Demande l'aide au nettoyage de mon PC

Sayon -  
 Utilisateur anonyme -
Bonjour,
je suis désireux de faire un grand nettoyage de mon ordinateur. En effet depuis quelque semaine il commence a RAMER énormement et je ne vous parle pas de la vitesse d'affichage de certaines page internet. De plus lorsque je lance un MMORPG de la game Gpotato ou NCsoft il reboot ... C'est pourquoi je vous demande un petit coup de main voici le premier rapport HijackThis: 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:43, on 28/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Downloads\Software\hijackthis-2.0.2.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\hijackthis-2.0.2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Fichiers communs\Justdo\Jd2002.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_S11B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Buddy Central Service 2 (BuddyCentralService) - Unknown owner - O:\versus gb\gbserv\BuddyCenter\BuddyCenter2.exe
O23 - Service: Buddy Service 2 (BuddyService) - Unknown owner - O:\versus gb\gbserv\BuddyServ\BuddyServ2.exe
O23 - Service: GunBoundXPBroker[8372] - Unknown owner - O:\versus gb\gbserv\Central\GunBoundBroker3.exe
O23 - Service: GunBoundXPServ[8360] - Unknown owner - O:\versus gb\gbserv\Server8360\GunBoundServ3.exe
O23 - Service: GunBoundXPServ[8361] - Unknown owner - O:\versus gb\gbserv\Server8361\GunBoundServ3.exe
O23 - Service: GunBoundXPServ[8362] - Unknown owner - O:\versus gb\gbserv\Server8362\GunBoundServ3.exe
O23 - Service: GunBoundXPServ[8363] - Unknown owner - O:\versus gb\gbserv\Server8363\GunBoundServ3.exe
O23 - Service: Service Google Update (gupdate1ca2dc65a610444) (gupdate1ca2dc65a610444) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - https://sourceforge.net/p/libusb-win32/wiki/Home/ - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 12971 bytes
A voir également:

25 réponses

  • 1
  • 2
Réponse 1 / 25
Sayon
 
S'il vous plait ... Quelqu'un pour m'aider ???
0
Réponse 2 / 25
Utilisateur anonyme
 
salut :

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent

▶ Télécharge List&Kill'em et enregistre le sur ton bureau

Il ne necessite pas d'installation

▶double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

choisis la langue puis choisis l'option 1 = Mode Recherche

▶laisse travailler l'outil

le rapport va s'afficher , une fois le scan fini

▶colle le contenu dans ta prochaine réponse
0
Réponse 3 / 25
Sayon
 
Bonjour,

Désolé de la longueur entre le dernier poste et celui ci, j'étais partie en déplacement .
Voici le rapport du logiciel

List'em by g3n-h@ckm@n 1.0.4.8

Thx to Chiquitine29.....

User : Compaq_Propriétaire (Administrateurs) # KURO
Update on 29/10/2009 by g3n-h@ckm@n ::::: 18.30
Start at: 13:57:49 | 02/11/2009
Contact : g3n-h@ckm@n sur CCM

AMD Athlon(tm) 64 Processor 3400+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : AVG Anti-Virus Free 8.5 [ Enabled | Updated ]

C:\ -> Disque fixe local | 180,3 Go (3,53 Go free) [PRESARIO] | NTFS
E:\ -> Disque CD-ROM | 646,71 Mo (0 Mo free) [K2_UK_V_1_0_DSC_] | CDFS
F:\ -> Disque fixe local | 111,79 Go (25,48 Go free) | NTFS
G:\ -> Disque CD-ROM
L:\ -> Disque CD-ROM
M:\ -> Disque CD-ROM
O:\ -> Disque fixe local | 232,88 Go (110,6 Go free) [local] | NTFS
Z:\ -> Disque fixe local | 5,99 Go (2,34 Go free) [PRESARIO_RP] | FAT32
======================
Cles de demarrage "Run"
======================
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"EPSON Stylus DX7400 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATICDE.EXE /FU \"C:\\WINDOWS\\TEMP\\E_S11B.tmp\" /EF \"HKCU\""
"AlcoholAutomount"="\"C:\\Program Files\\Alcohol Soft\\Alcohol 120\\axcmd.exe\" /automount"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Free Download Manager"="\"C:\\Program Files\\Free Download Manager\\fdm.exe\" -autorun"
"PlayNC Launcher"=""

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
"AlcxMonitor"="ALCXMNTR.EXE"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"HP Software Update"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,\
00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,48,00,50,00,5c,00,48,00,\
50,00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,20,00,55,00,70,\
00,64,00,61,00,74,00,65,00,5c,00,48,00,50,00,77,00,75,00,53,00,63,00,68,00,\
64,00,32,00,2e,00,65,00,78,00,65,00,00,00
"AVG8_TRAY"="C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"SearchSettings"="C:\\Program Files\\Search Settings\\SearchSettings.exe"
"UnlockerAssistant"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""

=====================
cles additionnelles
=====================
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

===============
===============
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

======
BHO :
======
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
@="WormRadar.com IESiteBlocker.NavFilter"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
@="JQSIEStartDetectorImpl"
"NoExplorer"=dword:00000001

==========================

contenu des autoruns presents
-----------------------------

E:\Autorun.inf :
----------------
[autorun]
OPEN=autorun.exe
ICON=autorun.exe,0

[Disk]
Disk=1
Label1=Disk1

[General]
Language=0
Background=swautorun.bmp
BackgroundSound=background.wav
ClickSound=click.wav
Data=Data

[Messages]
Caption=Star Wars Knights of the Old Republic II: The Sith Lords
InsertPlay=Please insert the Star Wars Knights of the Old Republic II 'Disc 1 - Play Disc'.
InsertInstall=Please insert the Star Wars Knights of the Old Republic II 'Disc 1 - Play Disc'.
CheckCD=Please check your CD for dirt or damage.

[Button1]
x=80
y=128
down=mousedown.bmp
over=mouseover.bmp
up=mousenormal.bmp
label=Install

[Button2]
x=80
y=182
down=mousedown.bmp
over=mouseover.bmp
up=mousenormal.bmp
label=Exit

contenu des autoruns presents
-----------------------------

Z:\Autorun.inf :
----------------
[AUTORUN]
ShellExecute=Info.exe protect.ed 480 480

===============
Path : C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\TortoiseSVN\bin
===============
¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
C:\Program Files\Mozilla Firefox\searchplugins\search.xml
C:\Program Files\Search Settings
C:\WINDOWS\aucfg.ini
C:\WINDOWS\IFinst27.exe
C:\WINDOWS\patch.exe
C:\WINDOWS\System32\_000111_.tmp.dll
C:\WINDOWS\System32\SET103.tmp
C:\WINDOWS\System32\SET104.tmp
C:\WINDOWS\System32\SET106.tmp
C:\WINDOWS\System32\SET107.tmp
C:\WINDOWS\System32\SET108.tmp
C:\WINDOWS\System32\SET10B.tmp
C:\WINDOWS\System32\SET10C.tmp
C:\WINDOWS\System32\SET10D.tmp
C:\WINDOWS\System32\SET27D.tmp
C:\WINDOWS\System32\SET27F.tmp
C:\WINDOWS\System32\SET284.tmp
C:\WINDOWS\System32\SET28B.tmp
C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Dealio
C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Search Settings
C:\Documents and Settings\Compaq_Propri‚taire\LOCAL Settings\Temp\AutoRun.exe
C:\Documents and Settings\Compaq_Propri‚taire\LOCAL Settings\Temp\DWPUpgradeInstaller.exe
C:\Documents and Settings\Compaq_Propri‚taire\LOCAL Settings\Temp\First15.exe
C:\Documents and Settings\Compaq_Propri‚taire\LOCAL Settings\Temp\hijackthis-2.0.2.exe
C:\Documents and Settings\Compaq_Propri‚taire\LOCAL Settings\Temp\jre-6u15-windows-i586-iftw.exe
C:\Documents and Settings\Compaq_Propri‚taire\LOCAL Settings\Temp\msxml6-KB927977-enu-x86.exe
C:\Documents and Settings\Compaq_Propri‚taire\LOCAL Settings\Temp\sspatch.exe
C:\Documents and Settings\Compaq_Propri‚taire\LOCAL Settings\Temp\sspatch2.exe
C:\Documents and Settings\Compaq_Propri‚taire\LOCAL Settings\Temp\VP6Install.exe
C:\Documents and Settings\Compaq_Propri‚taire\LOCAL Settings\Temp\wlsetup-cvr.exe
C:\Documents and Settings\Compaq_Propri‚taire\LOCAL Settings\Temp\tmp112.tmp
C:\Documents and Settings\Compaq_Propri‚taire\LOCAL Settings\Temp\TMP3D.tmp
C:\Documents and Settings\Compaq_Propri‚taire\LOCAL Settings\Temp\TMP57.tmp
C:\Documents and Settings\Compaq_Propri‚taire\LOCAL Settings\Temp\TMPE1.tmp

¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
HKCR\SearchSettings.BHO
HKCR\SearchSettings.BHO.1
HKLM\Software\Classes\SearchSettings.BHO
HKLM\Software\Classes\SearchSettings.BHO.1
HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
HKLM\Software\Dealio
"HKLM\Software\Search Settings"
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}

¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch :

2009-04-15B1W_V23_D-GRF.EXE-347F991E.pf
2009-04-15B_V23_D-GRF.EXE-12C1E2EB.pf
2009-07-29ARAGEXERE X-RAY_PAT-0DF82948.pf
2009-10-13ARAGEXERE_PATCHED.E-0AE4BA6E.pf
ACRO.EXE-07C292D2.pf
ACRO.EXE-31EE9E67.pf
ALG.EXE-275708CF.pf
ARABASTA CHRONICLES.EXE-16FE50A6.pf
ARABASTA CHRONICLES.EXE-32ACA88C.pf
AVGCMGR.EXE-017B654E.pf
AVGCSRVX.EXE-31443687.pf
AVGEMC.EXE-15EBAF8D.pf
AVGNSX.EXE-14F0A211.pf
AVGRSX.EXE-0CBF9C06.pf
AVGTRAY.EXE-11DB8130.pf
AVGUPD.EXE-2AED0BE6.pf
CLIENT_ACRO_V1.0.EXE-23F452F6.pf
CLIENT_ACRO_V1.0.TMP-14CD46E7.pf
CMD.EXE-034B0549.pf
CSCRIPT.EXE-0A13A05C.pf
DAREDEVILRO V4.3B.EXE-0BC5CAEF.pf
DEFRAG.EXE-2858C7E2.pf
DFRGNTFS.EXE-38C3807C.pf
DIFFPATCH.EXE-076D1FEB.pf
DUMPREP.EXE-0AF2BF67.pf
DWWIN.EXE-2C373FB7.pf
FDM.EXE-26D9E559.pf
FIREFOX.EXE-06188867.pf
FIREFOX.EXE-2A1B96AB.pf
FIXCFG.EXE-3A39BB3F.pf
FLASHGOT.EXE-2482EC1B.pf
GOOGLECRASHHANDLER.EXE-2FB258D9.pf
GOOGLECRASHHANDLER.EXE-36491BAC.pf
GOOGLEUPDATE.EXE-149428D7.pf
GOOGLEUPDATE.EXE-160E1F62.pf
GOOGLEUPDATESETUP.EXE-3B362807.pf
GRFBUILDER.EXE-21C6BE17.pf
HELPSVC.EXE-1C192440.pf
IEXPLORE.EXE-2D97EBE6.pf
IMAPI.EXE-201490BB.pf
INK-RO.EXE-062591ED.pf
IPODSERVICE.EXE-37043579.pf
JAVA.EXE-32FD225F.pf
JAVAW.EXE-392A4E93.pf
JAVAWS.EXE-078C20EA.pf
JQSNOTIFY.EXE-359F83C5.pf
JRE-6U15-WINDOWS-I586-IFTW.EX-2C11F34B.pf
JUCHECK.EXE-1E35CB2F.pf
LANCEUR.EXE-202D6B66.pf
Layout.ini
LIST_KILLEM.EXE-2C801A1F.pf
LOGONUI.EXE-312BE1BF.pf
MODE.COM-318FFE37.pf
MSIEXEC.EXE-330626DC.pf
MSIMN.EXE-183B59AF.pf
NOTEPAD.EXE-2F2D61E1.pf
NTOSBOOT-B00DFAAD.pf
NVSVC32.EXE-0756FC6B.pf
PHOTOSHOP.EXE-3B55E1FF.pf
PHOTOSHOPPORTABLE.EXE-059FFDA1.pf
PUTTY.EXE-31226C22.pf
QTTASK.EXE-1876A1A1.pf
REG.EXE-07FA5B3F.pf
REGEDIT.EXE-2AE3423E.pf
RUNDLL32.EXE-3CDF6447.pf
RUNDLL32.EXE-41C4C933.pf
RUNDLL32.EXE-41FB74E5.pf
RUNDLL32.EXE-49FD1EB1.pf
RUNDLL32.EXE-4BBC42F5.pf
RUNDLL32.EXE-5482870C.pf
RUNDLL32.EXE-5ACE91DC.pf
RUNDLL32.EXE-5F120771.pf
RUNDLL32.EXE-66451CF0.pf
RUNDLL32.EXE-6E8D4657.pf
SNDVOL32.EXE-0EC6FD20.pf
SOFFICE.BIN-091CC27D.pf
SOFFICE.EXE-012D2D56.pf
STARWINDSERVICEAE.EXE-00465506.pf
SVCHOST.EXE-2D5FBD18.pf
SWRITER.EXE-04499097.pf
TASKMGR.EXE-06144C13.pf
TEAMSPEAK 3.EXE-06519DE0.pf
TOOLBARBROKER.EXE-3ADB739B.pf
USNSVC.EXE-05B86444.pf
VERCLSID.EXE-28F52AD2.pf
WINRAR.EXE-0AA31BB9.pf
WINSCP.EXE-1371EACC.pf
WLLOGINPROXY.EXE-090074F0.pf
WMIADAP.EXE-32F99497.pf
WMIAPSRV.EXE-02740A4B.pf
WMIPRVSE.EXE-0D449B4F.pf
WORDPAD.EXE-32191081.pf
WSCNTFY.EXE-0B14C27D.pf
WUAUCLT.EXE-1360D60A.pf




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 4 / 25
Utilisateur anonyme
 
hello , y a du boulot :

REDEMARRE EN MODE SANS ECHEC , puis :

▶ Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),

mais cette fois-ci :

▶ choisis l'option 2 = Mode Destruction

laisse travailler l'outil

apres les verifications , un rapport va s'ouvrir.

▶ ferme-le.

un deuxieme rapport va s'ouvrir ,

▶ colle son contenu dans ta reponse apres avoir redemarré en mode normal

il se trouve ici :

C:\Kill'em.txt

ensuite :


▶ Télécharge Ad-remover ( de C_XX ) sur ton bureau :


▶ Déconnecte toi et ferme toutes applications en cours !

▶ Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

▶ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

▶ Au menu principal choisis l'option "L" et tape sur [entrée] .

▶ Laisse travailler l'outil et ne touche à rien ...

▶ Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

ensuite :

vire AD-Remover

ensuite :

▶ Télécharge et install UsbFix par Chiquitine29

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

▶ Double clic sur le raccourci UsbFix présent sur ton bureau .

▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

▶ Laisse travailler l'outil.

▶ Ensuite post le rapport UsbFix.txt qui apparaitra.

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 25
Sayon
 
Bonjour,

Voici les rapport demandé:

Kill'em.txt: 

Kill'em by g3n-h@ckm@n 1.0.4.8 
 
User : Compaq_Propriétaire () # KURO
Update on 29/10/2009 by g3n-h@ckm@n ::::: 18.30 
Start at: 00:40:24 | 06/11/2009
Contact : g3n-h@ckm@n sur CCM

AMD Athlon(tm) 64 Processor 3400+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AVG Anti-Virus Free 8.5 [ Enabled | Updated ]

C:\ -> Disque fixe local | 180,3 Go (3,51 Go free) [PRESARIO] | NTFS
E:\ -> Disque CD-ROM | 646,71 Mo (0 Mo free) [K2_UK_V_1_0_DSC_] | CDFS
F:\ -> Disque fixe local | 111,79 Go (25,48 Go free) | NTFS
G:\ -> Disque CD-ROM
L:\ -> Disque CD-ROM
M:\ -> Disque CD-ROM
O:\ -> Disque fixe local | 232,88 Go (110,6 Go free) [local] | NTFS
Z:\ -> Disque fixe local | 5,99 Go (2,34 Go free) [PRESARIO_RP] | FAT32
  
Fichiers analysés : 
================= 
 

¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents : 

C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache  
"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"  
"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"  
"C:\Program Files\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}"  
"C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com"  
"C:\Program Files\Mozilla Firefox\searchplugins\search.xml"  
"C:\Program Files\Search Settings"  
"C:\WINDOWS\aucfg.ini"  
"C:\WINDOWS\IFinst27.exe"  
"C:\WINDOWS\patch.exe"  
C:\WINDOWS\System32\_000111_.tmp.dll  
C:\WINDOWS\System32\SET103.tmp  
C:\WINDOWS\System32\SET104.tmp  
C:\WINDOWS\System32\SET106.tmp  
C:\WINDOWS\System32\SET107.tmp  
C:\WINDOWS\System32\SET108.tmp  
C:\WINDOWS\System32\SET10B.tmp  
C:\WINDOWS\System32\SET10C.tmp  
C:\WINDOWS\System32\SET10D.tmp  
C:\WINDOWS\System32\SET27D.tmp  
C:\WINDOWS\System32\SET27F.tmp  
C:\WINDOWS\System32\SET284.tmp  
C:\WINDOWS\System32\SET28B.tmp  
"C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Dealio"  
"C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Search Settings"  
C:\Documents and Settings\Compaq_Propri‚taire\LOCAL Settings\Temp\AutoRun.exe  
C:\Documents and Settings\Compaq_Propri‚taire\LOCAL Settings\Temp\DWPUpgradeInstaller.exe  
C:\Documents and Settings\Compaq_Propri‚taire\LOCAL Settings\Temp\First15.exe  
C:\Documents and Settings\Compaq_Propri‚taire\LOCAL Settings\Temp\hijackthis-2.0.2.exe  
C:\Documents and Settings\Compaq_Propri‚taire\LOCAL Settings\Temp\jre-6u15-windows-i586-iftw.exe  
C:\Documents and Settings\Compaq_Propri‚taire\LOCAL Settings\Temp\msxml6-KB927977-enu-x86.exe  
C:\Documents and Settings\Compaq_Propri‚taire\LOCAL Settings\Temp\sspatch.exe  
C:\Documents and Settings\Compaq_Propri‚taire\LOCAL Settings\Temp\sspatch2.exe  
C:\Documents and Settings\Compaq_Propri‚taire\LOCAL Settings\Temp\VP6Install.exe  
C:\Documents and Settings\Compaq_Propri‚taire\LOCAL Settings\Temp\wlsetup-cvr.exe  
C:\Documents and Settings\Compaq_Propri‚taire\LOCAL Settings\Temp\tmp112.tmp  
C:\Documents and Settings\Compaq_Propri‚taire\LOCAL Settings\Temp\TMP3D.tmp  
C:\Documents and Settings\Compaq_Propri‚taire\LOCAL Settings\Temp\TMP57.tmp  
C:\Documents and Settings\Compaq_Propri‚taire\LOCAL Settings\Temp\TMPE1.tmp  
 
 
¤¤¤¤¤¤¤¤¤¤ Action sur les fichiers : 
  
Quarantaine : 

aucfg.ini.Kill'em
AutoRun.exe.Kill'em
Dealio.Kill'em
DWPUpgradeInstaller.exe.Kill'em
First15.exe.Kill'em
hijackthis-2.0.2.exe.Kill'em
IFinst27.exe.Kill'em
jre-6u15-windows-i586-iftw.exe.Kill'em
msxml6-KB927977-enu-x86.exe.Kill'em
PATCH.EXE.Kill'em
qmgr0.dat.Kill'em
qmgr1.dat.Kill'em
QTSBandwidthCache.Kill'em
Search Settings.Kill'em
search.xml.Kill'em
search@searchsettings.com.Kill'em
SET103.tmp.Kill'em
SET104.tmp.Kill'em
SET106.tmp.Kill'em
SET107.tmp.Kill'em
SET108.tmp.Kill'em
SET10B.tmp.Kill'em
SET10C.tmp.Kill'em
SET10D.tmp.Kill'em
SET27D.tmp.Kill'em
SET27F.tmp.Kill'em
SET284.tmp.Kill'em
SET28B.tmp.Kill'em
sspatch.exe.Kill'em
sspatch2.exe.Kill'em
tmp112.tmp.Kill'em
TMP3D.tmp.Kill'em
TMP57.tmp.Kill'em
TMPE1.tmp.Kill'em
VP6Install.exe.Kill'em
wlsetup-cvr.exe.Kill'em
_000111_.tmp.dll.Kill'em
{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}.Kill'em

¤¤¤¤¤¤¤¤¤¤ Verification : 
 

===============
Path : C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\TortoiseSVN\bin 
===============
¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents : 

 
¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes : 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run "msconfig"  
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe  
HKCR\SearchSettings.BHO  
HKCR\SearchSettings.BHO.1  
HKLM\Software\Classes\SearchSettings.BHO  
HKLM\Software\Classes\SearchSettings.BHO.1  
HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}  
HKLM\Software\Dealio  
"HKLM\Software\Search Settings"  
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}  
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}  
 
¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch : 

2009-07-29ARAGEXERE X-RAY_PAT-0DF82948.pf
Layout.ini
NTOSBOOT-B00DFAAD.pf
 
 
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤


Ad report.log: 

.
======= RAPPORT D'AD-REMOVER 1.1.4.5_Z | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 17.10.2009 à 11:48
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à:  1:00:27, 06/11/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™  Service Pack 3 v5.1.2600
Nom du PC: KURO | Utilisateur actuel: Compaq_Propri‚taire
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.

HKCU\Software\Search Settings 
HKLM\Software\Classes\SearchSettings.BHO 
HKLM\Software\Classes\SearchSettings.BHO.1 
HKLM\Software\Dealio 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} 
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1} 
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{94C3BB3A-56A1-43DE-A242-8B41F46E97EF} 
HKLM\Software\Search Settings 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} 
HKLM\Software\Classes\TypeLib\{1FFEEBC8-D7CA-A5F1-1B02-8E46330FA5CA} 
HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC} 
.
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Dealio
C:\DOCUME~1\COMPAQ~1\APPLIC~1\DesktopIcon
C:\DOCUME~1\COMPAQ~1\APPLIC~1\Search Settings
C:\Program Files\Dealio Toolbar
C:\Program Files\Mozilla FireFox\regxpcom.exe
C:\Windows\Installer\4404bf.msi  
C:\Windows\Installer\4404c8.msi  
C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Microsoft\Internet Explorer\Quick Launch\Ebay.lnk  
C:\DOCUME~1\COMPAQ~1\MENUDM~1\Ebay.lnk  
C:\DOCUME~1\COMPAQ~1\Cookies\compaq_propri‚taire@partypoker[2].txt
C:\DOCUME~1\COMPAQ~1\Cookies\compaq_propri‚taire@rotator.adjuggler[1].txt
 
(!) -- Fichiers temporaires supprimés. 
 
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 2.0.0.20 [fr] *
.
 Nom du profil: gwlgfg7a.default (Compaq_Propri‚taire)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Yahoo! Search"); 
(Prefs.js) user_pref("browser.search.selectedEngine", "Yahoo! Search"); 
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="); 
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.8.1.20"); 
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials ... ) ==============
.
C:\Documents and Settings\Compaq_Propri‚taire\Application Data\Azureus\torrents\Heroes[1].of.Might.and.Magic 5_PC.DVD_[.FR.ENG.ESP.IT.GER].+.CRACK.NoDVD.rar [mininova].torrent
C:\Documents and Settings\Compaq_Propri‚taire\Bureau\Google earth\Crack.exe
C:\Documents and Settings\Compaq_Propri‚taire\Bureau\win98\popsiclesthingys\win 98  y2k patches\y2k.exe
C:\Documents and Settings\Compaq_Propri‚taire\Bureau\win98\popsiclesthingys\win 98  y2k patches\y2kw98_2.exe
.
===================================
.
4010 Octet(s) - C:\Ad-Report-CLEAN[1].log 
.
1302 Fichier(s) - C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp 
17 Fichier(s) - C:\WINDOWS\Temp 
.
19 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
35 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE 
.
Fin à:  1:24:39 | 06/11/2009 - CLEAN[1]
.
============== E.O.F ==============
.



Et enfin le usbfix: 

############################## | UsbFix V6.048 |

User : Compaq_Propriétaire (Administrateurs) # KURO
Update on 04/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 01:28:56 | 06/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Athlon(tm) 64 Processor 3400+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : AVG Anti-Virus Free 8.5 [ Enabled | Updated ]

C:\ -> Disque fixe local # 180,3 Go (6,27 Go free) [PRESARIO] # NTFS
E:\ -> Disque CD-ROM # 646,71 Mo (0 Mo free) [K2_UK_V_1_0_DSC_] # CDFS
F:\ -> Disque fixe local # 111,79 Go (25,48 Go free) # NTFS
G:\ -> Disque CD-ROM
L:\ -> Disque CD-ROM
M:\ -> Disque CD-ROM
O:\ -> Disque fixe local # 232,88 Go (110,75 Go free) [local] # NTFS
Z:\ -> Disque fixe local # 5,99 Go (2,34 Go free) [PRESARIO_RP] # FAT32

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 756
C:\WINDOWS\system32\csrss.exe 832
C:\WINDOWS\system32\winlogon.exe 856
C:\WINDOWS\system32\services.exe 900
C:\WINDOWS\system32\lsass.exe 912
C:\WINDOWS\system32\svchost.exe 1080
C:\WINDOWS\system32\svchost.exe 1148
C:\WINDOWS\System32\svchost.exe 1396
C:\WINDOWS\system32\svchost.exe 1460
C:\WINDOWS\system32\svchost.exe 1712
C:\WINDOWS\system32\spoolsv.exe 144
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe 332
C:\WINDOWS\system32\svchost.exe 652
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 684
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe 696
C:\Program Files\Bonjour\mDNSResponder.exe 716
C:\Program Files\Java\jre6\bin\jqs.exe 1108
C:\WINDOWS\system32\libusbd-nt.exe 1224
C:\windows\system\hpsysdrv.exe 1528
C:\WINDOWS\ALCXMNTR.EXE 1608
C:\HP\KBD\KBD.EXE 1616
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe 1748
C:\PROGRA~1\AVG\AVG8\avgtray.exe 1840
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe 1864
C:\WINDOWS\system32\nvsvc32.exe 1948
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe 308
C:\Program Files\Unlocker\UnlockerAssistant.exe 340
C:\WINDOWS\system32\svchost.exe 576
C:\PROGRA~1\AVG\AVG8\avgrsx.exe 628
C:\Program Files\iTunes\iTunesHelper.exe 1336
C:\PROGRA~1\AVG\AVG8\avgemc.exe 288
C:\Program Files\Java\jre6\bin\jusched.exe 1476
C:\PROGRA~1\AVG\AVG8\avgnsx.exe 356
C:\WINDOWS\system32\ctfmon.exe 2884
C:\Program Files\Free Download Manager\fdm.exe 2972
C:\Program Files\MagicDisc\MagicDisc.exe 3072
C:\Program Files\AVG\AVG8\avgcsrvx.exe 3824
C:\Program Files\iPod\bin\iPodService.exe 3516
C:\WINDOWS\System32\alg.exe 3804
C:\WINDOWS\system32\wbem\wmiapsrv.exe 248
C:\WINDOWS\system32\wscntfy.exe 3320
C:\WINDOWS\explorer.exe 1276
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE 2840
C:\WINDOWS\system32\wbem\wmiprvse.exe 1376

################## | Fichiers # Dossiers infectieux |

E:\autorun.inf  
Z:\autorun.inf  

################## | Registre # Clés Run infectieuses |


################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\E
Shell\AutoRun\command =E:\autorun.exe 

HKCU\..\..\Explorer\MountPoints2\Z
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

HKCU\..\..\Explorer\MountPoints2\{2a9a0008-b705-11dd-b6af-0013d3fbeb9f}
shell\explore\command =explorer.exe 
shell\open\Command =explorer.exe 

HKCU\..\..\Explorer\MountPoints2\{98a56187-80fd-11de-bdda-0013d3fbeb9f}
Shell\AutoRun\command =H:\RavMon.exe 
Shell\explore\Command =H:\RavMon.exe -e
Shell\open\Command =H:\RavMon.exe 

################## | Suspect | https://www.virustotal.com/gui/ |


################## | Cracks / Keygens / Serials |

"C:\Documents and Settings\Compaq_Propri‚taire\Bureau\Google earth\Crack.exe"  
02/09/2007 12:03 |Size 1516356 |Crc32 f4b6da64 |Md5 2302eace8e12fa460b14c2e6764ac952  
 
"C:\Program Files\Java\jdk1.5.0_04\bin\serialver.exe"  
03/06/2005 02:29 |Size 49277 |Crc32 2154eef5 |Md5 96ef5b153cebc9512bf6bfad78215df7  
 
"C:\Program Files\Java\jdk1.5.0_06\bin\serialver.exe"  
10/11/2005 11:37 |Size 49277 |Crc32 98b90c7a |Md5 bc9d147ee008f28a05088dff936eaa98  
 
"E:\Crack\Cracktro.exe"  
15/05/2006 17:30 |Size 109056 |Crc32 DENIED |Md5 DENIED  
 
"E:\Crack\swkotor2.exe"  
15/05/2006 18:10 |Size 4578816 |Crc32 a03e210a |Md5 4a318b515e0e35ba7f289b7764ac1aad  
 
"F:\Adobe Dreamweaver CS3\Crack\Dreamweaver2.exe"  
20/06/2008 16:02 |Size 16083128 |Crc32 90cdca4e |Md5 21a554b844d714644c05d6773c2fb598  
 
"F:\Adobe Flash Pro CS3 2007\Adobe.Flash.CS3.Keymaker.Only-ZWT\Keygen.exe"  
21/04/2007 03:51 |Size 53760 |Crc32 c684a5eb |Md5 e3c7d489013b51c671aa79c9068a2a00  
 
"F:\Adobe Premiere Pro CS3 + Keygen Activator And New Keygen\ADBEPPROCS3_ALP.exe"  
24/06/2008 18:17 |Size 37121024 |Crc32 48521d3e |Md5 f94256ce28c5d02dd67dc5c3a36a41cf  
 
"F:\Adobe Premiere Pro CS3 + New Keygen - Limited Keys (Grab Now)\ADBEPPROCS3_ALP.exe"  
24/06/2008 16:55 |Size 37169152 |Crc32 be6a3d54 |Md5 b5bbeaf5ce81becb026bd7ca9c51046e  
 
"F:\Adobe.After.Effects.CS3[ENG][Crack]\Xp Gold\xp.gold.edition.by.slisher\msconfig-cleanup-setup.exe"  
30/07/2005 13:09 |Size 709421 |Crc32 7365e0a0 |Md5 072491dc2caaa5570a41d0642646654c  
 
"F:\Adobe.After.Effects.CS3[ENG][Crack]\Xp Gold\xp.gold.edition.by.slisher\SETUP.EXE"  
01/09/2004 07:00 |Size 1314816 |Crc32 1ab7c8fe |Md5 fc65835d2a9cd4e527f2b2674f9b9778  
 
"F:\Adobe.After.Effects.CS3[ENG][Crack]\Xp Gold\xp.gold.edition.by.slisher\I386\spnpinst.exe"  
01/09/2004 07:00 |Size 11776 |Crc32 06fd3df6 |Md5 70e9c484ebad7c9a91cb3d393dc19615  
 
"F:\After Effects Final with Keygen\ADBEAFETCS3_ALP.exe"  
26/01/2008 03:19 |Size 877719320 |Crc32 8b0bea73 |Md5 1eccb29c06ef760493c751230069df63  
 
"F:\Macromedia DreamWeaver CS3 + Plugins and Crack\Crack\Dreamweaver.exe"  
19/04/2007 10:54 |Size 16083128 |Crc32 90cdca4e |Md5 21a554b844d714644c05d6773c2fb598  
 
"F:\Reason 4 + Keygen + Patch RPS\KEYGEN.EXE"  
31/08/2007 15:33 |Size 164352 |Crc32 dae7a014 |Md5 ac271f7c2907076984144dda7db30c4a  
 
"O:\AVS Video Converter v4.3.1.371[++Final++CrAcK]\AVSVideoConverter4.exe"  
05/01/2006 23:32 |Size 26708114 |Crc32 3486a9fe |Md5 dc08d793309996e8bc05ca015d9051bf  
 
"O:\AVS Video Converter v4.3.1.371[++Final++CrAcK]\Crack\AVSVideoConverter4.exe"  
04/01/2006 23:21 |Size 7067136 |Crc32 5e09df9a |Md5 cee2260e4ed854224c5bacca4927f4d3  
 

################## | ! Fin du rapport # UsbFix V6.048 ! |



Merci pour le coup de main ^^
0
Réponse 6 / 25
Utilisateur anonyme
 
salut supprime tous ces cracks et keygens source d infection , puis :

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

▶ Double clic (clic droit "en tant qu'administrateur" pour Vista)sur le raccourci UsbFix présent sur ton bureau

▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

▶ Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]

▶ Ton bureau disparaitra et le pc redémarrera .

▶ Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
0
Réponse 7 / 25
Sayon
 
Bonjour,
Voici le rapport USBfix:


############################## | UsbFix V6.048 |

User : Compaq_Propriétaire (Administrateurs) # KURO
Update on 04/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 12:00:14 | 06/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Athlon(tm) 64 Processor 3400+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : AVG Anti-Virus Free 8.5 [ Enabled | Updated ]

C:\ -> Disque fixe local # 180,3 Go (6,19 Go free) [PRESARIO] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local # 111,79 Go (30,7 Go free) # NTFS
G:\ -> Disque CD-ROM
L:\ -> Disque CD-ROM
M:\ -> Disque CD-ROM
O:\ -> Disque fixe local # 232,88 Go (110,78 Go free) [local] # NTFS
Z:\ -> Disque fixe local # 5,99 Go (2,34 Go free) [PRESARIO_RP] # FAT32

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 760
C:\WINDOWS\system32\csrss.exe 840
C:\WINDOWS\system32\winlogon.exe 864
C:\WINDOWS\system32\services.exe 908
C:\WINDOWS\system32\lsass.exe 920
C:\WINDOWS\system32\svchost.exe 1096
C:\WINDOWS\system32\svchost.exe 1164
C:\WINDOWS\System32\svchost.exe 1620
C:\WINDOWS\system32\svchost.exe 1672
C:\WINDOWS\system32\svchost.exe 1760
C:\WINDOWS\Explorer.EXE 464
C:\WINDOWS\system32\spoolsv.exe 540
C:\Program Files\Google\Update\GoogleUpdate.exe 1116
C:\WINDOWS\system32\svchost.exe 1780
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1868
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe 1892
C:\Program Files\Bonjour\mDNSResponder.exe 1916
C:\Program Files\Google\Update\GoogleUpdate.exe 1956
C:\Program Files\Java\jre6\bin\jqs.exe 1992
C:\WINDOWS\system32\libusbd-nt.exe 248
C:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe 348
C:\Program Files\Google\Update\GoogleUpdate.exe 320
C:\WINDOWS\system32\nvsvc32.exe 1664
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe 1652
C:\WINDOWS\system32\svchost.exe 1908
C:\PROGRA~1\AVG\AVG8\avgrsx.exe 720
C:\PROGRA~1\AVG\AVG8\avgemc.exe 816
C:\PROGRA~1\AVG\AVG8\avgnsx.exe 1272
C:\WINDOWS\system32\wuauclt.exe 1232
C:\Program Files\AVG\AVG8\avgcsrvx.exe 1472
C:\WINDOWS\system32\wbem\wmiprvse.exe 2464
C:\WINDOWS\System32\alg.exe 2696

################## | Fichiers # Dossiers infectieux |

Supprimé ! Z:\autorun.inf

################## | Registre # Clés Run infectieuses |


################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\E\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\Z\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{2a9a0008-b705-11dd-b6af-0013d3fbeb9f}\Shell\explore\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{98a56187-80fd-11de-bdda-0013d3fbeb9f}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[06/11/2009 01:25|--a------|4345] C:\Ad-Report-CLEAN[1].log
[31/10/2009 19:47|--a------|2176495] C:\Archive.zip
[23/11/2004 22:21|--a------|0] C:\AUTOEXEC.BAT
[06/11/2009 00:50|-rahs----|296] C:\boot.ini
[05/08/2004 13:00|-rahs----|4952] C:\Bootfont.bin
[05/08/2004 13:00|-r-hs----|263488] C:\cmldr
[23/11/2004 22:21|--a------|0] C:\CONFIG.SYS
[?|?|?] C:\hiberfil.sys
[17/10/2009 04:40|--a------|6466] C:\index.html
[23/11/2004 22:21|-rahs----|0] C:\IO.SYS
[06/11/2009 00:50|--a------|5340] C:\Kill'em.txt
[23/11/2004 22:21|-rahs----|0] C:\MSDOS.SYS
[05/08/2004 13:00|-rahs----|47564] C:\NTDETECT.COM
[21/10/2009 04:39|-rahs----|252240] C:\ntldr
[?|?|?] C:\pagefile.sys
[05/10/2006 17:30|--a------|1333] C:\README.txt
[19/05/2008 17:10|--ah-----|268] C:\sqmdata00.sqm
[17/06/2008 14:52|--ah-----|232] C:\sqmdata01.sqm
[17/06/2008 14:59|--ah-----|232] C:\sqmdata02.sqm
[17/06/2008 15:24|--ah-----|232] C:\sqmdata03.sqm
[23/10/2008 21:58|--ah-----|268] C:\sqmdata04.sqm
[12/01/2009 06:00|--ah-----|268] C:\sqmdata05.sqm
[28/01/2009 22:07|--ah-----|232] C:\sqmdata06.sqm
[27/07/2009 19:52|--ah-----|268] C:\sqmdata07.sqm
[13/09/2009 13:11|--ah-----|232] C:\sqmdata08.sqm
[13/09/2009 20:27|--ah-----|232] C:\sqmdata09.sqm
[28/09/2009 02:42|--ah-----|232] C:\sqmdata10.sqm
[19/05/2008 17:10|--ah-----|244] C:\sqmnoopt00.sqm
[17/06/2008 14:52|--ah-----|244] C:\sqmnoopt01.sqm
[17/06/2008 14:59|--ah-----|244] C:\sqmnoopt02.sqm
[17/06/2008 15:24|--ah-----|244] C:\sqmnoopt03.sqm
[23/10/2008 21:58|--ah-----|244] C:\sqmnoopt04.sqm
[12/01/2009 06:00|--ah-----|244] C:\sqmnoopt05.sqm
[28/01/2009 22:07|--ah-----|244] C:\sqmnoopt06.sqm
[27/07/2009 19:52|--ah-----|244] C:\sqmnoopt07.sqm
[13/09/2009 13:11|--ah-----|244] C:\sqmnoopt08.sqm
[13/09/2009 20:27|--ah-----|244] C:\sqmnoopt09.sqm
[28/09/2009 02:42|--ah-----|244] C:\sqmnoopt10.sqm
[06/11/2009 11:57|--a------|1356] C:\trace.txt
[06/11/2009 12:15|--a------|4902] C:\UsbFix.txt
[11/07/2009 13:26|--a------|1010584] C:\Version08STABLE.zip
[08/10/2007 10:15|--a------|2618857] F:\01 - Kawai Kenji - Yuunagi.mp3
[08/10/2007 10:15|--a------|3699302] F:\02 - Kawai Kenji - Warabeshiku Narite (Type B).mp3
[08/10/2007 10:15|--a------|6391992] F:\03 - Kawai Kenji - Shigure no Koro.mp3
[08/10/2007 10:15|--a------|5312608] F:\04 - Kawai Kenji - Jashi Arite.mp3
[08/10/2007 10:15|--a------|5645938] F:\05 - Kawai Kenji - Hitori Iku Kimi yo.mp3
[08/10/2007 10:15|--a------|5431730] F:\06 - Kawai Kenji - Mamono no Kehai.mp3
[08/10/2007 10:15|--a------|6018952] F:\07 - Kawai Kenji - Oihi.mp3
[08/10/2007 10:15|--a------|9805663] F:\08 - Kawai Kenji - Yuugu.mp3
[08/10/2007 10:15|--a------|4831959] F:\09 - Kawai Kenji - Inishie no Mura.mp3
[08/10/2007 10:15|--a------|5072286] F:\10 - Kawai Kenji - Kihan wo Ikite.mp3
[08/10/2007 10:15|--a------|5005410] F:\11 - Kawai Kenji - Tama Shizume.mp3
[08/10/2007 10:15|--a------|6365866] F:\12 - Kawai Kenji - Youfu no Se.mp3
[08/10/2007 10:15|--a------|4405633] F:\13 - Kawai Kenji - Keijou.mp3
[08/10/2007 10:15|--a------|5085870] F:\14 - Kawai Kenji - Ousen no Gotoku.mp3
[08/10/2007 10:15|--a------|4965707] F:\15 - Kawai Kenji - Teidou no Balsa.mp3
[08/10/2007 10:15|--a------|7405543] F:\16 - Kawai Kenji - Souten no Taka.mp3
[08/10/2007 10:15|--a------|4085894] F:\17 - Kawai Kenji - Utsuro.mp3
[08/10/2007 10:15|--a------|3991853] F:\18 - Kawai Kenji - Suuhai.mp3
[08/10/2007 10:15|--a------|4765099] F:\19 - Kawai Kenji - Warabeshiku Narite (Type A).mp3
[08/10/2007 10:15|--a------|6005378] F:\20 - Kawai Kenji - Unmei no Toki.mp3
[08/10/2007 10:15|--a------|6632317] F:\21 - Kawai Kenji - Omoki I Maite.mp3
[08/10/2007 10:15|--a------|5338736] F:\22 - Kawai Kenji - Tsume no Mamono.mp3
[08/10/2007 10:15|--a------|7498532] F:\23 - Kawai Kenji - Soukoku.mp3
[08/10/2007 10:15|--a------|7271801] F:\24 - Kawai Kenji - Gonjou no Monotachi.mp3
[08/10/2007 10:15|--a------|6045086] F:\25 - Kawai Kenji - Shikou no Yari.mp3
[08/10/2007 10:15|--a------|7379418] F:\26 - Kawai Kenji - Seichou Nari.mp3
[08/10/2007 10:15|--a------|2045227] F:\27 - Kawai Kenji - Nahji no Uta (Short Ver.).mp3
[08/10/2007 10:15|--a------|8046062] F:\28 - Kawai Kenji - Iza, Saraba.mp3
[08/10/2007 10:15|--a------|3845588] F:\29 - Tainaka Sachi - Itoshii Hito he (TV Size).mp3
[01/10/2002 22:11|--a------|358963] F:\binkw32.dll
[23/05/2008 10:30|--a------|733593600] F:\Blow-Up (Michelangelo Antonioni, 1966).avi
[18/06/2008 00:04|--a------|8098304] F:\Blueboy6d7 Adobe Photoshop Cs3 Auto Cracker Setup.exe
[27/08/2007 12:11|--a------|47113] F:\Blueboy6d7 Adobe Photoshop Cs3 Auto Cracker.jpg
[08/10/2007 14:30|--a------|818522] F:\Booklet-Back.jpg
[08/10/2007 14:30|--a------|700157] F:\Booklet-Front.jpg
[08/10/2007 14:30|--a------|1610214] F:\Booklet-Page01-02.jpg
[08/10/2007 14:30|--a------|900683] F:\Booklet-Page03-04.jpg
[08/10/2007 14:30|--a------|1119532] F:\Booklet-Page05-06.jpg
[08/10/2007 14:30|--a------|970403] F:\Booklet-Page07-08.jpg
[08/10/2007 14:30|--a------|2003628] F:\Booklet-Page09-10.jpg
[02/03/2008 06:12|--a------|721172] F:\Config.tpc
[17/01/2008 17:04|--a------|2058] F:\config.xml
[25/04/2002 09:51|--a------|73728] F:\cps.dll
[20/03/2008 23:39|--a------|33] F:\Data.ini
[18/06/2002 12:11|--a------|163088] F:\dbghelp.dll
[08/10/2007 14:30|--a------|776771] F:\Disc.jpg
[15/01/2008 11:47|--a------|1552483] F:\dofus.dll
[15/01/2008 11:48|--a------|143360] F:\Dofus.exe
[14/12/2007 15:29|--a------|2684] F:\Dofus.html
[23/04/2003 13:37|--a------|267264] F:\FindHack.exe
[23/04/2003 13:37|--a------|898] F:\FORMAT.CFG
[20/06/2007 05:31|--a------|165569] F:\GameGuard.des
[01/10/2002 22:11|--a------|230455] F:\granny2.dll
[15/07/2003 15:33|--a------|71865] F:\GravityMain.jpg
[09/04/2006 14:00|--a------|102400] F:\GRF.dll
[17/11/2004 09:29|--a------|41844] F:\IFU7A.inf
[21/03/2001 08:35|--a------|372736] F:\ijl15.dll
[08/10/2007 14:30|--a------|533107] F:\Insert-Inside.jpg
[08/10/2007 14:30|--a------|1247943] F:\Insert-Outside.jpg
[03/02/2008 23:53|--a------|731889664] F:\Jurassic park 1 - divx fr.avi
[03/02/2008 22:17|--a------|725858304] F:\Jurassic Park 2 - Le Monde Perdu - Divx Fr.avi
[03/02/2008 23:15|--a------|729765888] F:\Jurassic park 3_DVDRip_fr_Ripped by Sel.2.mer.avi
[23/04/2003 13:37|--a------|837] F:\KOR_LANG.CFG
[07/11/2007 15:06|--a------|1921] F:\launch
[07/11/2007 15:06|--a------|1615] F:\launchMac
[07/11/2007 14:25|--a------|7510] F:\LICENSE-DE.txt
[17/09/2007 14:08|--a------|5944] F:\LICENSE-EN.txt
[17/09/2007 14:08|--a------|6623] F:\LICENSE-ES.txt
[17/09/2007 14:08|--a------|7069] F:\LICENSE-FR.txt
[17/01/2008 17:04|--a------|1157484] F:\loader.swf
[21/06/2005 08:58|--a------|188416] F:\lua.exe
[06/07/2002 11:16|--a------|125952] F:\Mp3dec.asi
[31/03/2001 10:41|--a------|346624] F:\Mss32.dll
[06/07/2002 11:16|--a------|62976] F:\Mssfast.m3d
[28/12/2004 12:35|--a------|401462] F:\msvcp60.dll
[08/10/2007 13:57|--a------|802] F:\Nipponsei - Seirei no Moribito Original Soundtrack 2.txt
[28/12/2004 08:18|--a------|7942] F:\notice_close.txt
[21/06/2002 23:39|--a------|61952] F:\NPCHK.DLL
[23/04/2003 13:37|--a------|55296] F:\NPCIPHER.DLL
[01/02/2005 14:55|--a------|233555] F:\npkcrypt.dll
[01/02/2005 14:55|--a------|21442] F:\npkcrypt.sys
[01/02/2005 14:55|--a------|18562] F:\npkcrypt.vxd
[01/02/2005 14:55|--a------|37009] F:\npkcusb.sys
[20/05/2003 16:04|--a------|81920] F:\npkeysdk.dll
[01/02/2005 14:55|--a------|53248] F:\npkpdb.dll
[21/06/2002 23:39|--a------|31744] F:\NPPSK.DLL
[15/11/2004 13:52|--a------|278619] F:\NPSCAN.DES
[15/04/2001 10:20|--a------|156672] F:\npupdate.dll
[23/04/2003 13:37|--a------|164864] F:\NPUPDATE0.DLL
[17/06/2003 13:33|--a------|126976] F:\NPX.DLL
[31/01/2008 17:06|--a------|4] F:\Patch.inf
[28/03/2005 17:24|--a------|51] F:\patch4.txt
[20/03/2008 23:19|--a------|146234874] F:\pfdata.grf
[21/06/2006 22:54|--a------|743936] F:\Phoenix-Feather Patch.exe
[15/03/2008 22:14|--a------|3174486] F:\phoenix-feather.exe
[13/03/2007 23:20|--a------|35979] F:\Photoshop CS3 Read Me.html
[30/04/2008 08:22|--a------|6140685] F:\Pizzicato_v3.2.2.zip
[21/06/2008 14:03|--a------|112675479] F:\Portable Adobe Flash CS3 - PReCracked by NeoXe.rar
[11/11/2008 05:02|--a------|280] F:\Raccourci vers local (E).lnk
[27/08/2007 12:22|--a------|263] F:\Read Me.txt
[12/12/2007 17:08|--a------|1124156128] F:\sdata.grf
[21/06/2002 23:09|--a------|192512] F:\Setup.exe
[26/05/2008 22:36|--a------|4388782236] F:\SoulCalibur3.nrg
[15/12/2008 22:22|--a------|373] F:\TriadPatcherLog.txt
[15/04/2008 13:53|--a------|155] F:\TriadPatchsList.ini
[23/04/2008 16:43|--a------|209976616] F:\[Ch-F]_Macross_Frontier_01_[51A45BC0].mkv
[06/04/2008 16:44|--a------|157117952] F:\[Nipponsei] Seirei no Moribito Original Soundtrack Vol.1.zip
[06/04/2008 18:23|--a------|171703097] F:\[Nipponsei] Seirei no Moribito Original Soundtrack Vol.2.zip
[28/10/2008 19:26|--a------|1028] O:\account.txt
[26/10/2009 14:34|--a------|1565686656] O:\AcroV0.1a-1.bin
[26/10/2009 14:49|--a------|869756245] O:\AcroV0.1a-2.bin
[26/10/2009 14:49|--a------|313050] O:\AcroV0.1a.exe
[05/09/2008 03:03|--a------|731512832] O:\Batman.The.Dark.Knight.TRUEFRENCH.DVDSCR.avi
[11/07/2009 19:10|--a------|1392005034] O:\Beherit-Online1.1.exe
[27/07/2009 18:22|--a------|4446] O:\beta.iss
[23/10/2009 03:57|--a------|167522870] O:\Chronicles.grf
[10/07/2009 18:40|--a------|2934360] O:\eathenasql-v1.0.0-rc5.rar
[03/10/2008 23:38|--a------|835942400] O:\Jackie Chan-Combats.de.Maitre 2 (Druken master 2).DVDRip.MZISYS.avi
[05/09/2008 02:40|--a------|209715304] O:\Le.Jour.D.Apres.FRENCH.720p.HD.DVD.up.fab6xL.avi.001.xtm
[29/10/2008 22:41|--a------|7991163] O:\Metin2-Multihack.rar
[29/10/2008 21:18|--a------|531171017] O:\Metin2_20080908.exe
[12/10/2008 03:19|--a------|734289920] O:\Postal T21 by thewarrior10.avi
[08/07/2009 17:09|--a------|129900] O:\Ragnarok_-_The_Animated_-_dvd_01_ao_06[trader.newdreamteam.org] [mininova]-1.torrent
[13/05/2008 01:09|--a------|591] O:\README.txt
[11/11/2008 04:58|--ahs----|10752] O:\Thumbs.db
[17/07/2009 18:18|--a------|1553703665] O:\Versus-Online2.0.exe
[17/07/2009 18:00|--a------|4249971] O:\Versus-Online2.0.exe.filepart
[27/07/2009 18:49|--a------|1427478524] O:\versus3.0.exe
[27/07/2009 16:45|--a------|1428094843] O:\Versus_online_setup.exe
[04/09/2008 12:53|--a------|3858106940] O:\vff.avi
[20/10/2008 17:42|--a------|1283912] O:\wowclient-downloader.exe
[23/07/2009 16:00|--a------|998719488] O:\[A-F]FFVII_-_Dirge_of_Cerberus_CG_Movie.avi
[02/11/2008 20:55|--a------|231203062] O:\[DB-FR]_Naruto_Shippuuden_080v2HD_subfrench_H264_LC_AAC_[7521D65.mp4
[02/11/2008 20:39|--a------|231090626] O:\[DB-FR]_Naruto_Shippuuden_081v2HD_subfrench_H264_LC_AAC_[68F859C6].mp4
[02/11/2008 19:02|--a------|134281776] O:\[DB]_Naruto_Shippuuden_082_Sub_French_[3870DFD8].avi
[09/10/2008 02:06|-rah-----|244236007] O:\[EROBEAT]_Shin_Bible_Black_-_06_[x264][85DE1ECE].mp4
[05/10/2008 18:13|--a------|806299316] O:\[RAW-TV] One Piece 373(1280x720) (Divx 5).avi
[28/09/2008 19:49|--a------|175706914] O:\[VS] One Piece 372 - Eng Sub (704x400).mp4
[28/07/2001 07:07|---hs----|0] Z:\AUTOEXEC.BAT
[23/11/2004 17:48|---hs----|6] Z:\BLOCK.RIN
[09/01/2002 20:52|---hs----|244] Z:\BOOT.INI
[17/08/2001 10:26|---hs----|237728] Z:\CMLDR
[28/07/2001 07:07|---hs----|0] Z:\CONFIG.SYS
[10/09/2002 00:14|---hs----|100] Z:\Desktop.ini
[10/09/2002 17:21|---hs----|7850] Z:\Folder.htt
[30/04/2001 21:16|---hs----|14] Z:\Graph
[25/01/2002 19:21|---hs----|0] Z:\GRAPH16
[30/11/2004 12:01|---hs----|73728] Z:\Info.exe
[28/07/2001 07:07|---hs----|0] Z:\IO.SYS
[01/01/2005 23:05|---hs----|942] Z:\MASTER.LOG
[28/07/2001 07:07|---hs----|0] Z:\MSDOS.SYS
[25/07/2001 23:00|---hs----|45124] Z:\NTDETECT.COM
[17/08/2001 16:32|---hs----|0] Z:\NTFS
[25/07/2001 23:00|---hs----|222880] Z:\NTLDR
[03/03/2003 13:46|---hs----|111377] Z:\protect.ed
[23/11/2004 17:39|---hs----|36] Z:\SaveFile.Dir
[30/04/2001 21:16|---hs----|14] Z:\SVGA
[01/01/2005 23:05|--ahs----|942] Z:\USER
[03/03/2003 13:41|---hs----|88038] Z:\Warning.bmp
[18/08/2001 16:00|---hs----|10] Z:\WIN51
[22/01/2001 16:00|---hs----|11] Z:\WIN51.B2
[25/07/2001 16:00|---hs----|11] Z:\WIN51.RC1
[25/07/2001 21:47|---hs----|11] Z:\WIN51.RC2
[18/08/2001 16:00|---hs----|10] Z:\WIN51IC
[20/03/2001 16:00|---hs----|11] Z:\WIN51IC.B2
[25/07/2001 16:00|---hs----|11] Z:\WIN51IC.RC1
[25/07/2001 16:00|---hs----|11] Z:\WIN51IC.RC2
[17/08/2001 16:00|---hs----|10] Z:\WIN51IP
[22/01/2001 16:00|---hs----|11] Z:\WIN51IP.B2
[25/07/2001 21:47|---hs----|11] Z:\WIN51IP.RC2
[17/08/2001 14:17|---hs----|184] Z:\WINBOM.INI
[24/02/2004 17:38|--a------|498] Z:\BATCH.OLD
[01/02/2006 13:39|--ahs----|1552] Z:\BATCH.LOG
[01/01/2005 23:41|---hs----|218] Z:\cPCinfo.log

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix.
# F:\autorun.inf -> Dossier créé par UsbFix.
# O:\autorun.inf -> Dossier créé par UsbFix.
# Z:\autorun.inf -> Dossier créé par UsbFix.

################## | Suspect | https://www.virustotal.com/gui/ |


################## | Cracks / Keygens / Serials |


################## | Upload |

Veuillez envoyer le fichier : C:\DOCUME~1\COMPAQ~1\Bureau\UsbFix_Upload_Me_KURO.zip : https://www.androidworld.fr/
Merci pour votre contribution .

################## | ! Fin du rapport # UsbFix V6.048 ! |

J'ai bien uploader sur le site internet comme le demande le logiciel.
0
Réponse 8 / 25
Utilisateur anonyme
 
tu peux refaire l'option 2 de usbfix stp ?
0
Réponse 9 / 25
Utilisateur anonyme
 
Télécharge OTL de OLDTimer

enregistre le sur ton Bureau.

▶ Double clic sur OTL.exe pour le lancer.

▶ Coche les 2 cases Lop et Purity

▶ Coche la case devant scan all users

▶ règle-le sur "60 Days"

▶ dans la colonne de gauche , mets tout sur all

▶Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

▶▶▶ NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : https://www.cjoint.com/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.

Tu feras la meme chose avec le "Extra.txt".
0
Réponse 10 / 25
Sayon
 
Aucun fichier dans ce répertoire...
Je l'ai pourtant fais deux fois. Il me fais une demande de reboot ce que je fais.
0
Réponse 11 / 25
Sayon
 
non désolé c'est moi je faisais clean up ^^: C'est en train de faire le scan
0
Réponse 12 / 25
Sayon
 
voici donc l'otl:

https://www.cjoint.com/?lgqXrLUj5G

et voici l'extras:

https://www.cjoint.com/?lgqX7QRpeM
0
Réponse 13 / 25
Utilisateur anonyme
 
▶ Double clic sur OTL.exe pour le lancer.


▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous Customs Scans/Fixes :

:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:OTL
SRV - [2009/07/22 00:49:00 | 03,240,876 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
IE - HKU\S-1-5-21-2840602851-3216232153-1001335511-1008\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2840602851-3216232153-1001335511-1008\..\URLSearchHook: *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKU\S-1-5-21-2840602851-3216232153-1001335511-1008..\Run: [PlayNC Launcher] File not found
O4 - HKLM..\RunOnce: [] File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4295826C
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E2028C8
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

:files
C:\Program Files\Mozilla Firefox\components\ThunderComponent.dll
C:\Program Files\Dealio Toolbar
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\currentversion\Run]
"AlcxMonitor"=-
"nwiz"=-
"QuickTime Task"=-
"TkBellExe"=-


:commands
[emptytemp]
[start explorer]
[reboot]


▶ Clique sur RunFix pour lancer la suppression.


▶ Poste le rapport.
0
Réponse 14 / 25
Sayon
 
Alors ca a bien reboot l'ordinateur.
J'ai deux question:

La première n'en étant pas vraiment une: il m'a au moment du démarage de windows qu'il ne trouvais plus OTL.exe est ce normal ?

La deuxième peut sembler idiote mais ou est ce que je trouve le rapport: si mon bureau il y a deux document OTL.txt et Extras.txt les deux datant de 16h40 a peut pres l'heure du premier run scan ^^


En tout cas merci beaucoup !
0
Réponse 15 / 25
Utilisateur anonyme
 
ou est ce que je trouve le rapport:

dans C:\ il me semble

démarage de windows qu'il ne trouvais plus OTL.exe est ce normal ?

non
0
Réponse 16 / 25
Sayon
 
J'ai trouvé cela dans un dossier C:\_OTL\MovedFiles\
Nom du fichier:11062009_184037.log

Contenue:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
Process iexplore.exe killed successfully!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
Service npggsvc stopped successfully!
Service npggsvc deleted successfully!
C:\WINDOWS\system32\GameMon.des moved successfully.
Registry value HKEY_USERS\S-1-5-21-2840602851-3216232153-1001335511-1008\Software\Microsoft\Internet Explorer\URLSearchHooks\\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
Registry value HKEY_USERS\S-1-5-21-2840602851-3216232153-1001335511-1008\Software\Microsoft\Internet Explorer\URLSearchHooks\\*{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-2840602851-3216232153-1001335511-1008\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4295826C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3E2028C8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== FILES ==========
C:\Program Files\Mozilla Firefox\components\ThunderComponent.dll moved successfully.
File\Folder C:\Program Files\Dealio Toolbar not found.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\currentversion\Run\\AlcxMonitor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\currentversion\Run\\nwiz deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\currentversion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\currentversion\Run\\TkBellExe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 480 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: All Users

User: Compaq_Pr

User: Compaq_PropriTtaire
->Temp folder emptied: 351 bytes

User: Compaq_Propriétaire

User: Compaq_Propriétaire
->Temp folder emptied: 115732564 bytes
->Temporary Internet Files folder emptied: 1942731770 bytes
->Java cache emptied: 26311581 bytes
->FireFox cache emptied: 6597963 bytes
->Google Chrome cache emptied: 6224039 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 115616 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 865947 bytes
Windows Temp folder emptied: 2903689 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2004,25 mb


OTL by OldTimer - Version 3.1.4.0 log created on 11062009_184037
0
Réponse 17 / 25
Utilisateur anonyme
 
c'est bon


Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.



▶ Télécharge :

Malwarebytes

ou :

Malwarebytes

▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

▶ Potasses le Tuto pour te familiariser avec le prg :


( cela dit, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

▶ Lance Malwarebyte's .

Fais un examen dit "Complet" .

▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

0
Réponse 18 / 25
Sayon
 
Bonjour voila le scan est fini ^^ !
Voici le rapport demandé 

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3113
Windows 5.1.2600 Service Pack 3

07/11/2009 14:42:41
mbam-log-2009-11-07 (14-42-41).txt

Type de recherche: Examen complet (C:\|E:\|F:\|G:\|L:\|M:\|O:\|Z:\|)
Eléments examinés: 815420
Temps écoulé: 2 hour(s), 16 minute(s), 48 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 22

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\MPK (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\MPK\1 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\MPK\2 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\MPK\Free KGB Keylogger (Refog.Keylogger) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Ad-Remover\QUARANTINE\DOCUME~1\COMPAQ~1\APPLIC~1\DESKTO~1\eBayShortcuts.exe.vir (Adware.ADON) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP336\A0117342.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\MPK\Free KGB Keylogger.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\MPK\M0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\MPK\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\MPK\1\D0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\MPK\1\I39515_7634092824 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\MPK\1\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\MPK\1\T39515_9389084144 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\MPK\1\T39515_9390053472 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\MPK\1\T39515_9458532176 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\MPK\1\T39515_9458779977 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\MPK\1\T39515_9527978472 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\MPK\2\D0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\MPK\2\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\MPK\Free KGB Keylogger\Free KGB Keylogger on the Web.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\MPK\Free KGB Keylogger\Free KGB Keylogger.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\MPK\Free KGB Keylogger\Get discount!.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\MPK\Free KGB Keylogger\Help topics.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\MPK\Free KGB Keylogger\Order now!.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\MPK\Free KGB Keylogger\Uninstall Free KGB Keylogger.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prnet.tmp-up.txt (Malware.Trace) -> Quarantined and deleted successfully.
0
Réponse 19 / 25
Utilisateur anonyme
 
j'avais bien un doute sur ce MPK mais....

▶ Télécharge Superantispyware (SAS)

▶ Choisis "enregistrer" et enregistre-le sur ton bureau.

▶ Double-clique sur l'icône d'installation qui vient de se créer et suis les instructions.

▶ Créé une icône sur le bureau.

▶ Double-clique sur l'icône de SAS (une tête dans un cercle rouge barré) pour le lancer.

▶- Si l'outil te demande de mettre à jour le programme ("update the program definitions", clique sur yes.
▶- Sous Configuration and Preferences, clique sur le bouton "Preferences"
▶- Clique sur l'onglet "Scanning Control "
▶- Dans "Scanner Options ", assure toi que la case devant lles lignes suivantes est cochée :

▶Close browsers before scanning
▶Scan for tracking cookies
▶Terminate memory threats before quarantining

▶ Laisse les autres lignes décochées.

▶ Clique sur le bouton "Close" pour quitter l'écran du centre de contrôle.

▶ Dans la fenêtre principale, clique, dans "Scan for Harmful Software", sur "Scan your computer".

▶ Dans la colonne de gauche, coche C:\Fixed Drive.

▶ Dans la colonne de droite, sous "Complete scan", clique sur "Perform Complete Scan"

▶ Clique sur "next" pour lancer le scan. Patiente pendant la durée du scan.

▶ A la fin du scan, une fenêtre de résultats s'ouvre . Clique sur OK.

▶ Assure toi que toutes les lignes de la fenêtre blanche sont cochées et clique sur "Next".

▶ Tout ce qui a été trouvé sera mis en quarantaine. S'il t'es demandé de redémarrer l'ordi ("reboot"), clique sur Yes.

Pour recopier les informations sur le forum, fais ceci :

▶ - après le redémarrage de l'ordi, double-clique sur l'icône pour lancer SAS.
▶ - Clique sur "Preferences" puis sur l'onglet "Statistics/Logs ".
▶- Dans "scanners logs", double-clique sur SUPERAntiSpyware Scan Log.

▶ - Le rapport va s'ouvrir dans ton éditeur de texte par défaut.

▶ - Copie son contenu dans ta réponse.


Regarde bien le tuto SUPERAntiSpyware il est très bien expliqué.
0
Réponse 20 / 25
Utilisateur anonyme
 
ok encore quels soucis .?

(nb à la moderation : le rapport est recu en MP car trop long = 355 coockies ^^)
0