virus TR/Dropper.genRésolu/Fermé

Question

bonjour,
voila je suis infecté par ce virus, il se met dans mon repertoire system32/drivers et empèche mes ports usb et carte memoire de marcher
chaque fois que je le supprime il revient et ca ne marche toujours pas

si quelqu'un pourrait m'aider 
merci d'avance

sKe69 · Answer

Salut,

cela sent l'infection par support amovible ....


fais ceci pour voir de quoi il s'agit :

1- Télécharge et installe le logiciel HijackThis : 

ici http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html

-->Clique sur le setup pour lancer l'installe : laisse toi guider et ne modifie pas les paramètres d'installation . 
A la fin de l'installe , le prg se lance automatiquement : ferme le en cliquant sur la croix rouge . 
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme : 
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .

( ne lance pas ce prg pour l'instant et fais la suite ... )



2- Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable  sur ton Bureau.

-> http://images.malwareremoval.com/random/RSIT.exe

! Déconnecte toi et ferme toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer .

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " . 

* Devant l'option "List files/folders created ..." , tu choisis : 2 months 

* clique ensuite sur " Continue " pour lancer l'analyse ...


-> laisse faire le scan et ne touche pas au PC ...


Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note). 

Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : poste un rapport, puis l'autre dans la réponse suivante ... 
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum ... 
( Et si "log.txt" seul, ne passe pas non plus , fais le en 2 fois ... merci ... )

( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )

p59 · Answer

whoa quelle rapidité

voila log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Pierrot at 2009-05-12 19:01:22
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 10 GB (22%) free of 45 GB
Total RAM: 1022 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:01:32, on 12/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32	cpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32undll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
D:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\DOCUME~1\Pierrot\LOCALS~1\Temp\RtkBtMnt.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\Pierrot\Bureau\RSIT.exe
C:\Documents and Settings\Pierrot\Bureau\Pierrot.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.netvibes.com/en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] D:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IDMan] d:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Télécharger avec IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.n9ws.com/webscanner/kavwebscan_unicode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c98718c422d7a5) (gupdate1c98718c422d7a5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWSunservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O24 - Desktop Component 0: (no name) - http://ic3.deviantart.com/fs12/i/2006/340/4/8/Sasuke_Naruto_by_Ruutus.jpg

p59 · Answer

et info.txt

info.txt logfile of random's system information tool 1.06 2009-05-12 19:01:35

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Fichiers communs\Real\Update_OB1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero8\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer French Guide Link\Uninst.isu"
-->C:\WINDOWS\IsUninst.exe -f"d:\program filesb3d\SIERRA\RedBaronII\Uninst.isu"
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer eDataSecurity Management 1.00.26-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E431C518-2EE2-471E-9234-BE995C36D513}\setup.exe" -l0x40c  -removeonly
Acer eLock Management-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42} 
Acer Empowering Technology framework-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{15B70821-7893-4607-805A-BB80F3EA8279} 
Acer eNet Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\Setup.exe" -l0x40c 
Acer ePerformance Management-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DEE08946-40F0-4890-853E-60A6C3306041} 
Acer ePower Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x40c 
Acer ePresentation Management-->C:\WINDOWS\UnInst32.exe AcerePrj.UNI
Acer eSettings Management-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E38BC648-883B-4EE5-966C-94C4B7AB3E0B} 
Acer GridVista-->C:\WINDOWS\UnInst32.exe GridV.UNI
Acer Screensaver-->MsiExec.exe /I{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
Allok MPEG4 Converter 4.8.0310-->"C:\Program Files\Allok MPEG4 Converter\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
Audacity 1.2.6-->"D:\Program Files\Audacity\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Azureus Vuze-->D:\Program Files\Azureus\uninstall.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BSPlayer-->"D:\Program Files\Webteh\BSplayerPro\uninstall.exe"
Cartes & Données Num v5.0-->"d:\Program Files\Articque\Cartes et Donnees Num 5.0\unins000.exe"
Cartes & Données Puzzle v4.0-->"d:\Program Files\articque\cdpuzzle 4.0\unins000.exe"
Cartes & Données v4.1-->"D:\Program Files\articque\cd 4.1\unins000.exe"
Combined Community Codec Pack 2008-01-24-->"D:\Program Files\Combined Community Codec Pack\unins000.exe"
Compel Adaptec WinASPI-->"C:\Program Files\WinASPI\unins000.exe"
Complément Microsoft Word pour Microsoft Works Suite-->MsiExec.exe /I{17E57E89-DDB3-4f76-9AF1-A8E01CC633E4}
CopyPod (remove only)-->"C:\Program Files\CopyPod\uninstall.exe"
Correctif n° 2 pour Windows XP Édition Media Center 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EasyRecovery Professional Essai-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A45F4518-0DC7-474A-BBE1-F04CC2D6FD93} /l1036 
eMule-->"D:\Program Files\eMule\Uninstall.exe"
eMusic - 50 Free MP3 offer-->"D:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
Encyclopédie Microsoft Encarta 2005-->MsiExec.exe /I{05460044-64A6-4248-A026-9745C1E9E159}
Football Manager 2009-->"d:\Program Files\Sports Interactive\Football Manager 2009\Uninstall_Football Manager 2009\Désinstaller Football Manager 2009.exe"
GameSpy Arcade-->D:\GAMESPY\UNWISE.EXE D:\GAMESPY\INSTALL.LOG
GeoVid Flash Player-->"D:\Program Files\GeoVid\FlashPlayer\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_A4295D9F452DF225.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
GTA San Andreas-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x40c  -removeonly
HD Tune 2.54-->"D:\Program Files\HD Tune\unins000.exe"
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025007F\HXFSETUP.EXE -U -IWstAzlK.inf
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\Pierrot\Bureau\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Internet Download Manager-->d:\Program Files\Internet Download Manager\Uninstall.exe
iPod for Windows 2006-01-10-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1036 
IsoBuster 2.2-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
K-Lite Codec Pack 2.89 Full-->"D:\Program Files\K-Lite Codec Pack\unins000.exe"
Launch Manager-->C:\WINDOWS\UnInst32.exe LManager.UNI
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LiveUpdate 1.90 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logiciel Intel(R) PROSet/Wireless-->C:\WINDOWS\Installer\iProInst.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
Medieval II Total War-->C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\Setup.exe -runfromtemp -l0x040c -removeonly
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Age of Empires II : The Conquerors Expansion-->"D:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Age of Empires II-->"D:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 97 Professional-->C:\Program Files\Microsoft Office\Office\Install\Acme.exe /w Off97Pro.STF
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Word 2002-->MsiExec.exe /I{911B040C-6000-11D3-8CFE-0050048383C9}
Microsoft Works-->MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour pour Lecteur Windows Media 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Mise à jour pour Lecteur Windows Media 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
Nero 8 Demo-->MsiExec.exe /X{B4649EFB-54CB-42AB-8536-8FED519E1036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
NTI Backup NOW! 4.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B06B842F-2450-494F-BBDE-217CDC151A37}\setup.exe" -l0x9  -uninst  -removeonly
NVIDIA Drivers-->C:\WINDOWS\system32
vudisp.exe UninstallGUI
O&O DiskRecovery-->MsiExec.exe /X{53480070-8E5F-4678-B8E0-2525A719DD39}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x40c 
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.EXE"  -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe"  -uninstall
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Real Alternative 1.52-->"D:\Program Files\Real Alternative\unins000.exe"
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x40c  -removeonly
Red Baron II-->d:\program filesb3d\SIERRA\RedBaronIIbuninst.exe
Rome - Total War - Alexander-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C1804BC-094F-431A-BEA5-37A837958029}\setup.exe" -l0x40c  -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sélecteur d'installation de Microsoft Works 2005-->C:\Program Files\Microsoft Works Suite 2005\Setup\Launcher.exe /ARP E:\
Shockwave-->C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
Sierra Utilities-->.\sutil32.exe uninstall
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SuperCopier2-->"D:\Program Files\SuperCopier2\SC2Uninst.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
WildPackets iNetTools 2.6.3-->C:\WINDOWS\IsUninst.exe -f"d:
ouveau dossier\Uninst.isu"
Winamp-->"D:\Program Files\Winamp\UninstWA.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: PIERRE
Event Code: 4202
Message: Le système a détecté que la carte réseau Intel(R) PRO/Wireless 3945ABG Network Connection était déconnectée du réseau,
et la configuration réseau de la carte a été abandonnée. Si la carte
réseau n'était pas déconnectée, ceci peut indiquer un disfonctionnement.
Contactez le fabricant pour des pilotes mis à jour.

Record Number: 77689
Source Name: Tcpip
Time Written: 20090417161809.000000+120
Event Type: Informations
User: 

Computer Name: PIERRE
Event Code: 8033
Message: L'explorateur a forcé une élection sur le réseau \Device\NetBT_Tcpip_{022C1FBF-C599-4815-B077-5D4FD712D7AE} car un maître explorateur a été arrêté.

Record Number: 77688
Source Name: BROWSER
Time Written: 20090417161807.000000+120
Event Type: Informations
User: 

Computer Name: PIERRE
Event Code: 4201
Message: Le système a détecté que la carte réseau Intel(R) PRO/Wireless 3945ABG Network Connection était connectée au réseau,
et a lancé une opération normale sur la carte réseau.

Record Number: 77687
Source Name: Tcpip
Time Written: 20090417153938.000000+120
Event Type: Informations
User: 

Computer Name: PIERRE
Event Code: 1003
Message: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir
du serveur DHCP) pour la carte réseau dont l'adresse réseau est 0018DE26225F. Il s'est
produit l'erreur suivante : 
L'opération a été annulée par l'utilisateur.
.
Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du
serveur d'adresse réseau (DHCP).

Record Number: 77686
Source Name: Dhcp
Time Written: 20090417153933.000000+120
Event Type: Avertissement
User: 

Computer Name: PIERRE
Event Code: 4201
Message: Le système a détecté que la carte réseau Intel(R) PRO/Wireless 3945ABG Network Connection était connectée au réseau,
et a lancé une opération normale sur la carte réseau.

Record Number: 77685
Source Name: Tcpip
Time Written: 20090417153933.000000+120
Event Type: Informations
User: 

=====Application event log=====

Computer Name: PIERRE
Event Code: 4
Message: The LightScribe Service started successfully.

Record Number: 28185
Source Name: LightScribeService
Time Written: 20090306105906.000000+060
Event Type: Informations
User: 

Computer Name: PIERRE
Event Code: 0
Message: 
Record Number: 28184
Source Name: LicCtrlService
Time Written: 20090306105902.000000+060
Event Type: erreur
User: 

Computer Name: PIERRE
Event Code: 0
Message: 
Record Number: 28183
Source Name: gusvc
Time Written: 20090306105859.000000+060
Event Type: Informations
User: 

Computer Name: PIERRE
Event Code: 0
Message: 
Record Number: 28182
Source Name: gupdate1c98718c422d7a5
Time Written: 20090306105857.000000+060
Event Type: Informations
User: 

Computer Name: PIERRE
Event Code: 1
Message: 
Record Number: 28181
Source Name: Bonjour Service
Time Written: 20090306105857.000000+060
Event Type: Informations
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\;D:\Program Files\Smart Projects\IsoBuster;C:\Program Files\Fichiers communs\Adobe\AGL;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

sKe69 · Answer

bingo ....

et y en a d'autre .... ^^



on commence ....dans l'ordre :


1- Important :
Désactive le "tea timer" de Spybot S&D en t'aidant de ce tuto animé (merci Balltrap ;) ) : 
http://perso.orange.fr/rginformatique/section%20virus/demo%20spybot.htm
( sur la 1er image , clique sur "tea timer" pour lancer l'animation ).

En effet , il risque de géner dans le bon déroulement des outils de désinfections et dans la répartion du registre ...

Tu le réactiveras une fois qu'on aura finit de désinfecter ( et pas avant ! ) . 
/!\ Mais attention : 
à ce moment là, le " TeaTimer " de Spybot proposera, par le biais de plusieurs pop-up, d'accepter ou non des modifications de registre ( survenuent lors de la désinfection ) 
-> il faudra alors les accepter toutes sans exeptions ! 

Puis part la suite , il faudra rester vigilant lorsque le "TeaTimer" donnera des alertes : accepter une modification uniquement si on en connait la provenance . 



Une fois ceci fait ( et pas avant !!! ) , tu enchaines :


========================

2- Télécharge UsbFix ( de C_XX, Chimay8 & Chiquitine29 ) sur ton bureau :

> http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe

! Déconnecte toi d'internet et ferme toutes applications en cours !

--> Double-clique sur l' .exe pour lancer l'installation de l'outil ( ne touche pas aux paramètres d'installe ) .


Impératif :
Branche toutes tes unités externes à ton PC (clé USB, DD externe, flash disk, lecteur MP3,carte SD, etc...) succeptibles d'avoir été infectés ( mais sans les ouvrir ! ) . 


# Double clique sur le raccourci UsbFix présent sur ton bureau pour lancer l'outil.

# Choisis l' option 1 ( Recherche )

# Laisse travailler l'outil et ne touche à rien pendant le scan .

# Une fois terminé, poste le rapport UsbFix.txt qui apparaitra.

Le rapport est en outre sauvegardé à la racine du disque maitre ( C:\UsbFix.txt ).

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) 


Note : 
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


Site de l'auteur > http://pagesperso-orange.fr/NosTools/usbfix.html

p59 · Answer

voila le rapport 


############################## [ UsbFix V3.018 # Scan ]

# User : Pierrot (Administrateurs) # PIERRE
# Update on 11/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 19:43:53 | 12/05/2009

# Genuine Intel(R) CPU           T2050  @ 1.60GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled
# AV : AntiVir Desktop 9.0.1.26 [ Enabled | Updated ]

# C:\ # Disque fixe local # 43,88 Go (9,65 Go free) [ACER] # FAT32
# D:\ # Disque fixe local # 44,38 Go (14,21 Go free) [ACERDATA] # NTFS
# E:\ # Disque CD-ROM # 423,42 Mo (0 Mo free) [RedBaronII] # CDFS

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32	cpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32undll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
D:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\DOCUME~1\Pierrot\LOCALS~1\Temp\RtkBtMnt.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe

################## [  Registre # Startup ]

HKCU_Main:  "Local Page"="C:\WINDOWS\system32\blank.htm" 
HKCU_Main:  "Search Page"="https://www.google.com/?gws_rd=ssl" 
HKCU_Main:  "Start Page"="https://www.netvibes.com/en" 
HKLM_logon: "Userinit"="C:\WINDOWS\system32\userinit.exe," 
HKLM_logon: "DefaultUserName"="Pierrot" 
HKLM_logon: "AltDefaultUserName"="Pierrot" 
HKLM_logon: "LegalNoticeCaption"="" 
HKLM_logon: "LegalNoticeText"="" 
HKLM_Run:    igfxtray=C:\WINDOWS\system32\igfxtray.exe 
HKLM_Run:    igfxhkcmd=C:\WINDOWS\system32\hkcmd.exe 
HKLM_Run:    igfxpers=C:\WINDOWS\system32\igfxpers.exe 
HKLM_Run:    ehTray=C:\WINDOWS\ehome\ehtray.exe 
HKLM_Run:    LaunchApp=Alaunch 
HKLM_Run:    RTHDCPL=RTHDCPL.EXE 
HKLM_Run:    SkyTel=SkyTel.EXE 
HKLM_Run:    Alcmtr=ALCMTR.EXE 
HKLM_Run:    AzMixerSel=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe 
HKLM_Run:    SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 
HKLM_Run:    ADMTray.exe="C:\Acer\Empowering Technology\admtray.exe" 
HKLM_Run:    eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 
HKLM_Run:    BluetoothAuthenticationAgent=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent 
HKLM_Run:    IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 
HKLM_Run:    MSPY2002=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC 
HKLM_Run:    PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC 
HKLM_Run:    PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName 
HKLM_Run:    ePower_DMC=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe 
HKLM_Run:    Acer ePower Management=C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot 
HKLM_Run:    LManager=C:\PROGRA~1\LAUNCH~1\LManager.exe 
HKLM_Run:    eRecoveryService=C:\Acer\Empowering Technology\eRecovery\Monitor.exe 
HKLM_Run:    NBKeyScan="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" 
HKLM_Run:    ISUSPM Startup="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -startup 
HKLM_Run:    TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot 
HKLM_Run:    NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup 
HKLM_Run:    nwiz=nwiz.exe /install 
HKLM_Run:    NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit 
HKLM_Run:    QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime 
HKLM_Run:    iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe" 
HKLM_Run:    SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe" 
HKLM_Run:    KernelFaultCheck=%systemroot%\system32\dumprep 0 -k 
HKLM_Run:    avgnt="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min 
HKLM_Run:    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversionun\OptionalComponents= 
HKCU_Run:    CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe  
HKCU_Run:    swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe  
HKCU_Run:    BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"  
HKCU_Run:    SuperCopier2.exe=D:\Program Files\SuperCopier2\SuperCopier2.exe  
HKCU_Run:    MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background  
HKCU_Run:    IDMan=d:\Program Files\Internet Download Manager\IDMan.exe /onboot  

################## [ Informations ]


################## [ Fichiers # Dossiers infectieux ]

Found ! E:\Setup.exe  
Found ! E:\autorun.inf  

################## [ Registre # Clés Run infectieuses ]


################## [ Registre # Mountpoints2 ]

HKCU\Software\Microsoft\....\MountPoints2\{23f813ad-8bdd-11dd-ad36-0016d4546c0b}\Shell\AutoRun\command  
HKCU\Software\Microsoft\....\MountPoints2\{89d35fc2-7cce-11db-a775-806d6172696f}\Shell\AutoRun\command  
HKCU\Software\Microsoft\....\MountPoints2\{fd3e43a2-5eec-11dc-aa7e-0016d4546c0b}\Shell\Auto\command  
HKCU\Software\Microsoft\....\MountPoints2\{fd3e43a2-5eec-11dc-aa7e-0016d4546c0b}\Shell\AutoRun\command  

################## [ ! Fin du rapport # UsbFix V3.018 ! ]

sKe69 · Answer

Tient tient ...


fais ceci :

! Déconnecte toi d'internet et ferme toutes applications en cours !

Impératif :
Branche toutes tes unités externes à ton PC (clé USB, DD externe, flash disk, lecteur MP3,carte SD, etc...) succeptibles d'avoir été infectés ( mais sans les ouvrir ! ) . 

# Double clique sur le raccourci UsbFix présent sur ton bureau pour lancer l'outil .

# Cette fois ci , tu choisis l' option 2 ( Suppression ) .

> Ton bureau disparaitra et le pc redémarrera ( c'est normal ).

# Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil et ne touche à rien .

# Une fois terminé,  poste le nouveau rapport UsbFix.txt qui apparaitra avec le bureau .


( Le rapport est en outre sauvegardé à la racine du disque maitre > C:\UsbFix.txt ).



Puis refais un scan RSIT et poste le nouveau log.txt obtenu pour analyse ...

p59 · Answer

voila : 
############################## [ UsbFix V3.018 # Cleaning ]

# User : Pierrot (Administrateurs) # PIERRE
# Update on 11/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 21:05:31 | 12/05/2009

# Genuine Intel(R) CPU           T2050  @ 1.60GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled
# AV : AntiVir Desktop 9.0.1.26 [ Enabled | Updated ]

# C:\ # Disque fixe local # 43,88 Go (9,63 Go free) [ACER] # FAT32
# D:\ # Disque fixe local # 44,38 Go (14,21 Go free) [ACERDATA] # NTFS
# E:\ # Disque CD-ROM # 423,42 Mo (0 Mo free) [RedBaronII] # CDFS
# H:\ # Disque amovible

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe

################## [ Fichiers # Dossiers infectieux ]

(!) Not Deleted ! E:\Setup.exe   
(!) Not Deleted ! E:\autorun.inf   

################## [ Registre # Clés Run infectieuses ]


################## [ Registre # Mountpoints2 ]

Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{23f813ad-8bdd-11dd-ad36-0016d4546c0b}\Shell\AutoRun\command   
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{fd3e43a2-5eec-11dc-aa7e-0016d4546c0b}\Shell\Auto\command   

################## [ Listing des fichiers présent ]

[08/05/2009 19:17|--ah-----|19947520] - C:\ffastun0.ffx
[?|?|?] - C:\pagefile.sys
[08/05/2009 19:17|--ah-----|311296] - C:\ffastun.ffo
[08/05/2009 19:17|--ah-----|1024000] - C:\ffastun.ffl
[19/08/2006 07:00|-rahs----|83] - C:\Preload.aaa
[08/05/2009 19:17|--ah-----|5532] - C:\ffastun.ffa
[?|?|?] - C:\hiberfil.sys
[10/08/2004 20:00|-rahs----|4952] - C:\Bootfont.bin
[28/08/2008 00:33|-rahs----|252240] - C:\ntldr
[10/08/2004 20:00|-rahs----|47564] - C:\NTDETECT.COM
[14/03/2007 22:10|-rahs----|210] - C:\boot.ini
[19/08/2006 04:44|--a------|0] - C:\CONFIG.SYS
[19/08/2006 05:32|--a------|50] - C:\AUTOEXEC.BAT
[19/08/2006 04:44|-rahs----|0] - C:\IO.SYS
[19/08/2006 04:44|-rahs----|0] - C:\MSDOS.SYS
[19/08/2006 05:22|--a------|519] - C:\RHDSetup.log
[11/11/1999 00:17|--a------|49] - C:\MCE.TAG
[28/04/2008 08:11|--a------|363] - C:\aaw7boot.log
[30/05/2007 14:34|--a------|596] - C:\rapport_clean.txt
[12/05/2009 12:44|--ah-----|244] - C:\sqmnoopt00.sqm
[12/05/2009 12:44|--ah-----|268] - C:\sqmdata00.sqm
[12/05/2009 14:15|--ah-----|244] - C:\sqmnoopt01.sqm
[09/05/2009 02:11|--a------|1024000] - C:\ffastunT.ffl
[29/03/2007 20:58|--ahs----|3072] - C:\Thumbs.db
[12/05/2009 14:15|--ah-----|268] - C:\sqmdata01.sqm
[12/05/2009 14:35|--ah-----|268] - C:\sqmdata02.sqm
[12/05/2009 00:08|--ah-----|268] - C:\sqmdata16.sqm
[04/05/2009 02:08|--ah-----|244] - C:\sqmnoopt03.sqm
[04/05/2009 02:08|--ah-----|268] - C:\sqmdata03.sqm
[05/05/2009 00:30|--ah-----|244] - C:\sqmnoopt04.sqm
[05/05/2009 00:30|--ah-----|268] - C:\sqmdata04.sqm
[06/05/2009 01:55|--ah-----|244] - C:\sqmnoopt05.sqm
[06/05/2009 01:55|--ah-----|268] - C:\sqmdata05.sqm
[06/05/2009 02:09|--ah-----|244] - C:\sqmnoopt06.sqm
[06/05/2009 02:09|--ah-----|268] - C:\sqmdata06.sqm
[07/05/2009 00:52|--ah-----|244] - C:\sqmnoopt07.sqm
[07/05/2009 00:52|--ah-----|268] - C:\sqmdata07.sqm
[08/05/2009 03:05|--ah-----|244] - C:\sqmnoopt08.sqm
[08/05/2009 03:05|--ah-----|268] - C:\sqmdata08.sqm
[09/05/2009 02:10|--ah-----|244] - C:\sqmnoopt09.sqm
[09/05/2009 02:10|--ah-----|268] - C:\sqmdata09.sqm
[09/05/2009 11:25|--ah-----|244] - C:\sqmnoopt10.sqm
[09/05/2009 11:25|--ah-----|268] - C:\sqmdata10.sqm
[11/05/2009 01:44|--ah-----|268] - C:\sqmdata12.sqm
[10/05/2009 03:26|--ah-----|244] - C:\sqmnoopt11.sqm
[10/05/2009 03:26|--ah-----|268] - C:\sqmdata11.sqm
[11/05/2009 01:44|--ah-----|244] - C:\sqmnoopt12.sqm
[11/05/2009 23:09|--ah-----|244] - C:\sqmnoopt13.sqm
[11/05/2009 23:09|--ah-----|268] - C:\sqmdata13.sqm
[11/05/2009 23:26|--ah-----|244] - C:\sqmnoopt14.sqm
[11/05/2009 23:26|--ah-----|268] - C:\sqmdata14.sqm
[11/05/2009 23:37|--ah-----|244] - C:\sqmnoopt15.sqm
[11/05/2009 23:37|--ah-----|268] - C:\sqmdata15.sqm
[12/05/2009 00:08|--ah-----|244] - C:\sqmnoopt16.sqm
[12/05/2009 21:06|--a------|5653] - C:\UsbFix.txt
[12/05/2009 01:08|--ah-----|244] - C:\sqmnoopt17.sqm
[12/05/2009 01:08|--ah-----|268] - C:\sqmdata17.sqm
[12/05/2009 01:54|--ah-----|244] - C:\sqmnoopt18.sqm
[12/05/2009 01:54|--ah-----|268] - C:\sqmdata18.sqm
[12/05/2009 12:08|--ah-----|244] - C:\sqmnoopt19.sqm
[12/05/2009 12:08|--ah-----|268] - C:\sqmdata19.sqm
[12/05/2009 14:35|--ah-----|244] - C:\sqmnoopt02.sqm
[12/05/2009 20:11|--ah-----|4379] - D:\ffastun.ffa
[12/05/2009 20:11|--ah-----|557056] - D:\ffastun.ffl
[12/05/2009 20:11|--ah-----|65536] - D:\ffastun.ffo
[12/05/2009 20:11|--ah-----|991232] - D:\ffastun0.ffx
[09/12/2004 13:09|--a------|1645919] - D:\FirstAidKitFiles.zip
[11/06/2007 16:43|--a------|3] - D:\jazyk.txt
[14/06/2007 19:19|--a------|74] - D:\links_log.txt
[?|?|?] - D:\pagefile.sys
[21/03/2007 11:10|--a------|60273] - D:\pthreadGC2.dll
[17/05/2007 18:00|--ahs----|17408] - D:\Thumbs.db
[22/07/2008 19:41|--a------|114768] - D:\vv.drd
[11/05/2009 22:50|--a------|47288312] - D:\[BL4CK] American Dad S01E18.mp4
[11/05/2009 23:04|--a------|41428401] - D:\[BL4CK] American Dad S01E19.mp4
[04/02/1998 13:35|-r-------|425984] - E:\AUTORUN.EXE
[14/01/1998 16:07|-r-------|45] - E:\AUTORUN.INF
[29/01/1998 16:04|-r-------|766] - E:\BARON.ICO
[10/03/1998 12:51|-r-------|2341888] - E:\BARON.exe
[10/03/1998 13:06|-r-------|1071616] - E:\BARONMP.exe
[11/03/1998 03:13|-r-------|120] - E:\DATA.TAG
[29/01/1998 16:15|-r-------|766] - E:\DR1.ICO
[01/10/1997 18:57|-r-------|47206] - E:\Direct.bmp
[03/12/1997 04:10|-r-------|45056] - E:\IFORCE.DLL
[01/03/1998 16:47|-r-------|357] - E:\MPLAYMGR.INI
[25/02/1998 12:32|-r-------|309248] - E:\MPLAYUI.DLL
[05/03/1998 12:33|-r-------|9715] - E:\MPPAINT.txt
[30/01/1998 15:38|-r-------|204800] - E:\MPlayMgr.dll
[03/12/1997 04:10|-r-------|159744] - E:\MSS32.DLL
[10/03/1998 13:36|-r-------|3446] - E:\RB2sight.txt
[01/10/1997 18:58|-r-------|17974] - E:\Rb201.dib
[06/06/1997 19:27|-r-------|59904] - E:\SETUP.EXE
[11/03/1998 03:13|-r-------|70] - E:\SETUP.INI
[03/12/1997 04:11|-r-------|90624] - E:\SWEFFECT.DLL
[03/12/1997 04:11|-r-------|109056] - E:\SWFF_PRO.DLL
[03/12/1997 04:11|-r-------|70656] - E:\SWFORCE.DLL
[01/03/1998 18:30|-r-------|444] - E:\Sierra.inf
[29/01/1998 16:16|-r-------|766] - E:\TEST.ICO
[29/01/1998 16:16|-r-------|766] - E:\TITLE.ICO
[29/01/1998 16:16|-r-------|766] - E:\TRASH.ICO
[01/12/1997 12:18|-r-------|308278] - E:\Title.bmp
[29/01/1998 16:16|-r-------|590848] - E:\VFORCE.DLL
[29/01/1998 16:16|-r-------|33792] - E:\VFX.DLL
[02/06/1997 14:44|-r-------|317092] - E:\_INST32I.EX_
[02/06/1997 14:17|-r-------|8192] - E:\_ISDEL.EXE
[28/05/1997 21:50|-r-------|11264] - E:\_setup.dll
[11/03/1998 03:13|-r-------|212841] - E:\_sys1.cab
[11/03/1998 03:13|-r-------|483229] - E:\_user1.cab
[11/03/1998 03:17|-r-------|53060] - E:\data1.cab
[14/07/1997 19:00|-r-------|127488] - E:\dsetup.dll
[14/07/1997 19:00|-r-------|63056] - E:\dsetup16.dll
[14/07/1997 19:00|-r-------|41984] - E:\dsetup32.dll
[30/05/1997 14:31|-r-------|4557] - E:\lang.dat
[11/03/1998 03:17|-r-------|372] - E:\layout.bin
[10/03/1998 13:33|-r-------|20044] - E:\lisezmoi.txt
[06/05/1997 17:15|-r-------|417] - E:\os.dat
[26/02/1998 21:18|-r-------|113] - E:\rb2sim.ini
[09/03/1998 12:39|-r-------|34304] - E:\rbuninst.exe
[14/07/1997 16:55|-r-------|159080] - E:\setup.bmp
[11/03/1998 03:22|-r-------|76613] - E:\setup.ins
[11/03/1998 03:17|-r-------|47] - E:\setup.lid
[03/03/1998 12:26|-r-------|1370] - E:\squadid.txt

################## [ Vaccination ]

# C:\autorun.inf -> Folder created by UsbFix.  
# D:\autorun.inf -> Folder created by UsbFix.  

################## [ Cracks / Keygens / Serials ]

# -> Nothing found !  

################## [ ! Fin du rapport # UsbFix V3.018 ! ] 




mais y a 1 message : le fichier ou le repertoire \pagefyle.sys est endommagé et illisible, executer utilitaire CHKDSK

sKe69 · Answer

Vu pour le message ... on fera un checup en fin de désinfection ...


j'ai demandé un nouveau scan RSIT ... ^^'


j'attends donc le nouveau "log.txt" obtenu ...

p59 · Answer

voila le scan 

Logfile of random's system information tool 1.06 (written by random/random)
Run by Pierrot at 2009-05-12 22:23:04
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 10 GB (21%) free of 45 GB
Total RAM: 1022 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:23:14, on 12/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32	cpsvcs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\Pierrot\Bureau\RSIT.exe
C:\Documents and Settings\Pierrot\Bureau\Pierrot.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] D:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] d:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Télécharger avec IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.n9ws.com/webscanner/kavwebscan_unicode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c98718c422d7a5) (gupdate1c98718c422d7a5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWSunservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O24 - Desktop Component 0: (no name) - http://ic3.deviantart.com/fs12/i/2006/340/4/8/Sasuke_Naruto_by_Ruutus.jpg

sKe69 · Answer

bien ...


dans l'ordre :


1- Télécharge CCleaner :
http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
ou https://www.pcastuces.com/logitheque/ccleaner.htm 
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corriger ton registre . 
Lors de l'installation: 
-choisis bien "français" en langue . 
-avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 premières. 

Un tuto ( aide ): 
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm 


---> Utilisation:
*Décocher dans le menu Options - sous-menu Avancé : 
Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures .

! déconnecte toi et ferme toutes applications en cours !

* va dans "nettoyeur" : fais -analyse- puis -nettoyage- 
* va dans "registre" : fais -chercher les erreurs- et -réparer toutes les erreurs- 
( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) . 

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... ) 


=====================

2- Télécharge SmitfraudFix (de S!Ri, balltrap34 et moe31 ) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Installe le soft sur ton bureau ( et pas ailleurs! ) .

!! Déconnecte toi, ferme toutes tes applications et désactives tes défenses ( anti-virus ,anti-spyware,...) le temps de la manipe !!


Tuto ( aide ) : http://siri.urz.free.fr/Fix/SmitfraudFix.php
Autre tuto animé ( merci balltrapp34 ;) ) : http://pagesperso-orange.fr/rginformatique/section%20virus/smitfraudfix.htm
 
Utilisation ---> option 1 / Recherche : 
Double-clique sur l'icône "Smitfraudfix.exe" et sélectionne 1 (et pas sur autre chose sans notre accord !) pour créer un rapport des fichiers responsables de l'infection.
 
Poste le rapport ( "rapport.txt" qui se trouve sous C\: ) et attends la suite ...

(Attention : "process.exe", un composant de l'outil, est détecté par certains antivirus comme étant un "RiskTool". Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité.)

p59 · Answer

c'est en cour mais ccleaner m'a affiché ca lors du netoyage : fichier endomagé et illisible dans temporary internet files/content.le5/A076HGVO/bot_448.gif

c'est imortant ?

p59 · Answer

voila : 

SmitFraudFix v2.416

Rapport fait à 23:31:12,46, 12/05/2009
Executé à partir de C:\Documents and Settings\Pierrot\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32	cpsvcs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Pierrot\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Pierrot


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Pierrot\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Pierrot\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PIERROT\FAVORIS


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://ic3.deviantart.com/fs12/i/2006/340/4/8/Sasuke_Naruto_by_Ruutus.jpg"
"SubscribedURL"="http://ic3.deviantart.com/fs12/i/2006/340/4/8/Sasuke_Naruto_by_Ruutus.jpg"
"FriendlyName"=""
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS2\Services\Tcpip\..\{A2F24E25-A4E4-49B9-B53B-148039F3F4CC}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A2F24E25-A4E4-49B9-B53B-148039F3F4CC}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

sKe69 · Answer

c'est clean de se côté ...


la suite :

Télécharge MalwareByte's : 
ici http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebytes anti malware
ou ici : http://www.malwarebytes.org/mbam.php
 
* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'instale ) et mets le à jour . 

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/ )

* Potasse le tuto pour te familiariser avec le prg : 
https://forum.pcastuces.com/sujet.asp?f=31&s=3
( cela dis, il est très simple d'utilisation ).

! Déconnecte toi et ferme toutes applications en cours ! 

* Lance Malwarebyte's .

Fais un examen dit "Rapide" .

--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ). 
--> à la fin tu cliques sur "résultat" . 
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date), 
accompagné d'un nouveau rapport RSIT (log.txt) pour analyse ...

p59 · Answer

le rapport malwares : (je l'avai deja je l'avai utilisé avant

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2114
Windows 5.1.2600 Service Pack 3

12/05/2009 23:55:26
mbam-log-2009-05-12 (23-55-26).txt

Type de recherche: Examen rapide
Eléments examinés: 92061
Temps écoulé: 2 minute(s), 54 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

p59 · Answer

le RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Pierrot at 2009-05-12 23:57:44
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 10 GB (23%) free of 45 GB
Total RAM: 1022 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:57:52, on 12/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32	cpsvcs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pierrot\Bureau\RSIT.exe
C:\Documents and Settings\Pierrot\Bureau\Pierrot.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] D:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] d:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Télécharger avec IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.n9ws.com/webscanner/kavwebscan_unicode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c98718c422d7a5) (gupdate1c98718c422d7a5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWSunservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O24 - Desktop Component 0: (no name) - http://ic3.deviantart.com/fs12/i/2006/340/4/8/Sasuke_Naruto_by_Ruutus.jpg

sKe69 · Answer

re,


je l'avai deja je l'avai utilisé avant 

poste moi alors le rapport que tu avais obtenu stp ...


puis fais ceci dans l'ordre :


1- Télécharge OTMoveIt3 (de Old_Timer) sur ton Bureau. 

http://oldtimer.geekstogo.com/OTMoveIt3.exe

! Déconnecte toi et ferme toutes tes applications en cours !
 
Double clique sur "OTMoveIt3.exe" pour ouvrir le prg . 
Puis copie ce qui se trouve en citation ci-dessous,
 

:processes
explorer.exe

:Services

:Reg

:Files
C:\Documents and Settings\Pierrot\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler.exe

:Commands
[purity]
[emptytemp]
[Reboot]


et colle le dans le cadre de gauche de OTMoveIt3 : 
Paste Instructions for items to be moved.
(ne touche à rien d'autre !) 
 
-> clique sur MoveIt! pour lancer la suppression.
-> laisse travailler l'outil ... 

-> une fois finis , un petite fenêtre s'ouvre : clique sur " Yes " .

Ton PC va redémarrer de lui même pour finir la suppression ...

Lors du redémarrage , si on te demande d'autoriser l'exécution d' OTMoveIt , accepte ( pour que l'outil finisse son boulot ... ).

-->Poste le contenu du rapport qui se trouve dans le dossier "C:\_OTMoveIt\MovedFiles"  
( " xxxx2008_xxxxxx.log "  où les "x" correspondent au jour et à l'heure de l'utilisation  ).


=======================

2- Télécharge Ad-remover ( de C_XX ) sur ton bureau ( et pas ailleurs!) :

http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

! Déconnecte toi et ferme toutes application en cours ( navigarteur compris ) !

* Clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installe par défaut . 
* Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil . 
* Au menu principal choisis l'option "A" et tape sur [entrée] .

Laisse travailler l'outil et ne touche à rien ... 

--> Poste le rapport qui apparait à la fin . 

( le rapport est sauvegardé aussi sous C:\Ad-report.log ) 

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) 

Note : 
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


Site de l'auteur > http://pagesperso-orange.fr/NosTools/ad_remover.html

p59 · Answer

le premier rapport malwares : 

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2114
Windows 5.1.2600 Service Pack 3

12/05/2009 12:43:29
mbam-log-2009-05-12 (12-43-29).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 210164
Temps écoulé: 27 minute(s), 2 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
KHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prnet (Trojan.Downloader) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prnet (Trojan.Downloader) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Pierrot\Mes documents\CR-BP211.EXE (Trojan.Hacktool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pierrot\Mes documents\BS.Player.Pro.v2.11.940.Multilingual.Incl.Keymaker-CORE\CR-BP211.EXE (Trojan.Hacktool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ftp_non_crp.exe (Trojan.Agent) -> Quarantined and deleted successfully.

p59 · Answer

le rapport tou chaud ========== PROCESSES ========== Process explorer.exe killed successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== C:\Documents and Settings\Pierrot\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler.exe moved successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\#)#R !R".c scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\âäÅ§éâçå.╝┐å scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\cddm▒Â.¥│▒ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\36C43ECF.9BB scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\?EA33210.e33 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\Åëêìê g.a scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ôö¿¼s scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\Ï»Ð¡Ð½õÒ.µµô scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¢╝╩¥╗▒ý¯.ÈËý scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ËóÐánj.j& scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\Çå(*-\(,.+/_ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ýøÙÚÿ£uu.syy scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\à¾©┐â¶ü.æþÓ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ ä■¸╩═░╝.┴ã░ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\À┴┬Áb[\.`g scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¢└╝╔┴╝╦╚.#$[ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\9cr !"#.v p scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\xGB4@CD.fd2 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\æÉ»¿öÕôò.ùÒÒ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\âàÇ¶éïèé.±¾z scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¯Ö vw.vwq scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\lmna{.y scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\µþËÈÝþ¯Þ.Úþ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\iif\[c.õµÓ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\KML6KIò£.õµù scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\åë¸¶┐│ãÀ.┐▒┬ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\â¸é‗ØÜıË.óºñ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ÞÙÔÞÝƒØÔ.ÍÐd scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ihl%(.&v' scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\à¾‗¶§Å‗.åÅg scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ÍÍÎíáªº¦.¹¨Å scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\trs tv scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\} {zF2.D6D scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ecfe÷³.±³¶ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\║¢‗¶àÇââ.‗§w scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\£×p w#v&.oh' scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ççå±¸÷î.±¾ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\æûæþss.r scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\÷±┬╚║┐─Â.├╠À scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\5<tu}wt.}wr scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¹¹·îìï?e.8:l scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\îè¹■`g.`c scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ebe`cc. scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\üüj`.i scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\onno.¨ ■ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¶¶àéefd. scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\'!á┌ºÑË┌.óáÐ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\klíÎóáÍÍ.Îíá scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\┐¢╠╝╦┐÷å.¤╚ç scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\!U !\$]T.\p┼ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ï¨ÞõÓÚÆß.ÓÞÔ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ssLKåÇ±¶.¸¸å scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\tªÊ.ºª█ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\!.PS."W&.:4g scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\À░±åâüç.¶¶å scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\³Å░Àë■¹¨. êâ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\chWP.åâÇ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\³ëáÎáðÿƒ.Î¡Î scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\Äë³·ïëëî.Á▓º scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\µÉæùûýæô.Õýñ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¦¦▄¬½¡¼Í.ÿÜý scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ÆµÁÀ┼└┼├.À┼┤ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\cdW_+X│▒.ÀÃÁ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\3B4EADC3.¢║à scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ÓÆö´ÒÉù´.¯þß scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\▒┬│▒ã┤y.}z scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\t`.e scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\îÅ¨°éÅÄ■.¨ëÙ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\┬┼è¨Ä¹è³.åâ¸ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ð┘õÒ▄ð╗╝.╩¢¢ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\bognbfo.Ø¯´ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ â‗§üàç.åàà scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\´ø£þ£µÊı.c0g scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\°ëÅì‗³■².e scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\febj.ce2 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ohk88kj>.dg scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\,U!,R!&R."%T scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\_xeeke.k6 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\c20e9cba. 7 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¦┌Õßûô-$.,Q% scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\2D Ðıóº.¦È▄ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\`gf_X.d`6 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\&%,&#QS,._xg scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\kDF09AC.2b5 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\kbk.2 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\a``.aD scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\åâÇÇ±÷P&.SQ' scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\f_Xadab.kb3 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ $P-PV.`ef scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\6F1E0@.SU$ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\bk`.g4 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\``a.kd scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\`eff.af scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\SU$!"". scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\`gf._xe scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\RtkBtMnt.exe scheduled to be deleted on reboot. User's Temp folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\Documents and Settings\Pierrot\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. User's Temporary Internet Files folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. Network Service Temp folder emptied. File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Network Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2b0.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. FireFox cache emptied. Temp folders emptied. OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05132009_002036 Files moved on Reboot... File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\#)#R !R".c not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\âäÅ§éâçå.╝┐å not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\cddm▒Â.¥│▒ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\36C43ECF.9BB not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\?EA33210.e33 not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\Åëêìê g.a not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ôö¿¼s not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\Ï»Ð¡Ð½õÒ.µµô not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¢╝╩¥╗▒ý¯.ÈËý not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ËóÐánj.j& not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\Çå(*-\(,.+/_ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ýøÙÚÿ£uu.syy not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\à¾©┐â¶ü.æþÓ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ ä■¸╩═░╝.┴ã░ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\À┴┬Áb[\.`g not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¢└╝╔┴╝╦╚.#$[ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\9cr !"#.v p not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\xGB4@CD.fd2 not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\æÉ»¿öÕôò.ùÒÒ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\âàÇ¶éïèé.±¾z not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¯Ö vw.vwq not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\lmna{.y not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\µþËÈÝþ¯Þ.Úþ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\iif\[c.õµÓ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\KML6KIò£.õµù not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\åë¸¶┐│ãÀ.┐▒┬ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\â¸é‗ØÜıË.óºñ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ÞÙÔÞÝƒØÔ.ÍÐd not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ihl%(.&v' not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\à¾‗¶§Å‗.åÅg not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ÍÍÎíáªº¦.¹¨Å not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\trs tv not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\} {zF2.D6D not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ecfe÷³.±³¶ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\║¢‗¶àÇââ.‗§w not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\£×p w#v&.oh' not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ççå±¸÷î.±¾ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\æûæþss.r not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\÷±┬╚║┐─Â.├╠À not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\5<tu}wt.}wr not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¹¹·îìï?e.8:l not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\îè¹■`g.`c not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ebe`cc. not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\üüj`.i not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\onno.¨ ■ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¶¶àéefd. not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\'!á┌ºÑË┌.óáÐ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\klíÎóáÍÍ.Îíá not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\┐¢╠╝╦┐÷å.¤╚ç not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\!U !\$]T.\p┼ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ï¨ÞõÓÚÆß.ÓÞÔ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ssLKåÇ±¶.¸¸å not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\tªÊ.ºª█ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\!.PS."W&.:4g not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\À░±åâüç.¶¶å not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\³Å░Àë■¹¨. êâ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\chWP.åâÇ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\³ëáÎáðÿƒ.Î¡Î not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\Äë³·ïëëî.Á▓º not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\µÉæùûýæô.Õýñ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¦¦▄¬½¡¼Í.ÿÜý not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ÆµÁÀ┼└┼├.À┼┤ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\cdW_+X│▒.ÀÃÁ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\3B4EADC3.¢║à not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ÓÆö´ÒÉù´.¯þß not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\▒┬│▒ã┤y.}z not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\t`.e not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\îÅ¨°éÅÄ■.¨ëÙ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\┬┼è¨Ä¹è³.åâ¸ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ð┘õÒ▄ð╗╝.╩¢¢ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\bognbfo.Ø¯´ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ â‗§üàç.åàà not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\´ø£þ£µÊı.c0g not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\°ëÅì‗³■².e not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\febj.ce2 not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ohk88kj>.dg not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\,U!,R!&R."%T not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\_xeeke.k6 not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\c20e9cba. 7 not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¦┌Õßûô-$.,Q% not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\2D Ðıóº.¦È▄ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\`gf_X.d`6 not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\&%,&#QS,._xg not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\kDF09AC.2b5 not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\kbk.2 not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\a``.aD not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\åâÇÇ±÷P&.SQ' not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\f_Xadab.kb3 not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ $P-PV.`ef not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\6F1E0@.SU$ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\bk`.g4 not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\``a.kd not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\`eff.af not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\SU$!"". not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\`gf._xe not found! C:\DOCUME~1\Pierrot\LOCALS~1\Temp\RtkBtMnt.exe moved successfully. File C:\WINDOWS\temp\Perflib_Perfdata_2b0.dat not found!

sKe69 · Answer

vu ... la suite donc ...

p59 · Answer

voila : 


------- LOGFILE OF AD-REMOVER 1.1.3.7 | ONLY XP/VISTA -------

Updated by C_XX on 11/05/2009 at 16:00
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

Start at:  0:44:42, 13/05/2009 | Boot mode: Normal Boot
Option: Scan | Executed from: C:\Program Files\Ad-remover\
Operating System: Microsoft® Windows XP™  Service Pack 3 (version 5.1.2600)
Computer Name: PIERRE
Current User: Pierrot - Administrator
Drive(s): 
- C:\  (File System: FAT32)
- D:\  (File System: NTFS)
- E:\  (File System: CDFS)

(!) ---- C:\Documents and Settings\Administrateur\Ntuser.dat Loaded as: 'HKU\Administrateur'
(!) ---- C:\Documents and Settings\autre\Ntuser.dat Loaded as: 'HKU\autre'

============ Known Adwares Found ============

.
HKLM\Software\Trymedia Systems
.

+-----------------| Eorezo Elements Found:

.

+-----------------| It's TV Elements Found:

.

+-----------------| Sweetim Elements Found:

.

+-----------------| Added Scan:

---- Mozilla FireFox Version [Unable to get version] ----

ProfilePath: bbrhzjaq.default (Pierrot)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Google");
(Prefs.js) user_pref("browser.search.selectedEngine", "Yahoo");
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.netvibes.com/");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.6");
.

---- Internet Explorer Version 7.0.5730.11 ----

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-86003536-2852020299-55118337-1005\..\Internet Explorer\Main]

Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

=========== Suspicious ==========


+---------------------------------------------------------------------------+

2516 Byte(s) - C:\Ad-Report-Scan-13.05.2009.log

1 File(s) - C:\Program Files\Ad-remover\BACKUP
0 File(s) - C:\Program Files\Ad-remover\QUARANTINE

End at:  1:28:19 | 13/05/2009
.
+-----------------| E.O.F
.

sKe69 · Answer

Salut,


dans l'ordre :


1- Nettoyage AD-Remover : 

! Déconnecte toi et ferme toutes application en cours ( navigarteur compris ) ! 

* Relance "Ad-remover" : au menu principal choisis l'option "B" . 

* A l'écran de sélection : 

> choisis le(s) chiffre(s) suivant pour nettoyer les traces de :


1 - "Adwares connus" puis [entrée]

 
Une fois la sélection faite, tape S puis [entrée] pour lancer la suppression . 

--> le programme va travailler , ne touche à rien ... 


* Poste le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ... 

( le rapport est sauvegardé aussi sous C:\Ad-report.log ) 

/!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide ) /!\ 


===========================

2- Télécharge GenProc  (de Jean-Chretien1 et Narco4) sur ton bureau (et pas ailleur !) :
http://www.genproc.com/GenProc.exe 

!!Déconnecte toi et ferme tes applications en cours !!


* double-clique sur GenProc.exe pour lancer le scan et laisse faire ...

* A la question "faites vous aidez sur un forum..." > clique sur " oui " .

-> poste le contenu du rapport qui s'ouvre ... 


Aide en images ici : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
 
IMPORTANT : poste le rapport et ne fais rien d'autre pour l'instant ( souvant il faut ajouter des consignes à la manipe indiquée pour que cela fonctionne parfaitement ) .

p59 · Answer

salut
le rapport AD-remover


------- LOGFILE OF AD-REMOVER 1.1.3.7 | ONLY XP/VISTA -------

Updated by C_XX on 11/05/2009 at 16:00
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

**** LIMITED TO ****

Known Adwares

********************

Start at: 10:58:45, 13/05/2009 | Boot mode: Normal Boot
Option: Clean | Executed from: C:\Program Files\Ad-remover\
Operating System: Microsoft® Windows XP™  Service Pack 3 (version 5.1.2600)
Computer Name: PIERRE
Current User: Pierrot - Administrator
Drive(s): 
- C:\  (File System: FAT32)
- D:\  (File System: NTFS)
- E:\  (File System: CDFS)

(!) ---- C:\Documents and Settings\Administrateur\Ntuser.dat Loaded as: 'HKU\Administrateur'
(!) ---- C:\Documents and Settings\autre\Ntuser.dat Loaded as: 'HKU\autre'

(!) ---- IE start pages/Tabs reset

============ Known Adwares Deleted ============

.
HKLM\Software\Trymedia Systems
.

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.



+-----------------| Added Scan:

---- Mozilla FireFox Version [Unable to get version] ----

ProfilePath: bbrhzjaq.default (Pierrot)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Google");
(Prefs.js) user_pref("browser.search.selectedEngine", "Yahoo");
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.netvibes.com/");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.6");
.

---- Internet Explorer Version 7.0.5730.11 ----

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.google.com
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-86003536-2852020299-55118337-1005\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.google.com
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

=========== Suspicious ==========


+---------------------------------------------------------------------------+

2733 Byte(s) - C:\Ad-Report-Scan-13.05.2009.log
3067 Byte(s) - C:\Ad-Report-Clean-13.05.2009.log

19 File(s) - C:\Program Files\Ad-remover\BACKUP
0 File(s) - C:\Program Files\Ad-remover\QUARANTINE

End at: 11:33:38 | 13/05/2009
.
+-----------------| E.O.F
.

sKe69 · Answer

bien ....

genproc maintenant ...

p59 · Answer

le hijack : 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:35, on 13/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32	cpsvcs.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
D:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\WINDOWS\System32\alg.exe
C:\DOCUME~1\Pierrot\LOCALS~1\Temp\RtkBtMnt.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Pierrot\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower

p59 · Answer

la suite du HiJAck


Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] D:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] d:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Télécharger avec IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1

p59 · Answer

la modération est trop sensible ou quoi ?

suite du HiJack

\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.n9ws.com/webscanner/kavwebscan_unicode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

p59 · Answer

en core le HiJack

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c98718c422d7a5) (gupdate1c98718c422d7a5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

p59 · Answer

elle deconne la moderation !

encore le Hijack

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard

p59 · Answer

la suite

Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program

p59 · Answer

Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

p59 · Answer

le genproc

Rapport GenProc 2.560 [2] 
@ 13/05/2009 à 11:59:02 
@ Windows XP Service Pack 3

# Etape 1/ Télécharge :
 
- CCleaner https://www.ccleaner.com/ccleaner/download (FileHippo). Ce logiciel va permettre de supprimer tous les fichiers temporaires. Lance-le et clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.

- USBFix http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe (Chiquitine29) sur le Bureau, et procède simplement à son installation.


 Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/  ; Choisis ta session courante *** Pierrot *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[2]" sur ton bureau).


# Etape 2/ 

 Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectées sans les ouvrir, puis double-clique sur le raccourci UsbFix présent sur ton Bureau : choisis l' option 2 (Suppression), ton bureau disparaitra et le pc redémarrera. Au redémarrage, UsbFix scannera ton pc, laisse travailler l'outil.

# Etape 3/ 

 Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 4/ 

 Redémarre normalement et poste, dans la même réponse : 

- Le contenu du rapport UsbFix.txt situé dans C:\ ; 
- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;
- Un nouveau rapport GenProc ;

 Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com 
----------------------------------------------------------------------

~~ Arguments de la procédure ~~


# Détections [1] GenProc 2.560 13/05/2009 à 11:38:18 
USBFix:le 13/05/2009 à 11:38:40 "C:\WINDOWS\System32	mp.reg" 

# Détections [2] GenProc 2.560 13/05/2009 à 11:58:15 
USBFix:le 13/05/2009 à 11:58:46 "C:\WINDOWS\System32	mp.reg"

sKe69 · Answer

bien ...

pas mal de bug sur le site en se moment


On va réutiliser OTMoveIT :


1- ! Déconnecte toi et ferme toutes tes applications en cours !
 
Double clique sur "OTMoveIt3.exe" pour ouvrir le prg . 
Puis copie ce qui se trouve en citation ci-dessous,
 

:processes
explorer.exe

:Services

:Reg

:Files
C:\WINDOWS\System32	mp.reg

:Commands
[purity]
[emptytemp]
[Reboot]


et colle le dans le cadre de gauche de OTMoveIt3 : 
Paste Instructions for items to be moved.
(ne touche à rien d'autre !) 
 
-> clique sur MoveIt! pour lancer la suppression.
-> laisse travailler l'outil ... 

-> une fois finis , un petite fenêtre s'ouvre : clique sur " Yes " .

Ton PC va redémarrer de lui même pour finir la suppression ...

Lors du redémarrage , si on te demande d'autoriser l'exécution d' OTMoveIt , accepte ( pour que l'outil finisse son boulot ... ).

-->Poste le contenu du rapport qui se trouve dans le dossier "C:\_OTMoveIt\MovedFiles"  
( " xxxx2008_xxxxxx.log "  où les "x" correspondent au jour et à l'heure de l'utilisation  ).



2- refais un scan RSIT , poste le nouveau rapport Log.txt obtenu et attends la suite ...

p59 · Answer

le OT moveIT ========== PROCESSES ========== Process explorer.exe killed successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== C:\WINDOWS\System32\tmp.reg moved successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\#)#R !R".c scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\âäÅ§éâçå.╝┐å scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\cddm▒Â.¥│▒ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\36C43ECF.9BB scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\?EA33210.e33 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\Åëêìê g.a scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ôö¿¼s scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\Ï»Ð¡Ð½õÒ.µµô scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¢╝╩¥╗▒ý¯.ÈËý scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ËóÐánj.j& scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\Çå(*-\(,.+/_ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ýøÙÚÿ£uu.syy scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\à¾©┐â¶ü.æþÓ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ ä■¸╩═░╝.┴ã░ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\À┴┬Áb[\.`g scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¢└╝╔┴╝╦╚.#$[ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\9cr !"#.v p scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\xGB4@CD.fd2 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\æÉ»¿öÕôò.ùÒÒ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\âàÇ¶éïèé.±¾z scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¯Ö vw.vwq scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\lmna{.y scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\µþËÈÝþ¯Þ.Úþ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\iif\[c.õµÓ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\KML6KIò£.õµù scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\åë¸¶┐│ãÀ.┐▒┬ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\â¸é‗ØÜıË.óºñ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ÞÙÔÞÝƒØÔ.ÍÐd scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ihl%(.&v' scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\à¾‗¶§Å‗.åÅg scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ÍÍÎíáªº¦.¹¨Å scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\trs tv scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\} {zF2.D6D scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ecfe÷³.±³¶ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\║¢‗¶àÇââ.‗§w scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\£×p w#v&.oh' scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ççå±¸÷î.±¾ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\æûæþss.r scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\÷±┬╚║┐─Â.├╠À scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\5<tu}wt.}wr scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¹¹·îìï?e.8:l scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\îè¹■`g.`c scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ebe`cc. scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\üüj`.i scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\onno.¨ ■ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¶¶àéefd. scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\'!á┌ºÑË┌.óáÐ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\klíÎóáÍÍ.Îíá scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\┐¢╠╝╦┐÷å.¤╚ç scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\!U !\$]T.\p┼ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ï¨ÞõÓÚÆß.ÓÞÔ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ssLKåÇ±¶.¸¸å scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\tªÊ.ºª█ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\!.PS."W&.:4g scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\À░±åâüç.¶¶å scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\³Å░Àë■¹¨. êâ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\chWP.åâÇ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\³ëáÎáðÿƒ.Î¡Î scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\Äë³·ïëëî.Á▓º scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\µÉæùûýæô.Õýñ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¦¦▄¬½¡¼Í.ÿÜý scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ÆµÁÀ┼└┼├.À┼┤ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\cdW_+X│▒.ÀÃÁ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\3B4EADC3.¢║à scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ÓÆö´ÒÉù´.¯þß scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\▒┬│▒ã┤y.}z scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\t`.e scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\îÅ¨°éÅÄ■.¨ëÙ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\┬┼è¨Ä¹è³.åâ¸ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ð┘õÒ▄ð╗╝.╩¢¢ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\bognbfo.Ø¯´ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ â‗§üàç.åàà scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\´ø£þ£µÊı.c0g scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\°ëÅì‗³■².e scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\febj.ce2 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ohk88kj>.dg scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\,U!,R!&R."%T scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\_xeeke.k6 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\c20e9cba. 7 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¦┌Õßûô-$.,Q% scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\2D Ðıóº.¦È▄ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\`gf_X.d`6 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\&%,&#QS,._xg scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\kDF09AC.2b5 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\kbk.2 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\a``.aD scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\åâÇÇ±÷P&.SQ' scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\f_Xadab.kb3 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ $P-PV.`ef scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\6F1E0@.SU$ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\bk`.g4 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\``a.kd scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\`eff.af scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\SU$!"". scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\`gf._xe scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\RtkBtMnt.exe scheduled to be deleted on reboot. User's Temp folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\Documents and Settings\Pierrot\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. User's Temporary Internet Files folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. Network Service Temp folder emptied. File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Network Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2d8.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. FireFox cache emptied. Temp folders emptied. OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05132009_121758 Files moved on Reboot... File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\#)#R !R".c not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\âäÅ§éâçå.╝┐å not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\cddm▒Â.¥│▒ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\36C43ECF.9BB not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\?EA33210.e33 not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\Åëêìê g.a not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ôö¿¼s not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\Ï»Ð¡Ð½õÒ.µµô not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¢╝╩¥╗▒ý¯.ÈËý not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ËóÐánj.j& not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\Çå(*-\(,.+/_ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ýøÙÚÿ£uu.syy not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\à¾©┐â¶ü.æþÓ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ ä■¸╩═░╝.┴ã░ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\À┴┬Áb[\.`g not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¢└╝╔┴╝╦╚.#$[ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\9cr !"#.v p not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\xGB4@CD.fd2 not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\æÉ»¿öÕôò.ùÒÒ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\âàÇ¶éïèé.±¾z not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¯Ö vw.vwq not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\lmna{.y not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\µþËÈÝþ¯Þ.Úþ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\iif\[c.õµÓ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\KML6KIò£.õµù not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\åë¸¶┐│ãÀ.┐▒┬ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\â¸é‗ØÜıË.óºñ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ÞÙÔÞÝƒØÔ.ÍÐd not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ihl%(.&v' not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\à¾‗¶§Å‗.åÅg not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ÍÍÎíáªº¦.¹¨Å not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\trs tv not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\} {zF2.D6D not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ecfe÷³.±³¶ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\║¢‗¶àÇââ.‗§w not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\£×p w#v&.oh' not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ççå±¸÷î.±¾ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\æûæþss.r not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\÷±┬╚║┐─Â.├╠À not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\5<tu}wt.}wr not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¹¹·îìï?e.8:l not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\îè¹■`g.`c not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ebe`cc. not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\üüj`.i not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\onno.¨ ■ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¶¶àéefd. not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\'!á┌ºÑË┌.óáÐ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\klíÎóáÍÍ.Îíá not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\┐¢╠╝╦┐÷å.¤╚ç not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\!U !\$]T.\p┼ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ï¨ÞõÓÚÆß.ÓÞÔ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ssLKåÇ±¶.¸¸å not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\tªÊ.ºª█ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\!.PS."W&.:4g not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\À░±åâüç.¶¶å not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\³Å░Àë■¹¨. êâ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\chWP.åâÇ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\³ëáÎáðÿƒ.Î¡Î not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\Äë³·ïëëî.Á▓º not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\µÉæùûýæô.Õýñ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¦¦▄¬½¡¼Í.ÿÜý not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ÆµÁÀ┼└┼├.À┼┤ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\cdW_+X│▒.ÀÃÁ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\3B4EADC3.¢║à not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ÓÆö´ÒÉù´.¯þß not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\▒┬│▒ã┤y.}z not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\t`.e not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\îÅ¨°éÅÄ■.¨ëÙ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\┬┼è¨Ä¹è³.åâ¸ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ð┘õÒ▄ð╗╝.╩¢¢ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\bognbfo.Ø¯´ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ â‗§üàç.åàà not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\´ø£þ£µÊı.c0g not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\°ëÅì‗³■².e not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\febj.ce2 not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ohk88kj>.dg not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\,U!,R!&R."%T not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\_xeeke.k6 not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\c20e9cba. 7 not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¦┌Õßûô-$.,Q% not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\2D Ðıóº.¦È▄ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\`gf_X.d`6 not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\&%,&#QS,._xg not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\kDF09AC.2b5 not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\kbk.2 not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\a``.aD not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\åâÇÇ±÷P&.SQ' not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\f_Xadab.kb3 not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ $P-PV.`ef not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\6F1E0@.SU$ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\bk`.g4 not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\``a.kd not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\`eff.af not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\SU$!"". not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\`gf._xe not found! C:\DOCUME~1\Pierrot\LOCALS~1\Temp\RtkBtMnt.exe moved successfully. C:\WINDOWS\temp\Perflib_Perfdata_2d8.dat moved successfully.

p59 · Answer

le OT moveIT ========== PROCESSES ========== Process explorer.exe killed successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== C:\WINDOWS\System32\tmp.reg moved successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\#)#R !R".c scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\âäÅ§éâçå.╝┐å scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\cddm▒Â.¥│▒ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\36C43ECF.9BB scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\?EA33210.e33 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\Åëêìê g.a scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ôö¿¼s scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\Ï»Ð¡Ð½õÒ.µµô scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¢╝╩¥╗▒ý¯.ÈËý scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ËóÐánj.j& scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\Çå(*-\(,.+/_ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ýøÙÚÿ£uu.syy scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\à¾©┐â¶ü.æþÓ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ ä■¸╩═░╝.┴ã░ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\À┴┬Áb[\.`g scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¢└╝╔┴╝╦╚.#$[ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\9cr !"#.v p scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\xGB4@CD.fd2 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\æÉ»¿öÕôò.ùÒÒ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\âàÇ¶éïèé.±¾z scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¯Ö vw.vwq scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\lmna{.y scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\µþËÈÝþ¯Þ.Úþ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\iif\[c.õµÓ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\KML6KIò£.õµù scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\åë¸¶┐│ãÀ.┐▒┬ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\â¸é‗ØÜıË.óºñ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ÞÙÔÞÝƒØÔ.ÍÐd scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ihl%(.&v' scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\à¾‗¶§Å‗.åÅg scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ÍÍÎíáªº¦.¹¨Å scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\trs tv scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\} {zF2.D6D scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ecfe÷³.±³¶ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\║¢‗¶àÇââ.‗§w scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\£×p w#v&.oh' scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ççå±¸÷î.±¾ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\æûæþss.r scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\÷±┬╚║┐─Â.├╠À scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\5<tu}wt.}wr scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¹¹·îìï?e.8:l scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\îè¹■`g.`c scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ebe`cc. scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\üüj`.i scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\onno.¨ ■ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¶¶àéefd. scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\'!á┌ºÑË┌.óáÐ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\klíÎóáÍÍ.Îíá scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\┐¢╠╝╦┐÷å.¤╚ç scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\!U !\$]T.\p┼ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ï¨ÞõÓÚÆß.ÓÞÔ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ssLKåÇ±¶.¸¸å scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\tªÊ.ºª█ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\!.PS."W&.:4g scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\À░±åâüç.¶¶å scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\³Å░Àë■¹¨. êâ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\chWP.åâÇ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\³ëáÎáðÿƒ.Î¡Î scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\Äë³·ïëëî.Á▓º scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\µÉæùûýæô.Õýñ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¦¦▄¬½¡¼Í.ÿÜý scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ÆµÁÀ┼└┼├.À┼┤ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\cdW_+X│▒.ÀÃÁ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\3B4EADC3.¢║à scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ÓÆö´ÒÉù´.¯þß scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\▒┬│▒ã┤y.}z scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\t`.e scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\îÅ¨°éÅÄ■.¨ëÙ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\┬┼è¨Ä¹è³.åâ¸ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ð┘õÒ▄ð╗╝.╩¢¢ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\bognbfo.Ø¯´ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ â‗§üàç.åàà scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\´ø£þ£µÊı.c0g scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\°ëÅì‗³■².e scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\febj.ce2 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ohk88kj>.dg scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\,U!,R!&R."%T scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\_xeeke.k6 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\c20e9cba. 7 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¦┌Õßûô-$.,Q% scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\2D Ðıóº.¦È▄ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\`gf_X.d`6 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\&%,&#QS,._xg scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\kDF09AC.2b5 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\kbk.2 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\a``.aD scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\åâÇÇ±÷P&.SQ' scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\f_Xadab.kb3 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ $P-PV.`ef scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\6F1E0@.SU$ scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\bk`.g4 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\``a.kd scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\`eff.af scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\SU$!"". scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\`gf._xe scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Pierrot\LOCALS~1\Temp\RtkBtMnt.exe scheduled to be deleted on reboot. User's Temp folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\Documents and Settings\Pierrot\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. User's Temporary Internet Files folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. Network Service Temp folder emptied. File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Network Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2d8.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. FireFox cache emptied. Temp folders emptied. OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05132009_121758 Files moved on Reboot... File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\#)#R !R".c not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\âäÅ§éâçå.╝┐å not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\cddm▒Â.¥│▒ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\36C43ECF.9BB not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\?EA33210.e33 not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\Åëêìê g.a not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ôö¿¼s not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\Ï»Ð¡Ð½õÒ.µµô not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¢╝╩¥╗▒ý¯.ÈËý not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ËóÐánj.j& not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\Çå(*-\(,.+/_ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ýøÙÚÿ£uu.syy not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\à¾©┐â¶ü.æþÓ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ ä■¸╩═░╝.┴ã░ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\À┴┬Áb[\.`g not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¢└╝╔┴╝╦╚.#$[ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\9cr !"#.v p not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\xGB4@CD.fd2 not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\æÉ»¿öÕôò.ùÒÒ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\âàÇ¶éïèé.±¾z not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¯Ö vw.vwq not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\lmna{.y not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\µþËÈÝþ¯Þ.Úþ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\iif\[c.õµÓ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\KML6KIò£.õµù not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\åë¸¶┐│ãÀ.┐▒┬ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\â¸é‗ØÜıË.óºñ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ÞÙÔÞÝƒØÔ.ÍÐd not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ihl%(.&v' not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\à¾‗¶§Å‗.åÅg not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ÍÍÎíáªº¦.¹¨Å not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\trs tv not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\} {zF2.D6D not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ecfe÷³.±³¶ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\║¢‗¶àÇââ.‗§w not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\£×p w#v&.oh' not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ççå±¸÷î.±¾ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\æûæþss.r not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\÷±┬╚║┐─Â.├╠À not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\5<tu}wt.}wr not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¹¹·îìï?e.8:l not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\îè¹■`g.`c not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ebe`cc. not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\üüj`.i not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\onno.¨ ■ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¶¶àéefd. not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\'!á┌ºÑË┌.óáÐ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\klíÎóáÍÍ.Îíá not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\┐¢╠╝╦┐÷å.¤╚ç not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\!U !\$]T.\p┼ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ï¨ÞõÓÚÆß.ÓÞÔ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ssLKåÇ±¶.¸¸å not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\tªÊ.ºª█ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\!.PS."W&.:4g not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\À░±åâüç.¶¶å not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\³Å░Àë■¹¨. êâ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\chWP.åâÇ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\³ëáÎáðÿƒ.Î¡Î not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\Äë³·ïëëî.Á▓º not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\µÉæùûýæô.Õýñ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¦¦▄¬½¡¼Í.ÿÜý not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ÆµÁÀ┼└┼├.À┼┤ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\cdW_+X│▒.ÀÃÁ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\3B4EADC3.¢║à not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ÓÆö´ÒÉù´.¯þß not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\▒┬│▒ã┤y.}z not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\t`.e not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\îÅ¨°éÅÄ■.¨ëÙ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\┬┼è¨Ä¹è³.åâ¸ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ð┘õÒ▄ð╗╝.╩¢¢ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\bognbfo.Ø¯´ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ â‗§üàç.åàà not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\´ø£þ£µÊı.c0g not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\°ëÅì‗³■².e not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\febj.ce2 not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ohk88kj>.dg not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\,U!,R!&R."%T not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\_xeeke.k6 not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\c20e9cba. 7 not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\¦┌Õßûô-$.,Q% not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\2D Ðıóº.¦È▄ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\`gf_X.d`6 not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\&%,&#QS,._xg not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\kDF09AC.2b5 not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\kbk.2 not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\a``.aD not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\åâÇÇ±÷P&.SQ' not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\f_Xadab.kb3 not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\ $P-PV.`ef not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\6F1E0@.SU$ not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\bk`.g4 not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\``a.kd not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\`eff.af not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\SU$!"". not found! File C:\DOCUME~1\Pierrot\LOCALS~1\Temp\Rar$DR01.719\`gf._xe not found! C:\DOCUME~1\Pierrot\LOCALS~1\Temp\RtkBtMnt.exe moved successfully. C:\WINDOWS\temp\Perflib_Perfdata_2d8.dat moved successfully.

p59 · Answer

le RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Pierrot at 2009-05-13 12:27:13
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 10 GB (23%) free of 45 GB
Total RAM: 1022 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:33, on 13/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS
otepad.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32	cpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32undll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
D:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\WINDOWS\System32\alg.exe
C:\DOCUME~1\Pierrot\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Pierrot\Bureau\RSIT.exe
C:\Documents and Settings\Pierrot\Bureau\Pierrot.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] D:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] d:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Télécharger avec IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.n9ws.com/webscanner/kavwebscan_unicode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c98718c422d7a5) (gupdate1c98718c422d7a5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWSunservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O24 - Desktop Component 0: (no name) - http://ic3.deviantart.com/fs12/i/2006/340/4/8/Sasuke_Naruto_by_Ruutus.jpg

sKe69 · Answer

re,


encore quelques chose de louche ... et des reste de Norton que l'on va nettoyer ...



1- Télécharge Norton removal tool sur ton bureau :
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe

Déconnecte toi . 
Ensuite désinstalle Norton avec "Norton removal tool": tu double-cliques dessus et tu te laisses guider ... il faut le désinstaller correctement ( fais la manipe 2 fois si possible ).  



==================

2- Télécharge ComboFix (par sUBs) sur ton Bureau (et pas ailleurs !): 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 


--------------------------------- [ ! ATTENTION ! ] ------------------------------------------
!! Déconnecte toi,ferme tes applications en cours ( ainsi que ton navigateur ) et DESACTIVE TOUTES TES DEFENSES (anti-virus, guarde anti spy-ware, pare-feu) le temps de la manipe : 
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après  !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Note : pour XP, bien installer la Console de Récupération de Windows comme il est indiqué dans le tuto ci-dessus ...
--------------------------------------------------------------------------------------------


Ensuite :
double-clique sur l'icône "combofix.exe" pour lancer l'outil . 

Appuie sur la touche Y (Yes) pour démarrer le scan . 

Notes importantes : 
-> n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
-> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisse le faire .
-> Si l'outil t'anonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarer votre machine", tu acceptes ...
-> si un message d'erreur windows apparait à un momment  : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... ) 

Le rapport sera crée ici : C:\Combofix.txt 

Réactive bien tes défenses .

 
Poste le rapport Combofix pour analyse ...

p59 · Answer

voila : 

ComboFix 09-05-12.06 - Pierrot 13/05/2009 14:15.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel  5.1.2600.3.1252.33.1036.18.1022.644 [GMT 2:00]
Lancé depuis: c:\documents and settings\Pierrot\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\ovfsthgtiqjyiiqootlyrnsiyyuochuhrhdyoh.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\ovfsthgotqtemxhwihyodoswwvbyvpqonatoym.dll
c:\windows\system32\ovfsthnpmbcoppyxpwsecvcaxsxtngdrievwks.dat
c:\windows\system32\ovfsthtqjjhtwmtjqsxdqhxdpnqsravncwuxcn.dat
c:\windows\system32\ovfsthxmkmrvpreycabjfultgaclkbikfaovbl.dll
c:\windows\system32\ovfsthxybwmvwpugrynurylnqssyunvutnmjck.dll
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthlrpapkhlcskbebxmboeojkcjapfafogi
-------\Legacy_IPRIP
-------\Service_Iprip


(((((((((((((((((((((((((((((   Fichiers créés du 2009-04-13 au 2009-05-13  ))))))))))))))))))))))))))))))))))))
.

2009-05-13 12:13 . 2009-05-13 12:13	--------	d-sh--w	C:\FOUND.000
2009-05-13 11:22 . 2009-05-13 11:22	--------	d-----w	c:\documents and settings\All Users\Application Data\NortonInstaller
2009-05-13 09:37 . 2009-05-13 09:37	--------	d-----w	C:\GenProc
2009-05-12 22:44 . 2009-05-12 22:44	--------	d-----w	c:\program files\Ad-remover
2009-05-12 22:20 . 2009-05-12 22:20	--------	d-----w	C:\_OTMoveIt
2009-05-12 17:43 . 2009-05-12 17:43	--------	d-----w	C:\UsbFix
2009-05-12 17:01 . 2009-05-12 17:01	--------	d-----w	C:sit
2009-05-12 10:12 . 2009-05-12 10:12	--------	d-----w	c:\documents and settings\Pierrot\Application Data\Malwarebytes
2009-05-12 10:12 . 2009-04-06 13:32	15504	----a-w	c:\windows\system32\drivers\mbam.sys
2009-05-12 10:12 . 2009-04-06 13:32	38496	----a-w	c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-12 10:12 . 2009-05-12 10:12	--------	d-----w	c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-12 10:12 . 2009-05-12 10:12	--------	d-----w	c:\program files\Malwarebytes' Anti-Malware
2009-05-11 21:51 . 2009-03-24 14:08	55640	----a-w	c:\windows\system32\drivers\avgntflt.sys
2009-05-11 21:51 . 2009-05-11 21:51	--------	d-----w	c:\program files\Avira
2009-04-28 19:27 . 2009-04-28 19:27	--------	d-----w	c:\documents and settings\Pierrot\Application Data\Mount&Blade
2009-04-27 13:21 . 2009-04-27 13:21	--------	d-----w	c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-27 13:21 . 2009-04-27 13:21	--------	d-----w	c:\program files\iTunes
2009-04-27 13:20 . 2009-04-27 13:20	--------	d-----w	c:\program files\Bonjour
2009-04-25 15:05 . 2009-04-25 15:05	--------	d-----w	c:\documents and settings\Pierrot\Application Data\IDM
2009-04-25 15:05 . 2009-04-25 15:05	--------	d-----w	c:\documents and settings\Pierrot\Application Data\DMCache
2009-04-19 12:45 . 2009-04-19 12:45	--------	d-----w	c:\documents and settings\Pierrot\Application Data\Paquet Builder
2009-04-19 12:31 . 2009-04-19 12:31	--------	d-----w	c:\program files\7-Zip
2009-04-18 19:13 . 2009-04-18 19:13	--------	d-----w	c:\program files\Sierra On-Line
2009-04-15 09:51 . 2008-12-16 12:31	354304	------w	c:\windows\system32\dllcache\winhttp.dll
2009-04-15 09:51 . 2008-04-21 21:15	219136	------w	c:\windows\system32\dllcache\wordpad.exe
2009-04-15 09:50 . 2009-02-06 10:10	227840	------w	c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 09:50 . 2009-03-06 14:20	286720	------w	c:\windows\system32\dllcache\pdh.dll
2009-04-15 09:50 . 2009-02-09 11:23	111104	------w	c:\windows\system32\dllcache\services.exe
2009-04-15 09:50 . 2009-02-09 10:53	401408	------w	c:\windows\system32\dllcachepcss.dll
2009-04-15 09:50 . 2009-02-09 10:53	473600	------w	c:\windows\system32\dllcache\fastprox.dll
2009-04-15 09:50 . 2009-02-09 10:53	685568	------w	c:\windows\system32\dllcache\advapi32.dll
2009-04-15 09:50 . 2009-02-09 10:53	735744	------w	c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 09:50 . 2009-02-09 10:53	453120	------w	c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 09:50 . 2009-02-09 10:53	739840	------w	c:\windows\system32\dllcache
tdll.dll

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-13 12:18 . 2006-08-19 04:41	12	----a-w	c:\windows\bthservsdp.dat
2009-05-13 10:22 . 2006-11-25 20:58	61696	----a-w	c:\documents and settings\Pierrot\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-11 22:14 . 2006-12-06 18:46	16296	----a-w	c:\documents and settings\Pierrot\Application Data\wklnhst.dat
2009-04-19 09:25 . 2006-08-19 04:21	78346	----a-w	c:\windows\system32\perfc00C.dat
2009-04-19 09:25 . 2006-08-19 04:21	476522	----a-w	c:\windows\system32\perfh00C.dat
2009-03-26 15:35 . 2009-04-02 11:18	210352	----a-w	c:\windows\system32\idmmbc.dll
2009-03-19 14:32 . 2008-09-23 23:52	23400	----a-w	c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-09 03:19 . 2009-01-05 09:38	410984	----a-w	c:\windows\system32\deploytk.dll
2009-03-06 14:20 . 2004-08-10 18:00	286720	----a-w	c:\windows\system32\pdh.dll
2009-03-03 00:13 . 2006-01-09 18:02	826368	----a-w	c:\windows\system32\wininet.dll
2009-02-20 17:10 . 2004-08-10 18:00	78336	----a-w	c:\windows\system32\ieencode.dll
2009-02-15 17:30 . 2009-02-15 17:30	53248	----a-w	c:\windows\ipuninst.exe
2007-09-04 19:01 . 2007-09-04 19:01	48	--sh--w	c:\windows\S83A54D1A.tmp
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-22 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"SuperCopier2.exe"="d:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"IDMan"="d:\program files\Internet Download Manager\IDMan.exe" [2009-04-02 2794928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 3080704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OBealsched.exe" [2008-01-01 185896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-12 7577600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-12 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"nwiz"="nwiz.exe" - c:\windows\system32
wiz.exe [2006-06-12 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Pierrot\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Recherche acc‚l‚r‚e.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-12-17 111376]
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Readereader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Messenger\MSMSGS.EXE"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\WINDOWS\System32\dplaysvr.exe"=
"d:\Program Files\Microsoft Games\Age of Empires II\Age2_X1\age2_x1.Exe"=
"d:\Program Files\Microsoft Games\Freelancer\EXE\Freelancer.exe"=
"d:\Program Files\eMule\emule.exe"=
"d:\Program Files\Azureus\Azureus.exe"=
"d:\Program Files\SopCast\SopCast.exe"=
"c:\Program Files\Windows Live\Messenger\MsnMsgr.Exe"=
"c:\Program Files\Windows Live\Messenger\livecall.exe"=
"d:\Program Files\Sports Interactive\Football Manager 2009\fm.exe"=
"c:\Program Files\Bonjour\mDNSResponder.exe"=
"c:\Program Files\iTunes\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3587:TCP"= 3587:TCP:Groupement homologue Windows
"3540:UDP"= 3540:UDP:Protocole PNRP (Peer Name Resolution Protocol)
"4662:TCP"= 4662:TCP:4662 TCP
"4672:UDP"= 4672:UDP:4672 UDP
"4711:TCP"= 4711:TCP:4711 TCP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [11/05/2009 23:51 108289]
S2 gupdate1c98718c422d7a5;Google Update Service (gupdate1c98718c422d7a5);c:\program files\Google\Update\GoogleUpdate.exe [04/02/2009 23:34 133104]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [24/07/2007 20:59 2560]
S3 asbp2poa;asbp2poa;\??\c:\docume~1\Pierrot\LOCALS~1\Temp\asbp2poa.sys --> c:\docume~1\Pierrot\LOCALS~1\Temp\asbp2poa.sys [?]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - INT15.SYS
*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc	REG_MULTI_SZ   	p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenu du dossier 'Tâches planifiées'

2009-05-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-02 21:14]

2009-05-13 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 21:34]

2009-05-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Télécharger avec IDM - d:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - d:\program files\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - d:\program files\Internet Download Manager\IEGetAll.htm
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game03.zylom.com/activex/zylomgamesplayer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-13 14:22
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\Pierrot\LOCALS~1\Temp\mc24.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):fc,2a,6e,1d,21,80,ad,85,57,cf,1d,68,74,b7,68,8c,82,5c,0e,11,3b,
   31,ad,cc,20,cd,86,49,e5,db,b2,b0,76,2e,da,c4,c5,d2,39,44,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{af2ddcb7-a988-49a4-a645-ae9b1516069a}]
@Denied: (Full) (Everyone)
"Model"=dword:00000084
"Therad"=dword:00000013
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(3696)
d:\program files\SuperCopier2\SC2Hook.dll
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
c:\program files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
c:\program files\Fichiers communs\Microsoft Shared\Encarta Search Bar\F\ESBRes.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\acer\Empowering Technology\admServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32
vsvc32.exe
c:\windows\system32undll32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32	cpsvcs.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Fichiers communs\Nero\Lib\NMIndexingService.exe
c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\docume~1\Pierrot\LOCALS~1\Temp\RtkBtMnt.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-05-13 14:25 - La machine a redémarré
ComboFix-quarantined-files.txt  2009-05-13 12:25

Avant-CF: 5 404 983 296 octets libres
Après-CF: 8 338 014 208 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptOut

263	--- E O F ---	2009-04-15 11:42


avira m'a detecté plusieurs virus ou prog malveillant venant de combofix après le redemarage mais je les ai ignorés

p59 · Answer

les ports usb et carte memoire remarchent !

sKe69 · Answer

de retour ...

j'analyse le rapport et te donne la suite ... ;)

sKe69 · Answer

La suite :


1-Créer un doc texte sur ton bureau : 
pointe ta souris sur ton bureau , clique droit : va dans "nouveau" et choisis "document texte" . 

Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de créer : 


File:: 
c:\windows\system32\perfc00C.dat 
c:\windows\system32\perfh00C.dat 

Folder:: 
c:\documents and settings\All Users\Application Data\NortonInstaller 

Driver:: 
asbp2poa


Puis va dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi : 
CFScript puis valide ...
 

2-Nettoyage :

!! Déconnecte toi, ferme toutes tes applications et désactive TOUTES TES DEFENSES ( tu les réactiveras après )  !! 

--->Sur ton bureau, fais glisser avec ta souris le fichier CFScript sur l'icône de ComboFix.exe . 

(Regarde ici : http://img.photobucket.com/albums/v666/sUBs/CFScript.gif )

Cette manipulation va relancer combofix .
--> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tape 1 puis valide. 

Puis patiente le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!) 

!! Ne touches à rien tant que le scan n'est pas terminé !! 

Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire. 

Une fois le scan achevé, un rapport va s'afficher : poste le accompagné d' un nouveau rapport RSIT pour analyse ...

( Attention : cette manipe a été fait pour ce PC . Toute réutilisation peut endommager sévèrement le système d'exploitation )

p59 · Answer

le rapport combofix

ComboFix 09-05-12.06 - Pierrot 13/05/2009 17:09.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel  5.1.2600.3.1252.33.1036.18.1022.466 [GMT 2:00]
Lancé depuis: c:\documents and settings\Pierrot\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Pierrot\Bureau\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
 * Un nouveau point de restauration a été créé

FILE ::
c:\windows\system32\perfc00C.dat
c:\windows\system32\perfh00C.dat
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\NortonInstaller
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\[u]0[/u]5-13-2009-13h22m05s\SymNRT-05-13-2009-13h22m06s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\[u]0[/u]5-13-2009-13h22m05s\SymNRT.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\[u]0[/u]5-13-2009-13h35m14s\SymNRT-05-13-2009-13h35m14s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\[u]0[/u]5-13-2009-13h35m14s\SymNRT.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Settings\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}.7z
c:\windows\system32\perfc00C.dat
c:\windows\system32\perfh00C.dat

.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASBP2POA
-------\Service_asbp2poa


(((((((((((((((((((((((((((((   Fichiers créés du 2009-04-13 au 2009-05-13  ))))))))))))))))))))))))))))))))))))
.

2009-05-13 12:13 . 2009-05-13 12:13	--------	d-sh--w	C:\FOUND.000
2009-05-13 09:37 . 2009-05-13 09:37	--------	d-----w	C:\GenProc
2009-05-12 22:44 . 2009-05-12 22:44	--------	d-----w	c:\program files\Ad-remover
2009-05-12 22:20 . 2009-05-12 22:20	--------	d-----w	C:\_OTMoveIt
2009-05-12 17:43 . 2009-05-12 17:43	--------	d-----w	C:\UsbFix
2009-05-12 17:01 . 2009-05-12 17:01	--------	d-----w	C:\rsit
2009-05-12 10:12 . 2009-05-12 10:12	--------	d-----w	c:\documents and settings\Pierrot\Application Data\Malwarebytes
2009-05-12 10:12 . 2009-04-06 13:32	15504	----a-w	c:\windows\system32\drivers\mbam.sys
2009-05-12 10:12 . 2009-04-06 13:32	38496	----a-w	c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-12 10:12 . 2009-05-12 10:12	--------	d-----w	c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-12 10:12 . 2009-05-12 10:12	--------	d-----w	c:\program files\Malwarebytes' Anti-Malware
2009-05-11 21:51 . 2009-03-24 14:08	55640	----a-w	c:\windows\system32\drivers\avgntflt.sys
2009-05-11 21:51 . 2009-05-11 21:51	--------	d-----w	c:\program files\Avira
2009-04-28 19:27 . 2009-04-28 19:27	--------	d-----w	c:\documents and settings\Pierrot\Application Data\Mount&Blade
2009-04-27 13:21 . 2009-04-27 13:21	--------	d-----w	c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-27 13:21 . 2009-04-27 13:21	--------	d-----w	c:\program files\iTunes
2009-04-27 13:20 . 2009-04-27 13:20	--------	d-----w	c:\program files\Bonjour
2009-04-25 15:05 . 2009-04-25 15:05	--------	d-----w	c:\documents and settings\Pierrot\Application Data\IDM
2009-04-25 15:05 . 2009-04-25 15:05	--------	d-----w	c:\documents and settings\Pierrot\Application Data\DMCache
2009-04-19 12:45 . 2009-04-19 12:45	--------	d-----w	c:\documents and settings\Pierrot\Application Data\Paquet Builder
2009-04-19 12:31 . 2009-04-19 12:31	--------	d-----w	c:\program files\7-Zip
2009-04-18 19:13 . 2009-04-18 19:13	--------	d-----w	c:\program files\Sierra On-Line
2009-04-15 09:51 . 2008-12-16 12:31	354304	------w	c:\windows\system32\dllcache\winhttp.dll
2009-04-15 09:51 . 2008-04-21 21:15	219136	------w	c:\windows\system32\dllcache\wordpad.exe
2009-04-15 09:50 . 2009-02-06 10:10	227840	------w	c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 09:50 . 2009-03-06 14:20	286720	------w	c:\windows\system32\dllcache\pdh.dll
2009-04-15 09:50 . 2009-02-09 11:23	111104	------w	c:\windows\system32\dllcache\services.exe
2009-04-15 09:50 . 2009-02-09 10:53	401408	------w	c:\windows\system32\dllcache\rpcss.dll
2009-04-15 09:50 . 2009-02-09 10:53	473600	------w	c:\windows\system32\dllcache\fastprox.dll
2009-04-15 09:50 . 2009-02-09 10:53	685568	------w	c:\windows\system32\dllcache\advapi32.dll
2009-04-15 09:50 . 2009-02-09 10:53	735744	------w	c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 09:50 . 2009-02-09 10:53	453120	------w	c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 09:50 . 2009-02-09 10:53	739840	------w	c:\windows\system32\dllcache\ntdll.dll

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-13 15:13 . 2006-08-19 04:41	12	----a-w	c:\windows\bthservsdp.dat
2009-05-13 10:22 . 2006-11-25 20:58	61696	----a-w	c:\documents and settings\Pierrot\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-11 22:14 . 2006-12-06 18:46	16296	----a-w	c:\documents and settings\Pierrot\Application Data\wklnhst.dat
2009-03-26 15:35 . 2009-04-02 11:18	210352	----a-w	c:\windows\system32\idmmbc.dll
2009-03-19 14:32 . 2008-09-23 23:52	23400	----a-w	c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-09 03:19 . 2009-01-05 09:38	410984	----a-w	c:\windows\system32\deploytk.dll
2009-03-06 14:20 . 2004-08-10 18:00	286720	----a-w	c:\windows\system32\pdh.dll
2009-03-03 00:13 . 2006-01-09 18:02	826368	----a-w	c:\windows\system32\wininet.dll
2009-02-20 17:10 . 2004-08-10 18:00	78336	----a-w	c:\windows\system32\ieencode.dll
2009-02-15 17:30 . 2009-02-15 17:30	53248	----a-w	c:\windows\ipuninst.exe
2007-09-04 19:01 . 2007-09-04 19:01	48	--sh--w	c:\windows\S83A54D1A.tmp
.

(((((((((((((((((((((((((((((   SnapShot@2009-05-13_12.22.12   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-13 15:14 . 2009-05-13 15:14	16384              c:\windows\Temp\Perflib_Perfdata_73c.dat
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-22 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"SuperCopier2.exe"="d:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"IDMan"="d:\program files\Internet Download Manager\IDMan.exe" [2009-04-02 2794928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 69632]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 352256]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 3080704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-01 185896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-12 7577600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-12 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-06-28 16248320]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-12 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Pierrot\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Recherche acc‚l‚r‚e.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-12-17 111376]
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\Messenger\MSMSGS.EXE"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\WINDOWS\System32\dplaysvr.exe"=
"d:\Program Files\Microsoft Games\Age of Empires II\Age2_X1\age2_x1.Exe"=
"d:\Program Files\Microsoft Games\Freelancer\EXE\Freelancer.exe"=
"d:\Program Files\eMule\emule.exe"=
"d:\Program Files\Azureus\Azureus.exe"=
"d:\Program Files\SopCast\SopCast.exe"=
"c:\Program Files\Windows Live\Messenger\MsnMsgr.Exe"=
"c:\Program Files\Windows Live\Messenger\livecall.exe"=
"d:\Program Files\Sports Interactive\Football Manager 2009\fm.exe"=
"c:\Program Files\Bonjour\mDNSResponder.exe"=
"c:\Program Files\iTunes\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3587:TCP"= 3587:TCP:Groupement homologue Windows
"3540:UDP"= 3540:UDP:Protocole PNRP (Peer Name Resolution Protocol)
"4662:TCP"= 4662:TCP:4662 TCP
"4672:UDP"= 4672:UDP:4672 UDP
"4711:TCP"= 4711:TCP:4711 TCP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [11/05/2009 23:51 108289]
S2 gupdate1c98718c422d7a5;Google Update Service (gupdate1c98718c422d7a5);c:\program files\Google\Update\GoogleUpdate.exe [04/02/2009 23:34 133104]
S2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [24/07/2007 20:59 2560]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc	REG_MULTI_SZ   	p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenu du dossier 'Tâches planifiées'

2009-05-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-02 21:14]

2009-05-13 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 21:34]

2009-05-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Télécharger avec IDM - d:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger le contenu de video FLV avec IDM - d:\program files\Internet Download Manager\IEGetVL.htm
IE: Télécharger tous les liens avec IDM - d:\program files\Internet Download Manager\IEGetAll.htm
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game03.zylom.com/activex/zylomgamesplayer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-13 17:25
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\Pierrot\LOCALS~1\Temp\mc27.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):fc,2a,6e,1d,21,80,ad,85,57,cf,1d,68,74,b7,68,8c,82,5c,0e,11,3b,
   31,ad,cc,20,cd,86,49,e5,db,b2,b0,76,2e,da,c4,c5,d2,39,44,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{af2ddcb7-a988-49a4-a645-ae9b1516069a}]
@Denied: (Full) (Everyone)
"Model"=dword:00000084
"Therad"=dword:00000013
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(1628)
d:\program files\SuperCopier2\SC2Hook.dll
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
c:\program files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
c:\program files\Fichiers communs\Microsoft Shared\Encarta Search Bar\F\ESBRes.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\acer\Empowering Technology\admServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\docume~1\Pierrot\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\Fichiers communs\Nero\Lib\NMIndexingService.exe
c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-05-13 17:27 - La machine a redémarré
ComboFix-quarantined-files.txt  2009-05-13 15:27
ComboFix2.txt  2009-05-13 12:25

Avant-CF: 7 712 735 232 octets libres
Après-CF: 7 910 653 952 octets libres

251	--- E O F ---	2009-04-15 11:42

p59 · Answer

le rsit

Logfile of random's system information tool 1.06 (written by random/random)
Run by Pierrot at 2009-05-13 17:48:27
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 8 GB (17%) free of 45 GB
Total RAM: 1022 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:48:37, on 13/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32	cpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32undll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Pierrot\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
D:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Pierrot\Bureau\RSIT.exe
C:\Documents and Settings\Pierrot\Bureau\Pierrot.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] D:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] d:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Télécharger avec IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.n9ws.com/webscanner/kavwebscan_unicode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c98718c422d7a5) (gupdate1c98718c422d7a5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWSunservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O24 - Desktop Component 0: (no name) - http://ic3.deviantart.com/fs12/i/2006/340/4/8/Sasuke_Naruto_by_Ruutus.jpg

sKe69 · Answer

Impec...


la suite dans l'ordre : 


( ne saute pas d'étape ! si tu rencontres un soucis lors de cette manipe , tu stoppes et tu m'en fais part )


1-Télécharge ToolsCleaner (de A.Rothstein) sur ton Bureau. 
http://pc-system.fr/

Déconnecte toi et ferme bien toutes tes applications en cours .

Lances le . 
*Clique sur Recherche et laisse le scan se terminer (cela peut être long). 
*Clique sur Suppression pour finaliser. 
*Clique sur "quitter" pour générer un rapport ( et pas sur la croix rouge !) :
--> Poste ce rapport : il se trouve à la racine de ton disque dur -> C:\TCleaner.txt . 

Note : Ce petit soft va te nettoyer tout les trucs dont on c'est servi pour la désinfection .
Supprime tout les outils , dossiers ou rapports consernant la désinfection que Toolscleaner2 n'a pas supprimé . 

( garde CCleaner et Malwarebytes : très utiles ! )

======================================

2- Refais un coup de CCleaner ( registre compris ) .

======================================

3- Retélécharge et réinstalle hijackthis ( car supprimé par Toolscleaner2 ) ,

Télécharge et installe le logiciel HijackThis : 

ici http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html

-> Clique sur le setup pour lancer l'installe : laisse toi guider et ne modifie pas les paramètres d'installation . 
A la fin de l'installe , le prg ce lance automatiquement : ferme le en cliquant sur la croix rouge . 
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme : 
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .

( ne fais pas de scan pour le moment ) 

======================================

4- Important :
Purge de la restauration système 
*Désactive ta restauration :
Clique droit sur poste de travail/propriétés/Restauration système/coche la case désactiver la restauration, appliquer, OK 
---> Redémarre ton PC ...

*Réactive ta restauration :
Clique droit sur poste de travail/propriétés/Restauration système/décoche la case désactiver la restauration, appliquer, OK 
--->Redémarre ton PC ...

( Note : tu peux aussi y accéder via panneau de configuration->" système "->" restauration système " ).


======================================

5- Fais ce scan en ligne pour vérifier :

( ne rien faire d'autre avec le PC durant le scan ! )

Fais un scan en ligne avec Kaspersky : https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
- Sous Démonstration en ligne, on t'explique la marche à suivre, et pour lancer le scan il faut sélectionner < Exécuter l'analyse en ligne >. 
Le scan ne marche que sous Internet Explorer(et pas sous firefox ou autre...). 
- On va te demander de télécharger un contôle active x, accepte . 
- Dans le menu Choisissez la cible de l'analyse, sélectionne Poste de travail. Le scan va commencer. 
- Sauvegarde le rapport qui sera généré, puis copie/colle le dans ta prochaine réponse pour analyse et attends la suite ... 

--> tuto : 
https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId291566

Note : 
*Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.

*S'il y a un problème, assure toi que les contrôles active x sont bien configurés dans les options internet comme décrit sur ce lien : http://www.inoculer.com/activex.php3 
Rappel : le scan est à faire sous Internet Explorer !

p59 · Answer

karperky est en train de bosser mais je risque de partir avant la fin, je serai de retour vers 23h

p59 · Answer

voila le rapport kaspersky

KASPERSKY ON-LINE SCANNER REPORT  
Thursday, May 14, 2009 1:23:46 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
Kaspersky On-line Scanner version : 5.0.84.2
Dernière mise à jour de la base antivirus Kaspersky : 14/05/2009
Enregistrements dans la base antivirus Kaspersky : 1970600
 
 
Paramètres d'analyse 
Analyser avec la base antivirus suivante standard 
Analyser les archives vrai 
Analyser les bases de messagerie vrai 
 
Cible de l'analyse Poste de travail 
C:\
D:\
E:\
H:\  
 
Statistiques de l'analyse 
Total d'objets analysés 111318 
Nombre de virus trouvés 0 
Nombre d'objets infectés 0 / 0 
Nombre d'objets suspects 0 
Durée de l'analyse 02:05:59 

Nom de l'objet infecté Nom du virus Dernière action 
C:\WINDOWS\system32\config\system.LOG  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\software.LOG  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\default.LOG  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SAM.LOG  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SECURITY.LOG  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\Media Ce.evt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SecEvent.Evt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\AppEvent.Evt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SysEvent.Evt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\Internet.evt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SECURITY  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SOFTWARE  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SYSTEM  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\DEFAULT  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\config\SAM  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\drivers\sptd.sys  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\CatRoot2	mp.edb  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\CatRoot2\edb.log  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\system32\h323log.txt  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\Temp\Perflib_Perfdata_908.dat  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\Debug\PASSWD.LOG  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\WindowsUpdate.log  L'objet est verrouillé  ignoré  
 
C:\WINDOWS\SchedLgU.Txt  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\avguard.tmp  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\NetworkService
tuser.dat.LOG  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\NetworkService
tuser.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\NetworkService\Cookies\index.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService\Cookies\index.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService
tuser.dat.LOG  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\LocalService
tuser.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\Pierrot
tuser.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\Pierrot
tuser.dat.LOG  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\Pierrot\Local Settings\Historique\History.IE5\index.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\Pierrot\Local Settings\Historique\History.IE5\MSHist012009051420090515\index.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\Pierrot\Local Settings\Temporary Internet Files\Content.IE5\index.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\Pierrot\Local Settings\Temporary Internet Files\Content.IE5\1EAV5RGW\0000122254[1].fid  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\Pierrot\Local Settings\Application Data\ApplicationHistory\ePower_DMC.exe.3ca0acde.ini.inuse  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\Pierrot\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\Pierrot\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\Pierrot\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\Pierrot\Local Settings\Application Data\Ahead\Nero Home\bl.db  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\Pierrot\Local Settings\Application Data\Ahead\Nero Home\is2.db  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\Pierrot\Local Settings	emp\fla4202.tmp  L'objet est verrouillé  ignoré  
 
C:\Documents and Settings\Pierrot\Cookies\index.dat  L'objet est verrouillé  ignoré  
 
C:\Program Files\Nero\Nero8\Nero BackItUp\BIU3.txt  L'objet est verrouillé  ignoré  
 
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP2\change.log  L'objet est verrouillé  ignoré  
 
C:\autorun.inf\lpt3.This folder was created by UsbFix  L'objet est verrouillé  ignoré  
 
D:\autorun.inf\lpt3.This folder was created by UsbFix  L'objet est verrouillé  ignoré  
 
D:\System Volume Information\MountPointManagerRemoteDatabase  L'objet est verrouillé  ignoré  
 
D:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP2\change.log  L'objet est verrouillé  ignoré  
 
Analyse terminée.

sKe69 · Answer

Salut,


c'est clean ... Si tu n'as plus de prb , on finalise .... dans l'ordre :


1- Mets à jours ce qui suit, c'est important ( des versions pas à jours = failles de sécurité ) :

Version Console Java à jour > 6 Update 13
Version Adobe Reader à jour > v 9.1.0

* pour la console Java :
-> désinstalle toutes les versions antérieurs  via le panneau de config./"Ajout et suppression de programmes" (pour XP) ou " Programmes et fonctionnalités " (pour Vista) .
-> Puis télécharge et installe la dernière version ici :
http://www.commentcamarche.net/telecharger/telecharger 34055318 java runtime environment
ou https://www.java.com/fr/

( Autre astuce pour faire cette maj ainsi que la suppression des anciennes versions 
avec l'outil Javara : http://www.commentcamarche.net/faq/sujet 15645 javara indispensable )

-> Enfin contrôle ceci : 
Démarrer > Panneau de configuration > Icône Java > onglet Mise à jour > cocher la case "Automatiser la détection des mises à jour".


* Adobe Reader :
-> désinstalle avant l'ancienne version via le panneau de config./"Ajout et suppression de programmes" (pour XP) ou " Programmes et fonctionnalités " (pour Vista) .
-> Note : si tu as une imprimante ,éteinds la et débranche la du PC avant de faire la mise à jour.
-> télécharge et installe la dernière version ici : 
http://www.commentcamarche.net/telecharger/telecharger 27 acrobat reader


======================

2- Hijackthis :

tuto pour utilisation 
Regarde ici, c'est parfaitement expliqué en images (merci balltrap34) :
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
( Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement )

2-!! Déconnecte toi et ferme toutes tes applications en cours !!

Clique sur le raccourci du bureau pour lancer le prg :
fais un scan "monjack" (ou HijackThis renommé) en cliquant sur : "Do a system scan and save a logfile" 

---> Poste le rapport généré pour analyse ...

p59 · Answer

voila tout est fait

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:42:54, on 14/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32	cpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32undll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\Pierrot\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
D:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
D:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
D:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] D:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] d:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Télécharger avec IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) - 
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) - 
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) - 
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) - 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c98718c422d7a5) (gupdate1c98718c422d7a5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWSunservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

sKe69 · Answer

Re,

tu as mal nettoyer les ancienne version de Java ( cela prend beaucoup de place pour rien ...)

Pour supprimer ces anciennes versions , utilise l'utilitaire Javara comme indiqué dans cet astuce :
 http://www.commentcamarche.net/faq/sujet 15645 javara indispensable 

ensuite un coupde Ccleaner ( registre compris ) .


refais un hijackthis et poste le nouveau rapport pour contrôler ...

p59 · Answer

voila 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:38:00, on 14/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32	cpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32undll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\Pierrot\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
D:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
D:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
D:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] D:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] d:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Télécharger avec IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) - 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c98718c422d7a5) (gupdate1c98718c422d7a5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWSunservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

sKe69 · Answer

yes !... ^^


====================

mais attention ! 
je vois que tu as remis le "tea timer" de Spybot ! J'espère pour toi que tu as accepté toutes les modifs de registre qu'il t'a éventuellement proposé ! Si tu les as refusé , il y de grande chance que tu es ré-injecté certaines clé infectieuses (qu'il avait encore en mémoire) .


Bref , lorsque tu auras fait la manipe qui suit , il faudra accepter toutes les modifs de registre qu'il te proposera !

====================

la suite :


1- Ferme toutes tes applications ( navigateur compris ) et déconnecte toi .

Relance Hijackthis mais click sur " Do a scan only " 
Tu vois donc apparaitre le résultat du scan : une multitudes de lignes ,chacunes précédées d'un carré vide . 
Tu vas cliquer sur les carrés des lignes suivantes : 


O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) 

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE 
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot 
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime 
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" 
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" 
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" 
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe 
O4 - HKCU\..\Run: [IDMan] d:\Program Files\Internet Download Manager\IDMan.exe /onboot 
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab 
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) - 



Tu cliques en bas sur le bouton FIX CHECKED et valides .



2- Redémarre l'ordi .
( important pour que certaines modifs faites avec hijakthis soient prises en compte ) 


Puis teste ton PC ainsi que ta navigation sur internet ... Si tout est Ok pour toi , on peut passer à la dernière étape ....
Poste aussi un dernier rapport Hijackthis de contrôle ...

p59 · Answer

tea timer m'a rien proposé, je suppose que c'est bon

sKe69 · Answer

bien ...

poste moi donc le dernier hijackthis demandé ....

p59 · Answer

et voila 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:48, on 14/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32	cpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32undll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\Pierrot\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
D:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
D:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] D:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Télécharger avec IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c98718c422d7a5) (gupdate1c98718c422d7a5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWSunservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

sKe69 · Answer

nickel ... suite et fin dans l'ordre : 1- Déconnecte toi et ferme bien toutes tes applications en cours . Lance Toolscleaner2 . *Clique sur Recherche et laisse le scan se terminer (cela peut être long). *Clique sur Suppression pour finaliser. *Clique sur "quitter" pour générer un rapport ( et pas sur la croix rouge !) : ---> Poste ce rapport : il se trouve à la racine de ton disque dur -> C:\TCleaner.txt . Note : Ce petit soft va te nettoyer tout les trucs dont on c'est servi pour la désinfection ( tu n'en as plus besion ! ) . Supprime tout les outils , dossiers ou rapports consernant la désinfection que Toolscleaner2 n'a pas supprimé . Puis enfin supprime Toolscleaner2 ... 2- Refais un coup de CCleaner ( registre compris ) . 3- Fais ce check-up pour finir : ( étape A à faire de suite ! et le reste dès que tu peux mais ne tarde pas trop ;) ) A-Purge de la restauration système *Désactive ta restauration : Clique droit sur poste de travail/propriétés/Restauration système/coche la case désactiver la restauration, appliquer, OK --->Redémarre ton PC ... *Réactive ta restauration : Clique droit sur poste de travail/propriétés/Restauration système/décoche la case désactiver la restauration, appliquer, OK --->Redémarre ton PC ... ( Note : tu peux aussi y accéder via panneau de configuration->" système "->" restauration système " ). Attention : ne pas toucher au PC pendant qu'il travaille ! B-Nettoyage et Défragmentation de tes Disques *Nettoyage : Clique droit sur "poste de travail" ==>"ouvrir" ==>clique droit sur le disque C ==>Propriétés ==>onglet "Général" Clique sur le bouton "nettoyage de disque", OK . tu le fais pour chacun de tes disques ... *Vérifications des erreurs : Clique droit sur "poste de travail" ==>"ouvrir" ==>clique droit sur le disque C ==>Propriétés ==>onglet "Outil" "Vérifier maintenant", une boîte s'ouvre, cocher les cases : -réparer automatiquement les erreurs... -rechercher et tenter une récupération... --->Démarrer, ok Note : s'il te dis de redémarrer ton Pc pour le faire , tu redémarres et tu laisses faire, cela prend un peu de temps c'est normal tu le fais pour chacun de tes disques ... ensuite toujours dans le même onglet tu choisis : *Défragmentation : "défragmenter maintenant", OK une boîte s'ouvre, tu sélectionnes le disque à défragmenter, et tu cliques sur "analyser", puis après l'analyse, "défragmenter" > OK . Tu le fais pour chacun de tes disques ... Note : si tu as un utilitaire pour défragmenter , utilise le à la place ... C-Créer un point de restauration de ton PC : Aller dans le Menu Démarrer puis dans Programmes, - Ensuite dans Accessoires et enfin dans Outils système, - Choisir "Restauration du système", - Sélectionner "Créer un point de restauration", - Cliquer sur "Suivant", - Entrer un nom pour le point de restauration (ce nom doit être assez évocateur), exemple : << Point restauration sain >> . --> Cliquer sur "Créer" et le point de restauration se créé automatiquement. ---> une fois terminé, dis moi ce que cela a donné et comment va le PC ... =)

p59 · Answer

la defrag est en cour

p59 · Answer

c'est bon toolscleaner est en train de chercher

p59 · Answer

et voila [ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]

--> Recherche: 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Pierrot\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Pierrot\Bureau\HJTInstall.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

---------------------------------
--> Suppression: 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Pierrot\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Pierrot\Bureau\HJTInstall.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !


tout est fait, le pc marche nickel, est ce fini ? :)

sKe69 · Answer

impec ...


content d'avoir pu te rendre service ... ^^


Potasse ces quelques recommandations :


=> Comportement à adopter avec son PC : http://assiste.com.free.fr/p/abc/a/safe_cex.html 
et pourquoi ( exemple ) : http://assiste.com.free.fr/p/abc/a/zombies_et_botnets.html

=> Surveillance : 
Effectue des scan réguliers de surveillance (une fois tous les 15 jours, par exemple) avec ton antivirus puis avec ton anti-spyware (après les avoir mis à jour bien sur !) et supprime ce qu'ils peuvent trouver (où mets en quarantaine, en pensant à la vider ultérieurement). 


=============================================================

=> Il faut mettre a jour la console Java régulièrement aussi : 

( Pourquoi : http://www.secuser.com/vulnerabilite/2008/080305-java.htm )

Donc pour se faire, rends toi sur https://www.java.com/fr/download/manual.jsp et télécharge la dernière version (si ta version actuelle n'est pas à jour) ou ici https://filehippo.com/download_jre_32/?ex=CORE-116.0 
Après avoir installé la dernière version, désinstalle les anciennes versions (de Java) afin d’éliminer les failles de sécurité présentes dans ces anciennes versions. 
via Démarrer / Paramètres / Panneau de config / et dans Ajout/Suppression de programmes navigue jusqu'aux anciennes versions de la console Java qui s'y trouvent, puis clique sur « Supprimer », suis les invites de commandes dans la boite de dialogue qui va s'ouvrir afin d'amener la désinstallation à son terme. 
Fais cela pour chacune d'elles, une à une, fais redémarrer ton PC quand cela te sera demandé . 
Retourne ensuite chez Java ci-dessus et clique sur le bouton "Vérifier l'installation" pour t'assurer que tout est en ordre. 

Autre astuce : http://www.commentcamarche.net/faq/sujet 15645 javara indispensable

============================================================= 

=> Afin d’éviter les autres failles de sécurité des différents programmes présents sur ton PC : 

Vérifie tes mises à jours des différents softs régulièrement ici et mets à jour ce qui ne l’est pas. https://www.flexera.com/products/operations/software-vulnerability-management.html 
- Tuto https://www.malekal.com/tester-la-vulnerabilite-de-son-systeme-2/ 
- Autre possibilité, t'abonner gratuitement a "la lettre hebdomadaire de secuser.com" ici http://www.secuser.com/ a gauche en bas de page. 

-> autre très bon soft similaire dans cette astuce : 
http://www.commentcamarche.net/faq/sujet 9908 update checker vos logiciels sont ils a jour
 
===========================================================
* le pare- feu de Xp vaut rien , je te conseille fortement dans installer un :
Armor ou Comodo sont très bien ( en anglais mais gratuit )...Tu trouveras tout ce qu'il faut ici :
http://www.commentcamarche.net/telecharger/logiciel 38 firewall

tutos :
https://www.malekal.com/tutorial-online-armor-free/
https://www.malekal.com/tutorial-comodo-firewall/

( Attention : pour Comodo 3 , ne pas installer la barre d'outil pour les navigateurs ! )

En deuxieme choix ( gratuit aussi ) :
->Comodo ancienne version 2.4 ( en francais ) : 
http://download.comodo.com/cpf/download/setups/release/languages/CFP_Setup_English_French_2.4.16.174.exe
tuto: https://infomars.fr/forum/index.php?s=908072e48ff7cf0359366440cb26c93f&showtopic=389

->PC Tools Firewall Plus (en français) :
https://fr.norton.com/
Tuto : http://www.6ma.fr/tuto/utilisation-pc-tools-firewall-plus/

(Note: pensez bien à désactiver le pare-feu de Windows avant de lancer l'installe de tout autre pare-feu !)

* teste l'efficacité de ton pare-feu ici ( à titre indicatif ):
http://www.zebulon.fr/outils/scanports/test-securite.php

* tests firewall: http://www.matousec.com/index.html 

=> Un complément au pare-feu pour fermer les ports risqués (dangereux, s’ils restent ouverts) : 

ZebProtect (application ne nécessitant pas d’installation à lancer et paramétrer une unique fois) http://telechargement.zebulon.fr/123.html 

-Tuto https://www.zebulon.fr/dossiers/autres/40-zebprotect.html 

================================================================ 

Pour une meilleur sécurité lorsque tu surfes : 

* Je te conseille d'utiliser le navigateur " FireFox " :
télécharge le ici -> http://www.mozilla-europe.org/fr/
ou -> http://www.commentcamarche.net/telecharger/telecharger 111 firefox

( Attention : toujours garder IE sur son PC ! Il est indispensable pour les mises à jour de ton système ainsi que pour pas mal de choses, comme les scan d'antivirus en ligne, ect... )

-> Tutorial pour sécuriser Firefox :
https://www.malekal.com/securiser-le-navigateur-web-firefox-2/
https://forum.zebulon.fr/topic/69628-s%C3%A9curiser-un-peu-plus-firefox/ 

* tu peux installer cet Add-ons : WOT ( gratuit / compatible IE et FireFox )
-> Firefox https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp - IE https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp
-> Démo : http://www.mywot.com/fr/demo
Très simple et léger , WOT permet d'avoir un aperçu sur la dangerosité et la fiabilité des sites donnés par les moteurs de recherche tel que Google ou Live Search .
> http://www.commentcamarche.net/faq/sujet 15620 wot web of trust essentiel pour l internaute avise

* Noscript est un autre "Add-ons" ( pour Firefox ) qui empêche l'exécution de scripts en provenance des sites Web. 
Il stoppe l'installation de logiciels infectieux via flash, java, javascript et d'autres points d'entrée : 
http://www.geekstogo.com/forum/redirect.php?url=http%3A%2F%2Fwww.noscript.net

=================================================================
=> Rappel sur les principales causes d'infection : 


* L'utilisation de cracks ou keygens est à proscrire, de même que le surf sur les sites de téléchargement de ceux-ci : 

Les dangers des cracks : http://forum.malekal.com/ftopic893.php 

-> Le crack dans toute sa splendeur, journal d'une infection attendue : 
https://forum.zebulon.fr/topic/93281-pr%C3%A9vention-le-crack-dans-toute-sa-splendeur/ 

-> Fléaux du moment par le biais de pseudo crack sur réseau P2P : Virut/Scrible !
> https://www.futura-sciences.com/tech/actualites/informatique-virut-scribble-retour-infection-redoutable-18310/


* Le P2P ( l'utilisation de logiciels comme eMule, Sharazaa, LimeWire, Bit torrent): 

Les conséquences du P2P : https://forum.zebulon.fr/topic/85544-pr%C3%A9vention-le-p2p-et-ses-cons%C3%A9quences/ 

Pourquoi éviter le P2P (emule ,Shareaza, kazza ... ect):
> http://www.libellules.ch/... 
> http://www.speedweb1.org/forum-tesgaz/viewtopic.php?t=1793 
> https://lexpansion.lexpress.fr/actualite-economique/
 

* Faire attention avec les ActiveX :
http://assiste.com.free.fr/p/abc/a/activex_dangers.html
et comment : 
http://assiste.com.free.fr/p/abc/c/anti_activex.html


* Prévention sur deux autres types d'infection d'actualité : 

MSN prévention : 
https://forum.zebulon.fr/topic/130590-infection-par-msn-ou-wlm/
-> autre danger grandissant , le " phishing " (= hameçonnage ) :
http://msnfix.changelog.fr/index.php/2008/05/18/32-alerte
 

Infection par supports amovibles (clefs usb, flash, DD externes ..) :
https://forum.zebulon.fr/topic/131959-infections-par-supports-amovibles/ 
https://forum.malekal.com/viewtopic.php?f=45&t=5544 

=================================================================

Bon à savoir :

* La "Console de récupération" ( XP ): 
face aux nouvelles menaces (attaque du secteur de boot par exemple), la Console de récupération peut être la seule solution pour pallier à un système très endomagé et particulièrement instable. 
tutoriels ici : 
https://www.pcastuces.com/pratique/windows/xp/console_recuperation/page1.htm .
https://www.informatruc.com

Equivalent Vista : http://www.forum-vista.net/forum/

* Conserve une sauvegarde des fichiers importants ( Sur CD/DVD rom ,DD externe ,ect ...). 

* Ne pas telecharger n'importe quoi, éviter les programes gratuits genre smileys, Macrogaming\SweetIM, Boonty games, ...ect

* Analyser les fichiers reçus/téléchargés :
Pour les adeptes du Peer 2 Peer ( que je déconseille fortement ),toujours analyser les fichiers telechargés avec l'antivirus, l'anti-spyware/malawre du PC avant de les executer ... Cela minimise les risques ( mais ceux-ci restent tout de même présents ! ) 
Ne pas ouvrir les pieces jointes d'un expediteur inconnu et toujours les analyser avant de les ouvrir .
Toujours analyser les fichiers reçus via MSN ou autre avec ton antivirus .

=================================================================
( merci le sioux ) 


Voilou ...


Bonne continuation à toi ... =)


A+

p59 · Answer

merci beaucoup :D

Virus TR/Dropper.gen

59 réponses

Discussions similaires

Newsletters