Lecture Navilog suite spyware

Pascale -  
 archet9 -
Bonjour,

Suite à un message me proposant SpeedDownloading, je l'ai téléchargé et me suis ensuite aperçue qu'il contenait un spyware.
Le rapport Genproc m'a demandé de faire une analyse Navilog et je poste le rapport.
Merci de votre aide.

Search Navipromo version 3.7.7 commencé le 31/05/2009 à 17:55:03,06

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 12.05.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : BIOS Date: 01/03/06 16:40:56 Ver: 08.00.10
USER : Gérard ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1335 [VPS 090530-0] 4.8.1335 (Activated)

C:\ (Local Disk) - NTFS - Total:232 Go (Free:189 Go)
D:\ (CD or DVD)
E:\ (USB)
F:\ (Local Disk) - FAT32 - Total:465 Go (Free:400 Go)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)

Recherche executé en mode normal

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Gérard\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\kodak\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Gérard\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\kodak\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\Gérard\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\DOCUME~1\kodak\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Gérard\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\kodak\locals~1\applic~1" *

*** Recherche fichiers ***

*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cakwa"="\"c:\\documents and settings\\g‚rard\\local settings\\application data\\cakwa.exe\" cakwa"

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

* Dans "C:\Documents and Settings\Gérard\locals~1\applic~1" :

cakwa.exe trouvé !
cakwa.dat trouvé !
cakwa_nav.dat trouvé !
cakwa_navps.dat trouvé !

* Dans "C:\DOCUME~1\kodak\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :

*** Analyse terminée le 31/05/2009 à 18:00:27,20 ***
Configuration: Windows XP
Firefox 3.0.10

17 réponses

  1. archet9
     
    Bonsoir Pascale.

    Tu cliques sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.
    Au menu principal, choisis 2 et valide.
    (ne fais pas le choix ,3 ou 4 sans notre avis/accord)

    Le fix va t'informer qu'il va alors redémarrer ton PC
    Fermes toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
    Appuies sur une touche comme demandé.
    (si ton Pc ne redémarre pas automatiquement, fais le toi même)
    Au redémarrage de ton PC, choisis ta session habituelle.

    Patiente jusqu'au message :
    *** Nettoyage Termine le ..... ***
    Le bloc-notes va s'ouvrir.
    Sauvegarde le rapport de manière à le retrouver
    Referme le bloc-notes. Ton bureau va réapparaitre

    PS:Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
    Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
    Tape explorer et valide. Celà te fera apparaitre ton bureau.

    Poste le rapport

    a+
    0
  2. pascale
     
    Merci beaucoup de ton aide.

    Voici les rapports cleannavi et hijackthis.

    Clean Navipromo version 3.7.7 commencé le 31/05/2009 à 19:57:17,37

    Outil exécuté depuis C:\Program Files\navilog1

    Mise à jour le 12.05.2009 à 18h00 par IL-MAFIOSO

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
    BIOS : BIOS Date: 01/03/06 16:40:56 Ver: 08.00.10
    USER : Gérard ( Administrator )
    BOOT : Fail-safe boot

    Antivirus : avast! antivirus 4.8.1335 [VPS 090530-0] 4.8.1335 (Activated)

    C:\ (Local Disk) - NTFS - Total:232 Go (Free:189 Go)
    D:\ (CD or DVD)
    E:\ (USB)
    F:\ (Local Disk) - FAT32 - Total:465 Go (Free:400 Go)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)
    J:\ (USB)
    K:\ (USB)

    Mode suppression automatique
    avec prise en charge résultats Catchme et GNS

    Nettoyage executé en mode sans échec

    *** fsbl1.txt non trouvé ***
    (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

    *** Suppression avec sauvegardes résultats GenericNaviSearch ***

    * Suppression dans "C:\WINDOWS\System32" *

    * Suppression dans "C:\Documents and Settings\Gérard\locals~1\applic~1" *

    * Suppression dans "C:\DOCUME~1\kodak\locals~1\applic~1" *

    *** Suppression dossiers dans "C:\WINDOWS" ***

    *** Suppression dossiers dans "C:\Program Files" ***

    *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

    *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

    *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***

    *** Suppression dossiers dans "C:\Documents and Settings\Gérard\applic~1" ***

    *** Suppression dossiers dans "C:\DOCUME~1\kodak\applic~1" ***

    *** Suppression dossiers dans "C:\Documents and Settings\Gérard\locals~1\applic~1" ***

    *** Suppression dossiers dans "C:\DOCUME~1\kodak\locals~1\applic~1" ***

    *** Suppression dossiers dans "C:\Documents and Settings\Gérard\menudm~1\progra~1" ***

    *** Suppression dossiers dans "C:\DOCUME~1\kodak\menudm~1\progra~1" ***

    *** Suppression fichiers ***

    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\G‚rard\locals~1\Temp effectué !

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

    2)Recherche, création sauvegardes et suppression Heuristique :

    * Dans "C:\WINDOWS\system32" *

    C:\WINDOWS\prefetch\cakwa*.pf trouvé !
    Copie C:\WINDOWS\prefetch\cakwa*.pf réalisée avec succès !
    C:\WINDOWS\prefetch\cakwa*.pf supprimé !

    * Dans "C:\Documents and Settings\Gérard\locals~1\applic~1" *

    cakwa.exe trouvé !
    Copie cakwa.exe réalisée avec succès !
    cakwa.exe supprimé !

    cakwa.dat trouvé !
    Copie cakwa.dat réalisée avec succès !
    cakwa.dat supprimé !

    cakwa_nav.dat trouvé !
    Copie cakwa_nav.dat réalisée avec succès !
    cakwa_nav.dat supprimé !

    cakwa_navps.dat trouvé !
    Copie cakwa_navps.dat réalisée avec succès !
    cakwa_navps.dat supprimé !

    * Dans "C:\DOCUME~1\kodak\locals~1\applic~1" *

    *** Sauvegarde du Registre vers dossier Safebackup ***

    sauvegarde du Registre réalisée avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok

    *** Certificats ***

    Certificat Egroup absent !
    Certificat Electronic-Group absent !
    Certificat Montorgueil absent !
    Certificat OOO-Favorit absent !
    Certificat Sunny-Day-Design-Ltdt absent !

    *** Recherche autres dossiers et fichiers connus ***

    *** Nettoyage terminé le 31/05/2009 à 19:59:45,31 ***

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:10:08, on 31/05/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Spamihilator\spamihilator.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\Wireless LAN Utility\SiWake.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_BAND_SEARCHBAR_HTML
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://eo.st
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~3\COPERN~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {89382CE4-A27C-4603-99E7-5BC10AAF68F7} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Netcraft Toolbar - {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - C:\Program Files\Netcraft Toolbar\nctb.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [ScanSoft OmniPage SE 4.0-reminder] "C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453772 14
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~3\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~3\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~3\COPERN~1.EXE
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_1_1_0.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Service Google Update (gupdate1c9905e3b0044ee) (gupdate1c9905e3b0044ee) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    0
  3. archet9
     
    Re pascale...

    Pour verif fais ceci:

    Fais un scan avec cet antispyware :Telecharges malwarebytes + tutoriel :

    -> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    Tu l´installes; mets le a jour...(onglet mise a jour)
    Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
    Puis click sur "rechercher".
    Laisses le scanner le pc...
    Si des elements on ete trouvés > click sur supprimer la selection.
    si il t´es demandé de redemarrer > click sur "oui".
    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
    Copies et colles le rapport stp.

    *******

    Ensuite on allègera un peu le pc...

    a+
    0
    1. pascale
       
      Voici le rapport malware. Merci encore.

      Malwarebytes' Anti-Malware 1.37
      Version de la base de données: 2202
      Windows 5.1.2600 Service Pack 3

      31/05/2009 21:38:12
      mbam-log-2009-05-31 (21-38-12).txt

      Type de recherche: Examen rapide
      Eléments examinés: 87573
      Temps écoulé: 4 minute(s), 9 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 9
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 7
      Fichier(s) infecté(s): 237

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\Typelib\{80985322-3f89-4873-9bce-9297d217ccad} (Adware.SoftMate) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7545d8c8-f53c-4e2f-8fa0-d248ef4a6e61} (Rogue.Installer) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b4a78d29-52b1-4a7b-bac0-1471bedf9836} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      c:\documents and settings\Gérard\application data\Deskbar_{F9C5F756-9E7B-4bd8-8B4E-548B71E56F85} (Adware.SoftMate) -> Quarantined and deleted successfully.
      c:\documents and settings\Gérard\application data\deskbar_{f9c5f756-9e7b-4bd8-8b4e-548b71e56f85}\Cache (Adware.SoftMate) -> Quarantined and deleted successfully.
      C:\Program Files\Registry Defender Platinum (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\backup (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100 (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse (Rogue.RegistryDefender) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      c:\documents and settings\Gérard\Bureau\Speed-Downloading_setup.exe (Adware.Navipromo) -> Quarantined and deleted successfully.
      c:\documents and settings\Gérard\application data\deskbar_{f9c5f756-9e7b-4bd8-8b4e-548b71e56f85}\local.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
      c:\documents and settings\Gérard\application data\deskbar_{f9c5f756-9e7b-4bd8-8b4e-548b71e56f85}\log.txt (Adware.SoftMate) -> Quarantined and deleted successfully.
      c:\documents and settings\Gérard\application data\deskbar_{f9c5f756-9e7b-4bd8-8b4e-548b71e56f85}\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
      c:\documents and settings\Gérard\application data\deskbar_{f9c5f756-9e7b-4bd8-8b4e-548b71e56f85}\Cache\d6e9bb027c32ce9950910af1fce37bb9.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\Customer Support.url (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\INSTALL.LOG (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\install.sss (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\mscomctl.ocx (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\RegistryDefender.exe.manifest (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\report.csv (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\stdole2.tlb (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\User Guide.url (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\backup\2008-07-21.reg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\backup\2008-07-22.reg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\backup\2008-07-23.reg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\backup\2008-07-24.reg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\backup\2008-07-25.reg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\backup\2008-07-29.reg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-1.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-10.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-11.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-12.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-13.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-14.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-15.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-16.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-17.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-18.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-19.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-2.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-20.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-21.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-22.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-23.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-24.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-25.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-26.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-27.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-28.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-29.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-3.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-30.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-31.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-32.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-33.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-34.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-35.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-36.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-37.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-38.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-39.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-4.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-40.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-41.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-42.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-43.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-44.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-45.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-46.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-47.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-48.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-49.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-5.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-50.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-6.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-7.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-8.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\scanner-repair-9.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\repair-bar\Thumbs.db (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-0.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-1.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-10.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-100.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-11.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-12.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-13.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-14.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-15.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-16.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-17.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-18.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-19.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-2.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-20.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-21.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-22.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-23.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-24.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-25.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-26.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-27.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-28.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-29.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-3.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-30.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-31.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-32.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-33.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-34.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-35.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-36.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-37.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-38.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-39.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-4.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-40.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-41.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-42.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-43.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-44.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-45.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-46.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-47.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-48.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-49.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-5.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-50.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-51.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-52.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-53.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-54.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-55.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-56.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-57.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-58.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-59.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-6.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-60.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-61.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-62.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-63.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-64.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-65.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-66.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-67.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-68.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-69.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-7.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-70.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-71.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-72.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-73.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-74.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-75.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-76.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-77.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-78.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-79.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-8.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-80.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-81.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-82.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-83.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-84.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-85.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-86.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-87.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-88.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-89.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-9.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-90.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-91.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-92.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-93.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-94.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-95.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-96.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-97.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-98.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-100\scanner100-99.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-0.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-1.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-10.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-11.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-12.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-13.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-14.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-15.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-16.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-17.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-18.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-19.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-2.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-20.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-21.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-22.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-23.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-24.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-25.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-26.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-27.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-28.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-29.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-3.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-30.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-31.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-32.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-33.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-34.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-35.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-36.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-37.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-38.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-39.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-4.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-40.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-41.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-42.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-43.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-44.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-45.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-46.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-47.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-48.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-49.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-5.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-50.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-51.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-52.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-53.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-54.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-55.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-56.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-57.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-58.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-59.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-6.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-60.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-61.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-62.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-63.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-64.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-65.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-7.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-8.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      c:\program files\registry defender platinum\scan-bar-pulse\scannerpulse-9.jpg (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
      0
  4. archet9
     
    Hello Pascale

    Apparement ton infection depasses largement navipromo !!!!!

    ça sent pas bon du tout...

    Fais un scan en ligne ici :
    https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr (A faire avec Internet Explorer)
    Sur la page du scan en bas à droite clique sur Démarrer Online-scanner et dans la nouvelle fenêtre qui s'affiche clique sur J'accepte

    Accepte les Contrôle ActivX

    Choisis Poste de travail pour le scan. Celui-ci terminé clique sur Enregistrer rapport sous (Choisis fichier texte)

    Poste le contenu du rapport

    ==> tuto pour l'utilisation:
    https://forum.pcastuces.com/default.asp
    ==> tuto si probleme pour l'intallation du controle activx
    http://www.inoculer.com/activex.php3

    a+

    0
    1. Pascale
       
      Bonjour

      Merci pour ta réponse. Je crains le pire ...

      Lorsque je fais le scan Kapersky, j'ai le message suivant :

      "Échec du chargement du contrôle ActiveX Kaspersky On-line Scanner!

      Vous devez jouir des privilèges d'administrateur sur ce poste ;
      en outre, il faut configurer le niveau de sécurité IE sur Moyen."

      Pourtant le message : "Patientez pendant que Kaspersky On-line Scanner effectue son initialisation et sa mise à jour... " continue d'apparaitre et j'ai l'imression que le scan continue.
      J'ai vérifié mes paramètres sécurité IE et je suis bien sur moyen.

      Par ailleurs, si je fais une sauvegarde de mes principaux fichiers actuellement, est ce que je risque de transmettre ce virus sur mon disque dur externe?
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. archet9
     
    Télécharges RSIT (de random/random) sur le bureau ici :

    http://images.malwareremoval.com/random/RSIT.exe

    - Double clique sur RSIT.exe qui est sur le bureau
    - Clique sur Continue dans la fenêtre
    - RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
    - Poste le contenu de log.txt plus info.txt (réduit ds la barre de taches) à la fin de l’analyse .

    Les rapports sont dans le dossier ici C:\rsit
    a+
    0
    1. pascale
       
      Finalement j'ai réussi à lancer le scan avec Kaspersky on line. C'est en cours et pour le moment il n'a rien trouvé.
      0
    2. pascale
       
      Voici le rapport kaspersky zones critiques :

      KASPERSKY ON-LINE SCANNER REPORT
      Monday, June 01, 2009 3:14:31 PM
      Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
      Kaspersky On-line Scanner version : 5.0.84.2
      Dernière mise à jour de la base antivirus Kaspersky : 1/06/2009
      Enregistrements dans la base antivirus Kaspersky : 2069583
      Paramètres d'analyse
      Analyser avec la base antivirus suivante standard
      Analyser les archives vrai
      Analyser les bases de messagerie vrai
      Cible de l'analyse Zones critiques
      C:\WINDOWS
      C:\DOCUME~1\GRARD~1\LOCALS~1\Temp\
      Statistiques de l'analyse
      Total d'objets analysés 30993
      Nombre de virus trouvés 0
      Nombre d'objets infectés 0 / 0
      Nombre d'objets suspects 0
      Durée de l'analyse 00:30:30

      Nom de l'objet infecté Nom du virus Dernière action
      C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
      C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
      C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
      C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
      C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
      C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\ACEEvent.evt L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
      C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
      C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
      C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
      C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
      C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
      C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
      C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
      C:\WINDOWS\temp\Perflib_Perfdata_174.dat L'objet est verrouillé ignoré
      C:\WINDOWS\temp\Perflib_Perfdata_608.dat L'objet est verrouillé ignoré
      C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
      C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
      C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
      Analyse terminée.
      0
  7. pascale
     
    Voici le rapport Kapersky suivant (poste de travail et autres disques)

    KASPERSKY ON-LINE SCANNER REPORT
    Monday, June 01, 2009 5:33:10 PM
    Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
    Kaspersky On-line Scanner version : 5.0.84.2
    Dernière mise à jour de la base antivirus Kaspersky : 1/06/2009
    Enregistrements dans la base antivirus Kaspersky : 2069583
    Paramètres d'analyse
    Analyser avec la base antivirus suivante standard
    Analyser les archives vrai
    Analyser les bases de messagerie vrai
    Cible de l'analyse Poste de travail
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\
    Statistiques de l'analyse
    Total d'objets analysés 110454
    Nombre de virus trouvés 0
    Nombre d'objets infectés 0 / 0
    Nombre d'objets suspects 0
    Durée de l'analyse 02:15:21

    Nom de l'objet infecté Nom du virus Dernière action
    C:\autorun.MSNFix\lpt3.This folder was created by Flash_Disinfector L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-07302008-172021.log L'objet est verrouillé ignoré
    C:\Documents and Settings\Gérard\Application Data\Mozilla\Firefox\Profiles\fw1304o7.default\cert8.db L'objet est verrouillé ignoré
    C:\Documents and Settings\Gérard\Application Data\Mozilla\Firefox\Profiles\fw1304o7.default\content-prefs.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\Gérard\Application Data\Mozilla\Firefox\Profiles\fw1304o7.default\cookies.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\Gérard\Application Data\Mozilla\Firefox\Profiles\fw1304o7.default\downloads.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\Gérard\Application Data\Mozilla\Firefox\Profiles\fw1304o7.default\formhistory.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\Gérard\Application Data\Mozilla\Firefox\Profiles\fw1304o7.default\key3.db L'objet est verrouillé ignoré
    C:\Documents and Settings\Gérard\Application Data\Mozilla\Firefox\Profiles\fw1304o7.default\parent.lock L'objet est verrouillé ignoré
    C:\Documents and Settings\Gérard\Application Data\Mozilla\Firefox\Profiles\fw1304o7.default\permissions.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\Gérard\Application Data\Mozilla\Firefox\Profiles\fw1304o7.default\places.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\Gérard\Application Data\Mozilla\Firefox\Profiles\fw1304o7.default\places.sqlite-journal L'objet est verrouillé ignoré
    C:\Documents and Settings\Gérard\Application Data\Mozilla\Firefox\Profiles\fw1304o7.default\search.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\Gérard\Application Data\Spamihilator\plugins\linkfilter\linkfilter.db L'objet est verrouillé ignoré
    C:\Documents and Settings\Gérard\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Gérard\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Gérard\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\Gérard\Local Settings\Application Data\Mozilla\Firefox\Profiles\fw1304o7.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré
    C:\Documents and Settings\Gérard\Local Settings\Application Data\Mozilla\Firefox\Profiles\fw1304o7.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré
    C:\Documents and Settings\Gérard\Local Settings\Application Data\Mozilla\Firefox\Profiles\fw1304o7.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré
    C:\Documents and Settings\Gérard\Local Settings\Application Data\Mozilla\Firefox\Profiles\fw1304o7.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré
    C:\Documents and Settings\Gérard\Local Settings\Application Data\Mozilla\Firefox\Profiles\fw1304o7.default\urlclassifier3.sqlite L'objet est verrouillé ignoré
    C:\Documents and Settings\Gérard\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Gérard\Local Settings\Historique\History.IE5\MSHist012009060120090602\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Gérard\Local Settings\temp\etilqs_jlKUur23R8VL975Kx7UD L'objet est verrouillé ignoré
    C:\Documents and Settings\Gérard\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Gérard\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Gérard\ntuser.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Gérard\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log L'objet est verrouillé ignoré
    C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    C:\System Volume Information\_restore{C6D29424-85C2-4749-AD5F-B00F5014DA63}\RP1371\change.log L'objet est verrouillé ignoré
    C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
    C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\ACEEvent.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\temp\Perflib_Perfdata_174.dat L'objet est verrouillé ignoré
    C:\WINDOWS\temp\Perflib_Perfdata_608.dat L'objet est verrouillé ignoré
    C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
    C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
    C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
    Analyse terminée.
    0
  8. archet9
     
    Super....

    Télécharge AD-REMOVER
    http://sd-1.archive-host.com/membres/up/16506160323759868/AD­-R.exe
    (de Cyrildu17 / C_XX) sur ton Bureau.

    Déconnecte-toi et ferme toutes applications en cours

    [*]Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
    [*]Double-clique sur l'icône AD-Remover située sur ton Bureau.
    [*]Au menu principal, choisis l'option L.[*]
    Poste le rapport qui apparaît à la fin.

    (Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    : "Process.exe", une composante de l'outil, est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure

    Ensuite pour vérif:

    Télécharges RSIT (de random/random) sur le bureau ici :

    http://images.malwareremoval.com/random/RSIT.exe

    - Double clique sur RSIT.exe qui est sur le bureau
    - Clique sur Continue dans la fenêtre
    - RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
    - Poste le contenu de log.txt plus info.txt (réduit ds la barre de taches) à la fin de l’analyse .

    Les rapports sont dans le dossier ici C:\rsit
    a+
    0
    1. pascale
       
      Et voici le rapport RSIT. Bon courage pour la lecture et merci de ton aide précieuse.

      Logfile of random's system information tool 1.06 (written by random/random)
      Run by Gérard at 2009-06-01 19:55:24
      Microsoft Windows XP Édition familiale Service Pack 3
      System drive C: has 194 GB (81%) free of 238 GB
      Total RAM: 1023 MB (44% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:55:35, on 01/06/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16827)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\CTsvcCDA.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Google\Update\GoogleUpdate.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\Spamihilator\spamihilator.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
      C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
      C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
      C:\Program Files\Wireless LAN Utility\SiWake.exe
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
      C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
      C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Documents and Settings\Gérard\Bureau\RSIT.exe
      C:\Program Files\Trend Micro\HijackThis\Gérard.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~3\COPERN~1.DLL
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: (no name) - {89382CE4-A27C-4603-99E7-5BC10AAF68F7} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
      O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O3 - Toolbar: &Netcraft Toolbar - {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - C:\Program Files\Netcraft Toolbar\nctb.dll
      O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
      O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
      O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [ScanSoft OmniPage SE 4.0-reminder] "C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453772 14
      O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
      O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
      O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
      O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~3\COPERN~1.EXE
      O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~3\COPERN~1.EXE
      O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~3\COPERN~1.EXE
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
      O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
      O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_1_1_0.cab
      O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
      O23 - Service: Service Google Update (gupdate1c9905e3b0044ee) (gupdate1c9905e3b0044ee) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
      O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      0
  9. pascale
     
    Voici le message Kapersky après analyse du courrier :

    "L'analyse est terminée.
    Pas de logiciel malveillant détecté. Les sections analysées sont SAINES.

    Le rapport est vide.
    Note : le logiciel gratuit Kaspersky On-line Scanner n’offre pas une protection globale et ne peut empêcher les infections futures. Il ne détecte que les codes malveillants qui ont déjà pénétré dans vos disques de stockage. Nous vous conseillons vivement d’utiliser entièrement solution antivirus opérationnel afin de protéger votre ordinateur en permanence.

    Patientez, car ce processus peut prendre un certain temps en fonction de la cible sélectionnée. Si vous souhaitez continuer à surfer, ouvrez une seconde fenêtre.

    Progression de l'analyse [5%]:

    Total de fichiers analysés : 1514
    Nombre de virus trouvés : 0
    Nombre d'objets infectés : 0
    Nombre d'objets suspects : 0
    Durée de l'analyse : 00:11:08
    Nouvelle analyse "

    Il semble avoir terminé l'analyse
    0
  10. archet9
     
    message :11

    a+
    0
    1. pascale
       
      Et voilà le rapport Ad Remover :

      ======= RAPPORT D'AD-REMOVER 1.1.4.5_B | UNIQUEMENT XP/VISTA =======
      .
      Mit à jour part C_XX le 01/06/2009 à 11:50 AM
      Contact: AdRemover.contact@gmail.com
      Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
      .
      Lancé à: 18:47:53, 01/06/2009 | Mode Normal | Option: CLEAN
      Exécuté de: C:\Program Files\Ad-remover\
      Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
      Nom du PC: GERARD | Utilisateur actuel: G‚rard
      .
      Administrateur: Administrateur
      N'est pas administrateur: ASPNET
      Administrateur: Gérard
      N'est pas administrateur: HelpAssistant *Desactive*
      N'est pas administrateur: Invité *Desactive*
      Administrateur: IUSR_WFXEXPERT
      N'est pas administrateur: SUPPORT_388945a0 *Desactive*
      .
      ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
      .
      .
      HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
      HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
      HKCU\Software\EoRezo
      HKCU\Software\ItsLabel
      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
      HKLM\Software\Trymedia Systems
      .
      C:\DOCUME~1\GRARD~1\APPLIC~1\ItsLabel\ItsTV
      C:\DOCUME~1\GRARD~1\APPLIC~1\ItsLabel\ItsTV\itsTV.xml
      C:\DOCUME~1\GRARD~1\APPLIC~1\ItsLabel

      (!) -- Fichiers temporaires supprimés.

      .
      ============== Scan additionnel ==============
      .

      * Mozilla FireFox Version 3.0.10 *

      Nom du profil: fw1304o7.default (G‚rard)
      .
      (Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.orange.fr/");
      (Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.10");
      .
      .

      * Internet Explorer Version 7.0.5730.11 *

      [HKEY_CURRENT_USER\..\Internet Explorer\Main]

      Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
      Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

      [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

      Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Search bar: hxxp://search.msn.com/spbasic.htm
      Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Start Page: hxxp://fr.msn.com/

      [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

      Tabs: res://ieframe.dll/tabswelcome.htm

      ============== Suspect (Cracks, Serials ... ) ==============

      .

      +---------------------------------------------------------------------------+

      2683 Octet(s) - C:\Ad-Report-CLEAN.log

      18 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
      1 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE

      Fin à: 19:10:32 | 01/06/2009
      .
      ============== E.O.F ==============
      .
      0
  11. pascale
     
    Voici le rapport INFO RSIT :

    info.txt logfile of random's system information tool 1.06 2009-06-01 19:55:38

    ======Uninstall list======

    -->"C:\Program Files\Creative Installation Information\CD_RIPPER_UNICODE_2\Setup.exe" /remove /l0x040c
    -->"C:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /l0x040c
    -->"C:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /l0x040c
    -->"C:\Program Files\Creative Installation Information\ZEN_MTP_MEDIA_EXPLORER\Setup.exe" /remove /l0x040c
    -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    802.11 USB Wireless LAN Adapter-->C:\WINDOWS\system32\unwlsdrv.exe SiS163u
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Photoshop 7.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
    Adobe Reader 7.0.5 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70500000002}
    Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log
    Ad-remover-->C:\Program Files\Ad-remover\Uninstall ADR.exe
    Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
    Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x40c
    Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
    ATI Catalyst Control Center-->MsiExec.exe /I{47046207-F450-4065-8FDD-1050F1D1C4BF}
    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
    AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
    avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    AVS Audio CD Creator version 3.8-->"C:\Program Files\AVS4YOU\AVSAudioCDCreator\unins000.exe"
    AVS4YOU Software Navigator 1.2-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
    Barre de confiance CM-CIC-->"C:\Program Files\BarreConfCMCIC\Setup.exe" -u
    Barre d'outils Outlook de Windows Live (Windows Live Toolbar)-->MsiExec.exe /X{6E15BEDF-7EB5-4010-998E-B430DB4EFE45}
    Bloqueur de fenêtres pop-up (Windows Live Toolbar)-->MsiExec.exe /X{A425C250-A0E1-4D78-B1C1-A5CBC7385E7C}
    Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
    Canon MP Navigator 3.0-->"C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
    Canon MP600-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600 /L0x000c
    Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    CD-LabelPrint-->"C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
    Copernic Agent Basic-->"C:\WINDOWS\CopernicAgentUninstall.exe" /ARGSFILE="C:\Program Files\Copernic Agent\unwise.dat"
    Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c /remove
    Creative System Information-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove
    Creative WebCam Live! Pro/Effects Driver (1.02.05.0506)-->C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0080.uns -unsext NT -plugin V0080Pin.dll -pluginres CtCamPin.crl
    Creative ZEN-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B2DBF55-05D4-4072-87D8-689141E262BD}\SETUP.EXE" -l0x40c /remove
    Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{EFFCB0F1-CFEC-48D4-B793-EBFCAE852976}
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Easy-WebPrint-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
    Enregistrement utilisateur de Canon MP600-->C:\Program Files\Canon\IJEREG\MP600\UNINST.EXE
    ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
    Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
    Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    IKEA Home Planner-->MsiExec.exe /I{A987FEC8-5616-49BD-BCA6-ACFFFE7403FE}
    InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
    iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
    Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Ma-Config.com-->MsiExec.exe /X{8AFB8FC4-3EBA-4C67-943F-CF43DB2180F1}
    Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
    Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
    Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
    Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
    myHouse pour Windows-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\DesignSoft\myHouse pour Windows\Uninst.isu"
    Navilog1 3.7.7-->"C:\Program Files\Navilog1\unins000.exe"
    Nero BurnRights-->C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
    Nero Digital-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    NeroVision Express Content-->C:\WINDOWS\UNNVEContent.exe /UNINSTALL
    Netcraft Toolbar-->MsiExec.exe /I{00F87673-B929-4644-9322-7243E8289B54}
    Nikon FotoShare-->C:\Program Files\Nikon\FotoShare\Uninstal.exe C:\PROGRA~1\Nikon\FOTOSH~1\INSTALL.LOG
    Nikon Message Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x40c UNINSTALL
    Nokia Connectivity Cable Driver-->MsiExec.exe /X{B3164E9E-BE08-4F3B-94BC-C6D09C0205E1}
    Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{D5577624-0626-4C4B-87AA-D966DA1739D6}\Nokia_PC_Suite_rel_7_0_9_2_fre.exe
    Nokia PC Suite-->MsiExec.exe /I{D5577624-0626-4C4B-87AA-D966DA1739D6}
    OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{6D7F8D4B-D1A4-402A-973E-31E90940E585}
    Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
    Package de base Microsoft de service de chiffrement pour cartes à puce-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
    Package de pilotes Windows - Nokia Modem (03/05/2008 3.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf
    Package de pilotes Windows - Nokia Modem (03/13/2008 6.86.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_28F2EAC406838DA65AFF6C6886FE9FE96AEF5186\nokbtmdm.inf
    Package de pilotes Windows - Nokia Modem (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf
    Package de pilotes Windows - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf
    Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
    PC Connectivity Solution-->MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}
    PDFCreator Toolbar-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_9875.exe" _?=C:\Program Files\PDFCreator Toolbar
    PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
    PictureProject-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x40c UNINSTALL
    Pilotes de périphérique pour HP Simple Backup-->C:\WINDOWS\system32\DRVWUNIN.exe /DELCDB
    Pop-Up Stopper Free Edition-->C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\INSTALL.LOG
    QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
    RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5}
    SceneCaster-->C:\Program Files\SceneCaster\Version 3.11.16\SceneCaster_Uninstall.exe
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update pour Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
    Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe
    SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x40c -removeonly
    sPAIEctacle 4.3-->C:\WINDOWS\unvise32.exe C:\sPAIEctacle\uninstalv43r0.log
    sPAIEctacle 4.4-->C:\WINDOWS\unvise32.exe C:\sPAIEctacle\uninstalv44r0.log
    Spamihilator-->"C:\Program Files\Spamihilator\uninstall.exe"
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Sweet Home 3D version 1.2.1-->"C:\Program Files\Sweet Home 3D\unins000.exe"
    TomTom HOME-->C:\Program Files\InstallShield Installation Information\{3C9EEFEF-1F71-4213-AC41-4BF5FE0FED95}\setup.exe -runfromtemp -l0x040c -removeonly -removeonly
    VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
    VideoLAN VLC media player 0.8.6i-->K:\VLC\uninstall.exe
    Visual C++ CRT 9.0 SP1-->MsiExec.exe /I{EC25B803-4BDB-47F7-B877-FCE7D7966C0F}
    Visual C++ CRT 9.0-->MsiExec.exe /I{9ED38F62-7A50-4145-8C5D-0FCFFBF10A7B}
    Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
    Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
    Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
    Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
    Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
    Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows Messenger 5.1 MUI Pack-->MsiExec.exe /I{F3CBA4E6-436E-4B51-9651-93830EE38616}
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    Wireless LAN Utility-->"C:\Program Files\Wireless LAN Utility\unWuty.exe" Wireless LAN Utility
    Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~2.DLL
    Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
    ZENcast Organizer-->"C:\Program Files\Creative Installation Information\ZENCAST_ORGANIZER\Setup.exe" /remove /l0x040c

    ======Hosts File======

    127.0.0.1 localhost

    ======Security center information======

    AV: avast! antivirus 4.8.1335 [VPS 090531-0]

    ======System event log======

    Computer Name: GERARD
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Carte de performance WMI.

    Record Number: 3802927
    Source Name: Service Control Manager
    Time Written: 20090419105731.000000+120
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: GERARD
    Event Code: 7036
    Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.

    Record Number: 3802926
    Source Name: Service Control Manager
    Time Written: 20090419105729.000000+120
    Event Type: Informations
    User:

    Computer Name: GERARD
    Event Code: 7036
    Message: Le service Service de la passerelle de la couche Application est entré dans l'état : en cours d'exécution.

    Record Number: 3802925
    Source Name: Service Control Manager
    Time Written: 20090419105729.000000+120
    Event Type: Informations
    User:

    Computer Name: GERARD
    Event Code: 7035
    Message: Un contrôle Démarrer a correctement été envoyé au service Service de la passerelle de la couche Application.

    Record Number: 3802924
    Source Name: Service Control Manager
    Time Written: 20090419105729.000000+120
    Event Type: Informations
    User: AUTORITE NT\SYSTEM

    Computer Name: GERARD
    Event Code: 7036
    Message: Le service avast! Mail Scanner est entré dans l'état : en cours d'exécution.

    Record Number: 3802923
    Source Name: Service Control Manager
    Time Written: 20090419105728.000000+120
    Event Type: Informations
    User:

    =====Application event log=====

    Computer Name: GERARD
    Event Code: 2002
    Message: Impossible d'ouvrir le Service redirecteur. Les données de performance du
    redirecteur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD 0.

    Record Number: 23591
    Source Name: PerfNet
    Time Written: 20090306091548.000000+060
    Event Type: erreur
    User:

    Computer Name: GERARD
    Event Code: 32068
    Message: La règle de routage de trafic sortant n'est pas valide car elle ne peut pas trouver de périphérique valide. Les télécopies sortantes qui utilisent cette règle ne peuvent pas être acheminées. Vérifiez que le ou les périphériques concernés (en cas de routage vers un groupe de périphériques) sont connectés et installés correctement et allumés. En cas de routage vers un groupe, vérifiez que le groupe est configuré correctement.
    Code de pays/région : '*'
    Indicatif régional : '*'

    Record Number: 23590
    Source Name: Microsoft Fax
    Time Written: 20090306091546.000000+060
    Event Type: Avertissement
    User:

    Computer Name: GERARD
    Event Code: 32026
    Message: Le service de télécopie n'a pas pu initialiser de périphériques de télécopies attribués (virtuel ou TAPI).
    Aucune télécopie ne peut être envoyée ou reçue tant qu'un périphérique de télécopies n'a pas été installé.

    Record Number: 23589
    Source Name: Microsoft Fax
    Time Written: 20090306091546.000000+060
    Event Type: Avertissement
    User:

    Computer Name: GERARD
    Event Code: 1800
    Message: Le service Centre de sécurité Windows a démarré.

    Record Number: 23588
    Source Name: SecurityCenter
    Time Written: 20090306091546.000000+060
    Event Type: Informations
    User:

    Computer Name: GERARD
    Event Code: 0
    Message:
    Record Number: 23587
    Source Name: gupdate1c9905e3b0044ee
    Time Written: 20090306091540.000000+060
    Event Type: Informations
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=C:\Program Files\PC Connectivity Solution\;%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\QuickTime\QTSystem
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
    "PROCESSOR_REVISION"=0403
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

    -----------------EOF-----------------
    0
  12. archet9
     
    Décidémment bien infecté....!!!

    Télécharges et installes USBFIX de C_XX & Chiquitine29
    http://pagesperso-orange.fr/NosTools/usbfix.html

    Branches tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectées sans les ouvrir

    # Double clic sur le raccourci UsbFix présent sur ton bureau .

    # Choisis l'option 1 ( Recherche )
    # Laisse travailler l'outil.

    # Ensuite post le rapport UsbFix.txt qui apparaitra.

    # Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

    # Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    A+
    0
    1. pascale
       
      Et voici le rapport USB FIX. Apparemment il a trouvé quelque chose.

      ############################## [ UsbFix V3.027 | Scan ]

      # User : Gérard () # GERARD
      # Update on 30/05/09 by Chiquitine29, C_XX & Chimay8
      # WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
      # Start at: 21:42:19 | 01/06/2009

      # Intel(R) Pentium(R) 4 CPU 3.00GHz
      # Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
      # Internet Explorer 7.0.5730.11
      # Windows Firewall Status : Enabled
      # AV : avast! antivirus 4.8.1335 [VPS 090531-0] 4.8.1335 [ Enabled | Updated ]

      # C:\ # Disque fixe local # 232,88 Go (189,02 Go free) [445546] # NTFS
      # D:\ # Disque CD-ROM
      # E:\ # Disque amovible
      # F:\ # Disque fixe local # 465,65 Go (400,71 Go free) [IOMEGA_HDD] # FAT32
      # G:\ # Disque amovible
      # H:\ # Disque amovible
      # I:\ # Disque amovible
      # J:\ # Disque amovible
      # K:\ # Disque CD-ROM # 5,46 Mo (0 Mo free) [U3 System] # CDFS
      # L:\ # Disque amovible # 3,81 Go (1,34 Go free) # FAT32

      ############################## [ Processus actifs ]

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\CTsvcCDA.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Google\Update\GoogleUpdate.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\Program Files\Spamihilator\spamihilator.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
      C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
      C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
      C:\Program Files\Wireless LAN Utility\SiWake.exe
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
      C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
      C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Documents and Settings\Gérard\Application Data\U3\0000184CF471BE9F\LaunchPad.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      ################## [ Registre Startup ]

      HKCU_Main: "Local Page"="C:\\windows\\system32\\blank.htm"
      HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
      HKCU_Main: "Window Title"=""
      HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
      HKLM_logon: "DefaultUserName"="G‚rard"
      HKLM_logon: "AltDefaultUserName"="G‚rard"
      HKLM_logon: "LegalNoticeCaption"=""
      HKLM_logon: "LegalNoticeText"=""
      HKLM_Run: Spamihilator="C:\Program Files\Spamihilator\spamihilator.exe"
      HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
      HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
      HKLM_Run: ScanSoft OmniPage SE 4.0-reminder="C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini"
      HKLM_Run: avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      HKLM_Run: SoundMAXPnP=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
      HKLM_Run: TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
      HKCU_Run: fsc-reminder.exe=C:\WINDOWS\reminder\fsc-reminder.exe 2453772 14
      HKCU_Run: PopUpStopperFreeEdition="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
      HKCU_Run: CTSyncU.exe="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
      HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
      HKCU_Run: Nokia.PCSync="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
      HKCU_Run: ccleaner="C:\Program Files\CCleaner\CCleaner.exe" /AUTO

      ################## [ Fichiers # Dossiers infectieux ]

      Found ! C:\WINDOWS\system32\tmp.reg
      Found ! F:\RavMonLog
      Found ! F:\autorun.inf
      Found ! F:\msvcr71.dll
      Found ! "F:\ravmonlog"
      Found ! K:\autorun.inf
      L:\autorun.inf # -> fichier appelé : "L:\d6fagcs8.cmd" ( présent ! )
      Found ! L:\RavMonLog
      Found ! L:\autorun.inf
      Found ! L:\msvcr71.dll
      Found ! "L:\ravmonlog"

      ################## [ Registre # Clés Run infectieuses ]


      ################## [ Registre # Mountpoints2 ]

      HKCU\...\Explorer\MountPoints2\F\Shell\Auto\Command
      HKCU\...\Explorer\MountPoints2\F\Shell\AutoRun\Command
      HKCU\...\Explorer\MountPoints2\{020d1ec9-998d-11dc-a936-00032f4f8545}\Shell\AutoRun\Command
      HKCU\...\Explorer\MountPoints2\{020d1eca-998d-11dc-a936-00032f4f8545}\Shell\AutoRun\Command
      HKCU\...\Explorer\MountPoints2\{020d1eca-998d-11dc-a936-00032f4f8545}\Shell\explore\Command
      HKCU\...\Explorer\MountPoints2\{020d1eca-998d-11dc-a936-00032f4f8545}\Shell\open\Command
      HKCU\...\Explorer\MountPoints2\{177597c6-2d73-11dc-896e-00032f4f8545}\Shell\Auto\Command
      HKCU\...\Explorer\MountPoints2\{177597c6-2d73-11dc-896e-00032f4f8545}\Shell\AutoRun\Command
      HKCU\...\Explorer\MountPoints2\{54b51706-e087-11dd-ab9c-001d683eb0d3}\Shell\Auto\Command
      HKCU\...\Explorer\MountPoints2\{54b51706-e087-11dd-ab9c-001d683eb0d3}\Shell\AutoRun\Command
      HKCU\...\Explorer\MountPoints2\{629a0e1c-686e-11dd-aad1-001d683eb0d3}\Shell\AutoRun\Command
      HKCU\...\Explorer\MountPoints2\{9f8e6846-57f3-11dd-aaa6-001d683eb0d3}\Shell\Auto\Command
      HKCU\...\Explorer\MountPoints2\{9f8e6846-57f3-11dd-aaa6-001d683eb0d3}\Shell\AutoRun\Command
      HKCU\...\Explorer\MountPoints2\{b0c46be2-a2d8-11dd-ab32-001d683eb0d3}\Shell\Auto\Command
      HKCU\...\Explorer\MountPoints2\{b0c46be2-a2d8-11dd-ab32-001d683eb0d3}\Shell\AutoRun\Command
      HKCU\...\Explorer\MountPoints2\{c8728103-4819-11dd-aa7f-001d683eb0d3}\Shell\Auto\Command
      HKCU\...\Explorer\MountPoints2\{c8728103-4819-11dd-aa7f-001d683eb0d3}\Shell\AutoRun\Command
      HKCU\...\Explorer\MountPoints2\{e1504a60-a32a-11dc-a946-00032f4f8545}\Shell\AutoRun\Command

      ################## [ Informations # Fichier Suspect ]


      ################## [ Cracks # Keygens # Serials ]

      # -> Nothing found !

      ################## [ ! Fin du rapport # UsbFix V3.027 ! ]
      0
  13. archet9
     
    Et voici le rapport USB FIX. Apparemment il a trouvé quelque chose

    EH bien oui.....C'est le but recherché !!!!!

    Ne penses pas que 'on te demande de lancer des FIX au hasard

    Branches tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir

    # Double clic sur le raccourci UsbFix présent sur ton bureau

    # choisis l'option 2 ( Suppression )
    # Ton bureau disparaitra et le pc redémarrera .

    # Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

    # Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

    # Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

    a+
    0
  14. Pascale
     
    Bonjour et merci pour l'analyse effectuée.

    Voici le rapport USB Fix après l'option 2 Suppression :

    ############################## [ UsbFix V3.027 | Cleaning ]

    # User : Gérard () # GERARD
    # Update on 30/05/09 by Chiquitine29, C_XX & Chimay8
    # WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
    # Start at: 11:12:17 | 02/06/2009

    # Intel(R) Pentium(R) 4 CPU 3.00GHz
    # Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    # Internet Explorer 7.0.5730.11
    # Windows Firewall Status : Enabled
    # AV : avast! antivirus 4.8.1335 [VPS 090601-0] 4.8.1335 [ Enabled | Updated ]

    # C:\ # Disque fixe local # 232,88 Go (188,97 Go free) [445546] # NTFS
    # D:\ # Disque CD-ROM
    # E:\ # Disque amovible
    # F:\ # Disque fixe local # 465,65 Go (400,71 Go free) [IOMEGA_HDD] # FAT32
    # G:\ # Disque amovible
    # H:\ # Disque amovible
    # I:\ # Disque amovible
    # J:\ # Disque amovible
    # K:\ # Disque CD-ROM # 5,46 Mo (0 Mo free) [U3 System] # CDFS
    # L:\ # Disque amovible # 3,81 Go (1,34 Go free) # FAT32

    ############################## [ Processus actifs ]

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## [ Fichiers # Dossiers infectieux ]

    Deleted ! C:\WINDOWS\system32\tmp.reg
    Deleted ! F:\RavMonLog
    Deleted ! F:\autorun.inf
    Deleted ! F:\msvcr71.dll
    (!) Not Deleted ! K:\autorun.inf
    L:\autorun.inf # -> fichier appelé : "L:\d6fagcs8.cmd" ( présent ! )
    Deleted ! -> L:\d6fagcs8.cmd
    Deleted ! L:\RavMonLog
    Deleted ! L:\autorun.inf
    Deleted ! L:\msvcr71.dll

    ################## [ Registre # Clés Run infectieuses ]

    ################## [ Registre # Mountpoints2 ]

    Deleted ! HKCU\...\Explorer\MountPoints2\F\Shell\Auto\Command
    Deleted ! HKCU\...\Explorer\MountPoints2\{177597c6-2d73-11dc-896e-00032f4f8545}\Shell\Auto\Command
    Deleted ! HKCU\...\Explorer\MountPoints2\{54b51706-e087-11dd-ab9c-001d683eb0d3}\Shell\Auto\Command
    Deleted ! HKCU\...\Explorer\MountPoints2\{629a0e1c-686e-11dd-aad1-001d683eb0d3}\Shell\AutoRun\Command
    Deleted ! HKCU\...\Explorer\MountPoints2\{9f8e6846-57f3-11dd-aaa6-001d683eb0d3}\Shell\Auto\Command
    Deleted ! HKCU\...\Explorer\MountPoints2\{b0c46be2-a2d8-11dd-ab32-001d683eb0d3}\Shell\Auto\Command
    Deleted ! HKCU\...\Explorer\MountPoints2\{e1504a60-a32a-11dc-a946-00032f4f8545}\Shell\AutoRun\Command

    ################## [ Listing des fichiers présent ]

    [05/08/2004 14:00|-ra------|263488] - C:\$LDR$
    [26/01/2006 11:16|--a------|981] - C:\868000445546.dat
    [01/06/2009 19:10|--a------|2907] - C:\Ad-Report-CLEAN.log
    [26/01/2006 16:41|--a------|0] - C:\AUTOEXEC.BAT
    [05/02/2006 18:14|-rahs----|216] - C:\BOOT.BAK
    [05/02/2006 18:14|-rahs----|216] - C:\boot.ini
    [05/08/2004 14:00|-rahs----|4952] - C:\Bootfont.bin
    [31/05/2009 19:59|--a------|3642] - C:\cleannavi.txt
    [30/07/2008 12:45|--a------|31855] - C:\ComboFix.txt
    [26/01/2006 16:41|--a------|0] - C:\CONFIG.SYS
    [27/01/2007 13:23|--a------|144] - C:\error.log
    [05/02/2006 18:15|--a------|27] - C:\expand.txt
    [31/05/2009 18:00|--a------|3327] - C:\fixnavi.txt
    [30/07/2008 13:47|--a------|1119] - C:\GenProc 2.txt
    [08/10/2008 21:45|--a------|1120] - C:\INSTALL.LOG
    [26/01/2006 16:41|-rahs----|0] - C:\IO.SYS
    [11/10/2004 07:18|--a------|19] - C:\LANG.TXT
    [09/04/2003 10:44|--a------|10] - C:\Language.txt
    [10/02/2009 17:50|--a------|31558] - C:\logfile
    [17/09/2008 14:10|--a------|14215] - C:\lopR.txt
    [26/01/2006 16:41|-rahs----|0] - C:\MSDOS.SYS
    [05/08/2004 14:00|-rahs----|47564] - C:\NTDETECT.COM
    [30/07/2008 14:36|-rahs----|252240] - C:\ntldr
    [04/08/2004 14:00|--a------|2] - C:\oem.tag
    [?|?|?] - C:\pagefile.sys
    [26/01/2006 11:16|---h-----|16028] - C:\Prodlog.txt
    [07/07/2008 10:36|--a------|1702] - C:\rapport.txt
    [29/01/2008 11:17|--a------|7022] - C:\resetlog.txt
    [24/06/2008 14:30|--a------|159] - C:\Setup.log
    [26/01/2006 17:19|--a------|164] - C:\soundmax.log
    [11/10/2008 20:51|--ah-----|268] - C:\sqmdata00.sqm
    [11/11/2008 20:45|--ah-----|268] - C:\sqmdata01.sqm
    [14/12/2008 12:45|--ah-----|232] - C:\sqmdata02.sqm
    [17/12/2008 18:58|--ah-----|268] - C:\sqmdata03.sqm
    [17/12/2008 19:01|--ah-----|232] - C:\sqmdata04.sqm
    [09/03/2009 21:37|--ah-----|232] - C:\sqmdata05.sqm
    [10/03/2009 19:26|--ah-----|268] - C:\sqmdata06.sqm
    [05/05/2009 08:03|--ah-----|232] - C:\sqmdata07.sqm
    [05/05/2009 17:50|--ah-----|232] - C:\sqmdata08.sqm
    [13/05/2009 20:17|--ah-----|268] - C:\sqmdata09.sqm
    [18/05/2009 22:07|--ah-----|268] - C:\sqmdata10.sqm
    [16/03/2008 19:30|--ah-----|268] - C:\sqmdata11.sqm
    [02/04/2008 18:10|--ah-----|268] - C:\sqmdata12.sqm
    [16/04/2008 19:33|--ah-----|232] - C:\sqmdata13.sqm
    [18/05/2008 18:05|--ah-----|268] - C:\sqmdata14.sqm
    [25/06/2008 17:11|--ah-----|268] - C:\sqmdata15.sqm
    [21/07/2008 11:38|--ah-----|232] - C:\sqmdata16.sqm
    [05/08/2008 18:32|--ah-----|268] - C:\sqmdata17.sqm
    [18/09/2008 22:28|--ah-----|268] - C:\sqmdata18.sqm
    [04/10/2008 20:39|--ah-----|232] - C:\sqmdata19.sqm
    [11/10/2008 20:51|--ah-----|244] - C:\sqmnoopt00.sqm
    [11/11/2008 20:45|--ah-----|244] - C:\sqmnoopt01.sqm
    [14/12/2008 12:45|--ah-----|244] - C:\sqmnoopt02.sqm
    [17/12/2008 18:58|--ah-----|244] - C:\sqmnoopt03.sqm
    [17/12/2008 19:01|--ah-----|244] - C:\sqmnoopt04.sqm
    [09/03/2009 21:37|--ah-----|244] - C:\sqmnoopt05.sqm
    [10/03/2009 19:26|--ah-----|244] - C:\sqmnoopt06.sqm
    [05/05/2009 08:03|--ah-----|244] - C:\sqmnoopt07.sqm
    [05/05/2009 17:50|--ah-----|244] - C:\sqmnoopt08.sqm
    [13/05/2009 20:17|--ah-----|244] - C:\sqmnoopt09.sqm
    [18/05/2009 22:07|--ah-----|244] - C:\sqmnoopt10.sqm
    [16/03/2008 19:30|--ah-----|244] - C:\sqmnoopt11.sqm
    [02/04/2008 18:10|--ah-----|244] - C:\sqmnoopt12.sqm
    [16/04/2008 19:33|--ah-----|244] - C:\sqmnoopt13.sqm
    [18/05/2008 18:05|--ah-----|244] - C:\sqmnoopt14.sqm
    [25/06/2008 17:11|--ah-----|244] - C:\sqmnoopt15.sqm
    [21/07/2008 11:38|--ah-----|244] - C:\sqmnoopt16.sqm
    [05/08/2008 18:32|--ah-----|244] - C:\sqmnoopt17.sqm
    [18/09/2008 22:28|--ah-----|244] - C:\sqmnoopt18.sqm
    [04/10/2008 20:39|--ah-----|244] - C:\sqmnoopt19.sqm
    [02/11/2008 17:28|--a------|2397] - C:\TCleaner.txt
    [24/05/2001 12:59|--a------|162304] - C:\UNWISE.MSNFix
    [02/06/2009 11:13|--a------|7363] - C:\UsbFix.txt
    [04/09/2008 16:44|--a------|215] - C:\VundoFix.txt
    [12/01/2008 12:33|--a------|13824] - F:\Classeur1.xls
    [30/01/2008 20:32|--a------|68562] - F:\Documents G_Matis.eml
    [03/02/2008 15:11|--a------|4680] - F:\R‚capitulatif FEI 2008.eml
    [07/04/2008 19:25|--a------|76855] - F:\brasserie le marina 3.jpg
    [27/04/2008 20:37|--a------|20480] - F:\apprentissage.xls
    [01/06/2008 21:28|--a------|24064] - F:\adresse(s) films en streaming.doc
    [03/07/2008 17:05|--a------|596] - F:\Mes dossiers de partage.lnk
    [26/03/2007 08:10|--a------|90624] - F:\ficier contact.xls
    [13/07/2007 22:18|--a------|6652812] - F:\codec.exe
    [05/10/2007 06:26|--a------|14848] - F:\DaniŠle.xls
    [11/12/2007 15:54|--a------|1677084] - F:\Re_ Remerciements.eml
    [02/02/2009 16:38|--ahs----|103424] - F:\Thumbs.db
    [06/07/2008 02:13|--a------|487424] - F:\Rapport analyse virus.doc
    [07/07/2008 09:56|--a------|228864] - F:\contacts1.xls
    [07/07/2008 09:58|--a------|188416] - F:\calendrier.xls
    [07/07/2008 10:34|--a------|13824] - F:\nouveau crous.xls
    [11/07/2008 14:08|--a------|36237] - F:\acompte pottier.pdf
    [17/07/2008 09:13|--a------|36189] - F:\devis53 situation (1).pdf
    [16/07/2005 12:35|--a------|442254] - F:\aprŠ spectacl (adriana).jpg
    [31/12/2000 23:00|--a------|406212] - F:\DSCN3120.JPG
    [16/07/2005 12:09|--a------|378803] - F:\File0001.jpg
    [01/04/2006 18:36|--a------|328893] - F:\File0007.jpg
    [01/04/2006 18:44|--a------|657914] - F:\File0007bis.jpg
    [18/06/2005 10:21|--a------|26549] - F:\foto de ma mr truk‚.jpg
    [18/06/2005 10:18|--a------|22468] - F:\foto de moi truk‚.jpg
    [14/04/2005 20:40|--a------|385037] - F:\gaet et th‚o.jpg
    [18/06/2005 10:25|--a------|448135] - F:\ma famill cot‚ maternel truk‚.jpg
    [24/04/2005 12:01|--a------|166591] - F:\ma mŠre sur des skis.jpg
    [24/04/2005 12:36|--a------|395529] - F:\mon oncle ‚tan tar‚.jpg
    [24/04/2005 12:34|--a------|508841] - F:\mon pŠre avec ma famille cot‚ maternel.jpg
    [24/04/2005 12:31|--a------|375390] - F:\mon pŠre et les vieux.jpg
    [24/04/2005 11:58|--a------|172582] - F:\mon pŠre sur des skis.jpg
    [24/04/2005 11:54|--a------|360305] - F:\nous 4.jpg
    [24/04/2005 11:47|--a------|331711] - F:\Pim0001.jpg
    [16/07/2005 12:33|--a------|490329] - F:\Pim0002.jpg
    [24/04/2005 12:00|--a------|202364] - F:\Pim0003.jpg
    [19/07/2005 15:43|--a------|279437] - F:\Pim0004.jpg
    [03/07/2005 17:19|--a------|339312] - F:\Pim0005.jpg
    [24/04/2005 12:20|--a------|587885] - F:\que d'amour.jpg
    [24/04/2005 12:30|--a------|326316] - F:\sa 1 piŠce de th‚atre(mon pŠre).jpg
    [04/09/2005 14:26|--a------|210599] - F:\Seb 6.jpg
    [29/08/2007 15:02|--a------|937742] - F:\Sebastien Rafting UCPA Ao–t 2007.jpg
    [23/02/2009 19:28|--a------|1294] - F:\AdobeR.exe.log
    [08/04/2009 22:45|-ra------|5773054] - F:\pottier Sauvegarde.mbf
    [12/02/2007 21:53|-r-------|277] - K:\autorun.inf
    [13/02/2007 03:33|-r-------|1110016] - K:\LaunchU3.exe
    [13/02/2007 04:23|-r-------|4558081] - K:\LaunchPad.zip
    [03/02/2009 12:02|--a------|7844864] - L:\Programme Thoiry.doc
    [02/02/2009 16:49|--a------|26112] - L:\Textes programme.doc
    [10/02/2009 16:38|--a------|20480] - L:\CHAUFFETE 7 av L‚on Cr‚t‚ 78490 MERE 09 77 69 75 10.doc
    [14/02/2009 19:50|--a------|16409960] - L:\spybotsd162.exe
    [24/02/2009 08:38|--a------|2026220] - L:\GenProc.zip
    [25/03/2009 11:23|--a------|5120] - L:\Programme magie g. Matis.wps
    [10/05/2009 21:55|--a------|147603] - L:\Au Th‚ƒtre de Plume bandeau.pdf
    [13/02/2007 02:33|-ra------|1110016] - L:\LaunchU3.exe
    [23/12/2008 10:15|--a------|1626] - L:\BOOTEX.LOG
    [23/12/2008 22:56|--a------|17408] - L:\jbatoum.xls
    [25/12/2008 01:55|--a------|24064] - L:\Solde d‚part Joseph BATOUM 221208.xls
    [16/11/2004 09:00|--a------|1657] - L:\InterVideo WinDVD.lnk
    [02/01/2009 18:44|--a------|2559] - L:\Microsoft Word.lnk
    [26/07/2007 11:47|--a------|732] - L:\Raccourci vers Loto Associations.lnk
    [17/08/2007 08:48|--a------|553] - L:\Canon MF Toolbox 4.7.lnk
    [05/01/2009 19:23|--a------|23552] - L:\Article 6.doc
    [12/01/2009 15:52|--a------|5139914] - L:\ROTARY bat bdef.pdf
    [13/01/2009 10:10|--a------|5735657] - L:\ROTARY VESINET PROG 2009 BD.pdf
    [13/01/2009 11:11|--a------|25088] - L:\CORRECTIONS PROGRAMME 2009.doc

    ################## [ Vaccination ]

    # C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
    # F:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
    # L:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

    ################## [ Informations # Fichier Suspect ]

    ################## [ Cracks # Keygens # Serials ]

    # -> Nothing found !

    ################## [ ! Fin du rapport # UsbFix V3.027 ! ]
    0
  15. Pascale
     
    Et voilà un log rsit :

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Gérard at 2009-06-02 14:40:17
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 194 GB (81%) free of 238 GB
    Total RAM: 1023 MB (64% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:40:25, on 02/06/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Gérard\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Gérard.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~3\COPERN~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {89382CE4-A27C-4603-99E7-5BC10AAF68F7} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Netcraft Toolbar - {D554D8FC-B36D-4BB4-93DB-4A3394D505E3} - C:\Program Files\Netcraft Toolbar\nctb.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O4 - HKLM\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [ScanSoft OmniPage SE 4.0-reminder] "C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2453772 14
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~3\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~3\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~3\COPERN~1.EXE
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_1_1_0.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Service Google Update (gupdate1c9905e3b0044ee) (gupdate1c9905e3b0044ee) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    0
  16. Pascale
     
    Hello archet9

    Je constate un problème sur Outlook Express.
    Les paramètres de configuration du serveur se modifient sans que je le demande (Outils/Comptes-Propriétés-Serveur) et je retrouve systématiquement indiqué "localhost" au lieu de "pop.orange.fr"

    Est ce que cela est dû au problème précédemment rencontré?

    Merci de ton aide
    0
  17. archet9
     
    Dsl pour le retard... j'au du m'absenter...
    A part outlock ,toujours des soucis?

    a+
    0