Scan combofix apres un souci antivirus

Résolu
CED -  
 CED -
Bonjour,pouvez vous donner un avis sur ce rendu de scan.il est un peu ancien pues en refaire.un

ComboFix 09-03-29.02 - ced 2009-03-30 13:48:14.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1438 [GMT 2:00]
Lancé depuis: c:\documents and settings\ced\Bureau\Bibitte.exe
Commutateurs utilisés :: c:\documents and settings\ced\Mes documents\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
c:\windows\system32\DA9F6BC5AD.sys
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskBarDis\bar\bin\AskService.exe
c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe
c:\windows\system32\DA9F6BC5AD.sys

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASKSERVICE
-------\Legacy_ASKUPGRADE
-------\Service_ASKService
-------\Service_ASKUpgrade

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-30 ))))))))))))))))))))))))))))))))))))
.

2009-03-29 14:55 . 2009-03-29 14:55 <REP> d-------- c:\documents and settings\All Users\Application Data\HP
2009-03-29 14:53 . 2009-03-29 14:56 19,554 --a------ c:\windows\hpqins13.dat
2009-03-14 09:11 . 2009-03-14 09:11 <REP> d---s---- c:\documents and settings\ced\UserData
2009-03-14 09:11 . 2008-10-16 15:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-03-14 09:11 . 2008-10-16 15:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-03-14 09:11 . 2008-10-16 15:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-03-13 14:58 . 2009-03-30 13:50 <REP> d-------- c:\documents and settings\ced\Tracing
2009-03-13 14:55 . 2009-03-17 09:22 <REP> d-------- c:\program files\Microsoft Silverlight
2009-03-13 14:55 . 2009-03-13 14:55 <REP> d-------- c:\program files\Microsoft
2009-03-13 14:54 . 2009-03-13 14:54 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-03-13 14:54 . 2009-03-13 14:55 <REP> d-------- c:\program files\Windows Live
2009-03-13 14:50 . 2009-03-13 14:50 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2009-02-25 22:29 . 2009-02-25 22:29 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-25 22:29 . 2009-02-25 22:29 <REP> d-------- c:\documents and settings\ced\Application Data\Malwarebytes
2009-02-25 22:29 . 2009-02-25 22:29 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-25 22:29 . 2009-02-11 11:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-25 22:29 . 2009-02-11 11:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-25 21:43 . 2009-03-01 22:21 <REP> d-------- C:\rsit
2009-02-25 21:43 . 2009-03-24 09:17 <REP> d-------- c:\program files\trend micro
2009-02-25 20:35 . 2009-02-25 21:42 <REP> d-------- c:\program files\Navilog1
2009-02-25 13:19 . 2009-02-25 13:19 <REP> d-------- c:\program files\Fichiers communs\DirectX
2009-02-22 22:58 . 2009-02-25 13:19 <REP> d-------- c:\program files\Bagger-Simulator 2008 Demo
2009-02-22 20:40 . 2009-02-25 13:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2009-02-22 19:07 . 2009-02-25 13:19 <REP> d-------- c:\program files\Trymedia
2009-02-22 19:07 . 2009-02-23 22:42 36,734 --a------ c:\windows\system32\OggDSuninst.exe
2009-02-22 11:29 . 2009-03-01 20:51 <REP> d--h----- c:\documents and settings\ced\Application Data\drivers
2009-02-22 00:49 . 2009-03-24 09:19 <REP> d-------- c:\program files\sixteen tons entertainment
2009-02-16 20:46 . 2009-02-16 20:46 <REP> d-------- c:\documents and settings\ced\Application Data\Corel
2009-02-16 20:46 . 2009-02-16 20:46 <REP> d-------- c:\documents and settings\All Users\Application Data\Corel
2009-02-16 20:44 . 2009-02-16 20:45 <REP> d-------- c:\program files\Fichiers communs\Corel
2009-02-16 20:40 . 2009-03-29 14:00 2,516 --ahs---- c:\windows\system32\KGyGaAvL.sys
2009-02-16 20:38 . 2009-02-16 20:38 <REP> d-------- c:\documents and settings\ced\Application Data\InstallShield
2009-02-06 19:52 . 2009-02-06 19:52 49,504 --a------ c:\windows\system32\sirenacm.dll
2009-02-05 22:47 . 2009-02-05 22:47 <REP> d-------- c:\program files\AskSearch
2009-02-05 22:47 . 2009-02-05 22:47 <REP> d-------- c:\program files\AskBarDis
2009-02-05 22:47 . 2009-03-29 23:09 <REP> d-------- c:\documents and settings\ced\Application Data\Azureus
2009-02-05 22:47 . 2009-02-05 22:47 <REP> d-------- c:\documents and settings\All Users\Application Data\Azureus
2009-02-05 22:45 . 2009-02-05 22:45 <REP> d-------- c:\program files\Fichiers communs\i4j_jres

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 10:20 --------- d-----w c:\documents and settings\ced\Application Data\EoRezo
2009-03-30 08:08 --------- d-----w c:\program files\EoRezo
2009-03-29 15:54 --------- d-----w c:\documents and settings\ced\Application Data\Apple Computer
2009-03-26 12:40 --------- d-----w c:\program files\DAEMON Tools Toolbar
2009-03-25 07:05 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-27 10:46 26,596,640 -c--a-w c:\program files\AdbeRdr90_fr_FR.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-03-01_19.53.44.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 13:59:50 1,847,680 ----a-w c:\windows\$hf_mig$\KB958690\SP3QFE\win32k.sys
+ 2008-07-09 07:40:22 18,296 ----a-w c:\windows\$hf_mig$\KB958690\spmsg.dll
+ 2008-07-09 07:40:24 234,872 ----a-w c:\windows\$hf_mig$\KB958690\spuninst.exe
+ 2008-07-09 07:40:22 26,488 ----a-w c:\windows\$hf_mig$\KB958690\update\spcustom.dll
+ 2008-07-09 07:40:26 767,352 ----a-w c:\windows\$hf_mig$\KB958690\update\update.exe
+ 2008-07-09 07:40:35 406,392 ----a-w c:\windows\$hf_mig$\KB958690\update\updspapi.dll
+ 2008-12-05 06:59:36 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll
+ 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB960225\spmsg.dll
+ 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB960225\spuninst.exe
+ 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB960225\update\spcustom.dll
+ 2007-11-30 12:39:29 767,352 ----a-w c:\windows\$hf_mig$\KB960225\update\update.exe
+ 2007-11-30 12:39:31 406,392 ----a-w c:\windows\$hf_mig$\KB960225\update\updspapi.dll
+ 2008-06-17 19:04:03 8,518,144 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
+ 2008-07-09 07:40:22 18,296 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll
+ 2008-07-09 07:40:24 234,872 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2008-07-09 07:40:22 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll
+ 2008-07-09 07:40:26 767,352 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2008-07-09 07:40:35 406,392 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2000-08-31 07:00:00 89,504 ----a-w c:\windows\fdsv.exe
+ 2000-08-31 06:00:00 89,504 ----a-w c:\windows\fdsv.exe
- 2000-08-31 07:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2000-08-31 06:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2009-03-13 12:55:24 80,395 ----a-r c:\windows\Installer\{059C042E-796A-4ACC-A81A-ECC2010BB78C}\MsblIco.Exe
+ 2009-03-13 12:54:50 62,304 ----a-r c:\windows\Installer\{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}\IconWlc.exe
- 2008-11-01 09:59:39 167,936 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-03-18 12:31:40 167,936 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2008-11-01 09:59:39 2,560 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2009-03-18 12:31:40 2,560 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-11-01 09:59:39 81,920 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2009-03-18 12:31:40 81,920 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\fpicon.exe
- 2008-11-01 09:59:39 34,304 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-03-18 12:31:40 34,304 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-11-01 09:59:39 8,192 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2009-03-18 12:31:40 8,192 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-11-01 09:59:39 3,584 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2009-03-18 12:31:40 3,584 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-11-01 09:59:39 114,688 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2009-03-18 12:31:40 114,688 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2008-11-01 09:59:39 16,384 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2009-03-18 12:31:40 16,384 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-11-01 09:59:39 30,720 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2009-03-18 12:31:40 30,720 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2008-11-01 09:59:39 22,528 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2009-03-18 12:31:40 22,528 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-11-01 09:59:39 45,056 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2009-03-18 12:31:40 45,056 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2008-11-01 09:59:39 90,112 -c--a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2009-03-18 12:31:40 90,112 ----a-r c:\windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\ARPPRODUCTICON.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut10.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut11.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut12.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut13.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut14.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut15.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut16.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut17.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut18.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut19.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut2_1.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut20.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut21.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut22.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut23.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut24.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut25.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut26.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut27.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut28.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut5.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut6.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut7.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut8.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
+ 2009-03-29 12:55:44 25,214 ----a-r c:\windows\Installer\{D79113E7-274C-470B-BD46-01B10219DF6A}\NewShortcut9.BCCDD171_C13C_4D41_ACA3_0E088E5E60A9.exe
- 2000-08-31 07:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 06:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 07:00:00 98,816 ----a-w c:\windows\sed.exe
+ 2000-08-31 06:00:00 98,816 ----a-w c:\windows\sed.exe
- 2000-08-31 07:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 06:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2000-08-31 07:00:00 136,704 ----a-w c:\windows\SWSC.exe
+ 2000-08-31 06:00:00 136,704 ----a-w c:\windows\SWSC.exe
- 2000-08-31 07:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe
+ 2000-08-31 06:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe
+ 2008-08-20 08:54:00 287,256 ----a-r c:\windows\system32\AbaleZip.dll
- 2001-01-22 02:25:24 32,768 -c--a-w c:\windows\system32\ATHPRXY.DLL
+ 2004-01-29 14:08:23 32,768 ----a-w c:\windows\system32\ATHPRXY.DLL
+ 2008-12-05 06:57:24 144,896 -c----w c:\windows\system32\dllcache\schannel.dll
+ 2008-06-17 19:02:15 8,517,632 -c----w c:\windows\system32\dllcache\shell32.dll
- 2008-09-15 15:26:07 1,846,528 -c----w c:\windows\system32\dllcache\win32k.sys
+ 2009-02-09 14:05:54 1,846,912 -c----w c:\windows\system32\dllcache\win32k.sys
- 2007-06-11 22:51:12 10,834,944 -c--a-w c:\windows\system32\dllcache\wmp.dll
+ 2008-11-11 17:34:42 10,838,016 -c--a-w c:\windows\system32\dllcache\wmp.dll
- 1999-10-18 02:01:42 1,129,232 -c--a-w c:\windows\system32\FM20.DLL
+ 2003-09-25 11:07:00 1,139,472 ----a-w c:\windows\system32\FM20.DLL
- 2001-02-21 10:02:06 29,456 -c--a-w c:\windows\system32\FM20FRA.DLL
+ 2003-10-29 13:05:10 28,672 ----a-w c:\windows\system32\FM20FRA.DLL
- 2008-11-05 11:20:59 172,280 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-14 07:10:22 175,464 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2009-02-03 23:21:12 21,244,864 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-25 11:55:00 24,768,960 ----a-w c:\windows\system32\MRT.exe
- 2008-12-11 19:45:43 59,916 -c--a-w c:\windows\system32\perfc009.dat
+ 2009-03-29 07:46:30 59,916 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-11 19:45:43 73,260 -c--a-w c:\windows\system32\perfc00C.dat
+ 2009-03-29 07:46:30 73,260 ----a-w c:\windows\system32\perfc00C.dat
- 2008-12-11 19:45:43 397,696 -c--a-w c:\windows\system32\perfh009.dat
+ 2009-03-29 07:46:30 397,696 ----a-w c:\windows\system32\perfh009.dat
- 2008-12-11 19:45:43 464,892 -c--a-w c:\windows\system32\perfh00C.dat
+ 2009-03-29 07:46:30 464,892 ----a-w c:\windows\system32\perfh00C.dat
- 2008-04-14 02:33:40 144,384 ----a-w c:\windows\system32\schannel.dll
+ 2008-12-05 06:57:24 144,896 ----a-w c:\windows\system32\schannel.dll
- 2008-04-14 02:33:41 8,517,632 ----a-w c:\windows\system32\shell32.dll
+ 2008-06-17 19:02:15 8,517,632 ----a-w c:\windows\system32\shell32.dll
- 2008-07-09 07:40:22 18,296 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
- 2007-08-10 06:18:14 26,488 -c--a-w c:\windows\system32\spupdsvc.exe
+ 2007-07-27 08:41:38 26,488 ----a-w c:\windows\system32\spupdsvc.exe
- 2008-09-15 15:26:07 1,846,528 ----a-w c:\windows\system32\win32k.sys
+ 2009-02-09 14:05:54 1,846,912 ----a-w c:\windows\system32\win32k.sys
- 2007-06-11 22:51:12 10,834,944 ----a-w c:\windows\system32\wmp.dll
+ 2008-11-11 17:34:42 10,838,016 ----a-w c:\windows\system32\wmp.dll
- 2000-08-31 07:00:00 49,152 ----a-w c:\windows\VFIND.exe
+ 2000-08-31 06:00:00 49,152 ----a-w c:\windows\VFIND.exe
+ 2008-08-20 08:54:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_6e85597b\ATL80.dll
+ 2008-08-20 08:54:00 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcm80.dll
+ 2008-08-20 08:54:00 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcp80.dll
+ 2008-08-20 08:54:00 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcr80.dll
+ 2007-11-06 19:23:58 224,768 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2007-11-07 00:19:34 568,832 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-07 00:19:34 655,872 ----a-w c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2008-04-15 17:49:31 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
- 2000-08-31 07:00:00 68,096 ----a-w c:\windows\zip.exe
+ 2000-08-31 06:00:00 68,096 ----a-w c:\windows\zip.exe
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-03-01 78008]
"hpqSRMon"="d:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Corel Photo Downloader"="c:\program files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272]
"nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - d:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Microsoft Office.lnk - d:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Zattoo\\zattood.exe"=
"d:\\Program Files\\Zattoo\\Zattoo1.exe"=
"d:\\Program Files\\SecondLife\\SLVoice.exe"=
"d:\\Program Files\\Vuze\\Azureus.exe"=
"d:\\Program Files\\eChanblard\\emule.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"31336:TCP"= 31336:TCP:adsltv

S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78cdbb55-9fa2-11dd-95f7-d9ab3be3e37b}]
\Shell\Auto\command - cxfgamhao.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
.
Contenu du dossier 'Tâches planifiées'

2009-03-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.ustart.org
mStart Page = hxxp://www.ustart.org
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=%s
IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 13:50:23
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1935655697-1364589140-1801674531-1004\Software\SecuROM\License information*]
"datasecu"=hex:d8,69,ec,3a,82,0e,ee,c7,d8,28,20,89,8e,1d,76,ba,c1,4c,3a,2c,40,
5a,bb,0b,1f,4a,15,ac,cc,95,d1,4f,ce,59,0f,1b,25,30,bd,58,e3,bd,83,31,13,4d,\
"rkeysecu"=hex:27,b1,27,38,9b,e2,2e,93,76,ca,4a,07,08,8b,e2,e8
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
d:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Heure de fin: 2009-03-30 13:52:05 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-03-30 11:51:36
ComboFix2.txt 2009-03-01 18:56:13

Avant-CF: 13 065 318 400 octets libres
Après-CF: 13,883,219,968 octets libres

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
327 --- E O F --- 2009-03-18 12:31:41
Configuration: Windows XP
Firefox 3.0.10

27 réponses

  • 1
  • 2
Résumé de la discussion

Un rapport de scan sur Windows XP expose une infection complexe signalée par ComboFix, avec des éléments malveillants et des services indésirables activés et des processus suspects. Les solutions essentielles recommandées privilégient une suppression guidée par UsbFix et des outils de nettoyage supplémentaires, afin de neutraliser les entrées persistantes et les pilotes suspects. Plusieurs étapes sont conseillées: connecter les sources de données externes hors du PC, lancer UsbFix en mode Suppression, puis redémarrer pour permettre un second balayage. En complément, FindyKill est recommandé et les rapports UsbFix.txt et FindyKill.txt doivent être fournis pour une évaluation plus précise, afin d'éviter de négliger des éléments restants et d'organiser une reprise sécurisée.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Utilisateur anonyme
     
    Bonsoir
    ######## | XP _ Instal & recherche | #######

    # Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    Télécharge et install UsbFix de C_XX & Chiquitine29

    Tutorial de Malekal_Morte si besoin, merci à lui : https://www.malekal.com/usbfix-supprimer-virus-usb/

    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

    # Double clic sur le raccourci UsbFix présent sur ton bureau.

    # Choisi l option 1 (Recherche)

    # Laisse travailler l outil.

    # Ensuite post le rapport UsbFix.txt qui apparaîtra.

    # Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

    0
  2. CED
     
    ############################## [ UsbFix V3.017 # Scan ]

    # User : ced (Administrateurs) # CED-EABDC8504D1
    # Update on 06/05/09 by Chiquitine29, C_XX & Chimay8
    # WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
    # Start at: 21:59:55 | 07/05/2009

    # Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
    # Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    # Internet Explorer 6.0.2900.5512
    # Windows Firewall Status : Enabled

    # A:\ # Lecteur de disquettes 3 ½ pouces
    # C:\ # Disque fixe local # 29,29 Go (12,82 Go free) # NTFS
    # D:\ # Disque fixe local # 119,75 Go (104,42 Go free) # NTFS
    # E:\ # Disque CD-ROM
    # F:\ # Disque CD-ROM
    # G:\ # Disque CD-ROM
    # H:\ # Disque CD-ROM
    # I:\ # Disque fixe local # 152,66 Go (27,22 Go free) [Maxtor 160] # NTFS

    ############################## [ Processus actifs ]

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    D:\Program Files\DAEMON Tools Lite\daemon.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## [ Registre # Startup ]

    HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    HKCU_Main: "Start Page"="http://www.ustart.org"
    HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    HKLM_logon: "DefaultUserName"="ced"
    HKLM_logon: "AltDefaultUserName"="ced"
    HKLM_logon: "LegalNoticeCaption"=""
    HKLM_logon: "LegalNoticeText"=""
    HKLM_Run: IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    HKLM_Run: PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    HKLM_Run: PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    HKLM_Run: JMB36X IDE Setup=C:\WINDOWS\JM\JMInsIDE.exe
    HKLM_Run: JMB36X Configure=C:\WINDOWS\system32\JMRaidSetup.exe boot
    HKLM_Run: SoundMAXPnP=C:\Program Files\Analog Devices\Core\smax4pnp.exe
    HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    HKLM_Run: nwiz=nwiz.exe /install
    HKLM_Run: NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    HKLM_Run: HP Software Update=D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
    HKLM_Run: iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
    HKLM_Run: avast!=D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    HKLM_Run: hpqSRMon=D:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    HKLM_Run: Corel Photo Downloader="C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
    HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
    HKCU_Run: msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    HKCU_Run: DAEMON Tools Lite="D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

    ################## [ Informations ]

    C:\Documents and Settings\ced\Application Data\drivers

    # (!) # --> Bagle !

    HKLM\SYSTEM\ControlSet001\Services\srosa
    HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
    HKLM\SYSTEM\ControlSet001\Services\sK9Ou0s
    HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S

    # (!) # --> Rootkit Bagle !

    ################## [ Fichiers # Dossiers infectieux ]
    tu peus me dire si un scan et necessaire stp

    Found ! I:\autorun.inf

    ################## [ Registre # Clés Run infectieuses ]

    ################## [ Registre # Mountpoints2 ]

    HKCU\Software\Microsoft\....\MountPoints2\{78cdbb55-9fa2-11dd-95f7-d9ab3be3e37b}\Shell\Auto\command
    HKCU\Software\Microsoft\....\MountPoints2\{78cdbb55-9fa2-11dd-95f7-d9ab3be3e37b}\Shell\AutoRun\command
    HKCU\Software\Microsoft\....\MountPoints2\{abb212e7-b4a8-11dd-a6ec-001d60747980}\Shell\AutoRun\command
    HKCU\Software\Microsoft\....\MountPoints2\{abb212e7-b4a8-11dd-a6ec-001d60747980}\Shell\open\Command

    ################## [ ! Fin du rapport # UsbFix V3.017 ! ]
    0
    1. Utilisateur anonyme
       
      Re

      1) ######## | XP _ Suppression | #######



      Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

      # Double clic sur le raccourci UsbFix présent sur ton bureau

      # choisi l option 2 (Suppression)

      # Ton bureau disparaîtra et le pc redémarrera.

      # Au redémarrage, UsbFix scannera ton pc, laisse travailler l outil.

      # Ensuite post le rapport UsbFix.txt qui apparaîtra avec le bureau.

      # Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

      ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

      2)• Télécharge FindyKill ici : : http://pagesperso-orange.fr/FindyKill.Ad.Remover/home_page.htm
      • ->Enregistre-le sur ton bureau et pas ailleurs !

      !! Déconnecte toi et ferme toutes les applications en cours !!

      • (Si ton anti-virus s'affole au moment de l'enregistrement ou de l'utilisation de l'outil , ignore l'alerte ...)

      •-> Clique sur "FindyKill.exe" pour lancer l'installe de l'outil . Ne touche surtout pas aux paramètres d'installation.

      Tuto : https://www.malekal.com/tutorial-findykill/



      --> Double-clique sur le raccourci " FindyKill " qui est sur ton bureau.

      -->choisis l'option 1 (recherche). Puis laisse travailler l'outil sans rien toucher ...

      Une fois terminé, poste le rapport FindyKill.txt qui est généré ...

      ( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

      PS : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
      Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
      Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.



      0
  3. CED
     
    ############################## [ UsbFix V3.017 # Cleaning ]

    # User : ced (Administrateurs) # CED-EABDC8504D1
    # Update on 06/05/09 by Chiquitine29, C_XX & Chimay8
    # WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
    # Start at: 22:19:59 | 07/05/2009

    # Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
    # Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    # Internet Explorer 6.0.2900.5512
    # Windows Firewall Status : Enabled

    # A:\ # Lecteur de disquettes 3 ½ pouces
    # C:\ # Disque fixe local # 29,29 Go (12,83 Go free) # NTFS
    # D:\ # Disque fixe local # 119,75 Go (104,42 Go free) # NTFS
    # E:\ # Disque CD-ROM
    # F:\ # Disque CD-ROM
    # G:\ # Disque CD-ROM
    # H:\ # Disque CD-ROM
    # I:\ # Disque fixe local # 152,66 Go (27,22 Go free) [Maxtor 160] # NTFS

    ############################## [ Processus actifs ]

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe

    ################## [ Fichiers # Dossiers infectieux ]

    Deleted ! I:\autorun.inf

    ################## [ Registre # Clés Run infectieuses ]

    ################## [ Registre # Mountpoints2 ]

    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{abb212e7-b4a8-11dd-a6ec-001d60747980}\Shell\AutoRun\command

    ################## [ Listing des fichiers présent ]

    [21/10/2008 20:56|--a------|0] - C:\autoexec.000
    [19/11/2008 00:30|--a------|44] - C:\autoexec.bat
    [21/10/2008 20:52|--a------|216] - C:\Boot.bak
    [01/03/2009 20:43|-rahs----|286] - C:\boot.ini
    [05/08/2004 14:00|-rahs----|4952] - C:\Bootfont.bin
    [04/08/2004 00:00|--a------|263488] - C:\cmldr
    [30/03/2009 13:52|--a------|25481] - C:\ComboFix.txt
    [21/10/2008 20:56|--a------|0] - C:\CONFIG.SYS
    [25/02/2009 20:41|--a------|2539] - C:\fixnavi.txt
    [11/12/2008 23:10|--a------|7295] - C:\info.log
    [21/10/2008 20:56|-rahs----|0] - C:\IO.SYS
    [21/10/2008 20:56|-rahs----|0] - C:\MSDOS.SYS
    [05/08/2004 14:00|-rahs----|47564] - C:\NTDETECT.COM
    [05/11/2008 13:08|-rahs----|252240] - C:\ntldr
    [29/02/2004 17:44|--a------|52576] - C:\orange.bmp
    [?|?|?] - C:\pagefile.sys
    [07/05/2009 22:20|--a------|2788] - C:\UsbFix.txt
    [24/04/2003 14:00|-rahs----|80384] - I:\annjvspry.exe
    [22/09/2008 20:01|--a------|14646] - I:\bookmarks.html
    [24/04/2003 14:00|---h-----|87552] - I:\cocatasrj.exe
    [07/11/2006 23:46|--ah-----|51886] - I:\CV.rtf
    [07/11/2006 23:36|--ah-----|25088] - I:\Cédric ROLAND.doc
    [24/04/2003 14:00|---h-----|87552] - I:\ekfsrcygv.exe
    [24/04/2003 14:00|---h-----|87552] - I:\evkfwgcqe.exe
    [25/02/2008 20:16|--a------|4170782] - I:\f2620_p5b.pdf
    [01/08/2008 21:27|--a------|35835] - I:\Horaire travail 2008.rtf
    [24/04/2003 14:00|---h-----|87552] - I:\iveypajtr.exe
    [07/11/2006 21:21|--ah-----|3370] - I:\lettre-de-motivation.htm
    [24/04/2003 14:00|-rahs----|80896] - I:\lmduutkvq.exe
    [22/01/2008 20:49|--a------|1139774] - I:\montage-PC.pdf
    [18/09/2008 21:34|--a------|64977448] - I:\OfficeXpSp3-kb832671-fullfile-fra.exe
    [24/04/2003 14:00|---h-----|87552] - I:\oiltdhjbs.exe
    [04/11/2007 17:30|-rahs----|0] - I:\otmtudxmq.exe
    [24/04/2003 14:00|---h-----|87552] - I:\pjbwlpbfk.exe
    [08/01/2007 20:14|--ah-----|37376] - I:\Présentation1.ppt
    [08/01/2007 20:36|--ah-----|37888] - I:\Présentation2.ppt
    [12/01/2007 00:24|--ah-----|62976] - I:\Présentation3.ppt
    [18/01/2007 00:23|--ah-----|67072] - I:\Présentation4.ppt
    [17/01/2007 23:57|--ah-----|50688] - I:\Présentation5.ppt
    [24/04/2003 14:00|---h-----|87552] - I:\pvysqvszd.exe
    [01/02/2007 14:36|--a------|20645979] - I:\Restaurant_Empire_Patch_v1.21.exe
    [14/10/2008 20:52|--a------|23552] - I:\ROLAND Alexandra.doc
    [09/10/2008 22:09|--a------|14532555] - I:\RTA calibra (ragmen).pdf
    [07/04/2008 21:25|--a------|56886703] - I:\SimTractor_366.exe
    [20/12/2001 18:40|---------|7289] - I:\The_Wraith.NFO
    [06/08/2008 11:43|--ahs----|19968] - I:\Thumbs.db
    [24/01/2008 13:37|--a------|2807938] - I:\turbosol-guide.pdf
    [24/04/2003 14:00|---h-----|87552] - I:\usnadjuxr.exe
    [14/10/2008 21:33|--a------|22016] - I:\VIERA PIMENTA Claudio.doc
    [04/11/2007 17:30|-rahs----|0] - I:\wgclegbnj.exe
    [16/12/2006 22:28|--a------|30141] - I:\Windows.XP.Pro.Coccinelle.Edition.Metamorphose.torrent
    [24/04/2003 14:00|---h-----|87552] - I:\zdbkqdzha.exe
    [16/12/2001 18:56|---------|249] - I:\ZONE ALARM ALL VERSIONS.reg

    ################## [ Vaccination ]

    # C:\autorun.inf -> Folder created by UsbFix.
    # D:\autorun.inf -> Folder created by UsbFix.
    # I:\autorun.inf -> Folder created by UsbFix.

    ################## [ Cracks / Keygens / Serials ]

    I:\Restaurant_Empire_Patch_v1.21.exe
    I:\D\Mes documents\My Music\hotel_giant_patch_v4.76_francais_8553.exe
    I:\D\Program files\eChanblard\EvID4226Patch.exe
    I:\D\Program files\GAMES\simcity_4_patch_v1.0.272.0_version_europeenne_multi-langues_8596.exe
    I:\D\Program files\INCOMING\Sp2TcpIPatchfr.exe
    I:\INCOMING\Sp2TcpIPatchfr.exe
    I:\Mes documents\My Music\hotel_giant_patch_v4.76_francais_8553.exe

    ################## [ ! Fin du rapport # UsbFix V3.017 ! ]
    0
    1. Utilisateur anonyme
       
      Re

      Et le rapport Findykill
      0
  4. CED
     
    ############################## [ UsbFix V3.017 # Cleaning ]

    # User : ced (Administrateurs) # CED-EABDC8504D1
    # Update on 06/05/09 by Chiquitine29, C_XX & Chimay8
    # WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
    # Start at: 22:19:59 | 07/05/2009

    # Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
    # Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    # Internet Explorer 6.0.2900.5512
    # Windows Firewall Status : Enabled

    # A:\ # Lecteur de disquettes 3 ½ pouces
    # C:\ # Disque fixe local # 29,29 Go (12,83 Go free) # NTFS
    # D:\ # Disque fixe local # 119,75 Go (104,42 Go free) # NTFS
    # E:\ # Disque CD-ROM
    # F:\ # Disque CD-ROM
    # G:\ # Disque CD-ROM
    # H:\ # Disque CD-ROM
    # I:\ # Disque fixe local # 152,66 Go (27,22 Go free) [Maxtor 160] # NTFS

    ############################## [ Processus actifs ]

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe

    ################## [ Fichiers # Dossiers infectieux ]

    Deleted ! I:\autorun.inf

    ################## [ Registre # Clés Run infectieuses ]

    ################## [ Registre # Mountpoints2 ]

    Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{abb212e7-b4a8-11dd-a6ec-001d60747980}\Shell\AutoRun\command

    ################## [ Listing des fichiers présent ]

    [21/10/2008 20:56|--a------|0] - C:\autoexec.000
    [19/11/2008 00:30|--a------|44] - C:\autoexec.bat
    [21/10/2008 20:52|--a------|216] - C:\Boot.bak
    [01/03/2009 20:43|-rahs----|286] - C:\boot.ini
    [05/08/2004 14:00|-rahs----|4952] - C:\Bootfont.bin
    [04/08/2004 00:00|--a------|263488] - C:\cmldr
    [30/03/2009 13:52|--a------|25481] - C:\ComboFix.txt
    [21/10/2008 20:56|--a------|0] - C:\CONFIG.SYS
    [25/02/2009 20:41|--a------|2539] - C:\fixnavi.txt
    [11/12/2008 23:10|--a------|7295] - C:\info.log
    [21/10/2008 20:56|-rahs----|0] - C:\IO.SYS
    [21/10/2008 20:56|-rahs----|0] - C:\MSDOS.SYS
    [05/08/2004 14:00|-rahs----|47564] - C:\NTDETECT.COM
    [05/11/2008 13:08|-rahs----|252240] - C:\ntldr
    [29/02/2004 17:44|--a------|52576] - C:\orange.bmp
    [?|?|?] - C:\pagefile.sys
    [07/05/2009 22:20|--a------|2788] - C:\UsbFix.txt
    [24/04/2003 14:00|-rahs----|80384] - I:\annjvspry.exe
    [22/09/2008 20:01|--a------|14646] - I:\bookmarks.html
    [24/04/2003 14:00|---h-----|87552] - I:\cocatasrj.exe
    [07/11/2006 23:46|--ah-----|51886] - I:\CV.rtf
    [07/11/2006 23:36|--ah-----|25088] - I:\Cédric ROLAND.doc
    [24/04/2003 14:00|---h-----|87552] - I:\ekfsrcygv.exe
    [24/04/2003 14:00|---h-----|87552] - I:\evkfwgcqe.exe
    [25/02/2008 20:16|--a------|4170782] - I:\f2620_p5b.pdf
    [01/08/2008 21:27|--a------|35835] - I:\Horaire travail 2008.rtf
    [24/04/2003 14:00|---h-----|87552] - I:\iveypajtr.exe
    [07/11/2006 21:21|--ah-----|3370] - I:\lettre-de-motivation.htm
    [24/04/2003 14:00|-rahs----|80896] - I:\lmduutkvq.exe
    [22/01/2008 20:49|--a------|1139774] - I:\montage-PC.pdf
    [18/09/2008 21:34|--a------|64977448] - I:\OfficeXpSp3-kb832671-fullfile-fra.exe
    [24/04/2003 14:00|---h-----|87552] - I:\oiltdhjbs.exe
    [04/11/2007 17:30|-rahs----|0] - I:\otmtudxmq.exe
    [24/04/2003 14:00|---h-----|87552] - I:\pjbwlpbfk.exe
    [08/01/2007 20:14|--ah-----|37376] - I:\Présentation1.ppt
    [08/01/2007 20:36|--ah-----|37888] - I:\Présentation2.ppt
    [12/01/2007 00:24|--ah-----|62976] - I:\Présentation3.ppt
    [18/01/2007 00:23|--ah-----|67072] - I:\Présentation4.ppt
    [17/01/2007 23:57|--ah-----|50688] - I:\Présentation5.ppt
    [24/04/2003 14:00|---h-----|87552] - I:\pvysqvszd.exe
    [01/02/2007 14:36|--a------|20645979] - I:\Restaurant_Empire_Patch_v1.21.exe
    [14/10/2008 20:52|--a------|23552] - I:\ROLAND Alexandra.doc
    [09/10/2008 22:09|--a------|14532555] - I:\RTA calibra (ragmen).pdf
    [07/04/2008 21:25|--a------|56886703] - I:\SimTractor_366.exe
    [20/12/2001 18:40|---------|7289] - I:\The_Wraith.NFO
    [06/08/2008 11:43|--ahs----|19968] - I:\Thumbs.db
    [24/01/2008 13:37|--a------|2807938] - I:\turbosol-guide.pdf
    [24/04/2003 14:00|---h-----|87552] - I:\usnadjuxr.exe
    [14/10/2008 21:33|--a------|22016] - I:\VIERA PIMENTA Claudio.doc
    [04/11/2007 17:30|-rahs----|0] - I:\wgclegbnj.exe
    [16/12/2006 22:28|--a------|30141] - I:\Windows.XP.Pro.Coccinelle.Edition.Metamorphose.torrent
    [24/04/2003 14:00|---h-----|87552] - I:\zdbkqdzha.exe
    [16/12/2001 18:56|---------|249] - I:\ZONE ALARM ALL VERSIONS.re
    ################## [ Vaccination ]

    # C:\autorun.inf -> Folder created by UsbFix.
    # D:\autorun.inf -> Folder created by UsbFix.
    # I:\autorun.inf -> Folder created by UsbFix.

    ################## [ Cracks / Keygens / Serials ]

    I:\Restaurant_Empire_Patch_v1.21.exe
    I:\D\Mes documents\My Music\hotel_giant_patch_v4.76_francais_8553.exe
    I:\D\Program files\eChanblard\EvID4226Patch.exe
    I:\D\Program files\GAMES\simcity_4_patch_v1.0.272.0_version_europeenne_multi-langues_8596.exe
    I:\D\Program files\INCOMING\Sp2TcpIPatchfr.exe
    I:\INCOMING\Sp2TcpIPatchfr.exe
    I:\Mes documents\My Music\hotel_giant_patch_v4.76_francais_8553.exe

    ################## [ ! Fin du rapport # UsbFix V3.017 ! ]
    0
    1. Utilisateur anonyme
       
      Re
      Non il est ici:C:\FindyKill.txt
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. CED
     
    ############################## [ FindyKill V4.728 ]

    # User : ced (Administrateurs) # CED-EABDC8504D1
    # Update on 03/05/09 by Chiquitine29
    # Start at: 22:42:45 | 07/05/2009
    # Website : http://pagesperso-orange.fr/NosTools/findykill.html

    # Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
    # Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    # Internet Explorer 6.0.2900.5512
    # Windows Firewall Status : Enabled

    # A:\ # Lecteur de disquettes 3 ½ pouces
    # C:\ # Disque fixe local # 29,29 Go (12,87 Go free) # NTFS
    # D:\ # Disque fixe local # 119,75 Go (104,42 Go free) # NTFS
    # E:\ # Disque CD-ROM
    # F:\ # Disque CD-ROM
    # G:\ # Disque CD-ROM
    # H:\ # Disque CD-ROM
    # I:\ # Disque fixe local # 152,66 Go (27,22 Go free) [Maxtor 160] # NTFS

    ############################## [ Processus actifs ]

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\explorer.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## [ Fichiers / Dossiers infectieux ]

    Found ! "C:\Documents and Settings\ced\Application Data\drivers"

    ################## [ Infected Temp Files ]

    ################## [ Registre / Clés infectieuses ]

    Found ! HKEY_USERS\S-1-5-21-1935655697-1364589140-1801674531-1004\Software\Local AppWizard-Generated Applications\install_patch
    Found ! HKEY_USERS\S-1-5-21-1935655697-1364589140-1801674531-1004\Software\Local AppWizard-Generated Applications\winupgro
    Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_patch
    Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
    Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
    Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
    Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
    Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S

    ################## [ Recherche dans supports amovibles]

    # C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
    # D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
    # I:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

    ################## [ Registre / Mountpoints2 ]

    # -> Not found !

    ################## [ ! Fin du rapport # FindyKill V4.728 ! ]
    0
    1. Utilisateur anonyme
       
      Re

      Ok on reprends :
      • Télécharge FindyKill ici : : http://pagesperso-orange.fr/FindyKill.Ad.Remover/home_page.htm
      • ->Enregistre-le sur ton bureau et pas ailleurs !

      !! Déconnecte toi et ferme toutes les applications en cours !!

      • (Si ton anti-virus s'affole au moment de l'enregistrement ou de l'utilisation de l'outil , ignore l'alerte ...)

      •-> Clique sur "FindyKill.exe" pour lancer l'installe de l'outil . Ne touche surtout pas aux paramètres d'installation.

      Tuto : https://www.malekal.com/tutorial-findykill/



      --> Double-clique sur le raccourci " FindyKill " qui est sur ton bureau.

      -->choisis l'option 1 (recherche). Puis laisse travailler l'outil sans rien toucher ...

      Une fois terminé, poste le rapport FindyKill.txt qui est généré ...

      ( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

      PS : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
      Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
      Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
      0
  7. CED
     
    ############################## [ FindyKill V4.728 ]

    # User : ced (Administrateurs) # CED-EABDC8504D1
    # Update on 03/05/09 by Chiquitine29
    # Start at: 22:55:07 | 07/05/2009
    # Website : http://pagesperso-orange.fr/NosTools/findykill.html

    # Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
    # Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    # Internet Explorer 6.0.2900.5512
    # Windows Firewall Status : Enabled

    # A:\ # Lecteur de disquettes 3 ½ pouces
    # C:\ # Disque fixe local # 29,29 Go (12,86 Go free) # NTFS
    # D:\ # Disque fixe local # 119,75 Go (104,42 Go free) # NTFS
    # E:\ # Disque CD-ROM
    # F:\ # Disque CD-ROM
    # G:\ # Disque CD-ROM
    # H:\ # Disque CD-ROM
    # I:\ # Disque fixe local # 152,66 Go (27,22 Go free) [Maxtor 160] # NTFS

    ############################## [ Processus actifs ]

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    D:\Program Files\DAEMON Tools Lite\daemon.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## [ Fichiers / Dossiers infectieux ]

    Found ! "C:\Documents and Settings\ced\Application Data\drivers"

    ################## [ Infected Temp Files ]

    ################## [ Registre / Clés infectieuses ]

    Found ! HKEY_USERS\S-1-5-21-1935655697-1364589140-1801674531-1004\Software\Local AppWizard-Generated Applications\install_patch
    Found ! HKEY_USERS\S-1-5-21-1935655697-1364589140-1801674531-1004\Software\Local AppWizard-Generated Applications\winupgro
    Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\install_patch
    Found ! HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro
    Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
    Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
    Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s
    Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S

    ################## [ Recherche dans supports amovibles]

    # C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
    # D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
    # I:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

    ################## [ Registre / Mountpoints2 ]

    # -> Not found !

    ################## [ ! Fin du rapport # FindyKill V4.728 ! ]
    0
    1. Utilisateur anonyme
       
      Re
      Excuse moi j'ai regardé trop vite la première fois.

      Déconnecte toi et ferme toutes application en cours ( navigateur compris ) .

      • Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)

      • Relance "FindyKill" : au menu principal choisis l'option " F " pour français et tape sur [entrée] .

      • Au second menu choisis l'option 2 (suppression) et tape sur [entrée]

      • Le pc va redémarrer automatiquement ...

      ▶ le programme va travailler , ne touche à rien ... , ton bureau ne sera pas accessible c est normal !

      --> Poste le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )

      /!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide

      Aides en images ( Suppression ) : http://pagesperso-orange.fr/NosTools/findykill.html

      0
      1. crapoulou Messages postés 28002 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   8 046 > Utilisateur anonyme
         
        Bonsoir,
        Excuse moi j'ai regardé trop vite la première fois. 

        +1.
        Pour suivre.
        Bonne continuation.
        Crapoulou.
        0
  8. CED
     
    ############################## [ FindyKill V4.728 ]

    # User : ced (Administrateurs) # CED-EABDC8504D1
    # Update on 03/05/09 by Chiquitine29
    # Start at: 23:17:30 | 07/05/2009
    # Website : http://pagesperso-orange.fr/NosTools/findykill.html

    # Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz
    # Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    # Internet Explorer 6.0.2900.5512
    # Windows Firewall Status : Enabled

    # A:\ # Lecteur de disquettes 3 ½ pouces
    # C:\ # Disque fixe local # 29,29 Go (12,86 Go free) # NTFS
    # D:\ # Disque fixe local # 119,75 Go (104,42 Go free) # NTFS
    # E:\ # Disque CD-ROM
    # F:\ # Disque CD-ROM
    # G:\ # Disque CD-ROM
    # H:\ # Disque CD-ROM
    # I:\ # Disque fixe local # 152,66 Go (27,22 Go free) [Maxtor 160] # NTFS

    ############################## [ Active Processes ]

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe

    ################## [ Infected Files \ Folders ]

    ################## [ Infected Temp Files ]

    ################## [ Registry / Infected keys ]

    ################## [ Cleaning Removable drives ]

    # C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
    # D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
    # I:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

    ################## [ Registry / Mountpoint2 ]

    # -> Not found !

    ################## [ States / Restarting of services ]

    # Services : [ Auto=2 / Request=3 / Disable=4 ]

    # Ndisuio -> # Type of startup =3
    # EapHost -> # Type of startup =2
    # Ip6Fw -> # Type of startup =2
    # SharedAccess -> # Type of startup =2
    # wuauserv -> # Type of startup =2
    # wscsvc -> # Type of startup =2

    ################## [ Searching Other Infections ]

    # Références de comparaison Bagle MD5 :

    File ... : C:\Qoobox\Quarantine\C\Documents and Settings\ced\Application Data\drivers\winupgro.exe.vir
    CRC32 .. : 651cabab
    MD5 .... : 8744e8506969efc11c3912c182cb6001

    # -> Nothing found.

    ################## [ Corrupted files # Re-Installation required ]

    C:\Program Files\trend micro\ced.exe
    C:\Program Files\trend micro\hijackthis.exe

    ################################### [ Cracks / Keygens / Serials ]

    I:\Restaurant_Empire_Patch_v1.21.exe
    I:\D\Mes documents\My Music\hotel_giant_patch_v4.76_francais_8553.exe
    I:\D\Program files\eChanblard\EvID4226Patch.exe
    I:\D\Program files\GAMES\simcity_4_patch_v1.0.272.0_version_europeenne_multi-langues_8596.exe
    I:\D\Program files\INCOMING\Sp2TcpIPatchfr.exe
    I:\INCOMING\Sp2TcpIPatchfr.exe
    I:\Mes documents\My Music\hotel_giant_patch_v4.76_francais_8553.exe

    ################## [ ! End of Report # FindyKill V4.728 ! ]
    0
  9. Utilisateur anonyme
     
    Re

    Je te conseillerai de virer tous tes cracks c'est de la que vient ton infection.

    1)Télécharges tools cleaner afin de supprimer les logiciels de désinfection inutiles

    ---> Télécharge Toolscleaner sur ton Bureau.
    http://www.commentcamarche.net/telecharger/telechargement 34055291 toolscleaner
    * Double-clique sur ToolsCleaner2.exe pour le lancer.
    * Clique sur Recherche et laisse le scan agir.
    * Clique sur Suppression pour finaliser.
    * Tu peux, si tu le souhaites, te servir des Options Facultatives.
    * Clique sur Quitter pour obtenir le rapport.
    * Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    2)Télécharge le fichier d’installation d’Hijackthis en cliquant sur ce lien

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    * Enregistre HJTInstall.exe sur ton bureau.

    * Double-clique sur HJTInstall.exe pour lancer le programme

    Tuto : https://www.malekal.com/tutoriel-hijackthis/
    http://pagesperso-orange.fr/rginformatique/section%20virus/Hijenr.gif
    http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm

    * Accepte la license en cliquant sur le bouton "I Accept"
    * Choisis l'option "Do a system scan and save a log file"
    * Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
    * Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

    * Colle le rapport que tu viens de copier sur ce forum

    0
  10. CED
     
    [ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]

    --> Recherche:

    C:\Combofix.txt: trouvé !
    C:\fixnavi.txt: trouvé !
    C:\FindyKill.txt: trouvé !
    C:\UsbFix.txt: trouvé !
    C:\Qoobox: trouvé !
    C:\UsbFix: trouvé !
    C:\FindyKill: trouvé !
    C:\Rsit: trouvé !
    C:\Documents and Settings\ced\Bureau\UsbFix.exe: trouvé !
    C:\Documents and Settings\ced\Bureau\Rsit.exe: trouvé !
    C:\Documents and Settings\ced\Menu Démarrer\Programmes\UsbFix: trouvé !
    C:\Documents and Settings\ced\Menu Démarrer\Programmes\FindyKill: trouvé !
    C:\Program Files\Navilog1: trouvé !
    C:\Program Files\trend micro\HijackThis.exe: trouvé !
    C:\Program Files\trend micro\hijackthis.log: trouvé !

    ---------------------------------
    --> Suppression:

    C:\Program Files\trend micro\HijackThis.exe: supprimé !
    C:\Combofix.txt: supprimé !
    C:\fixnavi.txt: supprimé !
    C:\FindyKill.txt: supprimé !
    C:\UsbFix.txt: supprimé !
    C:\Documents and Settings\ced\Bureau\UsbFix.exe: supprimé !
    C:\Documents and Settings\ced\Bureau\Rsit.exe: supprimé !
    C:\Program Files\trend micro\hijackthis.log: supprimé !
    C:\Qoobox: supprimé !
    C:\UsbFix: supprimé !
    C:\FindyKill: supprimé !
    C:\Rsit: supprimé !
    C:\Documents and Settings\ced\Menu Démarrer\Programmes\UsbFix: supprimé !
    C:\Documents and Settings\ced\Menu Démarrer\Programmes\FindyKill: supprimé !
    C:\Program Files\Navilog1: supprimé !

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:45, on 07/05/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    D:\Program Files\DAEMON Tools Lite\daemon.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [hpqSRMon] D:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - Startup: MaxTV.lnk = D:\Program Files\DMV\MaxTV4\maxtv.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    0
    1. Utilisateur anonyme
       
      Re
      Télécharge Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau ;ici :
      http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

      /!\ Déconnecte-toi d'Internet et ferme toutes applications en cours. /!\

      ● Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program Files).
      ● Double-clique sur le raccourci d'Ad-Remover située sur ton Bureau.
      (Sous Vista, il faut cliquer droit sur le raccourci d'Ad-Remover et choisir Exécuter en tant qu'administrateur)
      ● Au menu principal, choisis l'option A.
      ● Poste le rapport généré (C:\Ad-report(date).log).

      (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

      Note : "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
      0
  11. CED
     
    windows a afiché un message a la fin du scan comme quoi il trouvait pas "TOOLS\ADS.scr"

    ------- LOGFILE OF AD-REMOVER 1.1.3.6 | ONLY XP/VISTA -------

    Updated by C_XX on 05/05/2009 at 21:20
    Contact: AdRemover.contact@gmail.com
    Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

    Start at: 23:55:34, 07/05/2009 | Boot mode: Normal Boot
    Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
    Operating System: Microsoft® Windows XP™ Service Pack 3 (version 5.1.2600)
    Computer Name: CED-EABDC8504D1
    Current User: ced - Administrator
    Drive(s):
    - C:\ (File System: NTFS)
    - D:\ (File System: NTFS)

    ============ Known Adwares Found ============

    .
    HKLM\Software\Trymedia Systems
    .
    C:\Program Files\AskBarDis
    C:\Documents and Settings\ced\Application Data\Mozilla\Firefox\Profiles\zmxdn8tj.default\EBSuggestHistory
    C:\Documents and Settings\ced\Application Data\Mozilla\Firefox\Profiles\zmxdn8tj.default\searchplugins\ask.xml
    C:\Documents and Settings\ced\Application Data\Mozilla\Firefox\Profiles\zmxdn8tj.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
    C:\Documents and Settings\ced\Cookies\ced@atdmt[1].txt
    C:\Documents and Settings\ced\Cookies\ced@bs.serving-sys[1].txt

    +-----------------| Eorezo Elements Found:

    HKCR\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
    HKCR\AppID\EoRezoBHO.DLL
    HKCR\EoRezoBHO.EoBho
    HKCR\EoRezoBHO.EoBho.1
    HKCR\Typelib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
    HKCU\Software\EoRezo
    HKLM\Software\EoRezo
    HKLM\Software\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
    HKLM\Software\Classes\AppID\EoRezoBHO.DLL
    HKLM\Software\Classes\EoRezoBHO.EoBho
    HKLM\Software\Classes\EoRezoBHO.EoBho.1
    HKLM\Software\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
    HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
    .
    C:\Program Files\EoRezo
    C:\Documents and Settings\ced\Application Data\EoRezo

    +-----------------| It's TV Elements Found:

    .

    +-----------------| Sweetim Elements Found:

    .

    +-----------------| Added Scan:

    ---- Mozilla FireFox Version 3.0.10 ----

    ProfilePath: zmxdn8tj.default (ced)
    .
    Prefs.js: Browser.Search.DefaultEngineName: "Live Search"
    Prefs.js: Browser.Search.SelectedEngine: "Google"
    Prefs.js: Browser.Search.DefaultUrl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
    .
    (Prefs.js) FOUND: user_pref("CT2101563.AboutPrivacyUrl", "http://www.conduit.com");
    (Prefs.js) FOUND: user_pref("CT2101563.CTPBaseServerUrl", "http://services.conduit.com/");
    (Prefs.js) FOUND: user_pref("CT2101563.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2101563&SearchSource=2&q=");
    (Prefs.js) FOUND: user_pref("CT2101563.Server", "http://users.conduit.com");
    .
    .
    (Invalidprefs.js) FOUND: user_pref("print.printer_HP_Photosmart_C3œuser_pref("browser.startup.homepage", "http://lo.st#home");
    .
    .

    +---------------------------------------------------------------------------+

    2985 Byte(s) - C:\Ad-Report-Scan-07.05.2009.log

    End at: 0:02:40 | 08/05/2009
    .
    +-----------------| E.O.F
    .
    0
    1. Utilisateur anonyme
       
      Re
      Relance Ad remover
      Au menu principal choisi B
      Ensuite sélectionne A puis [entrée]
      Ensuite sélectionne S puis [entrée]; le travail va commencé
      Postes le rapport qui apparait à la fin.

      ( le rapport est sauvegardé sous C:\Ad-report(date).log )


      Ensuite reposte un hijackthis stp merci
      0
  12. CED
     
    ------- LOGFILE OF AD-REMOVER 1.1.3.6 | ONLY XP/VISTA -------

    Updated by C_XX on 05/05/2009 at 21:20
    Contact: AdRemover.contact@gmail.com
    Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

    **** LIMITED TO ****

    Known Adwares
    Eorezo
    It's TV
    Sweetim

    ********************

    Start at: 10:44:07, 08/05/2009 | Boot mode: Normal Boot
    Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
    Operating System: Microsoft® Windows XP™ Service Pack 3 (version 5.1.2600)
    Computer Name: CED-EABDC8504D1
    Current User: ced - Administrator
    Drive(s):
    - C:\ (File System: NTFS)
    - D:\ (File System: NTFS)

    (!) ---- IE start pages/Tabs reset

    ============ Known Adwares Deleted ============

    .
    .
    C:\Documents and Settings\ced\Cookies\ced@atdmt[2].txt

    +-----------------| Eorezo Elements Deleted :

    .

    +-----------------| It's TV Elements Deleted :

    .

    +-----------------| Sweetim Elements Deleted :

    .

    (!) ---- Temp files deleted.
    (!) ---- Recycle bin emptied in all drives.

    donc jai fais comme tu ma dis mais apres le scan windows ma encore mis quil ne trouvé pas "TOOLS\ADS.scr"

    +-----------------| Added Scan :

    ---- Mozilla FireFox Version 3.0.10 ----

    ProfilePath: zmxdn8tj.default (ced)
    .
    Prefs.js: Browser.Search.DefaultEngineName: "Live Search"
    Prefs.js: Browser.Search.SelectedEngine: "Google"
    Prefs.js: Browser.Search.DefaultUrl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
    .
    .
    .
    .
    .

    +---------------------------------------------------------------------------+
    0
    1. Utilisateur anonyme
       
      Bonjour
      Il manque un morceau.Reposte stp
      0
  13. CED
     
    apparement ya que ca sinon je n refais un

    ------- LOGFILE OF AD-REMOVER 1.1.3.6 | ONLY XP/VISTA -------

    Updated by C_XX on 05/05/2009 at 21:20
    Contact: AdRemover.contact@gmail.com
    Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

    **** LIMITED TO ****

    Known Adwares
    Eorezo
    It's TV
    Sweetim

    ********************

    Start at: 10:44:07, 08/05/2009 | Boot mode: Normal Boot
    Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
    Operating System: Microsoft® Windows XP™ Service Pack 3 (version 5.1.2600)
    Computer Name: CED-EABDC8504D1
    Current User: ced - Administrator
    Drive(s):
    - C:\ (File System: NTFS)
    - D:\ (File System: NTFS)

    (!) ---- IE start pages/Tabs reset

    ============ Known Adwares Deleted ============

    .
    .
    C:\Documents and Settings\ced\Cookies\ced@atdmt[2].txt

    +-----------------| Eorezo Elements Deleted :

    .

    +-----------------| It's TV Elements Deleted :

    .

    +-----------------| Sweetim Elements Deleted :

    .

    (!) ---- Temp files deleted.
    (!) ---- Recycle bin emptied in all drives.

    +-----------------| Added Scan :

    ---- Mozilla FireFox Version 3.0.10 ----

    ProfilePath: zmxdn8tj.default (ced)
    .
    Prefs.js: Browser.Search.DefaultEngineName: "Live Search"
    Prefs.js: Browser.Search.SelectedEngine: "Google"
    Prefs.js: Browser.Search.DefaultUrl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
    .
    .
    .
    .
    .

    +---------------------------------------------------------------------------+
    0
    1. Utilisateur anonyme
       
      Re
      Reposte moi un hijackthis stp
      0
  14. CED
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:45, on 07/05/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    D:\Program Files\DAEMON Tools Lite\daemon.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [hpqSRMon] D:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - Startup: MaxTV.lnk = D:\Program Files\DMV\MaxTV4\maxtv.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    0
    1. Utilisateur anonyme
       
      Re
      Relance
      Télécharge Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau ;ici :
      http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

      /!\ Déconnecte-toi d'Internet et ferme toutes applications en cours. /!\

      ● Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program Files).
      ● Double-clique sur le raccourci d'Ad-Remover située sur ton Bureau.
      (Sous Vista, il faut cliquer droit sur le raccourci d'Ad-Remover et choisir Exécuter en tant qu'administrateur)
      ● Au menu principal, choisis l'option A.
      ● Poste le rapport généré (C:\Ad-report(date).log).

      (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

      Note : "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
      0
  15. CED
     
    il trouve toujour pas "TOOLS\ADS.scr"

    ------- LOGFILE OF AD-REMOVER 1.1.3.6 | ONLY XP/VISTA -------

    Updated by C_XX on 05/05/2009 at 21:20
    Contact: AdRemover.contact@gmail.com
    Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

    Start at: 11:36:05, 08/05/2009 | Boot mode: Normal Boot
    Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
    Operating System: Microsoft® Windows XP™ Service Pack 3 (version 5.1.2600)
    Computer Name: CED-EABDC8504D1
    Current User: ced - Administrator
    Drive(s):
    - C:\ (File System: NTFS)
    - D:\ (File System: NTFS)

    ============ Known Adwares Found ============

    .
    .
    C:\Documents and Settings\ced\Cookies\ced@atdmt[2].txt

    +-----------------| Eorezo Elements Found:

    .

    +-----------------| It's TV Elements Found:

    .

    +-----------------| Sweetim Elements Found:

    .

    +-----------------| Added Scan:

    ---- Mozilla FireFox Version 3.0.10 ----

    ProfilePath: zmxdn8tj.default (ced)
    .
    Prefs.js: Browser.Search.DefaultEngineName: "Live Search"
    Prefs.js: Browser.Search.SelectedEngine: "Google"
    Prefs.js: Browser.Search.DefaultUrl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
    .
    .
    .
    .
    .

    +---------------------------------------------------------------------------+

    1466 Byte(s) - C:\Ad-Report-Clean-08.05.2009.log
    3102 Byte(s) - C:\Ad-Report-Scan-07.05.2009.log
    1342 Byte(s) - C:\Ad-Report-Scan-08.05.2009.log

    End at: 11:42:55 | 08/05/2009
    .
    +-----------------| E.O.F
    .
    0
    1. Utilisateur anonyme
       
      Re
      Passe a ceci:
      Télécharge Malwarebytes anti malware ici
      http://www.malwarebytes.org/mbam.php

      * Installe le (choisis bien "français" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

      (NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/

      * Potasse le tuto pour te familiariser avec le prg :

      https://forum.pcastuces.com/sujet.asp?f=31&s=3

      (cela dis, il est très simple d’utilisation).

      relance malwarebytes en suivant scrupuleusement ces consignes :

      ! Déconnecte toi et ferme toutes applications en cours !

      * Lance Malwarebyte's .

      Fais un examen dit "Complet" .

      --> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
      --> à la fin tu cliques sur "résultat" .
      --> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

      Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


      Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
      0
  16. CED
     
    Malwarebytes' Anti-Malware 1.36
    Version de la base de données: 2093
    Windows 5.1.2600 Service Pack 3

    08/05/2009 18:20:28
    mbam-log-2009-05-08 (18-20-28).txt

    Type de recherche: Examen complet (C:\|D:\|I:\|)
    Eléments examinés: 244616
    Temps écoulé: 38 minute(s), 35 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 5

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    I:\lmduutkvq.exe (Backdoor.Rbot) -> Quarantined and deleted successfully.
    I:\D\Program files\eChanblard\EvID4226Patch.exe (Malware.Tool) -> Quarantined and deleted successfully.
    I:\System Volume Information\_restore{2D7490FD-1EC5-4B52-96E7-2204B4164218}\RP1\A0000004.exe (Backdoor.Rbot) -> Quarantined and deleted successfully.
    I:\System Volume Information\_restore{70561F40-79B8-44DA-A751-B7BF598DDB8D}\RP308\A0119799.exe (Malware.Tool) -> Quarantined and deleted successfully.
    I:\System Volume Information\_restore{70561F40-79B8-44DA-A751-B7BF598DDB8D}\RP406\A0298783.exe (Backdoor.Rbot) -> Quarantined and deleted successfully.
    0
    1. Utilisateur anonyme
       
      Re

      Poste moi un hijackthis stp
      0
  17. CED
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:36, on 08/05/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    D:\Program Files\DAEMON Tools Lite\daemon.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\trend micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [hpqSRMon] D:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - Startup: MaxTV.lnk = D:\Program Files\DMV\MaxTV4\maxtv.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    0
    1. Utilisateur anonyme
       
      Re
      Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
      https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

      * Lance l'installation du programme en exécutant le fichier téléchargé.
      * Double-clique maintenant sur le raccourci de Toolbar-S&D.
      * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
      * Choisis maintenant l'option 1. Patiente jusqu'à la fin de la recherche.
      * Poste le rapport généré. (C:\TB.txt)
      0
  18. CED
     
    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz )
    BIOS : BIOS Date: 07/13/07 21:27:16 Ver: 08.00.12
    USER : ced ( Administrator )
    BOOT : Normal boot
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:29 Go (Free:12 Go)
    D:\ (Local Disk) - NTFS - Total:119 Go (Free:104 Go)
    E:\ (CD or DVD)
    F:\ (CD or DVD)
    G:\ (CD or DVD)
    H:\ (CD or DVD)
    I:\ (Local Disk) - NTFS - Total:152 Go (Free:27 Go)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [1] ( 08/05/2009|18:48 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\Program Files\DAEMON Tools Toolbar
    C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll.bak0
    C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT
    C:\Program Files\DAEMON Tools Toolbar\Resources
    C:\Program Files\DAEMON Tools Toolbar\uninst.exe
    C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome
    C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome.manifest
    C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components
    C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\install.rdf
    C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome\dttoolbar.jar
    C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
    C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.xpt
    C:\Program Files\DAEMON Tools Toolbar\Resources\about.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\AboutWindow.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\AddRadioStation.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\as.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\as.png
    C:\Program Files\DAEMON Tools Toolbar\Resources\astro.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\az.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\b1.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\b1.png
    C:\Program Files\DAEMON Tools Toolbar\Resources\BurnImage.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\buy.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond000.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond001.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond003.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond004.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond005.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond006.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond007.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond008.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond009.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond010.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond011.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond019.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond020.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond021.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond022.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond023.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond024.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond025.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond026.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond037.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond038.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond039.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond040.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond041.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond046.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond048.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond050.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond051.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond052.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond053.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond054.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond055.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond056.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond057.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond058.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond059.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond060.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond061.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond062.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond063.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond064.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond065.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond066.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond067.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond068.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond069.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond075.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond076.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond077.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond078.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond079.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond080.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond084.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond085.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond086.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond087.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond088.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond089.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond090.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond091.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond092.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond093.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond094.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond095.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond108.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond109.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond110.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond111.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond112.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond113.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond120.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond121.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond122.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond126.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond127.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond128.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond129.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond130.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond131.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond132.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond133.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond134.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond135.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond136.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond137.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond138.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond140.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond141.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond142.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond143.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond148.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond149.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond152.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond154.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond155.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond156.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond157.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\Config.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\d.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\d2.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\daemon.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\ds.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\dsearch.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\dt.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\DTPro.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\Dwnl.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\emulation.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\features.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\GameCentrix.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\gd.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\genre.xml
    C:\Program Files\DAEMON Tools Toolbar\Resources\globe.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\GrabImage.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\hb.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\hb.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\help.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\ip.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\lang.xml
    C:\Program Files\DAEMON Tools Toolbar\Resources\lingvo.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\m.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\mail.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\mailc.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_disable.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_down.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_under.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\mail_disable.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\mail_down.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\mail_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\mail_under.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioConfig.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioStation.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRSCur.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\MenuTr.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\next.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\next_down.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\next_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\next_under.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\none.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\none_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\noW.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\op.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\play.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\play.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\play_down.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\play_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\play_under.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\pragma.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\prev.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\prev_down.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\prev_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\prev_under.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\prod.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\Radio.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBg.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBg.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBgMask.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_down.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_under.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioE.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioError.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioError_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioG.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioL.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLDotMask.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLeft.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLeftMask.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLM.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioN.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioR.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioR.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioRM.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioRU.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioSmallDisp.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioSmallDisp_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_down.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_under.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioW.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioWait.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioWait_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\refresh.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_down.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_under.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\Rss.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\Rss1.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\rssClose.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\rssL.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\rssOpen.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\size.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\size_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\skins.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\spt.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\stop.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\stop.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\stop_down.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\stop_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\stop_under.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\style.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\SupportRequest.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\time.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\TitleIcon.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\toolbar.xml
    C:\Program Files\DAEMON Tools Toolbar\Resources\trans.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\Trash.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_disable.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_down.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_under.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\u.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\vol.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\vol.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\vol_back.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\vol_down.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\vol_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\vol_under.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\wb.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_down.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_under.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_down.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_under.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m42.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m43.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\wi.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\wi0.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\wi1.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\wi10.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\wi11.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\wi12.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\wi13.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\wi2.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\wi3.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\wi4.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\wi5.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\wi6.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\wi7.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\wi8.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\wi9.ico

    -----------\\ Extensions

    (ced) - {3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca} => torrents-search-engine
    (ced) - {62760FD6-B943-48C9-AB09-F99C6FE96088} => ebaycompanion
    (ced) - {d07a4843-111f-4699-8551-8ce2afa075cd} => jeteye

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Default_page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Search bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="https://www.msn.com/fr-fr"
    "Search bar"="http://www.bing.com/spresults.aspx"

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    1 - "C:\ToolBar SD\TB_1.txt" - 08/05/2009|18:48 - Option : [1]

    -----------\\ Fin du rapport a 18:48:55,10
    0
    1. Utilisateur anonyme
       
      Re
      Relance Toolbar S&D option 2 et poste moi le rapport stp
      0
  19. CED
     
    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz )
    BIOS : BIOS Date: 07/13/07 21:27:16 Ver: 08.00.12
    USER : ced ( Administrator )
    BOOT : Normal boot
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:29 Go (Free:12 Go)
    D:\ (Local Disk) - NTFS - Total:119 Go (Free:104 Go)
    E:\ (CD or DVD)
    F:\ (CD or DVD)
    G:\ (CD or DVD)
    H:\ (CD or DVD)
    I:\ (Local Disk) - NTFS - Total:152 Go (Free:27 Go)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [2] ( 08/05/2009|19:05 )

    -----------\\ SUPPRESSION

    Supprime! - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    Supprime! - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll.bak0
    Supprime! - C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT
    Supprime! - C:\Program Files\DAEMON Tools Toolbar\Resources
    Supprime! - C:\Program Files\DAEMON Tools Toolbar\uninst.exe
    Supprime! - C:\Program Files\DAEMON Tools Toolbar

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ Extensions

    (ced) - {3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca} => torrents-search-engine
    (ced) - {62760FD6-B943-48C9-AB09-F99C6FE96088} => ebaycompanion
    (ced) - {d07a4843-111f-4699-8551-8ce2afa075cd} => jeteye

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Default_page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Search bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="https://www.msn.com/fr-fr/"
    "Search bar"="http://www.bing.com/spresults.aspx"

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    1 - "C:\ToolBar SD\TB_1.txt" - 08/05/2009|18:48 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 08/05/2009|19:05 - Option : [2]

    -----------\\ Fin du rapport a 19:05:46,53
    0
    1. Utilisateur anonyme
       
      Re
      poste un hijackthis.
      Comment se comporte ton PC?
      0
  20. CED
     
    jai reinstallé mon anti virus et il fonctionne de nouveau donc tout vas pour le mieu.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:34, on 08/05/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    D:\Program Files\DAEMON Tools Lite\daemon.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\trend micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
    O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [hpqSRMon] D:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - Startup: MaxTV.lnk = D:\Program Files\DMV\MaxTV4\maxtv.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    0
    1. Utilisateur anonyme
       
      Relance hijackthis et fixe ceci:
      R3 - Default URLSearchHook is missing
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE

      Tuto ici:https://www.bleepingcomputer.com/tutorials/comment-utiliser-hijackthis/

      ensuite reposte un hijackthis
      0
  21. CED
     
    je fixe ce que tu indique et je rescan. le lien du tuto ne marche pas
    0
    1. Utilisateur anonyme
       
      Re

      Oui tu fixes et tu refais un scan hijackthis
      0
  • 1
  • 2