Sujet Précédent Sujet Suivant

Mon pc redemarre tout seul !

angelcath -  
 Utilisateur anonyme -
Bonjour,
Depuis quelques temps, j'ai un écran bleu qui s'affiche de temps en temps avec un message comme quoi je dois redemarrer. Aujourd'hui, le pc s'est mis à redemarrer tout seul alors que je travaillais dessus.
Je possede Avast anti virus, j'ai mis un tit coup de ccleaner, spybot search and destroy mais ça ne m'a rien trouvé. Pourtant j'ai l'impression que j'ai choppé un virus. Comment le savoir ? Qu'est ce que cela peut être selon vous ? Je tourne sur XP et mon ordi n'est pas très vieux (deux ans je crois).
Merci d'avance pour vos réponses.
Catherine
A voir également:

35 réponses

Précédent
  • 1
  • 2
Réponse 21 / 35
Utilisateur anonyme
 
GREEEEE !!!!!

LIS bien les réponses en général ....et en particulier la fin du post :19

a+
0
Réponse 22 / 35
angelcath
 
rrraaah, j'avais pas vu la fin de ton post en effet !!
Voici le rapport de LopSD

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : NOTARANGELO ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090727-0] 4.8.1335 (Not Activated)
C:\ (Local Disk) - NTFS - Total:295 Go (Free:161 Go)
D:\ (Local Disk) - NTFS - Total:298 Go (Free:245 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB) - FAT32 - Total:3892 Mo (Free:3 Go)
L:\ (USB) - FAT - Total:1935 Mo (Free:0 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 28/07/2009| 8:37 )

--------------------\\ Listing des dossiers dans APPLIC~1

[24/11/2007|12:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\GTek
[19/08/2004|15:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[24/11/2007|11:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
[19/08/2004|15:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[24/11/2007|12:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\Roxio

[17/03/2009|18:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[26/04/2009|14:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[24/03/2009|22:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[09/12/2007|12:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[01/05/2008|13:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[05/07/2009|22:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[22/12/2007|22:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[27/07/2009|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[10/01/2009|20:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Brother
[29/09/2008|18:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonIJPLM
[24/04/2008|19:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ciel
[19/01/2008|16:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[24/11/2007|12:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Dell
[14/06/2009|13:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[30/12/2008|22:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[27/07/2009|12:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[24/11/2007|12:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Gtek
[24/11/2007|11:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[15/02/2009|13:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
[15/02/2009|13:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[28/04/2008|22:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Loud spam else tool
[09/12/2007|13:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[29/04/2008|17:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[19/12/2007|08:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[20/06/2009|10:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[31/05/2009|22:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[11/09/2008|10:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[02/05/2009|17:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
[02/05/2009|17:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle Studio
[09/12/2007|12:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prism
[19/01/2008|16:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio
[19/08/2004|15:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[01/02/2009|01:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[24/11/2007|12:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[19/07/2009|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[24/04/2008|18:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
[24/11/2007|12:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SupportSoft
[28/04/2008|20:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[26/04/2008|22:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Uniblue
[26/12/2007|19:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ViaMichelin
[28/12/2007|19:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[12/02/2008|20:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[24/11/2007|12:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\GTek
[19/08/2004|15:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[24/11/2007|11:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InstallShield
[19/08/2004|15:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[24/11/2007|12:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Roxio

[19/08/2004|15:10] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[24/11/2007|12:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Roxio

[19/08/2004|15:10] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[09/03/2008|18:15] C:\DOCUME~1\NOTARA~1\APPLIC~1\1&1
[29/03/2008|17:35] C:\DOCUME~1\NOTARA~1\APPLIC~1\Adobe
[10/12/2007|10:59] C:\DOCUME~1\NOTARA~1\APPLIC~1\AdobeUM
[09/06/2009|18:35] C:\DOCUME~1\NOTARA~1\APPLIC~1\AdSigner
[17/05/2009|19:43] C:\DOCUME~1\NOTARA~1\APPLIC~1\Ahead
[03/02/2009|22:55] C:\DOCUME~1\NOTARA~1\APPLIC~1\Apple Computer
[01/02/2009|01:25] C:\DOCUME~1\NOTARA~1\APPLIC~1\Canon
[01/04/2008|20:29] C:\DOCUME~1\NOTARA~1\APPLIC~1\Classes de site
[07/02/2009|21:47] C:\DOCUME~1\NOTARA~1\APPLIC~1\cmw
[19/01/2008|16:54] C:\DOCUME~1\NOTARA~1\APPLIC~1\CyberLink
[10/07/2008|18:21] C:\DOCUME~1\NOTARA~1\APPLIC~1\DataCast
[16/03/2008|17:21] C:\DOCUME~1\NOTARA~1\APPLIC~1\DivX
[21/02/2008|19:26] C:\DOCUME~1\NOTARA~1\APPLIC~1\Dynamique
[22/06/2009|22:11] C:\DOCUME~1\NOTARA~1\APPLIC~1\FileZilla
[08/02/2009|23:41] C:\DOCUME~1\NOTARA~1\APPLIC~1\Funambol
[08/12/2007|22:15] C:\DOCUME~1\NOTARA~1\APPLIC~1\Google
[09/12/2007|14:06] C:\DOCUME~1\NOTARA~1\APPLIC~1\GTek
[19/08/2004|15:24] C:\DOCUME~1\NOTARA~1\APPLIC~1\Identities
[24/11/2007|11:58] C:\DOCUME~1\NOTARA~1\APPLIC~1\InstallShield
[30/08/2008|21:37] C:\DOCUME~1\NOTARA~1\APPLIC~1\LimeWire
[15/02/2009|13:35] C:\DOCUME~1\NOTARA~1\APPLIC~1\Logitech
[09/12/2007|13:08] C:\DOCUME~1\NOTARA~1\APPLIC~1\Macromedia
[29/04/2008|17:20] C:\DOCUME~1\NOTARA~1\APPLIC~1\Malwarebytes
[27/07/2009|23:11] C:\DOCUME~1\NOTARA~1\APPLIC~1\Memeo
[02/07/2009|08:19] C:\DOCUME~1\NOTARA~1\APPLIC~1\Microsoft
[08/02/2009|16:12] C:\DOCUME~1\NOTARA~1\APPLIC~1\Mozilla
[30/04/2008|21:28] C:\DOCUME~1\NOTARA~1\APPLIC~1\Opera
[27/04/2008|17:50] C:\DOCUME~1\NOTARA~1\APPLIC~1\PC Tools
[25/08/2008|19:51] C:\DOCUME~1\NOTARA~1\APPLIC~1\Roxio
[06/09/2008|19:06] C:\DOCUME~1\NOTARA~1\APPLIC~1\ShowList
[13/03/2008|21:17] C:\DOCUME~1\NOTARA~1\APPLIC~1\Sites
[10/12/2007|15:21] C:\DOCUME~1\NOTARA~1\APPLIC~1\Sun
[27/04/2008|17:46] C:\DOCUME~1\NOTARA~1\APPLIC~1\SUPERAntiSpyware.com
[09/06/2008|20:52] C:\DOCUME~1\NOTARA~1\APPLIC~1\TaoUSign
[10/12/2007|18:07] C:\DOCUME~1\NOTARA~1\APPLIC~1\Template
[26/04/2008|22:48] C:\DOCUME~1\NOTARA~1\APPLIC~1\Uniblue
[13/12/2007|21:17] C:\DOCUME~1\NOTARA~1\APPLIC~1\vlc
[09/05/2008|14:53] C:\DOCUME~1\NOTARA~1\APPLIC~1\VMNTOOLBAR
[09/01/2008|19:11] C:\DOCUME~1\NOTARA~1\APPLIC~1\Voxmobili
[13/04/2008|17:58] C:\DOCUME~1\NOTARA~1\APPLIC~1\WinRAR
[15/03/2008|13:44] C:\DOCUME~1\NOTARA~1\APPLIC~1\Yahoo!

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[28/07/2009 08:30][--a------] C:\WINDOWS\tasks\Google Software Updater.job
[21/07/2009 17:41][--a------] C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job
[27/04/2008 10:44][--a------] C:\WINDOWS\tasks\Uniblue SpyEraser.job
[27/07/2009 23:00][--ah-----] C:\WINDOWS\tasks\A283374A9168A7B2.job
[14/07/2009 14:25][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[28/07/2009 08:30][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

( A283374A9168A7B2.job )=( c:\docume~1\notara~1\applic~1\showlist\ForCool2.exe )

--------------------\\ Listing des dossiers dans C:\Program Files

[09/03/2008|18:15] C:\Program Files\1&1
[09/12/2007|11:43] C:\Program Files\802.11g USB2.0 Adapter
[24/03/2009|22:44] C:\Program Files\Adobe
[27/04/2008|17:44] C:\Program Files\Advanced Diary
[01/05/2008|13:26] C:\Program Files\Ahead
[26/12/2008|14:28] C:\Program Files\Alcohol Soft
[18/12/2007|22:30] C:\Program Files\Alwil Software
[30/01/2009|19:37] C:\Program Files\Apple Software Update
[01/05/2008|12:10] C:\Program Files\a-squared Anti-Malware
[18/04/2009|20:37] C:\Program Files\Audio Edit Magic
[28/12/2007|23:46] C:\Program Files\AvantGo
[16/12/2007|15:08] C:\Program Files\AvantGo Connect
[27/07/2009|20:44] C:\Program Files\Avira
[24/11/2008|21:30] C:\Program Files\Bandoo
[26/04/2009|14:37] C:\Program Files\Bonjour
[01/02/2009|01:29] C:\Program Files\Brother
[01/02/2009|01:26] C:\Program Files\Canon
[19/07/2009|11:53] C:\Program Files\CCleaner
[04/05/2009|23:19] C:\Program Files\Ciel
[15/02/2009|13:35] C:\Program Files\Common Files
[19/08/2004|15:15] C:\Program Files\ComPlus Applications
[24/11/2007|12:01] C:\Program Files\CyberLink
[24/11/2007|12:04] C:\Program Files\Dell Support Center
[24/11/2007|12:04] C:\Program Files\DellSupport
[01/02/2009|01:22] C:\Program Files\DivX
[27/07/2009|20:00] C:\Program Files\Fichiers communs
[18/05/2009|21:07] C:\Program Files\FileZilla FTP Client
[08/02/2009|23:40] C:\Program Files\Funambol
[30/12/2008|22:17] C:\Program Files\Google
[01/10/2008|19:47] C:\Program Files\Hewlett-Packard
[01/10/2008|19:50] C:\Program Files\HP
[02/05/2009|17:20] C:\Program Files\InstallShield Installation Information
[24/11/2007|11:58] C:\Program Files\Intel
[13/06/2009|01:25] C:\Program Files\Internet Explorer
[05/07/2009|22:22] C:\Program Files\iPod
[05/07/2009|22:22] C:\Program Files\iTunes
[03/02/2009|08:50] C:\Program Files\Java
[08/12/2008|21:24] C:\Program Files\Kit Internet Mobile Bouygues Telecom
[27/07/2009|20:07] C:\Program Files\Lavalys
[01/06/2008|15:04] C:\Program Files\LimeWire
[03/06/2008|17:30] C:\Program Files\LimeWire Pro
[15/02/2009|13:35] C:\Program Files\Logitech
[09/12/2007|13:06] C:\Program Files\Macromedia
[27/07/2009|22:55] C:\Program Files\Malwarebytes' Anti-Malware
[13/02/2008|18:55] C:\Program Files\MarkAny
[06/02/2009|20:20] C:\Program Files\Merlin - plateforme
[08/02/2009|17:01] C:\Program Files\Messenger
[30/04/2008|08:01] C:\Program Files\Micro Application
[20/03/2009|08:46] C:\Program Files\Microsoft
[17/06/2008|16:54] C:\Program Files\Microsoft ActiveSync
[30/09/2008|21:58] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[19/08/2004|15:18] C:\Program Files\microsoft frontpage
[17/03/2009|15:04] C:\Program Files\Microsoft Office
[20/03/2009|08:46] C:\Program Files\Microsoft Office Outlook Connector
[23/07/2009|18:00] C:\Program Files\Microsoft Silverlight
[20/03/2009|08:45] C:\Program Files\Microsoft SQL Server Compact Edition
[13/06/2009|01:28] C:\Program Files\Microsoft Works
[09/12/2007|18:05] C:\Program Files\Microsoft.NET
[08/02/2009|16:58] C:\Program Files\Movie Maker
[28/07/2009|08:32] C:\Program Files\Mozilla Firefox
[07/02/2009|21:44] C:\Program Files\MSBuild
[17/03/2009|15:04] C:\Program Files\MSECache
[19/08/2004|15:14] C:\Program Files\MSN
[19/08/2004|15:14] C:\Program Files\MSN Gaming Zone
[10/12/2007|00:13] C:\Program Files\MSXML 4.0
[24/11/2007|11:53] C:\Program Files\MSXML 6.0
[29/04/2008|17:19] C:\Program Files\Navilog1
[08/02/2009|16:56] C:\Program Files\NetMeeting
[31/05/2009|22:05] C:\Program Files\NOS
[19/08/2004|15:15] C:\Program Files\Online Services
[30/04/2008|21:23] C:\Program Files\Opera
[01/05/2008|12:14] C:\Program Files\Orange
[08/02/2009|16:56] C:\Program Files\Outlook Express
[01/01/2009|15:55] C:\Program Files\Overland
[13/10/2008|19:14] C:\Program Files\Picasa2
[02/05/2009|17:20] C:\Program Files\Pinnacle
[16/12/2007|12:53] C:\Program Files\Quark
[05/07/2009|22:18] C:\Program Files\QuickTime
[07/02/2009|21:42] C:\Program Files\Reference Assemblies
[15/07/2009|17:46] C:\Program Files\Registry Mechanic
[24/11/2007|12:01] C:\Program Files\Roxio
[17/03/2009|18:31] C:\Program Files\Safari
[10/07/2008|18:20] C:\Program Files\Samsung
[29/09/2008|19:01] C:\Program Files\ScanSoft
[16/03/2009|11:36] C:\Program Files\Screamer Radio
[09/12/2007|12:50] C:\Program Files\Services en ligne
[23/04/2008|21:20] C:\Program Files\ShowList
[19/07/2009|11:58] C:\Program Files\SiteMap Generator
[01/05/2008|13:18] C:\Program Files\SodeaSoft
[21/04/2009|20:50] C:\Program Files\Spybot - Search & Destroy
[28/04/2008|20:51] C:\Program Files\Spyware Doctor
[28/07/2008|11:51] C:\Program Files\Sun
[27/04/2008|17:46] C:\Program Files\SUPERAntiSpyware
[21/05/2008|21:20] C:\Program Files\T‚l‚chargement PHOTOWAYS
[28/04/2008|20:01] C:\Program Files\ToniArts
[28/04/2008|18:57] C:\Program Files\Trend Micro
[26/04/2008|22:48] C:\Program Files\Uniblue
[30/04/2008|08:04] C:\Program Files\Uninstall Information
[26/12/2007|19:14] C:\Program Files\ViaMichelin
[13/12/2007|21:15] C:\Program Files\VideoLAN
[01/04/2008|20:29] C:\Program Files\Visicom Media
[09/05/2008|14:53] C:\Program Files\vmntoolbar
[27/07/2009|20:02] C:\Program Files\Western Digital
[27/07/2009|19:21] C:\Program Files\Western Digital Corporation
[21/03/2009|20:34] C:\Program Files\Windows Live
[26/04/2009|13:39] C:\Program Files\Windows Live Safety Center
[20/03/2009|08:44] C:\Program Files\Windows Live SkyDrive
[20/06/2009|10:48] C:\Program Files\Windows Media Connect 2
[20/06/2009|10:53] C:\Program Files\Windows Media Player
[08/02/2009|16:56] C:\Program Files\Windows NT
[19/08/2004|15:16] C:\Program Files\WindowsUpdate
[13/04/2008|17:58] C:\Program Files\WinRAR
[19/08/2004|15:18] C:\Program Files\xerox
[05/04/2009|09:54] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[30/12/2007|18:19] C:\Program Files\Fichiers communs\Adobe
[09/12/2007|12:59] C:\Program Files\Fichiers communs\Adobe Systems Shared
[01/05/2008|13:25] C:\Program Files\Fichiers communs\Ahead
[05/07/2009|22:22] C:\Program Files\Fichiers communs\Apple
[28/09/2008|22:25] C:\Program Files\Fichiers communs\CANON
[02/05/2009|16:00] C:\Program Files\Fichiers communs\Ciel
[09/12/2007|18:06] C:\Program Files\Fichiers communs\DESIGNER
[27/07/2009|23:12] C:\Program Files\Fichiers communs\eSellerate
[10/01/2009|20:14] C:\Program Files\Fichiers communs\InstallShield
[24/11/2007|11:54] C:\Program Files\Fichiers communs\Java
[15/02/2009|13:35] C:\Program Files\Fichiers communs\Logishrd
[09/12/2007|13:06] C:\Program Files\Fichiers communs\Macromedia
[09/12/2007|13:06] C:\Program Files\Fichiers communs\Macromedia Shared
[30/12/2007|18:25] C:\Program Files\Fichiers communs\Macrovision Shared
[20/03/2009|08:44] C:\Program Files\Fichiers communs\Microsoft Shared
[19/08/2004|15:16] C:\Program Files\Fichiers communs\MSSoap
[19/08/2004|15:10] C:\Program Files\Fichiers communs\ODBC
[24/11/2007|11:59] C:\Program Files\Fichiers communs\Roxio Shared
[24/04/2008|18:28] C:\Program Files\Fichiers communs\Sage
[19/08/2004|15:16] C:\Program Files\Fichiers communs\Services
[24/11/2007|11:59] C:\Program Files\Fichiers communs\Sonic Shared
[19/08/2004|15:10] C:\Program Files\Fichiers communs\SpeechEngines
[24/11/2007|12:04] C:\Program Files\Fichiers communs\supportsoft
[24/11/2007|11:59] C:\Program Files\Fichiers communs\SureThing Shared
[20/03/2009|08:46] C:\Program Files\Fichiers communs\System
[20/03/2009|08:38] C:\Program Files\Fichiers communs\Windows Live
[12/02/2008|20:21] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 52 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\ALLUSE~1\APPLIC~1\Loud spam else tool
C:\DOCUME~1\NOTARA~1\APPLIC~1\showlist
C:\Program Files\showlist
C:\WINDOWS\Tasks\A283374A9168A7B2.job

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-28 08:38:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 774

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\NOTARA~1\Bureau\tibout\ORDI ESBY\DRIVERS\Adobe Photoshop Cs v8[1].0.1 Crack-Fr.exe

[F:35][D:20]-> C:\DOCUME~1\NOTARA~1\LOCALS~1\Temp
[F:59][D:0]-> C:\DOCUME~1\NOTARA~1\Cookies
[F:18][D:4]-> C:\DOCUME~1\NOTARA~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 28/07/2009| 8:40 - Option : [1]

--------------------\\ Fin du rapport a 8:40:27
0
Réponse 23 / 35
Utilisateur anonyme
 
Ok,
Reprends LOP'S et cette fois choisis l'option:2
Ne te sert pas du PC pendant la suppression.

Copies/colles le rapport stp...

a+
0
Réponse 24 / 35
angelcath
 
Voici le new rapport avec l'option 2

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : NOTARANGELO ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090727-0] 4.8.1335 (Not Activated)
C:\ (Local Disk) - NTFS - Total:295 Go (Free:161 Go)
D:\ (Local Disk) - NTFS - Total:298 Go (Free:245 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB) - FAT32 - Total:3892 Mo (Free:3 Go)
L:\ (USB) - FAT - Total:1935 Mo (Free:0 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 28/07/2009|14:12 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\WINDOWS\Tasks\A283374A9168A7B2.job
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Loud spam else tool
Supprime! - C:\DOCUME~1\NOTARA~1\APPLIC~1\showlist
Supprime! - C:\Program Files\showlist

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans APPLIC~1

[24/11/2007|12:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\GTek
[19/08/2004|15:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[24/11/2007|11:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
[19/08/2004|15:10] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[24/11/2007|12:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\Roxio

[17/03/2009|18:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[26/04/2009|14:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[24/03/2009|22:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[09/12/2007|12:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[01/05/2008|13:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[05/07/2009|22:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[22/12/2007|22:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[27/07/2009|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[10/01/2009|20:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Brother
[29/09/2008|18:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonIJPLM
[24/04/2008|19:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ciel
[19/01/2008|16:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[24/11/2007|12:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Dell
[14/06/2009|13:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
[30/12/2008|22:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[28/07/2009|13:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[24/11/2007|12:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Gtek
[24/11/2007|11:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[15/02/2009|13:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
[15/02/2009|13:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[09/12/2007|13:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[29/04/2008|17:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[19/12/2007|08:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
[20/06/2009|10:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[31/05/2009|22:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[11/09/2008|10:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
[02/05/2009|17:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
[02/05/2009|17:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle Studio
[09/12/2007|12:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prism
[19/01/2008|16:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio
[19/08/2004|15:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[01/02/2009|01:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft
[24/11/2007|12:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[19/07/2009|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[24/04/2008|18:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
[24/11/2007|12:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SupportSoft
[28/04/2008|20:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[26/04/2008|22:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Uniblue
[26/12/2007|19:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ViaMichelin
[28/12/2007|19:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[12/02/2008|20:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[24/11/2007|12:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\GTek
[19/08/2004|15:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[24/11/2007|11:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InstallShield
[19/08/2004|15:10] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[24/11/2007|12:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Roxio

[19/08/2004|15:10] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[24/11/2007|12:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Roxio

[19/08/2004|15:10] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[09/03/2008|18:15] C:\DOCUME~1\NOTARA~1\APPLIC~1\1&1
[29/03/2008|17:35] C:\DOCUME~1\NOTARA~1\APPLIC~1\Adobe
[10/12/2007|10:59] C:\DOCUME~1\NOTARA~1\APPLIC~1\AdobeUM
[09/06/2009|18:35] C:\DOCUME~1\NOTARA~1\APPLIC~1\AdSigner
[17/05/2009|19:43] C:\DOCUME~1\NOTARA~1\APPLIC~1\Ahead
[03/02/2009|22:55] C:\DOCUME~1\NOTARA~1\APPLIC~1\Apple Computer
[01/02/2009|01:25] C:\DOCUME~1\NOTARA~1\APPLIC~1\Canon
[01/04/2008|20:29] C:\DOCUME~1\NOTARA~1\APPLIC~1\Classes de site
[07/02/2009|21:47] C:\DOCUME~1\NOTARA~1\APPLIC~1\cmw
[19/01/2008|16:54] C:\DOCUME~1\NOTARA~1\APPLIC~1\CyberLink
[10/07/2008|18:21] C:\DOCUME~1\NOTARA~1\APPLIC~1\DataCast
[16/03/2008|17:21] C:\DOCUME~1\NOTARA~1\APPLIC~1\DivX
[21/02/2008|19:26] C:\DOCUME~1\NOTARA~1\APPLIC~1\Dynamique
[22/06/2009|22:11] C:\DOCUME~1\NOTARA~1\APPLIC~1\FileZilla
[08/02/2009|23:41] C:\DOCUME~1\NOTARA~1\APPLIC~1\Funambol
[08/12/2007|22:15] C:\DOCUME~1\NOTARA~1\APPLIC~1\Google
[09/12/2007|14:06] C:\DOCUME~1\NOTARA~1\APPLIC~1\GTek
[19/08/2004|15:24] C:\DOCUME~1\NOTARA~1\APPLIC~1\Identities
[24/11/2007|11:58] C:\DOCUME~1\NOTARA~1\APPLIC~1\InstallShield
[30/08/2008|21:37] C:\DOCUME~1\NOTARA~1\APPLIC~1\LimeWire
[15/02/2009|13:35] C:\DOCUME~1\NOTARA~1\APPLIC~1\Logitech
[09/12/2007|13:08] C:\DOCUME~1\NOTARA~1\APPLIC~1\Macromedia
[29/04/2008|17:20] C:\DOCUME~1\NOTARA~1\APPLIC~1\Malwarebytes
[27/07/2009|23:11] C:\DOCUME~1\NOTARA~1\APPLIC~1\Memeo
[02/07/2009|08:19] C:\DOCUME~1\NOTARA~1\APPLIC~1\Microsoft
[08/02/2009|16:12] C:\DOCUME~1\NOTARA~1\APPLIC~1\Mozilla
[30/04/2008|21:28] C:\DOCUME~1\NOTARA~1\APPLIC~1\Opera
[27/04/2008|17:50] C:\DOCUME~1\NOTARA~1\APPLIC~1\PC Tools
[25/08/2008|19:51] C:\DOCUME~1\NOTARA~1\APPLIC~1\Roxio
[13/03/2008|21:17] C:\DOCUME~1\NOTARA~1\APPLIC~1\Sites
[10/12/2007|15:21] C:\DOCUME~1\NOTARA~1\APPLIC~1\Sun
[27/04/2008|17:46] C:\DOCUME~1\NOTARA~1\APPLIC~1\SUPERAntiSpyware.com
[09/06/2008|20:52] C:\DOCUME~1\NOTARA~1\APPLIC~1\TaoUSign
[10/12/2007|18:07] C:\DOCUME~1\NOTARA~1\APPLIC~1\Template
[26/04/2008|22:48] C:\DOCUME~1\NOTARA~1\APPLIC~1\Uniblue
[13/12/2007|21:17] C:\DOCUME~1\NOTARA~1\APPLIC~1\vlc
[09/05/2008|14:53] C:\DOCUME~1\NOTARA~1\APPLIC~1\VMNTOOLBAR
[09/01/2008|19:11] C:\DOCUME~1\NOTARA~1\APPLIC~1\Voxmobili
[13/04/2008|17:58] C:\DOCUME~1\NOTARA~1\APPLIC~1\WinRAR
[15/03/2008|13:44] C:\DOCUME~1\NOTARA~1\APPLIC~1\Yahoo!

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[28/07/2009 14:08][--a------] C:\WINDOWS\tasks\Google Software Updater.job
[21/07/2009 17:41][--a------] C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job
[27/04/2008 10:44][--a------] C:\WINDOWS\tasks\Uniblue SpyEraser.job
[14/07/2009 14:25][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[28/07/2009 08:30][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[09/03/2008|18:15] C:\Program Files\1&1
[09/12/2007|11:43] C:\Program Files\802.11g USB2.0 Adapter
[24/03/2009|22:44] C:\Program Files\Adobe
[27/04/2008|17:44] C:\Program Files\Advanced Diary
[01/05/2008|13:26] C:\Program Files\Ahead
[26/12/2008|14:28] C:\Program Files\Alcohol Soft
[18/12/2007|22:30] C:\Program Files\Alwil Software
[30/01/2009|19:37] C:\Program Files\Apple Software Update
[01/05/2008|12:10] C:\Program Files\a-squared Anti-Malware
[18/04/2009|20:37] C:\Program Files\Audio Edit Magic
[28/12/2007|23:46] C:\Program Files\AvantGo
[16/12/2007|15:08] C:\Program Files\AvantGo Connect
[27/07/2009|20:44] C:\Program Files\Avira
[24/11/2008|21:30] C:\Program Files\Bandoo
[26/04/2009|14:37] C:\Program Files\Bonjour
[01/02/2009|01:29] C:\Program Files\Brother
[01/02/2009|01:26] C:\Program Files\Canon
[19/07/2009|11:53] C:\Program Files\CCleaner
[04/05/2009|23:19] C:\Program Files\Ciel
[15/02/2009|13:35] C:\Program Files\Common Files
[19/08/2004|15:15] C:\Program Files\ComPlus Applications
[24/11/2007|12:01] C:\Program Files\CyberLink
[24/11/2007|12:04] C:\Program Files\Dell Support Center
[24/11/2007|12:04] C:\Program Files\DellSupport
[01/02/2009|01:22] C:\Program Files\DivX
[27/07/2009|20:00] C:\Program Files\Fichiers communs
[18/05/2009|21:07] C:\Program Files\FileZilla FTP Client
[08/02/2009|23:40] C:\Program Files\Funambol
[30/12/2008|22:17] C:\Program Files\Google
[01/10/2008|19:47] C:\Program Files\Hewlett-Packard
[01/10/2008|19:50] C:\Program Files\HP
[02/05/2009|17:20] C:\Program Files\InstallShield Installation Information
[24/11/2007|11:58] C:\Program Files\Intel
[13/06/2009|01:25] C:\Program Files\Internet Explorer
[05/07/2009|22:22] C:\Program Files\iPod
[05/07/2009|22:22] C:\Program Files\iTunes
[03/02/2009|08:50] C:\Program Files\Java
[08/12/2008|21:24] C:\Program Files\Kit Internet Mobile Bouygues Telecom
[27/07/2009|20:07] C:\Program Files\Lavalys
[01/06/2008|15:04] C:\Program Files\LimeWire
[03/06/2008|17:30] C:\Program Files\LimeWire Pro
[15/02/2009|13:35] C:\Program Files\Logitech
[09/12/2007|13:06] C:\Program Files\Macromedia
[27/07/2009|22:55] C:\Program Files\Malwarebytes' Anti-Malware
[13/02/2008|18:55] C:\Program Files\MarkAny
[06/02/2009|20:20] C:\Program Files\Merlin - plateforme
[08/02/2009|17:01] C:\Program Files\Messenger
[30/04/2008|08:01] C:\Program Files\Micro Application
[20/03/2009|08:46] C:\Program Files\Microsoft
[17/06/2008|16:54] C:\Program Files\Microsoft ActiveSync
[30/09/2008|21:58] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[19/08/2004|15:18] C:\Program Files\microsoft frontpage
[17/03/2009|15:04] C:\Program Files\Microsoft Office
[20/03/2009|08:46] C:\Program Files\Microsoft Office Outlook Connector
[23/07/2009|18:00] C:\Program Files\Microsoft Silverlight
[20/03/2009|08:45] C:\Program Files\Microsoft SQL Server Compact Edition
[13/06/2009|01:28] C:\Program Files\Microsoft Works
[09/12/2007|18:05] C:\Program Files\Microsoft.NET
[08/02/2009|16:58] C:\Program Files\Movie Maker
[28/07/2009|08:43] C:\Program Files\Mozilla Firefox
[07/02/2009|21:44] C:\Program Files\MSBuild
[17/03/2009|15:04] C:\Program Files\MSECache
[19/08/2004|15:14] C:\Program Files\MSN
[19/08/2004|15:14] C:\Program Files\MSN Gaming Zone
[10/12/2007|00:13] C:\Program Files\MSXML 4.0
[24/11/2007|11:53] C:\Program Files\MSXML 6.0
[29/04/2008|17:19] C:\Program Files\Navilog1
[08/02/2009|16:56] C:\Program Files\NetMeeting
[31/05/2009|22:05] C:\Program Files\NOS
[19/08/2004|15:15] C:\Program Files\Online Services
[30/04/2008|21:23] C:\Program Files\Opera
[01/05/2008|12:14] C:\Program Files\Orange
[08/02/2009|16:56] C:\Program Files\Outlook Express
[01/01/2009|15:55] C:\Program Files\Overland
[13/10/2008|19:14] C:\Program Files\Picasa2
[02/05/2009|17:20] C:\Program Files\Pinnacle
[16/12/2007|12:53] C:\Program Files\Quark
[05/07/2009|22:18] C:\Program Files\QuickTime
[07/02/2009|21:42] C:\Program Files\Reference Assemblies
[15/07/2009|17:46] C:\Program Files\Registry Mechanic
[24/11/2007|12:01] C:\Program Files\Roxio
[17/03/2009|18:31] C:\Program Files\Safari
[10/07/2008|18:20] C:\Program Files\Samsung
[29/09/2008|19:01] C:\Program Files\ScanSoft
[16/03/2009|11:36] C:\Program Files\Screamer Radio
[09/12/2007|12:50] C:\Program Files\Services en ligne
[19/07/2009|11:58] C:\Program Files\SiteMap Generator
[01/05/2008|13:18] C:\Program Files\SodeaSoft
[21/04/2009|20:50] C:\Program Files\Spybot - Search & Destroy
[28/04/2008|20:51] C:\Program Files\Spyware Doctor
[28/07/2008|11:51] C:\Program Files\Sun
[27/04/2008|17:46] C:\Program Files\SUPERAntiSpyware
[21/05/2008|21:20] C:\Program Files\T‚l‚chargement PHOTOWAYS
[28/04/2008|20:01] C:\Program Files\ToniArts
[28/04/2008|18:57] C:\Program Files\Trend Micro
[26/04/2008|22:48] C:\Program Files\Uniblue
[30/04/2008|08:04] C:\Program Files\Uninstall Information
[26/12/2007|19:14] C:\Program Files\ViaMichelin
[13/12/2007|21:15] C:\Program Files\VideoLAN
[01/04/2008|20:29] C:\Program Files\Visicom Media
[09/05/2008|14:53] C:\Program Files\vmntoolbar
[27/07/2009|20:02] C:\Program Files\Western Digital
[27/07/2009|19:21] C:\Program Files\Western Digital Corporation
[21/03/2009|20:34] C:\Program Files\Windows Live
[26/04/2009|13:39] C:\Program Files\Windows Live Safety Center
[20/03/2009|08:44] C:\Program Files\Windows Live SkyDrive
[20/06/2009|10:48] C:\Program Files\Windows Media Connect 2
[20/06/2009|10:53] C:\Program Files\Windows Media Player
[08/02/2009|16:56] C:\Program Files\Windows NT
[19/08/2004|15:16] C:\Program Files\WindowsUpdate
[13/04/2008|17:58] C:\Program Files\WinRAR
[19/08/2004|15:18] C:\Program Files\xerox
[05/04/2009|09:54] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[30/12/2007|18:19] C:\Program Files\Fichiers communs\Adobe
[09/12/2007|12:59] C:\Program Files\Fichiers communs\Adobe Systems Shared
[01/05/2008|13:25] C:\Program Files\Fichiers communs\Ahead
[05/07/2009|22:22] C:\Program Files\Fichiers communs\Apple
[28/09/2008|22:25] C:\Program Files\Fichiers communs\CANON
[02/05/2009|16:00] C:\Program Files\Fichiers communs\Ciel
[09/12/2007|18:06] C:\Program Files\Fichiers communs\DESIGNER
[27/07/2009|23:12] C:\Program Files\Fichiers communs\eSellerate
[10/01/2009|20:14] C:\Program Files\Fichiers communs\InstallShield
[24/11/2007|11:54] C:\Program Files\Fichiers communs\Java
[15/02/2009|13:35] C:\Program Files\Fichiers communs\Logishrd
[09/12/2007|13:06] C:\Program Files\Fichiers communs\Macromedia
[09/12/2007|13:06] C:\Program Files\Fichiers communs\Macromedia Shared
[30/12/2007|18:25] C:\Program Files\Fichiers communs\Macrovision Shared
[20/03/2009|08:44] C:\Program Files\Fichiers communs\Microsoft Shared
[19/08/2004|15:16] C:\Program Files\Fichiers communs\MSSoap
[19/08/2004|15:10] C:\Program Files\Fichiers communs\ODBC
[24/11/2007|11:59] C:\Program Files\Fichiers communs\Roxio Shared
[24/04/2008|18:28] C:\Program Files\Fichiers communs\Sage
[19/08/2004|15:16] C:\Program Files\Fichiers communs\Services
[24/11/2007|11:59] C:\Program Files\Fichiers communs\Sonic Shared
[19/08/2004|15:10] C:\Program Files\Fichiers communs\SpeechEngines
[24/11/2007|12:04] C:\Program Files\Fichiers communs\supportsoft
[24/11/2007|11:59] C:\Program Files\Fichiers communs\SureThing Shared
[20/03/2009|08:46] C:\Program Files\Fichiers communs\System
[20/03/2009|08:38] C:\Program Files\Fichiers communs\Windows Live
[12/02/2008|20:21] C:\Program Files\Fichiers communs\WindowsLiveInstaller

--------------------\\ Process

( 54 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-28 14:13:22
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 774

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\NOTARA~1\Bureau\tibout\ORDI ESBY\DRIVERS\Adobe Photoshop Cs v8[1].0.1 Crack-Fr.exe

[F:40][D:20]-> C:\DOCUME~1\NOTARA~1\LOCALS~1\Temp
[F:59][D:0]-> C:\DOCUME~1\NOTARA~1\Cookies
[F:78][D:4]-> C:\DOCUME~1\NOTARA~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 28/07/2009| 8:40 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 28/07/2009|14:14 - Option : [2]

--------------------\\ Fin du rapport a 14:14:21
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 35
Utilisateur anonyme
 
Comment se comporte le pc maintenant ?

a+
0
Réponse 26 / 35
angelcath
 
Niveau connexion internet, ça va beaucoup mieux depuis hier. Je n'ai pas eu de plantage depuis.
Peux tu me dire si je peux garder toutes les manips que tu m'as fait faire pour des check up régulier genre une fois par mois ?
merci encore pour ton aide
a priori j'ai plus de virus là ?
0
Réponse 27 / 35
Utilisateur anonyme
 
Remets un nouveau RSIT pour vérif stp...

a+
0
Réponse 28 / 35
angelcath
 
aaah mais ça n'en finit jamais lol !!!
Voila le rapport :

Logfile of random's system information tool 1.06 (written by random/random)
Run by NOTARANGELO at 2009-07-29 11:50:15
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 165 GB (55%) free of 302 GB
Total RAM: 3326 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:20, on 29/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Documents and Settings\NOTARANGELO\Bureau\logiciels\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\NOTARANGELO.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=4071124
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/hws/sb/dell-row/fr/side.html?channel=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=4071124
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=064YmzZhQyLQZ2bhLnnMTpJf8_E
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\NOTARA~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
0
Réponse 29 / 35
Utilisateur anonyme
 
Ben non pas fini encore....
Toujours bien infecté:

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

0
Réponse 30 / 35
angelcath
 
ComboFix 09-07-28.04 - NOTARANGELO 29/07/2009 12:34.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3326.2734 [GMT 2:00]
Running from: c:\documents and settings\NOTARANGELO\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! antivirus 4.8.1335 [VPS 090728-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\jestertb.dll
c:\windows\patch.exe
c:\windows\system32\muzapp.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-29 )))))))))))))))))))))))))))))))
.

2009-07-28 06:35 . 2009-07-28 12:14 -------- d-----w- C:\Lop SD
2009-07-27 19:31 . 2009-07-27 19:31 -------- d-----w- c:\documents and settings\NOTARANGELO\Local Settings\Application Data\PCHealth
2009-07-27 18:55 . 2009-07-27 19:49 -------- d-----w- C:\UsbFix
2009-07-27 18:45 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-27 18:45 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-27 18:44 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-27 18:44 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-27 18:44 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-27 18:44 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-27 18:44 . 2009-07-27 18:44 -------- d-----w- c:\program files\Avira
2009-07-27 18:44 . 2009-07-27 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-27 18:31 . 2009-07-27 18:31 -------- d-----w- C:\rsit
2009-07-27 18:07 . 2009-07-27 18:07 -------- d-----w- c:\program files\Lavalys
2009-07-27 18:04 . 2009-07-27 21:11 -------- d-----w- c:\documents and settings\NOTARANGELO\Application Data\Memeo
2009-07-27 18:02 . 2009-07-27 18:02 -------- d-----w- c:\program files\Western Digital
2009-07-27 18:01 . 2009-07-27 18:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ServiceTest
2009-07-27 18:00 . 2009-07-27 21:12 -------- d-----w- c:\program files\Fichiers communs\eSellerate
2009-07-27 17:21 . 2009-07-27 17:21 -------- d-----w- c:\program files\Western Digital Corporation
2009-07-19 09:53 . 2009-07-19 09:53 -------- d-----w- c:\program files\CCleaner
2009-07-18 05:46 . 2009-07-27 18:01 -------- d-----w- c:\documents and settings\NOTARANGELO\Local Settings\Application Data\Temp
2009-07-05 20:22 . 2009-07-05 20:22 -------- d-----w- c:\program files\iPod
2009-07-05 20:17 . 2009-07-05 20:18 -------- d-----w- c:\program files\QuickTime
2009-07-05 20:12 . 2009-07-05 20:12 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-28 11:59 . 2007-12-23 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-27 20:55 . 2008-04-29 15:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-23 16:00 . 2009-03-20 06:46 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-19 09:58 . 2009-02-14 07:56 -------- d-----w- c:\program files\SiteMap Generator
2009-07-19 09:56 . 2009-04-21 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-05 20:22 . 2009-01-30 17:40 -------- d-----w- c:\program files\iTunes
2009-07-05 20:22 . 2008-05-19 20:29 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-07-05 20:15 . 2008-04-30 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-22 20:11 . 2008-04-13 15:02 -------- d-----w- c:\documents and settings\NOTARANGELO\Application Data\FileZilla
2009-06-20 08:48 . 2009-06-20 08:48 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-16 14:40 . 2004-08-19 13:03 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:40 . 2004-08-19 13:03 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-14 11:07 . 2007-12-30 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-06-13 06:47 . 2004-08-19 13:03 85034 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-13 06:47 . 2004-08-19 13:03 509216 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-12 23:28 . 2007-11-24 09:58 -------- d-----w- c:\program files\Microsoft Works
2009-06-09 16:35 . 2009-06-09 16:35 -------- d-----w- c:\documents and settings\NOTARANGELO\Application Data\AdSigner
2009-06-05 09:42 . 2009-03-17 16:35 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 09:42 . 2008-07-28 20:23 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 19:10 . 2004-08-19 13:03 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-05-31 20:05 . 2009-05-31 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-05-31 20:05 . 2009-05-31 20:05 -------- d-----w- c:\program files\NOS
2009-05-08 20:53 . 2009-04-18 18:38 25439 ----a-w- C:\aem8.dat
2009-05-07 15:33 . 2004-08-19 13:03 348672 ----a-w- c:\windows\system32\localspl.dll
2009-05-02 15:25 . 2007-11-24 10:07 110696 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-02 14:21 . 2008-04-24 17:19 795 ----a-w- c:\documents and settings\All Users\Application Data\Ciel\Données communes\pdf.dll
2009-07-22 19:59 . 2009-03-21 20:47 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-09-20 06:53 . 2008-09-20 06:53 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-27 8429568]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 136600]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"RoxWatchTray"="c:\program files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-10 188416]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-07-16 16132608]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2007-12-30 295606]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 11:30 72208 ----a-w- c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^802.11g USB 2.0 adapter Setting.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\802.11g USB 2.0 adapter Setting.lnk
backup=c:\windows\pss\802.11g USB 2.0 adapter Setting.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^La Solution Ciel.lnk]
backup=c:\windows\pss\La Solution Ciel.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logiciel de Synchronisation Orange.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logiciel de Synchronisation Orange.lnk
backup=c:\windows\pss\Logiciel de Synchronisation Orange.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^NOTARANGELO^Menu Démarrer^Programmes^Démarrage^802.11g USB 2.0 adapter Setting.lnk]
backup=c:\windows\pss\802.11g USB 2.0 adapter Setting.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^NOTARANGELO^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=c:\documents and settings\NOTARANGELO\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^NOTARANGELO^Menu Démarrer^Programmes^Démarrage^Party Poker.lnk]
backup=c:\windows\pss\Party Poker.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [28/07/2008 11:46 114768]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [27/07/2009 20:44 108289]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28/07/2008 11:46 20560]
R3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [10/02/2008 12:36 223232]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [31/05/2009 22:05 33176]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [24/11/2007 12:05 29744]
S3 Neotexxk;Neotexxk; [x]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [27/04/2008 17:50 747912]
.
Contents of the 'Scheduled Tasks' folder

2009-07-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-07-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-23 06:06]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{A057A204-BACC-4D26-8287-79A187E26987} - (no file)
HKLM-Run-RegistryMechanic - (no file)

.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://127.0.0.1:4664/first_usage&s=064YmzZhQyLQZ2bhLnnMTpJf8_E
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: secuser.com\www
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\NOTARANGELO\Application Data\Mozilla\Firefox\Profiles\c3u30cxl.Cath\
FF - prefs.js: browser.startup.homepage - hxxp://www.netvibes.com/
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-29 12:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1044552773-1505849392-2231778507-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7B752E72-F62B-D9AF-208B-F373707373AE}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"kagdjilhjodalpibcibcjo"=hex:67,61,65,65,68,69,6a,6b,6a,69,69,67,61,62,00,00
"kagdjilhjodalpibcibcko"=hex:66,61,65,68,65,61,66,6a,69,64,6c,66,00,6b

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,ca,fc,9e,be,a0,
43,81,8d,c8,28,51,af,b0,29,a3,98,55,0a,63,03,ad,67,f6,24,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,e8,0e,0f,e5,8b,
fd,3d,ed,71,3b,04,66,8b,46,0d,96,f6,f8,02,0a,58,c5,d0,a9,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,18,9b,2e,2a,52,
c6,44,dd,25,da,ec,7e,55,20,c9,26,ab,64,13,1b,ea,32,77,18,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,f3,af,33,78,65,
06,c8,4d,3e,1e,9e,e0,57,5a,93,61,3b,f1,11,21,ca,c0,0d,f9,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,b2,31,33,41,9a,
55,85,a5,cd,44,cd,b9,a6,33,6c,cd,4d,0e,91,2d,c0,91,1a,63,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,b0,86,3f,d7,41,
3e,4c,bf,b0,18,ed,a7,3f,8d,37,a4,b0,fe,87,d3,d6,44,9b,52,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,63,39,f7,a5,96,
00,cc,fc,31,77,e1,ba,b1,f8,68,02,17,c4,6a,b3,43,e7,9c,aa,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,7a,c9,8e,c5,8d,
df,2e,ba,83,6c,56,8b,a0,85,96,ab,19,3e,51,1f,f1,e7,fb,08,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,f2,01,2b,23,4f,
cf,b6,fc,51,fa,6e,91,28,9e,14,cc,ea,b9,e7,91,1d,26,58,1a,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,6b,ad,a7,3a,32,
db,a9,4a,b1,cd,45,5a,a8,c4,f8,b9,f8,b6,e1,8c,e1,fe,19,58,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,1e,a3,3b,a5,f4,
4a,20,0e,e3,0e,66,d5,eb,bc,2f,6b,61,43,a8,47,a9,dc,50,a8,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,97,ec,02,d6,67,
1d,0a,91,fa,ea,66,7f,d4,3b,6b,70,f9,08,b8,f4,4f,34,c8,0d,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3596)
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\ijplmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\rundll32.exe
c:\program files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\program files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
.
**************************************************************************
.
Completion time: 2009-07-29 12:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-29 10:52

Pre-Run: 173 208 526 848 octets libres
Post-Run: 173 295 591 424 octets libres

317 --- E O F --- 2009-07-27 21:24
0
Réponse 31 / 35
Utilisateur anonyme
 
Super...

Un nouveau RSIT stp...

a+
0
Réponse 32 / 35
angelcath
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by NOTARANGELO at 2009-07-29 13:31:51
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 165 GB (55%) free of 302 GB
Total RAM: 3326 MB (83% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:31:55, on 29/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\NOTARANGELO\Bureau\logiciels\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\NOTARANGELO.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=4071124
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=064YmzZhQyLQZ2bhLnnMTpJf8_E
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\NOTARA~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
0
Réponse 33 / 35
Utilisateur anonyme
 
Impec....

- Mets Adobe à jour :(faille de sécurité)
https://adobe-reader.fr.softonic.com/

- Pour desinstaller les outils utilisés

Telecharge ToolsCleaner2--> http://pc-system.fr/
-Une fois téléchargé, installe-le et lance-le
-Clique sur Recherche et laisse le scan se terminer
-Clique sur SUPPRESSION
-Clique sur Quitter pour que le rapport puisse se créer
-Poste moi le rapport se trouvant ici--> C:\TCleaner.txt

puis

---> Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

* Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
* Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs tant de fois qu il en trouve a l analyse(Sauvegarde la base de registre).
* Décoche la case plus vieux que 48 h

---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger :
XP:
https://www.tayo.fr/desactiver-restauration-systeme-sur-windows-xp-tutoriel.php
VISTA:
https://www.tayo.fr/desactiver-restauration-windows-vista-tutoriel.php

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
https://www.vulgarisation-informatique.com/creer-point-restauration.php

a+

0
Réponse 34 / 35
angelcath
 
Voila le rapport (plus bas)
J'ai créé un point de restauration. Je n'ai pas bien compris a quoi servait de cocher et decocher la restauration systeme.
Est ce que tout est fini là ?
Pourquoi as tu supprimé tous les outils que tu m'as fait installer ? Ne pouvais je pas les garder pour des check up régulier ?
Peux tu me dire la liste des outils je dois avoir (antivirus, etc) pour ne pas me chopper à nouveau des pb ? quel est le check up régulier à faire ?
Je suis en train de reprendre la manip que tu m'as donné pour nettoyer mon netbook qui est ralenti aussi. N'est ce pas risqué ?
Merci à toi encore une fois, c chouette et qu'est ce que ça va vite le net depuis lol waouhh je surf grave lol !

[ Rapport ToolsCleaner version 2.3.9 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\fixnavi.txt: trouvé !
C:\lopR.txt: trouvé !
C:\UsbFix.txt: trouvé !
C:\Lop SD: trouvé !
C:\Qoobox: trouvé !
C:\UsbFix: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\NOTARANGELO\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\NOTARANGELO\Bureau\logiciels\HijackThis.lnk: trouvé !
C:\Documents and Settings\NOTARANGELO\Bureau\logiciels\LopSD.exe: trouvé !
C:\Documents and Settings\NOTARANGELO\Bureau\logiciels\HJTInstall.exe: trouvé !
C:\Documents and Settings\NOTARANGELO\Bureau\logiciels\UsbFix.lnk: trouvé !
C:\Documents and Settings\NOTARANGELO\Bureau\logiciels\Rsit.exe: trouvé !
C:\Documents and Settings\NOTARANGELO\Bureau\tibout\UsbFix.exe: trouvé !
C:\Documents and Settings\NOTARANGELO\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\NOTARANGELO\Menu Démarrer\Programmes\UsbFix: trouvé !
C:\Documents and Settings\NOTARANGELO\Menu Démarrer\Programmes\UsbFix\UsbFix.lnk: trouvé !
C:\Lop SD\catchme.exe: trouvé !
C:\Lop SD\catchme.log: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\NOTARANGELO\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\NOTARANGELO\Bureau\logiciels\HijackThis.lnk: supprimé !
C:\Documents and Settings\NOTARANGELO\Bureau\logiciels\LopSD.exe: supprimé !
C:\Documents and Settings\NOTARANGELO\Bureau\logiciels\HJTInstall.exe: supprimé !
C:\Lop SD\catchme.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\fixnavi.txt: supprimé !
C:\lopR.txt: supprimé !
C:\UsbFix.txt: supprimé !
C:\Documents and Settings\NOTARANGELO\Bureau\logiciels\UsbFix.lnk: supprimé !
C:\Documents and Settings\NOTARANGELO\Bureau\logiciels\Rsit.exe: supprimé !
C:\Documents and Settings\NOTARANGELO\Bureau\tibout\UsbFix.exe: supprimé !
C:\Documents and Settings\NOTARANGELO\Menu Démarrer\Programmes\UsbFix\UsbFix.lnk: supprimé !
C:\Lop SD\catchme.log: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox\Quarantine\catchme.log: supprimé !
C:\Lop SD: supprimé !
C:\Qoobox: supprimé !
C:\UsbFix: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\NOTARANGELO\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Documents and Settings\NOTARANGELO\Menu Démarrer\Programmes\UsbFix: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
0
Réponse 35 / 35
Utilisateur anonyme
 
Ravi que " ça surf grave" .....

Est ce que tout est fini là ?==> oui...

Je n'ai pas bien compris a quoi servait de cocher et decocher la restauration systeme.
==> j'espere que tu as bien redémarré après avoir décoché la case...puis redémarré le pc et recocher la case !

En gros, si tu souhaites faire une restauration de ton pc à une date antérieure, il vaut mieux que ce point de restauration soit sain non?
--> Le fait de purger la restauration permet de virer les anciens points de restauration qui etaient contaminés!

Pourquoi as tu supprimé tous les outils que tu m'as fait installer ? Ne pouvais je pas les garder pour des check up régulier ?
==> Ces outils sont specifiques et non générlistes....et de plus mis a jour régulierement!!! et de plus néfastes si pas utilisés a bon escient .

Peux tu me dire la liste des outils je dois avoir (antivirus, etc) pour ne pas me chopper à nouveau des pb ? quel est le check up régulier à faire ?
==> Concernant Avast:
http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/avast-protege-sujet_44722_1.htm
-Désinstaller avast proprement:
https://www.avast.com/fr-fr/uninstall-utility
-ANTIVIR EN FRANCAIS +TUTO D'INSTALLATION
http://www.oxygenepc.com/forum/tuto-installation-d-antivir-t459.html

En resident:
SPYBOT
A utiliser regulièrement:
CCLEANER
MALWAREBYTES

a+

0

Discussions similaires

Xiaomi Redmi Note 11 : volume augment tout seul
Wasa -
oblixx -

3 réponses