviez m'aider . . .
    0
  3. dannydan Messages postés 64 Statut Membre
     
    Merci de ta reponse .
    Mais je ne pense pas que ce soit le probleme .
    car en fait je n'ai pas de message d'erreur quand je veut lancer une appli .
    elle se lance pas c tout .
    Et je rappele que c juste certaine appli qui ce lance pas !
    spybot se lance lui !
    Qaund je veut lancer Avira le processus apparait dans le task manager
    mais rien ne se passe !!
    SVP . Si vous pouviez m'aider . . .
    0
  4. Utilisateur anonyme
     
    Salut ,

    ● Télécharge DDS de sUBs sur le bureau:

    (.scr) https://download.bleepingcomputer.com/sUBs/dds.scr
    (.pif) https://forospyware.com
    (.com) http://www.techsupportforum.com/sectools/sUBs/dds/

    (!) L'outil ne nécessite pas d'installation.

    Lances-le en cliquant sur l'icône.

    Cette fenêtre DOS va apparaitre : https://i75.servimg.com/u/f75/11/05/93/83/ddsdos10.jpg

    Le scan ne doit pas dépasser trois minutes.
    Un premier rapport va s'ouvrir que tu enregistreras sous DDS.txt par défaut sur le bureau.
    Il te sera demandé si tu veux faire le scan optionnel.
    Accepte par Oui

    Un nouveau rapport s'ouvre que tu enregistres sous Attach.txt sur le bureau.
    Tu ne le fourniras que si nécessaire.
    Poste moi le rapport DDS.txt.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. dannydan Messages postés 64 Statut Membre
     
    Ok je fait ça de suite !
    j'ai telecharger le fichier , je lance le scan .
    Et je poste le rapport .
    Merci .
    0
  7. dannydan Messages postés 64 Statut Membre
     
    Voila :

    
    DDS (Ver_09-03-16.01) - NTFSx86  
    Run by sally at 18:30:31,51 on 30/04/2009
    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
    Microsoft Windows XP Professionnel  5.1.2600.3.1252.33.1036.18.766.365 [GMT 2:00]
    
    AV: AntiVir Desktop *On-access scanning disabled* (Outdated)
    
    ============== Running Processes ===============
    
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    svchost.exe "C:\WINDOWS\system32\adsntn.exe"
    C:\WINDOWS\eHome\ehSched.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\sally\Bureau\hijackthis_199\DDS\dds.com
    
    ============== Pseudo HJT Report ===============
    
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.google.com/webhp?hl=fr
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    mRun: [HomePlayer] c:\program files\homeplayer\HomePlayer.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
    DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: {46759F2E-4DE3-4D2D-BF04-5039B6EC3B7A} = 212.27.40.240,212.27.40.241
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    
    ================= FIREFOX ===================
    
    FF - ProfilePath - c:\docume~1\sally\applic~1\mozilla\firefox\profiles\7f0ixceu.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
    FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    
    ============= SERVICES / DRIVERS ===============
    
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-30 11608]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2009-4-30 108289]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-30 55640]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2006-10-19 825600]
    R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2006-10-19 7040]
    S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-30 185089]
    S2 BrowserSchedule;Explorateur d'ordinateur BrowserSchedule;c:\windows\system32\adsntn.exe srv --> c:\windows\system32\adsntn.exe srv [?]
    S3 SPC610NC;Philips SPC500NC Webcam;c:\windows\system32\drivers\spc610nc.sys --> c:\windows\system32\drivers\SPC610NC.SYS [?]
    S4 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
    
    =============== Created Last 30 ================
    
    2009-04-30 17:37	<DIR>	--d-----	C:\OEMCUST
    2009-04-30 17:37	<DIR>	--d-----	C:\CABS
    2009-04-30 17:27	<DIR>	--d-----	c:\program files\Spybot - Search & Destroy
    2009-04-30 17:27	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2009-04-30 15:39	<DIR>	--d-----	C:\DIVTOOLS
    2009-04-25 16:32	<DIR>	--d-----	c:\documents and settings\sally\.housecall6.6
    2009-04-18 22:05	<DIR>	--d-----	c:\docume~1\sally\applic~1\Artisteer
    2009-04-18 22:02	<DIR>	--d-----	c:\program files\Artisteer 2
    2009-04-18 21:58	22,921,269	a-------	c:\windows\LPT$VPN.973
    2009-04-17 15:31	22,921,269	a-------	c:\windows\VPTNFILE.973
    2009-04-16 18:58	327,168	a-------	c:\windows\IsUn040c.exe
    2009-04-16 17:55	526,184	a-------	c:\windows\system32\XceedCry.dll
    2009-04-16 17:55	279,392	a-------	c:\windows\system32\XceedFtp.dll
    2009-04-16 17:54	<DIR>	--d-----	c:\program files\LMSOFT Web Creator Pro 4
    2009-04-16 15:55	32	a--s----	c:\windows\system32\673096776.dat
    2009-04-16 15:55	53,248	---shr--	c:\windows\system32\adsntn.exe
    2009-04-16 12:04	<DIR>	--d-----	c:\program files\Free Download Manager
    2009-04-16 11:10	<DIR>	--d-----	c:\documents and settings\sally\dwhelper
    2009-04-15 10:01	227,840	--------	c:\windows\system32\dllcache\wmiprvse.exe
    2009-04-15 10:00	473,600	--------	c:\windows\system32\dllcache\fastprox.dll
    2009-04-15 10:00	401,408	--------	c:\windows\system32\dllcache\rpcss.dll
    2009-04-15 10:00	286,720	--------	c:\windows\system32\dllcache\pdh.dll
    2009-04-15 10:00	111,104	--------	c:\windows\system32\dllcache\services.exe
    2009-04-15 10:00	35,328	--------	c:\windows\system32\dllcache\sc.exe
    2009-04-15 10:00	739,840	--------	c:\windows\system32\dllcache\ntdll.dll
    2009-04-15 10:00	735,744	--------	c:\windows\system32\dllcache\lsasrv.dll
    2009-04-15 10:00	685,568	--------	c:\windows\system32\dllcache\advapi32.dll
    2009-04-15 10:00	453,120	--------	c:\windows\system32\dllcache\wmiprvsd.dll
    2009-04-15 09:59	354,304	--------	c:\windows\system32\dllcache\winhttp.dll
    2009-04-15 09:59	1,203,922	--------	c:\windows\system32\dllcache\sysmain.sdb
    2009-04-15 09:59	219,136	--------	c:\windows\system32\dllcache\wordpad.exe
    2009-04-15 01:05	<DIR>	--d-----	c:\documents and settings\sally\Tracing
    2009-04-15 00:47	<DIR>	--d-----	c:\program files\Microsoft
    2009-04-15 00:47	<DIR>	--d-----	c:\program files\Windows Live SkyDrive
    2009-04-15 00:39	<DIR>	--d-----	c:\program files\fichiers communs\Windows Live
    2009-04-13 20:54	<DIR>	--d-----	c:\docume~1\sally\applic~1\Nvu
    2009-04-13 20:47	<DIR>	--d-----	c:\program files\Nvu
    2009-04-13 19:23	<DIR>	--d-----	c:\program files\Intuisphere
    
    ==================== Find3M  ====================
    
    2009-04-21 01:26	510,736	a-------	c:\windows\system32\perfh00C.dat
    2009-04-21 01:26	84,818	a-------	c:\windows\system32\perfc00C.dat
    2009-04-18 22:52	3,933	a-------	c:\windows\mozver.dat
    2009-04-18 21:56	1,213,784	a-------	c:\windows\vsapi32.dll
    2009-04-18 21:56	91,744	a-------	c:\windows\BPMNT.dll
    2009-03-24 16:07	55,640	a-------	c:\windows\system32\drivers\avgntflt.sys
    2009-03-21 16:07	1,054,720	--------	c:\windows\system32\dllcache\kernel32.dll
    2009-03-06 17:05	81,984	a-------	c:\windows\system32\bdod.bin
    2009-03-06 16:20	286,720	a-------	c:\windows\system32\pdh.dll
    2009-03-06 00:59	1,900,544	a-------	c:\windows\system32\usbaaplrc.dll
    2009-03-06 00:59	36,864	a-------	c:\windows\system32\drivers\usbaapl.sys
    2009-03-03 02:13	826,368	a-------	c:\windows\system32\wininet.dll
    2009-03-03 02:13	826,368	a-------	c:\windows\system32\dllcache\wininet.dll
    2009-02-28 06:54	636,072	--------	c:\windows\system32\dllcache\iexplore.exe
    2009-02-20 12:20	70,656	--------	c:\windows\system32\dllcache\ie4uinit.exe
    2009-02-20 12:20	13,824	--------	c:\windows\system32\dllcache\ieudinit.exe
    2009-02-20 07:14	161,792	--------	c:\windows\system32\dllcache\ieakui.dll
    2009-02-10 19:06	2,068,096	--------	c:\windows\system32\dllcache\ntkrnlpa.exe
    2009-02-09 16:05	1,846,912	a-------	c:\windows\system32\win32k.sys
    2009-02-09 16:05	1,846,912	--------	c:\windows\system32\dllcache\win32k.sys
    2009-02-09 13:24	2,191,104	--------	c:\windows\system32\dllcache\ntoskrnl.exe
    2009-02-09 13:23	2,025,984	a-------	c:\windows\system32\ntkrnlpa.exe
    2009-02-09 13:23	2,025,984	--------	c:\windows\system32\dllcache\ntkrpamp.exe
    2009-02-09 13:23	2,147,328	a-------	c:\windows\system32\ntoskrnl.exe
    2009-02-09 13:23	2,147,328	--------	c:\windows\system32\dllcache\ntkrnlmp.exe
    2009-02-09 13:23	111,104	a-------	c:\windows\system32\services.exe
    2009-02-09 12:53	735,744	a-------	c:\windows\system32\lsasrv.dll
    2009-02-09 12:53	739,840	a-------	c:\windows\system32\ntdll.dll
    2009-02-09 12:53	685,568	a-------	c:\windows\system32\advapi32.dll
    2009-02-09 12:53	401,408	a-------	c:\windows\system32\rpcss.dll
    2009-02-06 19:39	308,600	a-------	c:\windows\WLXPGSS.SCR
    2009-02-06 18:52	49,504	a-------	c:\windows\system32\sirenacm.dll
    2009-02-06 12:39	35,328	a-------	c:\windows\system32\sc.exe
    2009-02-03 21:58	56,832	a-------	c:\windows\system32\secur32.dll
    2009-02-03 21:58	56,832	--------	c:\windows\system32\dllcache\secur32.dll
    2007-07-23 15:42	92,064	a-------	c:\documents and settings\sally\mqdmmdm.sys
    2007-07-23 15:42	79,328	a-------	c:\documents and settings\sally\mqdmserd.sys
    2007-07-23 15:42	66,656	a-------	c:\documents and settings\sally\mqdmbus.sys
    2007-07-23 15:42	9,232	a-------	c:\documents and settings\sally\mqdmmdfl.sys
    2007-07-23 15:42	6,208	a-------	c:\documents and settings\sally\mqdmcmnt.sys
    2007-07-23 15:42	5,936	a-------	c:\documents and settings\sally\mqdmwhnt.sys
    2007-07-23 15:42	4,048	a-------	c:\documents and settings\sally\mqdmcr.sys
    2007-07-23 15:42	25,600	a-------	c:\documents and settings\sally\usbsermptxp.sys
    2007-07-23 15:42	22,768	a-------	c:\documents and settings\sally\usbsermpt.sys
    2007-03-26 10:20	901	a-------	c:\program files\INSTALL.LOG
    2008-10-27 18:40	32,768	a--sh---	c:\windows\system32\config\systemprofile\local settings\historique\history.ie5\mshist012008102720081028\index.dat
    
    ============= FINISH: 18:31:10,23 ===============
    
    
    0
  8. Utilisateur anonyme
     
    Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Avant de telecharger clic sur enregistrer renome le en killbagle et enregistre le sur le bureau

    -> Double clique sur killbagle.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    Une fois fait, sur ton bureau double-clic sur killbagle.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
    0
    1. djack et les virus
       
      alors là... MERCI, MERCI, et MERCI !!
      On vient de passer... 8h sur un PC : avast ne se lançait pas (erreur RPC 1053), regedit non plus, bref... on savait qu'un cheval de Troie s'était baladé par là...
      après 12 redémarrages, 10 ccleaner, 5 spybot, on a suivi ton post (trouvé après 57 recherches Google !!) et on a lancé ComboFix.
      Suspense Suspense... (bin oui, ça fout un peu les choquottes !!) et hop, avast se relance, et la base de registre a été parfaitement nettoyée !
      Alors... MERCI, MERCI et MERCI !!!
      Si c'est pas du post efficace ça (je parle du tien !)
      0
  9. dannydan Messages postés 64 Statut Membre
     
    je ne veut presumer de rien , mais il me semble que ça a fonctionner
    car antivir c'est lancer au redemarage et je peut lancer regedit !
    voila le rapport :
    
    ComboFix 09-04-29.07 - sally 30/04/2009 18:41.2 - NTFSx86
    Microsoft Windows XP Professionnel  5.1.2600.3.1252.33.1036.18.766.383 [GMT 2:00]
    Lancé depuis: c:\documents and settings\sally\Bureau\hijackthis_199\killbagle.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Outdated)
     * Un nouveau point de restauration a été créé
    .
    
    ((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    
    c:\program files\INSTALL.LOG
    c:\windows\patch.exe
    c:\windows\system32\404Fix.exe
    c:\windows\system32\adsntn.exe
    c:\windows\system32\dumphive.exe
    c:\windows\system32\IEDFix.C.exe
    c:\windows\system32\IEDFix.exe
    c:\windows\system32\Process.exe
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\tmp.reg
    c:\windows\system32\VACFix.exe
    c:\windows\system32\VCCLSID.exe
    c:\windows\system32\WS2Fix.exe
    
    .
    (((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    
    -------\Legacy_BROWSERSCHEDULE
    -------\Service_BrowserSchedule
    
    
    (((((((((((((((((((((((((((((   Fichiers créés du 2009-05-28 au 2009-4-30  ))))))))))))))))))))))))))))))))))))
    .
    
    2009-04-30 17:55 . 2009-04-30 17:55	--------	d-----w	c:\program files\InCode Solutions
    2009-04-30 16:45 . 2009-03-24 14:07	55640	----a-w	c:\windows\system32\drivers\avgntflt.sys
    2009-04-30 16:45 . 2009-04-30 16:45	--------	d-----w	c:\program files\Avira
    2009-04-30 16:45 . 2009-04-30 16:45	--------	d-----w	c:\documents and settings\All Users\Application Data\Avira
    2009-04-30 16:32 . 2009-04-30 16:32	--------	d-----w	c:\documents and settings\All Users\Application Data\NortonInstaller
    2009-04-30 15:37 . 2009-04-30 15:37	--------	d-----w	C:\OEMCUST
    2009-04-30 15:37 . 2009-04-30 15:37	--------	d-----w	C:\CABS
    2009-04-30 15:27 . 2009-04-30 15:30	--------	d-----w	c:\program files\Spybot - Search & Destroy
    2009-04-30 15:27 . 2009-04-30 16:09	--------	d-----w	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-04-30 13:39 . 2009-04-30 13:39	--------	d-----w	C:\DIVTOOLS
    2009-04-25 14:32 . 2009-04-25 14:48	--------	d-----w	c:\documents and settings\sally\.housecall6.6
    2009-04-18 20:05 . 2009-04-18 20:05	--------	d-----w	c:\documents and settings\sally\Application Data\Artisteer
    2009-04-18 20:02 . 2009-04-18 20:02	--------	d-----w	c:\program files\Artisteer 2
    2009-04-17 14:30 . 2009-04-17 14:30	--------	d-----w	c:\windows\system32\config\systemprofile\Tracing
    2009-04-16 16:58 . 1998-10-07 11:08	327168	----a-w	c:\windows\IsUn040c.exe
    2009-04-16 15:55 . 2006-08-23 09:24	526184	----a-w	c:\windows\system32\XceedCry.dll
    2009-04-16 15:55 . 2003-12-15 09:23	279392	----a-w	c:\windows\system32\XceedFtp.dll
    2009-04-16 15:54 . 2009-04-30 15:43	--------	d-----w	c:\program files\LMSOFT Web Creator Pro 4
    2009-04-16 13:55 . 2009-04-30 14:21	32	--s-a-w	c:\windows\system32\673096776.dat
    2009-04-16 10:04 . 2009-04-16 10:52	--------	d-----w	c:\program files\Free Download Manager
    2009-04-16 09:10 . 2009-04-30 12:55	--------	d-----w	c:\documents and settings\sally\dwhelper
    2009-04-15 08:01 . 2009-02-06 10:10	227840	------w	c:\windows\system32\dllcache\wmiprvse.exe
    2009-04-15 08:00 . 2009-03-06 14:20	286720	------w	c:\windows\system32\dllcache\pdh.dll
    2009-04-15 08:00 . 2009-02-09 11:23	111104	------w	c:\windows\system32\dllcache\services.exe
    2009-04-15 08:00 . 2009-02-09 10:53	401408	------w	c:\windows\system32\dllcache\rpcss.dll
    2009-04-15 08:00 . 2009-02-09 10:53	473600	------w	c:\windows\system32\dllcache\fastprox.dll
    2009-04-15 08:00 . 2009-02-06 10:39	35328	------w	c:\windows\system32\dllcache\sc.exe
    2009-04-15 08:00 . 2009-02-09 10:53	685568	------w	c:\windows\system32\dllcache\advapi32.dll
    2009-04-15 08:00 . 2009-02-09 10:53	735744	------w	c:\windows\system32\dllcache\lsasrv.dll
    2009-04-15 08:00 . 2009-02-09 10:53	453120	------w	c:\windows\system32\dllcache\wmiprvsd.dll
    2009-04-15 08:00 . 2009-02-09 10:53	739840	------w	c:\windows\system32\dllcache\ntdll.dll
    2009-04-15 07:59 . 2008-12-16 12:31	354304	------w	c:\windows\system32\dllcache\winhttp.dll
    2009-04-15 07:59 . 2008-04-21 21:15	219136	------w	c:\windows\system32\dllcache\wordpad.exe
    2009-04-14 23:05 . 2009-04-22 21:59	--------	d-----w	c:\documents and settings\sally\Tracing
    2009-04-14 23:04 . 2009-04-14 23:04	--------	d-----w	c:\program files\Microsoft Sync Framework
    2009-04-14 22:47 . 2009-04-14 22:47	--------	d-----w	c:\program files\Microsoft
    2009-04-14 22:47 . 2009-04-14 22:47	--------	d-----w	c:\program files\Windows Live SkyDrive
    2009-04-14 22:39 . 2009-04-14 22:39	--------	d-----w	c:\program files\Fichiers communs\Windows Live
    2009-04-13 18:54 . 2009-04-13 18:54	--------	d-----w	c:\documents and settings\sally\Application Data\Nvu
    2009-04-13 18:47 . 2009-04-18 20:52	--------	d-----w	c:\program files\Nvu
    2009-04-13 17:23 . 2009-04-13 17:23	--------	d-----w	c:\program files\Intuisphere
    
    .
    ((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-04-30 17:01 . 2008-09-18 17:20	--------	d-----w	c:\program files\Malwarebytes' Anti-Malware
    2009-04-30 16:34 . 2006-10-26 10:23	--------	d-----w	c:\program files\Fichiers communs\Symantec Shared
    2009-04-20 23:26 . 2004-09-23 16:12	84818	----a-w	c:\windows\system32\perfc00C.dat
    2009-04-20 23:26 . 2004-09-23 16:12	510736	----a-w	c:\windows\system32\perfh00C.dat
    2009-04-18 20:52 . 2008-04-02 17:08	3933	----a-w	c:\windows\mozver.dat
    2009-04-18 19:56 . 2008-10-05 10:43	1213784	----a-w	c:\windows\vsapi32.dll
    2009-04-18 19:56 . 2008-10-05 10:43	91744	----a-w	c:\windows\BPMNT.dll
    2009-04-16 17:02 . 2006-10-26 10:23	--------	d-----w	c:\program files\Fichiers communs\Adobe
    2009-04-14 23:04 . 2008-04-11 16:05	--------	d-----w	c:\program files\Windows Live
    2009-04-14 23:04 . 2008-04-11 16:14	--------	d-----w	c:\program files\Windows Live Toolbar
    2009-04-14 23:00 . 2006-10-19 15:17	70776	----a-w	c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-04-04 09:08 . 2007-01-07 00:30	--------	d-----w	c:\program files\Google
    2009-03-28 20:02 . 2009-03-28 20:02	--------	d-----w	c:\program files\PiFreePlayer
    2009-03-27 17:19 . 2009-03-27 17:18	--------	d-----w	c:\program files\DivX
    2009-03-27 17:18 . 2009-03-27 17:18	--------	d-----w	c:\program files\Fichiers communs\DivX Shared
    2009-03-27 17:06 . 2009-03-27 17:06	--------	d-----w	c:\program files\PiFreePC
    2009-03-20 21:49 . 2009-03-20 21:49	--------	d-----w	c:\program files\Haali
    2009-03-20 21:49 . 2009-03-20 21:49	--------	d-----w	c:\program files\ffdshow
    2009-03-18 09:57 . 2008-07-30 17:28	--------	d-----w	c:\program files\AVS4YOU
    2009-03-17 11:39 . 2006-12-13 22:22	--------	d-----w	c:\program files\XviD
    2009-03-17 11:20 . 2009-03-17 11:19	--------	d-----w	c:\program files\iTunes
    2009-03-17 11:19 . 2009-03-17 11:19	--------	d-----w	c:\program files\iPod
    2009-03-17 11:19 . 2008-07-19 21:54	--------	d-----w	c:\program files\Fichiers communs\Apple
    2009-03-17 11:17 . 2006-10-26 10:23	--------	d-----w	c:\program files\QuickTime
    2009-03-17 11:05 . 2009-03-17 11:04	--------	d-----w	c:\program files\Safari
    2009-03-12 14:57 . 2008-11-01 13:54	280520	----a-w	c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2009-03-07 16:19 . 2009-03-07 16:18	--------	d-----w	c:\program files\HomePlayer
    2009-03-06 22:09 . 2008-02-04 23:51	--------	d-----w	c:\program files\BitDefender
    2009-03-06 17:58 . 2009-03-06 17:58	--------	d-----w	c:\program files\FpTest
    2009-03-06 17:19 . 2009-03-06 17:19	--------	d-----w	c:\program files\VideoLAN
    2009-03-06 15:05 . 2007-03-26 08:29	81984	----a-w	c:\windows\system32\bdod.bin
    2009-03-06 14:20 . 2004-09-23 16:11	286720	----a-w	c:\windows\system32\pdh.dll
    2009-03-05 22:59 . 2009-03-17 11:14	1900544	----a-w	c:\windows\system32\usbaaplrc.dll
    2009-03-05 22:59 . 2008-07-19 21:55	36864	----a-w	c:\windows\system32\drivers\usbaapl.sys
    2009-03-03 00:13 . 2004-09-23 16:11	826368	----a-w	c:\windows\system32\wininet.dll
    2009-02-20 17:10 . 2004-09-23 16:10	78336	----a-w	c:\windows\system32\ieencode.dll
    2009-02-09 14:05 . 2004-09-23 16:11	1846912	----a-w	c:\windows\system32\win32k.sys
    2009-02-09 11:23 . 2004-08-03 22:48	2025984	----a-w	c:\windows\system32\ntkrnlpa.exe
    2009-02-09 11:23 . 2004-09-23 16:11	2147328	----a-w	c:\windows\system32\ntoskrnl.exe
    2009-02-09 11:23 . 2004-09-23 16:11	111104	----a-w	c:\windows\system32\services.exe
    2009-02-09 10:53 . 2004-09-23 16:10	735744	----a-w	c:\windows\system32\lsasrv.dll
    2009-02-09 10:53 . 2004-09-23 16:11	401408	----a-w	c:\windows\system32\rpcss.dll
    2009-02-09 10:53 . 2004-09-23 16:11	739840	----a-w	c:\windows\system32\ntdll.dll
    2009-02-09 10:53 . 2004-09-23 16:09	685568	----a-w	c:\windows\system32\advapi32.dll
    2009-02-06 17:39 . 2009-02-06 17:39	308600	----a-w	c:\windows\WLXPGSS.SCR
    2009-02-06 16:52 . 2009-02-06 16:52	49504	----a-w	c:\windows\system32\sirenacm.dll
    2009-02-06 10:39 . 2004-09-23 16:11	35328	----a-w	c:\windows\system32\sc.exe
    2009-02-03 19:58 . 2004-09-23 16:11	56832	----a-w	c:\windows\system32\secur32.dll
    2009-01-27 01:34 . 2009-01-27 01:34	1044480	----a-w	c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-01-27 01:34 . 2009-01-27 01:34	200704	----a-w	c:\program files\mozilla firefox\plugins\ssldivx.dll
    .
    
    (((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
    REGEDIT4
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HomePlayer"="c:\program files\HomePlayer\HomePlayer.exe" [2007-11-06 294912]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2service.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArcaCheck.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arcavir.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashEnhcd.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avcls.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz4.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz_se.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdinit.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caav.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caavguiscan.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\casecuritycenter.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccupdate.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfp.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfpupdat.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmdagent.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRWEB32.EXE]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FAMEH32.EXE]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPAVServer.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fpscan.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPWin.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav32.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32st.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSMA32.EXE]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxservice.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxup.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navigator.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSTUB.EXE]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nvcc.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpost.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\preupd.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskdr.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SfFnUp.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32arkit.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vba32ldr.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zanda.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapro.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zlh.exe]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zoneband.dll]
    "Debugger"=ntsd -d
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute	REG_MULTI_SZ   	'autocheck autochk *'\[u]0/uaswBoot.exe /A:* /L:French /KBD:3
    
    [HKLM\~\startupfolder\C:^Documents and Settings^sally^Menu Démarrer^Programmes^Démarrage^ChkDisk.dll]
    path=c:\documents and settings\sally\Menu Démarrer\Programmes\Démarrage\ChkDisk.dll
    backup=c:\windows\pss\ChkDisk.dllStartup
    
    [HKLM\~\startupfolder\C:^Documents and Settings^sally^Menu Démarrer^Programmes^Démarrage^ChkDisk.lnk]
    path=c:\documents and settings\sally\Menu Démarrer\Programmes\Démarrage\ChkDisk.lnk
    backup=c:\windows\pss\ChkDisk.lnkStartup
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Java\\jre1.6.0_03\\launch4j-tmp\\JDownloader.exe"=
    "c:\\WINDOWS\\system32\\java.exe"=
    "c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
    "c:\\Documents and Settings\\sally\\Bureau\\Convertisseur Video\\utorrent.exe"=
    "c:\\Documents and Settings\\sally\\Bureau\\Convertisseur Video\\eMule0.49b\\emule.exe"=
    "c:\\Program Files\\HomePlayer\\HomePlayer.exe"=
    "c:\\Program Files\\HomePlayer\\VLC\\vlc.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Documents and Settings\\sally\\Bureau\\VLCPortable\\App\\vlc\\vlc.exe"=
    "c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\PiFreePC\\PiFreePC.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8081:TCP"= 8081:TCP:home play
    
    R3 SPC610NC;Philips SPC500NC Webcam; [x]
    R4 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
    S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
    S3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-04-17 825600]
    S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2005-11-28 7040]
    
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx	REG_MULTI_SZ   	scan
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52f7af86-f9b5-11dd-967d-0016e6907866}]
    \Shell\AutoRun\command - J:\uxkl0apt.bat
    \Shell\open\Command - J:\uxkl0apt.bat
    .
    Contenu du dossier 'Tâches planifiées'
    
    2009-04-15 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
    
    2009-04-30 c:\windows\Tasks\Configurer mon PC.job
    - c:\apps\SMP\PCSETUP.EXE [2005-11-17 08:03]
    
    2008-10-27 c:\windows\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
    - c:\program files\Fichiers communs\Sonic Shared\Sonic Central\Main\Mediahub.exe [2005-09-27 00:01]
    .
    .
    ------- Examen supplémentaire -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.google.com/webhp?hl=fr
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    TCP: {46759F2E-4DE3-4D2D-BF04-5039B6EC3B7A} = 212.27.40.240,212.27.40.241
    FF - ProfilePath - c:\documents and settings\sally\Application Data\Mozilla\Firefox\Profiles\7f0ixceu.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
    FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
    FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
    FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    .
    
    **************************************************************************
    
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-04-30 18:45
    Windows 5.1.2600 Service Pack 3 NTFS
    
    Recherche de processus cachés ... 
    
    Recherche d'éléments en démarrage automatique cachés ... 
    
    Recherche de fichiers cachés ... 
    
    Scan terminé avec succès
    Fichiers cachés: 0
    
    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,d3,d6,2d,1e,92,
       b3,be,ee,c8,28,51,af,b0,29,a3,98,c0,b9,8c,37,ea,65,ea,c4,e2,63,26,f1,3f,c8,\
    
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,86,c5,65,14,bf,
       93,eb,e3,71,3b,04,66,8b,46,0d,96,a1,a9,e1,da,6f,ce,75,57,6a,9c,d6,61,af,45,\
    
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,24,bc,66,56,66,
       36,5c,62,25,da,ec,7e,55,20,c9,26,ca,ba,97,41,9c,17,7c,de,ff,7c,85,e0,43,d4,\
    
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,49,b0,15,3c,b6,
       fe,28,84,3e,1e,9e,e0,57,5a,93,61,cd,ca,e2,e1,cf,c8,d7,e1,86,8c,21,01,be,91,\
    
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,5d,02,7e,e9,29,
       47,b5,a6,cd,44,cd,b9,a6,33,6c,cd,10,58,57,0e,6f,b0,ed,45,f5,1d,4d,73,a8,13,\
    
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,29,e4,65,61,ba,
       e2,39,3d,b0,18,ed,a7,3f,8d,37,a4,a1,98,d6,89,60,5f,21,7f,df,20,58,62,78,6b,\
    
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,8c,d2,ec,4e,88,
       c6,8c,da,31,77,e1,ba,b1,f8,68,02,09,62,87,2e,53,fa,26,e0,fb,a7,78,e6,12,2f,\
    
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,66,0b,c3,c4,b2,
       a5,d8,43,83,6c,56,8b,a0,85,96,ab,0e,3a,43,a4,3a,8b,f7,ec,01,3a,48,fc,e8,04,\
    
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,f8,a5,29,a6,16,
       96,e5,fc,51,fa,6e,91,28,9e,14,cc,4a,c5,a7,cd,14,29,41,ce,f6,0f,4e,58,98,5b,\
    
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,60,5f,6c,a3,15,
       03,33,8a,b1,cd,45,5a,a8,c4,f8,b9,18,fd,9e,f0,70,04,f4,b8,3d,ce,ea,26,2d,45,\
    
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,13,f8,a7,96,85,
       8e,be,ff,e3,0e,66,d5,eb,bc,2f,6b,e8,83,fb,8f,2d,26,da,d3,2a,b7,cc,b5,b9,7f,\
    
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,fb,fd,38,d0,9d,
       f5,8c,4a,fa,ea,66,7f,d4,3b,6b,70,76,6a,1f,07,29,8f,f2,ff,6c,43,2d,1e,aa,22,\
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------
    
    - - - - - - - > 'winlogon.exe'(520)
    c:\windows\system32\Ati2evxx.dll
    
    - - - - - - - > 'explorer.exe'(2404)
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
    c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
    c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fre.nlr
    c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    c:\progra~1\SPYBOT~1\SDHelper.dll
    c:\program files\Fichiers communs\muvee Technologies\MainConcept3(muvee)\muveemp4demux.ax
    c:\windows\system32\mcspmpeg.ax
    c:\windows\system32\mpegin.dll
    c:\windows\system32\mcmpgdec.dll
    c:\program files\ffdshow\ffdshow.ax
    c:\program files\Haali\MatroskaSplitter\mmfinfo.dll
    c:\program files\Haali\MatroskaSplitter\mkunicode.dll
    c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\windows\ehome\ehrecvr.exe
    c:\windows\ehome\ehSched.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\windows\system32\dllhost.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-04-30 18:50 - La machine a redémarré
    ComboFix-quarantined-files.txt  2009-04-30 16:50
    ComboFix2.txt  2008-09-18 17:16
    
    Avant-CF: 12 378 009 600 octets libres
    Après-CF: 12 480 667 648 octets libres
    
    406	--- E O F ---	2009-04-30 14:26
    
    
    


    Peut tu me dire stp comment tu as detecter ce virus /vers ?
    Car c la premiere fois que je suis coincer a ce point !
    Merci . . .
    0
  10. Utilisateur anonyme
     
    ▶ Télécharge et install UsbFix

    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

    • Double clic sur le raccourci UsbFix présent sur ton bureau .

    • Choisis l'option 1 ( Recherche )

    • Laisse travailler l'outil.

    • Ensuite post le rapport UsbFix.txt qui apparaitra.

    • Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    • Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
    0
  11. dannydan Messages postés 64 Statut Membre
     
    Si je comprend ce virus ce propage par les support amovible ?
    Quel sont les clef ou executables quil faut reperer pour savoir si on est
    infecter ?
    Voila le rapport :

    
    
    ############################## [ UsbFix V3.015 # Scan ]
    
    # User : sally (Administrateurs) # 119745700318
    # Update on 30/04/09 by Chiquitine29, C_XX & Chimay8
    # WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
    # Start at: 19:09:17 | 30/04/2009
    
    #               Intel(R) Pentium(R) 4 CPU 3.00GHz
    # Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
    # Internet Explorer 7.0.5730.11
    # Windows Firewall Status : Enabled
    # AV : AntiVir Desktop 9.0.1.26 [ (!) Disabled | Updated ]
    
    # C:\ # Disque fixe local # 290,28 Go (11,61 Go free) [HDD] # NTFS
    # D:\ # Disque CD-ROM
    # E:\ # Disque amovible # 3,84 Go (2,19 Go free) [4GO] # FAT32
    # G:\ # Disque amovible
    # H:\ # Disque amovible
    # I:\ # Disque amovible
    # J:\ # Disque amovible
    
    ############################## [ Processus actifs ]
    
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\HomePlayer\HomePlayer.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    
    ################## [  Registre # Startup ]
    
    HKCU_Main:  "Local Page"="C:\\WINDOWS\\system32\\blank.htm" 
    HKCU_Main:  "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" 
    HKCU_Main:  "Start Page"="https://www.google.com/webhp?hl=fr&gws_rd=ssl" 
    HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," 
    HKLM_logon: "DefaultUserName"="sally" 
    HKLM_logon: "AltDefaultUserName"="sally" 
    HKLM_logon: "LegalNoticeCaption"="" 
    HKLM_logon: "LegalNoticeText"="" 
    HKLM_Run:    HomePlayer=C:\Program Files\HomePlayer\HomePlayer.exe 
    HKLM_Run:    iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe" 
    HKLM_Run:    avgnt="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min 
    
    ################## [ Informations ]
    
    
    ################## [ Fichiers # Dossiers infectieux ]
    
    Found ! C:\WINDOWS\system32\tmp.txt  
    Found ! E:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe  
    
    ################## [ Registre # Clés Run infectieuses ]
    
    Found ! HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"  
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )  
    Found ! HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"  
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )  
    
    ################## [ Registre # Mountpoints2 ]
    
    HKCU\Software\Microsoft\....\MountPoints2\{52f7af86-f9b5-11dd-967d-0016e6907866}\Shell\AutoRun\command  
    HKCU\Software\Microsoft\....\MountPoints2\{52f7af86-f9b5-11dd-967d-0016e6907866}\Shell\open\Command  
    
    ################## [ ! Fin du rapport # UsbFix V3.015 ! ] 
    
    
    
    
    0
  12. Utilisateur anonyme
     
    Visible sur cette clé : HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2

    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

    • Double clic sur le raccourci UsbFix présent sur ton bureau

    • choisis l'option 2 ( Suppression )

    • Ton bureau disparaitra et le pc redémarrera .

    • Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

    • Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

    • Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    0
  13. dannydan Messages postés 64 Statut Membre
     
    Je n'arrive pas a poster le rapport !!
    0
  14. dannydan Messages postés 64 Statut Membre
     
    
    ############################## [ UsbFix V3.015 # Cleaning ]
    
    # User : sally (Administrateurs) # 119745700318
    # Update on 30/04/09 by Chiquitine29, C_XX & Chimay8
    # WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
    # Start at: 19:41:38 | 30/04/2009
    
    #               Intel(R) Pentium(R) 4 CPU 3.00GHz
    # Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
    # Internet Explorer 7.0.5730.11
    # Windows Firewall Status : Enabled
    # AV : AntiVir Desktop 9.0.1.26 [ (!) Disabled | Updated ]
    
    # C:\ # Disque fixe local # 290,28 Go (11,68 Go free) [HDD] # NTFS
    # D:\ # Disque CD-ROM
    # E:\ # Disque amovible # 3,84 Go (2,19 Go free) [4GO] # FAT32
    # G:\ # Disque amovible
    # H:\ # Disque amovible
    # I:\ # Disque amovible
    # J:\ # Disque amovible
    
    ############################## [ Processus actifs ]
    
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\eHome\ehRec.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Avira\AntiVir Desktop\avwsc.exe
    
    ################## [ Fichiers # Dossiers infectieux ]
    
    Deleted ! C:\WINDOWS\system32\tmp.txt    
    Deleted ! E:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\stcvhost.exe    
    
    ################## [ Registre # Clés Run infectieuses ]
    
    # HKLM\software\microsoft\security center\\ "AntiVirusDisableNotify"  
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !  
    # HKLM\software\microsoft\security center\\ "UpdatesDisableNotify"  
    # -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 ) # -> Reset sucessfully !  
    
    ################## [ Registre # Mountpoints2 ]
    
    # -> Not Found !  
    
    ################## [ Listing des fichiers présent ]
    
    [30/04/2009 16:20|--a------|84618] - C:\avenger.txt
    [29/06/2008 23:51|--a------|16384] - C:\bdch.dll.vcd
    [05/03/2008 17:05|--a------|569344] - C:\bdguictl.dll.vcd
    [02/07/2008 19:51|--a------|212992] - C:\bdsubmit.dll.vcd
    [29/06/2008 23:51|--a------|913408] - C:\bdsubwiz.exe.vcd
    [31/10/2007 15:31|--a------|77824] - C:\bdutils.dll.vcd
    [08/03/2004 20:51|--a------|45056] - C:\boost_thread.dll
    [19/10/2006 17:30|-rahs----|208] - C:\BOOT.BAK
    [25/04/2009 17:33|--ahs----|290] - C:\BOOT.INI
    [10/08/2004 14:00|-rahs----|4952] - C:\Bootfont.bin
    [10/03/2004 23:16|--a------|77824] - C:\catgen.exe
    [14/12/2006 00:22|--a------|768] - C:\cddbplm.gcf
    [14/12/2006 00:22|--a------|768] - C:\cddbplm.idx
    [14/12/2006 00:22|--a------|768] - C:\cddbplm.pdb
    [10/08/2004 14:00|-rahs----|263488] - C:\cmldr
    [30/04/2009 18:50|--a------|26615] - C:\ComboFix.txt
    [?|?|?] - C:\hiberfil.sys
    [19/10/2006 17:32|-rahs----|0] - C:\IO.SYS
    [19/10/2006 17:35|--ah-----|838] - C:\IPH.PH
    [08/03/2004 05:09|--a------|147456] - C:\libexpatw.dll
    [08/07/2008 12:14|--a------|1155072] - C:\livesrv.exe.vcd
    [19/10/2006 17:32|-rahs----|0] - C:\MSDOS.SYS
    [10/08/2004 14:00|--a------|47564] - C:\NTDETECT.COM
    [27/10/2008 18:26|--a------|252240] - C:\NTLDR
    [?|?|?] - C:\pagefile.sys
    [23/03/2009 03:01|--ah-----|268] - C:\sqmdata00.sqm
    [27/03/2009 02:07|--ah-----|268] - C:\sqmdata01.sqm
    [13/04/2009 03:52|--ah-----|268] - C:\sqmdata02.sqm
    [14/04/2009 01:19|--ah-----|268] - C:\sqmdata03.sqm
    [14/04/2009 23:11|--ah-----|268] - C:\sqmdata04.sqm
    [09/02/2009 02:15|--ah-----|268] - C:\sqmdata05.sqm
    [09/02/2009 19:14|--ah-----|268] - C:\sqmdata06.sqm
    [14/02/2009 00:09|--ah-----|268] - C:\sqmdata07.sqm
    [15/02/2009 02:30|--ah-----|268] - C:\sqmdata08.sqm
    [20/02/2009 23:58|--ah-----|268] - C:\sqmdata09.sqm
    [23/02/2009 01:40|--ah-----|268] - C:\sqmdata10.sqm
    [23/02/2009 22:44|--ah-----|268] - C:\sqmdata11.sqm
    [25/02/2009 21:29|--ah-----|268] - C:\sqmdata12.sqm
    [26/02/2009 23:46|--ah-----|268] - C:\sqmdata13.sqm
    [28/02/2009 17:25|--ah-----|268] - C:\sqmdata14.sqm
    [01/03/2009 01:15|--ah-----|268] - C:\sqmdata15.sqm
    [01/03/2009 21:44|--ah-----|268] - C:\sqmdata16.sqm
    [02/03/2009 03:49|--ah-----|268] - C:\sqmdata17.sqm
    [06/03/2009 00:22|--ah-----|268] - C:\sqmdata18.sqm
    [06/03/2009 12:32|--ah-----|268] - C:\sqmdata19.sqm
    [27/03/2009 02:07|--ah-----|244] - C:\sqmnoopt00.sqm
    [13/04/2009 03:52|--ah-----|244] - C:\sqmnoopt01.sqm
    [14/04/2009 01:19|--ah-----|244] - C:\sqmnoopt02.sqm
    [14/04/2009 23:11|--ah-----|244] - C:\sqmnoopt03.sqm
    [09/02/2009 02:15|--ah-----|244] - C:\sqmnoopt04.sqm
    [09/02/2009 19:14|--ah-----|244] - C:\sqmnoopt05.sqm
    [14/02/2009 00:09|--ah-----|244] - C:\sqmnoopt06.sqm
    [15/02/2009 02:30|--ah-----|244] - C:\sqmnoopt07.sqm
    [20/02/2009 23:58|--ah-----|244] - C:\sqmnoopt08.sqm
    [23/02/2009 01:40|--ah-----|244] - C:\sqmnoopt09.sqm
    [23/02/2009 22:44|--ah-----|244] - C:\sqmnoopt10.sqm
    [25/02/2009 21:29|--ah-----|244] - C:\sqmnoopt11.sqm
    [26/02/2009 23:46|--ah-----|244] - C:\sqmnoopt12.sqm
    [28/02/2009 17:25|--ah-----|244] - C:\sqmnoopt13.sqm
    [01/03/2009 01:15|--ah-----|244] - C:\sqmnoopt14.sqm
    [01/03/2009 21:44|--ah-----|244] - C:\sqmnoopt15.sqm
    [02/03/2009 03:49|--ah-----|244] - C:\sqmnoopt16.sqm
    [06/03/2009 00:22|--ah-----|244] - C:\sqmnoopt17.sqm
    [06/03/2009 12:32|--ah-----|244] - C:\sqmnoopt18.sqm
    [23/03/2009 03:01|--ah-----|244] - C:\sqmnoopt19.sqm
    [17/04/2007 16:30|--a------|90112] - C:\txmlx.dll.vcd
    [22/04/2003 00:09|--a------|245408] - C:\unicows.dll
    [08/07/2008 12:14|--a------|159744] - C:\upgrepl.exe.vcd
    [30/04/2009 19:43|--a------|6017] - C:\UsbFix.txt
    [22/10/2007 14:31|--a------|573440] - C:\wslib.dll.vcd
    [18/04/2009 21:58|--a------|64003850] - C:\xscan.txt
    [29/01/2009 21:31|--a------|192] - E:\url.txt
    [27/09/2008 14:23|--a------|46724] - E:\assfr).zip
    [27/04/2009 22:19|--a------|28930] - E:\frenchfileopen-realty2.4.1.zip
    [27/04/2009 22:26|--a------|8709344] - E:\open-realty2.5.6.zip
    
    ################## [ Vaccination ]
    
    # C:\autorun.inf -> Folder created by UsbFix.  
    # E:\autorun.inf -> Folder created by UsbFix.  
    
    ################## [ Cracks / Keygens / Serials ]
    
    C:\Documents and Settings\sally\.housecall6.6\patch.exe  
    C:\Documents and Settings\sally\Bureau\Convertisseur Video\eMule0.49b\Incoming\Site\Lauyan TOweb 1.0.3 + Keygen -FR.zip  
    C:\Documents and Settings\sally\Bureau\Convertisseur Video\eMule0.49b\Incoming\Site\Lauyan ToWeb V2 Crack Keygen Fr (dc_ lic perso ok).rar  
    C:\Documents and Settings\sally\Bureau\Convertisseur Video\eMule0.49b\Incoming\Site\LMSOFT.Web.Creator.Pro.v4.0.0.5.Multilangages.Incl-Crack.[emule1.com].rar  
    C:\Documents and Settings\sally\Bureau\Convertisseur Video\eMule0.49b\Incoming\Site\LMSOFT.Web.Creator.Pro.v4.0.0.5.With.Crack.[sharethefiles.com].rar  
    C:\Documents and Settings\sally\Bureau\Convertisseur Video\eMule0.49b\Incoming\Site\TOWeb 2.02 (Patch).zip  
    C:\Documents and Settings\sally\Bureau\Convertisseur Video\eMule0.49b\Incoming\Site\Adobe.Photoshop.7.Fr.Serie\Clone CD 4\CloneCD.v4.0.0.1.Keygen.Only-TMG\Clonecd4.0.0.1kg.exe  
    C:\Documents and Settings\sally\Bureau\Convertisseur Video\eMule0.49b\Incoming\Site\LMSOFT Web Creator Pro v4.0.0.4.1\keygen.exe  
    C:\Documents and Settings\sally\Bureau\Convertisseur Video\eMule0.49b\Incoming\Site\LMSOFT.Web.Creator.Pro.v4.0.0.5.Multilangages.Incl-Crack.[emule1.com]\Crack\WebCreatorPro4.exe  
    C:\Documents and Settings\sally\Mes documents\Downloads\Pinnacle Hollywood FX PRO V5.2 + serial\hfx5full.exe  
    C:\Documents and Settings\sally\Mes documents\Downloads\Pinnacle Hollywood FX PRO V5.2 + serial\Pinnacle Hollywood FX PRO V5.2 + serial\hfx5full.exe  
    C:\Documents and Settings\sally\Mes documents\OFFICE One Zip\hijackthis_199\Bureau\Keygen-Nero.exe  
    
    ################## [ ! Fin du rapport # UsbFix V3.015 ! ] 
    
    
    
    
    0
  15. Utilisateur anonyme
     
    Telecharge malwarebytes
    https://www.malwarebytes.com/

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.

    PS : les rapport sont aussi rangé dans l onglet rapport/log
    0
  16. dannydan Messages postés 64 Statut Membre
     
    Malwarebytes' Anti-Malware 1.36
    Version de la base de données: 2062
    Windows 5.1.2600 Service Pack 3

    30/06/2009 22:49:15
    mbam-log-2009-06-30 (22-49-15).txt

    Type de recherche: Examen rapide
    Eléments examinés: 83334
    Temps écoulé: 4 minute(s), 4 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 43
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASECURITYCENTER.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  17. Utilisateur anonyme
     
    Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.
    Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
    Double-clique sur le répertoire JavaRa obtenu.
    Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
    Clique sur Search For Updates.
    Sélectionne Update Using jucheck.exe puis clique sur Search.
    Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
    Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.
    Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
    Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
    Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log
    (c:\JavaRa.log)
    Ferme l'application.

    ensuite :

    Télécharge random's system information tool (RSIT) et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt
    0
  18. dannydan Messages postés 64 Statut Membre
     
    Voici le rapport de JAVARA :

    JavaRa 1.12 Removal Log.
    
    Report follows after line.
    
    ------------------------------------
    
    The JavaRa removal process was started on Wed Jul 01 00:03:20 2009
    
    Found and removed: C:\Program Files\Java\jre1.5.0_04
    
    Found and removed: C:\Program Files\Java\jre1.5.0_10
    
    Found and removed: C:\Program Files\Java\jre1.6.0_03
    
    Found and removed: C:\Program Files\Java\jre1.6.0_07
    
    Found and removed: Software\JavaSoft\Java2D\1.5.0_04
    
    Found and removed: Software\JavaSoft\Java2D\1.5.0_10
    
    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
    
    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
    
    Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510004
    
    Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511000
    
    Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510004
    
    Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511000
    
    Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510004
    
    Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511000
    
    Found and removed: SOFTWARE\Classes\JavaPlugin.150_04
    
    Found and removed: SOFTWARE\Classes\JavaPlugin.150_10
    
    Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0
    
    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_04
    
    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10
    
    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5
    
    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_04
    
    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10
    
    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
    
    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
    
    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510004
    
    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511000
    
    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510004
    
    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511000
    
    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150040}
    
    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150100}
    
    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    
    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}
    
    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}
    
    Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003
    
    Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003
    
    Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003
    
    Found and removed: SOFTWARE\Classes\JavaPlugin.160_03
    
    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03
    
    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03
    
    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    
    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003
    
    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003
    
    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003
    
    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}
    
    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_04
    
    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10
    
    Found and removed: Software\Classes\JavaPlugin.160_03
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
    
    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
    
    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
    
    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
    
    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
    
    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
    
    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
    
    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03
    
    Found and removed: Software\JavaSoft\Java2D\1.6.0_01
    
    Found and removed: Software\JavaSoft\Java2D\1.6.0_03
    
    Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
    
    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
    
    ------------------------------------
    
    Finished reporting.
    
    
    


    Le suivant arrive . . . .
    0
  19. dannydan Messages postés 64 Statut Membre
     
    et celui de RSIT :

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by sally at 2009-07-01 00:06:41
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 12 GB (4%) free of 297 GB
    Total RAM: 766 MB (33% free)
    
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:06:47, on 01/07/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\HomePlayer\HomePlayer.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\sally\Bureau\hijackthis_199\RSIT.exe
    C:\Documents and Settings\sally\Bureau\hijackthis_199\HiJackThis\sally.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [HomePlayer] C:\Program Files\HomePlayer\HomePlayer.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{46759F2E-4DE3-4D2D-BF04-5039B6EC3B7A}: NameServer = 212.27.40.240,212.27.40.241
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    
    --
    End of file - 6497 bytes
    
    ======Scheduled tasks folder======
    
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\Configurer mon PC.job
    C:\WINDOWS\tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
    C:\WINDOWS\tasks\sally.job
    
    ======Registry dump======
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
    RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-04-07 308856]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-01 35840]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
    Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
    FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2007-05-16 191096]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-01 73728]
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "HomePlayer"=C:\Program Files\HomePlayer\HomePlayer.exe [2007-11-06 294912]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]
    "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-01 148888]
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autochk]
    C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16 []
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sally]
    C:\Documents and Settings\sally\sally.exe /i []
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^sally^Menu Démarrer^Programmes^Démarrage^ChkDisk.dll]
    C:\Documents and Settings\sally\Menu Démarrer\Programmes\Démarrage\ChkDisk.dll []
    
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^sally^Menu Démarrer^Programmes^Démarrage^ChkDisk.lnk]
     C:\DOCUME~1\sally\MENUDM~1\PROGRA~1\DMARRA~1\ChkDisk.dll,_IWMPEvents@16 []
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2008-09-24 143360]
    
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=36
    "NoDrives"=0
    "NoDriveAutoRun"=FFFFFFFF
    "NoFind"=
    "NoFolderOptions"=
    "NoRun"=
    "NoViewContextMenu"=0
    "NoWinKeys"=0
    
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=
    "HonorAutoRunSetting"=
    "NoLogOff"=
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Java\jre1.6.0_03\launch4j-tmp\JDownloader.exe"="C:\Program Files\Java\jre1.6.0_03\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
    "C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
    "C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
    "C:\Documents and Settings\sally\Bureau\Convertisseur Video\utorrent.exe"="C:\Documents and Settings\sally\Bureau\Convertisseur Video\utorrent.exe:*:Disabled:µTorrent"
    "C:\Documents and Settings\sally\Bureau\Convertisseur Video\eMule0.49b\emule.exe"="C:\Documents and Settings\sally\Bureau\Convertisseur Video\eMule0.49b\emule.exe:*:Enabled:eMule"
    "C:\Program Files\HomePlayer\HomePlayer.exe"="C:\Program Files\HomePlayer\HomePlayer.exe:*:Enabled:HomePlayer"
    "C:\Program Files\HomePlayer\VLC\vlc.exe"="C:\Program Files\HomePlayer\VLC\vlc.exe:*:Enabled:VLC HomePlayer"
    "C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
    "C:\Documents and Settings\sally\Bureau\VLCPortable\App\vlc\vlc.exe"="C:\Documents and Settings\sally\Bureau\VLCPortable\App\vlc\vlc.exe:*:Enabled:VLC media player"
    "C:\Program Files\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe"="C:\Program Files\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\PiFreePC\PiFreePC.exe"="C:\Program Files\PiFreePC\PiFreePC.exe:*:Disabled:PiFreePC"
    "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52f7af86-f9b5-11dd-967d-0016e6907866}]
    shell\AutoRun\command - J:\uxkl0apt.bat
    shell\open\command - J:\uxkl0apt.bat
    
    
    ======List of files/folders created in the last 1 months======
    
    2009-07-01 00:06:41 ----D---- C:\rsit
    2009-07-01 00:03:34 ----SHD---- C:\RECYCLER
    2009-07-01 00:00:41 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-07-01 00:00:41 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-07-01 00:00:41 ----A---- C:\WINDOWS\system32\java.exe
    2009-07-01 00:00:41 ----A---- C:\WINDOWS\system32\deploytk.dll
    
    ======List of files/folders modified in the last 1 months======
    
    2009-07-01 00:06:39 ----D---- C:\WINDOWS\Prefetch
    2009-07-01 00:04:03 ----D---- C:\Program Files\Mozilla Firefox
    2009-07-01 00:03:30 ----D---- C:\Program Files\Java
    2009-07-01 00:01:12 ----SHD---- C:\WINDOWS\Installer
    2009-07-01 00:00:46 ----SHD---- C:\Config.Msi
    2009-07-01 00:00:43 ----D---- C:\WINDOWS\temp
    2009-07-01 00:00:41 ----D---- C:\WINDOWS\system32
    2009-06-30 23:30:01 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-06-30 23:29:08 ----D---- C:\WINDOWS\Registration
    2009-06-30 23:29:02 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-06-30 23:28:54 ----D---- C:\WINDOWS
    2009-06-30 23:27:21 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-06-30 22:39:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-06-30 22:39:41 ----D---- C:\WINDOWS\system32\drivers
    
    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    
    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
    R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
    R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\Drivers\PCLEPCI.SYS []
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
    R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
    R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
    R3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-17 825600]
    R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 ASAPIW2k;ASAPIW2K; C:\WINDOWS\system32\drivers\ASAPIW2k.sys [2004-03-10 11264]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-09-24 3331072]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-01-15 23848]
    R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-09 4123136]
    R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
    R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-10-12 13848]
    R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-10-12 1279000]
    R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]
    R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-27 81408]
    R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
    R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
    R3 X10Hid;X10 Hid Device; C:\WINDOWS\System32\Drivers\x10hid.sys [2005-11-28 7040]
    S3 ajnjasat;ajnjasat; C:\WINDOWS\system32\drivers\ajnjasat.sys []
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
    S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
    S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 21504]
    S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
    S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 NTIDrvr;NTIDrvr; \??\C:\Program Files\muvee Technologies\muveeNow 2.2\mvBurnerDll\NTIDrvr.sys []
    S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys []
    S3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2007-05-14 445696]
    S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
    S3 SPC610NC;Philips SPC500NC Webcam; C:\WINDOWS\system32\DRIVERS\SPC610NC.SYS []
    S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
    S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
    S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 USB_RNDIS;ADI Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-06 36864]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 usbsermptxp;Motorola USB Modem Driver for MPT XP; C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys [2007-07-06 25600]
    S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 XUIF;X10 USB Wireless Transceiver; C:\WINDOWS\System32\Drivers\x10ufx2.sys [2005-05-19 17792]
    
    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
    R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-09-24 581632]
    R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
    R2 ehSched;Service de planification Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-01 152984]
    R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]
    S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-09-23 593920]
    S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
    S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-22 168432]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
    S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
    S4 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe []
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
    S4 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
    S4 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
    S4 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
    S4 USBDeviceService;USBDeviceService; C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe [2005-10-20 90112]
    S4 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
    
    -----------------EOF-----------------
    
    
    0
  20. Utilisateur anonyme
     
    ---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
    http://oldtimer.geekstogo.com/OTMoveIt3.exe

    ---> Double-clique sur OTMoveIt3.exe afin de le lancer.

    ---> Copie (Ctrl+C) le texte suivant ci-dessous :

    :processes
    explorer.exe

    :files
    J:\uxkl0apt.bat

    :reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52f7af86-f9b5-11dd-967d-0016e6907866}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autochk]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sally]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    :commands
    [emptytemp]
    [start explorer]


    ---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

    ---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

    Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

    ---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log


    ensuite :

    * pour supprimer les outils/fix utilisés :

    Télécharge ToolsCleaner sur ton bureau.
    -->
    http://pc-system.fr/
    http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    Purge de la restauration système
    *Désactive ta restauration :
    Clique droit sur poste de travail/propriétés/Restauration système/coche la case désactiver la restauration, appliquer, OK
    ---> Redémarre ton PC ...

    *Réactive ta restauration :
    Clique droit sur poste de travail/propriétés/Restauration système/décoche la case désactiver la restauration, appliquer, OK
    --->Redémarre ton PC ...

    ( Note : tu peux aussi y accéder via panneau de configuration->" système "->" restauration système " ).

    Tuto xp : http://service1.symantec.com/support/inter/tsgeninfointl.Nsf/fr_docid/20020830101856924

    0
  21. dannydan Messages postés 64 Statut Membre
     
    desoler de pas avoir repondu avant , j'ete crever hier soir !
    Voila le rapprt OTMoveIt :

    
    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    File/Folder J:\uxkl0apt.bat not found.
    ========== REGISTRY ==========
    Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52f7af86-f9b5-11dd-967d-0016e6907866}\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autochk\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sally\\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\\ deleted successfully.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\sally\LOCALS~1\Temp\hsperfdata_sally\2008 scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\sally\LOCALS~1\Temp\etilqs_JasjaQMexEVavjFVOSjg scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Internet Explorer cache folder emptied.
    File delete failed. C:\Documents and Settings\sally\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    User's Temporary Internet Files folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
    Local Service Temp folder emptied.
    Local Service Temporary Internet Files folder emptied.
    Network Service Temp folder emptied.
    Network Service Temporary Internet Files folder emptied.
    File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1b4.dat scheduled to be deleted on reboot.
    Windows Temp folder emptied.
    Java cache emptied.
    File delete failed. C:\Documents and Settings\sally\Local Settings\Application Data\Mozilla\Firefox\Profiles\7f0ixceu.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\sally\Local Settings\Application Data\Mozilla\Firefox\Profiles\7f0ixceu.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\sally\Local Settings\Application Data\Mozilla\Firefox\Profiles\7f0ixceu.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\sally\Local Settings\Application Data\Mozilla\Firefox\Profiles\7f0ixceu.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\sally\Local Settings\Application Data\Mozilla\Firefox\Profiles\7f0ixceu.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\sally\Local Settings\Application Data\Mozilla\Firefox\Profiles\7f0ixceu.default\XUL.mfl scheduled to be deleted on reboot.
    FireFox cache emptied.
    Temp folders emptied.
    Explorer started successfully
     
    OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 07012009_003607
    
    0
  • 1
  • 2