Sujet Précédent Sujet Suivant

Virus I liebe you

Résolu/Fermé
dougrdah - 2 nov. 2009 à 22:31
 alioran - 20 févr. 2012 à 09:54
Bonjour,

Mon pc est infecté par le virus I Liebe you. J'ai essayé un certain nombre d'antivirus mais rien n'y fait : USBFIX, Bitdefender, Avira et Norton.

Avec Hjackthis ça donne le rapport suivant :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:59:37, on 02/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\documents and settings\user\local settings\application data\diocc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ww12.cherche.us\
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ww12.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ww12.cherche.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ww12.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ww12.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = // ;) anna I Liebe YOU ==> MILK@3|_!!!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll (file missing)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [kubernscan] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\kubernscan.vbe
O4 - HKLM\..\Run: [kubernesis.dll] C:\WINDOWS\kubernesis.dll.vbe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [E09FXLRD_415031] "C:\Program Files\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\DOCUME~1\User\LOCALS~1\Temp\E_S27.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [diocc] "c:\documents and settings\user\local settings\application data\diocc.exe" diocc
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; FunWebProducts; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://fr.midas.games.yahoo.net/single_play.jsp?game=links&altVer=false&gameMode=2"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: kubernscan.vbe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm451YYDZ
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - https://benchmarks.ul.com?redirected=true
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F141915-CC39-40D8-A9BF-793EA4BFD039}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O20 - Winlogon Notify: opnmklk - opnmklk.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Service Google Update (gupdate1c9bf591942390) (gupdate1c9bf591942390) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
A voir également:

37 réponses

  • 1
  • 2
Réponse 1 / 37
Nemesis31 Messages postés 436 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 3 avril 2014 78
2 nov. 2009 à 22:42
Salut !

Petite précision: USBFix n'est pas un antivirus :)


Tu es infecté par MyWebSearch et AskBar ==> barre d'outils infectieuses.
Il faut que tu fasses attention à ce que tu installes, beaucoup de logiciels installent des toolbars (pas toutes infectieuses, certes, mais la plupart tout à fait inutile)


* Rends-toi à cette adresse afin de télécharger AD-Remover : https://www.androidworld.fr/

* Clique sur TÉLÉCHARGER et enregistre-le sur ton bureau.

* Double clique sur le fichier d'installation de AD-Remover, le programme s'installera automatiquement.

* Au menu principal choisi l'option "L" et tape sur [entrée] .

* Laisse travailler l'outil et ne touche à rien ...

* Poste le rapport qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.



Ensuite, fais ceci:

* Télécharge Random's system information tool (RSIT) et enregistre le sur ton Bureau.
* Double clique sur RSIT.exe pour lancer l'outil.
* Clique sur 'continue ' à l'écran Disclaimer.
* Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, [b]RSIT/b le téléchargera et tu devras accepter la licence.
* Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports./list

( C:\RSIT\log.txt & C:\RSIT\info.txt )

Tutoriel de RSIT

Comment héberger les rapports trop longs de RSIT

++
1
Réponse 2 / 37
raoufrafik Messages postés 26 Date d'inscription lundi 2 novembre 2009 Statut Membre Dernière intervention 28 janvier 2013 1
2 nov. 2009 à 23:30
Merci pour ton aide Nemesis31.

Voici le rapport de AD REMOVER :
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_A | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 18.10.2009 à 19:05
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 22:52:29, 02/11/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
Nom du PC: HOME | Utilisateur actuel: User
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.

HKCU\Software\Fun Web Products
HKCU\Software\FunWebProducts
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
HKCU\Software\MyWebSearch
HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
HKLM\Software\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKLM\Software\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}
HKLM\Software\Classes\CLSID\{25560540-9571-4D7B-9389-0F166788785A}
HKLM\Software\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
HKLM\Software\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB53906}
HKLM\Software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5}
HKLM\Software\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKLM\Software\Classes\CLSID\{7473D292-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\CLSID\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\CLSID\{7473D296-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983}
HKLM\Software\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
HKLM\Software\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
HKLM\Software\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
HKLM\Software\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
HKLM\Software\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
HKLM\Software\Classes\CLSID\{A9571378-68A1-443D-B082-284F960C6D17}
HKLM\Software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
HKLM\Software\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
HKLM\Software\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
HKLM\Software\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
HKLM\Software\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805}
HKLM\Software\Classes\CLSID\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
HKLM\Software\Classes\FunWebProducts.DataControl
HKLM\Software\Classes\FunWebProducts.DataControl.1
HKLM\Software\Classes\FunWebProducts.HistoryKillerScheduler
HKLM\Software\Classes\FunWebProducts.HistoryKillerScheduler.1
HKLM\Software\Classes\FunWebProducts.HistorySwatterControlBar
HKLM\Software\Classes\FunWebProducts.HistorySwatterControlBar.1
HKLM\Software\Classes\FunWebProducts.HTMLMenu
HKLM\Software\Classes\FunWebProducts.HTMLMenu.1
HKLM\Software\Classes\FunWebProducts.HTMLMenu.2
HKLM\Software\Classes\FunWebProducts.IECookiesManager
HKLM\Software\Classes\FunWebProducts.IECookiesManager.1
HKLM\Software\Classes\FunWebProducts.KillerObjManager
HKLM\Software\Classes\FunWebProducts.KillerObjManager.1
HKLM\Software\Classes\FunWebProducts.PopSwatterBarButton
HKLM\Software\Classes\FunWebProducts.PopSwatterBarButton.1
HKLM\Software\Classes\FunWebProducts.PopSwatterSettingsControl
HKLM\Software\Classes\FunWebProducts.PopSwatterSettingsControl.1
HKLM\Software\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
HKLM\Software\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
HKLM\Software\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
HKLM\Software\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
HKLM\Software\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
HKLM\Software\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKLM\Software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKLM\Software\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
HKLM\Software\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
HKLM\Software\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
HKLM\Software\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
HKLM\Software\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
HKLM\Software\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
HKLM\Software\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
HKLM\Software\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
HKLM\Software\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKLM\Software\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
HKLM\Software\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
HKLM\Software\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
HKLM\Software\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
HKLM\Software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
HKLM\Software\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
HKLM\Software\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
HKLM\Software\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
HKLM\Software\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
HKLM\Software\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
HKLM\Software\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
HKLM\Software\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
HKLM\Software\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
HKLM\Software\Classes\MyWebSearch.ChatSessionPlugin
HKLM\Software\Classes\MyWebSearch.ChatSessionPlugin.1
HKLM\Software\Classes\MyWebSearch.HTMLPanel
HKLM\Software\Classes\MyWebSearch.HTMLPanel.1
HKLM\Software\Classes\MyWebSearch.OutlookAddin
HKLM\Software\Classes\MyWebSearch.OutlookAddin.1
HKLM\Software\Classes\MyWebSearch.PseudoTransparentPlugin
HKLM\Software\Classes\MyWebSearch.PseudoTransparentPlugin.1
HKLM\Software\Classes\MyWebSearchToolBar.SettingsPlugin
HKLM\Software\Classes\MyWebSearchToolBar.SettingsPlugin.1
HKLM\Software\Classes\MyWebSearchToolBar.ToolbarPlugin
HKLM\Software\Classes\MyWebSearchToolBar.ToolbarPlugin.1
HKLM\Software\Classes\screensavercontrol.screensaverinstaller
HKLM\Software\Classes\screensavercontrol.screensaverinstaller.1
HKLM\Software\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A}
HKLM\Software\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
HKLM\Software\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906}
HKLM\Software\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
HKLM\Software\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
HKLM\Software\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
HKLM\Software\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144}
HKLM\Software\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
HKLM\Software\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
HKLM\Software\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612}
HKLM\Software\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
HKLM\Software\FocusInteractive
HKLM\Software\Fun Web Products
HKLM\Software\FunWebProducts
HKLM\Software\GamesBarSetup
HKLM\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}
HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
HKLM\Software\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
HKLM\Software\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWebSearch bar Uninstall
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AskSBar Uninstall
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall
HKLM\Software\MyWebSearch
HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_MYWEBSEARCHSERVICE ... [b]ERREUR SUPPRESSION !!/b
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSERVICE ... [b]ERREUR SUPPRESSION !!/b
HKU\S-1-5-21-117609710-492894223-725345543-1003\Software\Microsoft\Internet Explorer\Searchscopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform\\FunWebProducts
HKLM\Software\Microsoft\Windows Media\Wmsdk\Sources\\F3PopularScreenSavers
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Plugin
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0579B4B6-0293-4D73-B02D-5EBB0BA0F0A2}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Classes\CLSID\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}
HKLM\Software\Classes\CLSID\{06663B51-0D73-4f9f-BCC5-4AA941470AFD}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06663B51-0D73-4f9f-BCC5-4AA941470AFD}
HKLM\Software\Classes\CLSID\{B15FD82E-85BC-430d-90CB-65DB1B030510}
HKLM\Software\Classes\CLSID\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}
HKLM\Software\Classes\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}
HKLM\Software\Classes\CLSID\{F0D4B23B-DA4B-4daf-81E4-DFEE4931A4AA}
.
C:\DOCUME~1\User\APPLIC~1\FunWebProducts
C:\DOCUME~1\User\APPLIC~1\Mozilla\Firefox\Profiles\6ec61vqk.default\searchplugins\mywebsearch.xml
C:\Program Files\AskSBar
C:\Program Files\FunWebProducts
C:\Program Files\GamesBar
C:\Program Files\Mozilla FireFox\chrome\m3ffxtbr.jar
C:\Program Files\Mozilla FireFox\chrome\m3ffxtbr.manifest
C:\Program Files\Mozilla FireFox\Plugins\NPMyWebS.dll
C:\Program Files\MyWebSearch ... [b]ERREUR SUPPRESSION !!/b
C:\WINDOWS\System32\f3PSSavr.scr
C:\Program Files\Internet Explorer\msimg32.dll
C:\DOCUME~1\User\Cookies\user@ask[2].txt
C:\DOCUME~1\User\Cookies\user@mywebsearch[2].txt

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.0.6 [fr] *
.
Nom du profil: 6ec61vqk.default (User)
.
(Prefs.js) user_pref("browser.search.selectedEngine", "MyWebSearch");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT1392740&SearchSource=13");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.6");
.
(prefs.js) EFFACÉ: user_pref("browser.search.selectedEngine", "MyWebSearch");
(prefs.js) EFFACÉ: user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=ZCxdm451YYDZ&ptb=rL7RzSBPK94hRG654Ex7sg");
(prefs.js) EFFACÉ: user_pref("extensions.mywebsearch.prevKwdEnabled", true);
(prefs.js) EFFACÉ: user_pref("extensions.mywebsearch.prevKwdURL", "chrome://browser-region/locale/region.properties");
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Search Page: hxxp://www.cherche.us
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://search.msn.com/spbasic.htm
Search page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials ... ) ==============
.
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Lue\Downloads\1254858466jtun_fixpatchreg.zip
C:\Documents and Settings\User\Application Data\HouseCall 6.6\patch.exe
C:\Documents and Settings\User\Bureau\EVEREST.Ultimate.Edition.v2.20.405.Multilingual.WinALL.Incl.Keygen-ViRiLiTY\setup.exe
C:\Documents and Settings\User\Bureau\EVEREST.Ultimate.Edition.v2.20.405.Multilingual.WinALL.Incl.Keygen-ViRiLiTY\virility.nfo
.
===================================
.
16687 Octet(s) - C:\Ad-Report-CLEAN[1].log
.
24 Fichier(s) - C:\DOCUME~1\User\LOCALS~1\Temp
11 Fichier(s) - C:\WINDOWS\Temp
.
18 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
127 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 23:14:44 | 02/11/2009 - CLEAN[1]
.
============== E.O.F ==============
.



J'ai ensuite lancé RSIT comme tu l'avais recommandé et les deux rapports produits sont les suivants :
Info :
nfo.txt logfile of random's system information tool 1.06 2009-11-02 23:22:16

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
Adobe® Photoshop® Album Edition Découverte 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Ad-Remover By C_XX-->"C:\Program Files\Ad-Remover\Uninstall ADR.exe"
ADSL Modem-->rundll32.exe stmcfg32.dll,Uninstall
Alex4 v1.1-->c:\games\alex4\unins000.exe
AltaVista FreeAccess-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\FreeAV\Uninst.isu" -c"C:\Program Files\FreeAV\uninstdll.dll"
Apple Software Update-->MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
AutoCAD 2006 - Français-->MsiExec.exe /I{5783F2D7-4001-040C-0002-0060B0CE6BBA}
Autodesk Design Review 2010-->C:\Program Files\Autodesk\Autodesk Design Review\Setup\Setup.exe /P {55D9E026-DCB0-46FF-B60A-68B972228CF6} /M ADR
Backspin Billiards-->"C:\Program Files\orange\jeux\Backspin Billiards\Uninstall.exe" "C:\Program Files\orange\jeux\Backspin Billiards\install.log"
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
BILLARD By RY's-->C:\WINDOWS\uninst.exe -f"C:\Program Files\RY's Games\BILLARD\DeIsL1.isu" -c"C:\Program Files\RY's Games\BILLARD\_ISREG32.DLL"
BlueSoleil-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\setup.exe" -l0x40c
BMW M3 Challenge-->"D:\Jeux\BMW M3 Challenge\Support\unins000.exe"
Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}\SETUP.EXE" -l0x40c UNINST
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
Corel Paint Shop Pro Photo X2-->MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Creative DVD Audio Plugin for Audigy Series-->"C:\Program Files\Creative\CTDPlugin\CTUIDVD.exe " -u
CX4300_5500_DX4400 Manuel-->C:\Program Files\EPSON\TPMANUAL\CX4300_5500_DX4400\FRA\USE_G\DOCUNINS.EXE
DVD Solution-->"C:\Program Files\Uninstall_CDS.exe"
DWG TrueView 2010-->C:\Program Files\DWG TrueView 2010\Setup\Setup.exe /P {5783F2D7-8028-0409-0000-0060B0CE6BBA} /M AOEM /language en-US
EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}\SETUP.EXE" -l0x40c UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x40c UNINST
EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
EVEREST Ultimate Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Favorit-->"c:\documents and settings\user\local settings\application data\diocc.exe" -uninstall
Futuremark SystemInfo-->"C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly
getPlus(R)_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Harold's Hills v1.0-->"c:\games\haroldshills\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
HouseCall 6.6-->"C:\Documents and Settings\User\Application Data\HouseCall 6.6\uninstaller.exe"
HP PSC & Officejet 5.3.B Corporate Edition-->"C:\Program Files\HP\Digital Imaging\{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}\setup\hpzscr01.exe" -datfile hposcr07.dat
Icy Tower v1.3.1-->"c:\games\icytower1.3\unins000.exe"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
InterVideo WinDVD 7-->"C:\Program Files\InstallShield Installation Information\{90885A82-9673-49EA-AB39-AF776639C67C}\setup.exe" REMOVEALL
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JPEG USB Video Camera Driver v0.51-->MsiExec.exe /I{9D2C81AC-B2B6-4DAC-A99C-5F09925F2C5F}
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LimeWire 4.14.8-->"C:\Program Files\LimeWire\uninstall.exe"
Madagascar-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{0FB261F3-6F16-43FD-A404-F377C169B937}
Micro Application - Cartes de visite 2002-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Micro Application\Cartes de visite 2002\Uninst.isu" -c"C:\Program Files\Micro Application\Cartes de visite 2002\_UNODBC.DLL"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta 2009 - Collection-->MsiExec.exe /I{09180081-2C94-4A67-8E55-8483C019C7D2}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
mobiConnect-->C:\Program Files\mobiConnect\uninst.exe
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Moto Geeks-->"C:\Program Files\MyPlayCity.com\Moto Geeks\unins000.exe"
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Multimedia Launcher-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
MySQL Connector/ODBC 3.51-->MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723}
Nero 7 Demo-->MsiExec.exe /I{ABDA708A-5180-207F-30CE-675965461036}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{E4DD8B33-6F9B-41C5-96FF-5DBF27ED23E7}
Nokia Lifeblog 2.1-->MsiExec.exe /I{EE565795-2776-415A-B31C-EB3A8D7C6FA4}
Nokia MTP driver-->MsiExec.exe /I{59359B3D-ABE7-46BF-AB55-43B67A64DC68}
Nokia N73 highlights-->MsiExec.exe /I{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}
Nokia PC Connectivity Solution-->MsiExec.exe /I{588AA47B-9115-44D3-B2E5-4F10BC659D6C}
Nokia PC Suite-->MsiExec.exe /I{508FA22B-AFFC-46CD-9441-2567976574A4}
Nokia themes for your device-->MsiExec.exe /I{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}
Norton 360-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\562C4DD5\3.5.2.11\InstStub.exe /X
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
OxyTech LITESTAR 10-->"C:\Program Files\OxyTech\LITESTAR 10\unins000.exe"
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Pando Toolbar-->rundll32 C:\PROGRA~1\PandoBar\bar\1.bin\PandoBar.dll,O
Pando-->MsiExec.exe /I{AB480DA0-7EE9-465D-9C12-4CDE65BF18FB}
PC Speed Maximizer v2.0-->"C:\Program Files\PC Speed Maximizer\unins000.exe"
PDFCreator Toolbar-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_531.exe" _?=C:\Program Files\PDFCreator Toolbar
PDFCreator-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_531.exe" -hu _?=C:\Program Files\PDFCreator Toolbar
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RegCure 1.5.0.1-->C:\Program Files\RegCure\uninst.exe
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SMPE v1.0-->c:\games\smpe\unins000.exe
SoundCheck V3.0-->"C:\Program Files\SoundCheck\unins000.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x40c -removeonly
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Windows Driver Package - Nokia Modem (04/06/2006 6.8.0.17)-->C:\PROGRA~1\DIFX\dpinst.exe /u C:\WINDOWS\System32\DRVSTORE\nokbtmdm_7F91C37896B530901B0665F9EF32E19FF06F5687\nokbtmdm.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
X-MEN By RY's-->C:\WINDOWS\uninst.exe -f"C:\Program Files\RY's Games\X-MEN\DeIsL1.isu" -c"C:\Program Files\RY's Games\X-MEN\_ISREG32.DLL"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Yahoo! Extras-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~2.DLL
Yahoo! Mail Advisor-->C:\PROGRA~1\Yahoo!\Common\UNINST~1.EXE
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

=====HijackThis Backups=====

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF [2009-11-01]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp [2009-11-01]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF [2009-11-01]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = // ;) anna I Liebe YOU ==> MILK@3|_!!! [2009-11-01]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr [2009-11-01]

======Security center information======

AV: Norton 360 (outdated)
FW: Norton 360

======System event log======

Computer Name: HOME
Event Code: 7036
Message: Le service avast! Web Scanner est entré dans l'état : en cours d'exécution.

Record Number: 29750
Source Name: Service Control Manager
Time Written: 20090925201141.000000+060
Event Type: Informations
User:

Computer Name: HOME
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service avast! Web Scanner.

Record Number: 29749
Source Name: Service Control Manager
Time Written: 20090925201141.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: HOME
Event Code: 7036
Message: Le service avast! Mail Scanner est entré dans l'état : en cours d'exécution.

Record Number: 29748
Source Name: Service Control Manager
Time Written: 20090925201141.000000+060
Event Type: Informations
User:

Computer Name: HOME
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service avast! Mail Scanner.

Record Number: 29747
Source Name: Service Control Manager
Time Written: 20090925201141.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: HOME
Event Code: 7036
Message: Le service ServiceLayer est entré dans l'état : en cours d'exécution.

Record Number: 29746
Source Name: Service Control Manager
Time Written: 20090925201141.000000+060
Event Type: Informations
User:

=====Application event log=====

Computer Name: HOME
Event Code: 0
Message:
Record Number: 2714
Source Name: gusvc
Time Written: 20090901155539.000000+060
Event Type: Informations
User:

Computer Name: HOME
Event Code: 0
Message:
Record Number: 2713
Source Name: gusvc
Time Written: 20090901155440.000000+060
Event Type: Informations
User:

Computer Name: HOME
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 2712
Source Name: SecurityCenter
Time Written: 20090901155405.000000+060
Event Type: Informations
User:

Computer Name: HOME
Event Code: 0
Message:
Record Number: 2711
Source Name: ServiceLayer
Time Written: 20090901155402.000000+060
Event Type: Informations
User:

Computer Name: HOME
Event Code: 0
Message:
Record Number: 2710
Source Name: gupdate1c9bf591942390
Time Written: 20090901155402.000000+060
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Fichiers communs\Autodesk Shared\;C:\Program Files\Samsung\Samsung PC Studio 3\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------

Logfile :
Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2009-11-02 23:22:04
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 8 GB (22%) free of 34 GB
Total RAM: 1023 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:22:13, on 02/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\documents and settings\user\local settings\application data\diocc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ww12.cherche.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ww12.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = // ;) anna I Liebe YOU ==> MILK@3|_!!!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll (file missing)
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [kubernscan] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\kubernscan.vbe
O4 - HKLM\..\Run: [kubernesis.dll] C:\WINDOWS\kubernesis.dll.vbe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [E09FXLRD_415031] "C:\Program Files\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\DOCUME~1\User\LOCALS~1\Temp\E_S27.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [diocc] "c:\documents and settings\user\local settings\application data\diocc.exe" diocc
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; FunWebProducts; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://fr.midas.games.yahoo.net/single_play.jsp?game=links&altVer=false&gameMode=2"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: kubernscan.vbe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - https://benchmarks.ul.com?redirected=true
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F141915-CC39-40D8-A9BF-793EA4BFD039}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{466A185E-9B18-4A09-A7EB-0FBC1BB6C8E3}: NameServer = 208.67.222.222 208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O20 - Winlogon Notify: opnmklk - opnmklk.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Service Google Update (gupdate1c9bf591942390) (gupdate1c9bf591942390) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
1
Réponse 3 / 37
Utilisateur anonyme
8 nov. 2009 à 19:46
Salut , ton canned OTM est faux et obsolete

concernant ce fichier , usbfix à été mis a jours ...

Bonne suite .
1
Réponse 4 / 37
Utilisateur anonyme
26 nov. 2009 à 23:12
Bonsoir.

C'était attendu.

Bonne fin ! :)

++
1

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 37
raoufrafik Messages postés 26 Date d'inscription lundi 2 novembre 2009 Statut Membre Dernière intervention 28 janvier 2013 1
2 nov. 2009 à 23:41
Merci pour ton aide Nemesis31.

Voici le rapport de AD REMOVER :
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_A | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 18.10.2009 à 19:05
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 22:52:29, 02/11/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
Nom du PC: HOME | Utilisateur actuel: User
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.

HKCU\Software\Fun Web Products
HKCU\Software\FunWebProducts
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00­A6FAF1-072E-44CF-8957-5838F569A31D}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00­A6FAF6-072E-44CF-8957-5838F569A31D}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07­B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07­B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07­B18EAB-A523-4961-B6BB-170DE4475CCA}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D­4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25­560540-9571-4D7B-9389-0F166788785A}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3D­C201FB-E9C9-499C-A11F-23C360D7C3F8}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9F­F05104-B030-46FC-94B8-81276E4E27DF}
HKCU\Software\MyWebSearch
HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44CF-8957-5838F56­9A31D}
HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44CF-8957-5838F56­9A31D}
HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE44­75CCA}
HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE44­75CCA}
HKLM\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE44­75CCA}
HKLM\Software\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FF­CAF70}
HKLM\Software\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4C­DD239}
HKLM\Software\Classes\CLSID\{1E0DE227-5CE4-4EA3-AB0C-8B03E1A­A76BC}
HKLM\Software\Classes\CLSID\{25560540-9571-4D7B-9389-0F16678­8785A}
HKLM\Software\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D­7C3F8}
HKLM\Software\Classes\CLSID\{3E720452-B472-4954-B7AA-33069EB­53906}
HKLM\Software\Classes\CLSID\{53CED2D0-5E9A-4761-9005-648404E­6F7E5}
HKLM\Software\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BB­BD83C}
HKLM\Software\Classes\CLSID\{7473D292-B7BB-4F24-AE82-7E2CE94­BB6A9}
HKLM\Software\Classes\CLSID\{7473D294-B7BB-4F24-AE82-7E2CE94­BB6A9}
HKLM\Software\Classes\CLSID\{7473D296-B7BB-4F24-AE82-7E2CE94­BB6A9}
HKLM\Software\Classes\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F5­05983}
HKLM\Software\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4­B1D14}
HKLM\Software\Classes\CLSID\{938AA51A-996C-4884-98CE-80DD16A­5C9DA}
HKLM\Software\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA­897AB}
HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDED­A3179}
HKLM\Software\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4­E27DF}
HKLM\Software\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D3­23AD3}
HKLM\Software\Classes\CLSID\{A9571378-68A1-443D-B082-284F960­C6D17}
HKLM\Software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A­782DC}
HKLM\Software\Classes\CLSID\{B813095C-81C0-4E40-AA14-6752037­2B987}
HKLM\Software\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3­DF2C7}
HKLM\Software\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605­FB835}
HKLM\Software\Classes\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF0065­28805}
HKLM\Software\Classes\CLSID\{E79DFBCA-5697-4FBD-94E5-5B2A9C7­C1612}
HKLM\Software\Classes\FunWebProducts.DataControl
HKLM\Software\Classes\FunWebProducts.DataControl.1
HKLM\Software\Classes\FunWebProducts.HistoryKillerScheduler
HKLM\Software\Classes\FunWebProducts.HistoryKillerScheduler.­1
HKLM\Software\Classes\FunWebProducts.HistorySwatterControlBa­r
HKLM\Software\Classes\FunWebProducts.HistorySwatterControlBa­r.1
HKLM\Software\Classes\FunWebProducts.HTMLMenu
HKLM\Software\Classes\FunWebProducts.HTMLMenu.1
HKLM\Software\Classes\FunWebProducts.HTMLMenu.2
HKLM\Software\Classes\FunWebProducts.IECookiesManager
HKLM\Software\Classes\FunWebProducts.IECookiesManager.1
HKLM\Software\Classes\FunWebProducts.KillerObjManager
HKLM\Software\Classes\FunWebProducts.KillerObjManager.1
HKLM\Software\Classes\FunWebProducts.PopSwatterBarButton
HKLM\Software\Classes\FunWebProducts.PopSwatterBarButton.1
HKLM\Software\Classes\FunWebProducts.PopSwatterSettingsContr­ol
HKLM\Software\Classes\FunWebProducts.PopSwatterSettingsContr­ol.1
HKLM\Software\Classes\Interface\{07B18EAA-A523-4961-B6BB-170­DE4475CCA}
HKLM\Software\Classes\Interface\{07B18EAC-A523-4961-B6BB-170­DE4475CCA}
HKLM\Software\Classes\Interface\{1093995A-BA37-41D2-836E-091­067C4AD17}
HKLM\Software\Classes\Interface\{120927BF-1700-43BC-810F-FAB­92549B390}
HKLM\Software\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-875­5795359EC}
HKLM\Software\Classes\Interface\{1F52A5FA-A705-4415-B975-885­03B291728}
HKLM\Software\Classes\Interface\{247A115F-06C2-4FB3-967D-2D6­2D3CF4F0A}
HKLM\Software\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6­A3DD375CC}
HKLM\Software\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6­A3DD375CC}
HKLM\Software\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A­58E171495}
HKLM\Software\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFE­B7A64DF82}
HKLM\Software\Classes\Interface\{3E720451-B472-4954-B7AA-330­69EB53906}
HKLM\Software\Classes\Interface\{3E720453-B472-4954-B7AA-330­69EB53906}
HKLM\Software\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C­69BBBD83C}
HKLM\Software\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C­69BBBD83C}
HKLM\Software\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B­8E07FF9CA}
HKLM\Software\Classes\Interface\{72EE7F04-15BD-4845-A005-D67­11144D86A}
HKLM\Software\Classes\Interface\{741DE825-A6F0-4497-9AA6-802­3CF9B0FFF}
HKLM\Software\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2­CE94BB6A9}
HKLM\Software\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2­CE94BB6A9}
HKLM\Software\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2­CE94BB6A9}
HKLM\Software\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2­CE94BB6A9}
HKLM\Software\Classes\Interface\{90449521-D834-4703-BB4E-D3A­A44042FF8}
HKLM\Software\Classes\Interface\{991AAC62-B100-47CE-8B75-253­965244F69}
HKLM\Software\Classes\Interface\{A626CDBD-3D13-4F78-B819-440­A28D7E8FC}
HKLM\Software\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6­AE529862D}
HKLM\Software\Classes\Interface\{CF54BE1C-9359-4395-8533-165­7CF209CFE}
HKLM\Software\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E­6C5A355C1}
HKLM\Software\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5­E4ED93477}
HKLM\Software\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7­F52D9D25E}
HKLM\Software\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7­F52D9D25F}
HKLM\Software\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2­A9C7C1612}
HKLM\Software\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2­A9C7C1612}
HKLM\Software\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D­6446FDAF8}
HKLM\Software\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8D­FE02E2978}
HKLM\Software\Classes\MyWebSearch.ChatSessionPlugin
HKLM\Software\Classes\MyWebSearch.ChatSessionPlugin.1
HKLM\Software\Classes\MyWebSearch.HTMLPanel
HKLM\Software\Classes\MyWebSearch.HTMLPanel.1
HKLM\Software\Classes\MyWebSearch.OutlookAddin
HKLM\Software\Classes\MyWebSearch.OutlookAddin.1
HKLM\Software\Classes\MyWebSearch.PseudoTransparentPlugin
HKLM\Software\Classes\MyWebSearch.PseudoTransparentPlugin.1
HKLM\Software\Classes\MyWebSearchToolBar.SettingsPlugin
HKLM\Software\Classes\MyWebSearchToolBar.SettingsPlugin.1
HKLM\Software\Classes\MyWebSearchToolBar.ToolbarPlugin
HKLM\Software\Classes\MyWebSearchToolBar.ToolbarPlugin.1
HKLM\Software\Classes\screensavercontrol.screensaverinstalle­r
HKLM\Software\Classes\screensavercontrol.screensaverinstalle­r.1
HKLM\Software\Classes\TypeLib\{07B18EA0-A523-4961-B6BB-170DE­4475CCA}
HKLM\Software\Classes\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3­A1B6A3A}
HKLM\Software\Classes\TypeLib\{29D67D3C-509A-4544-903F-C8C1B­8236554}
HKLM\Software\Classes\TypeLib\{3E720450-B472-4954-B7AA-33069­EB53906}
HKLM\Software\Classes\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE­94BB6A9}
HKLM\Software\Classes\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC­4A7094C}
HKLM\Software\Classes\TypeLib\{8E6F1830-9607-4440-8530-13BE7­C4B1D14}
HKLM\Software\Classes\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B0­0212144}
HKLM\Software\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71­756821E}
HKLM\Software\Classes\TypeLib\{E47CAEE0-DEEA-464A-9326-3F280­1535A4D}
HKLM\Software\Classes\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9­C7C1612}
HKLM\Software\Classes\TypeLib\{F42228FB-E84E-479E-B922-FBBD0­96E792C}
HKLM\Software\FocusInteractive
HKLM\Software\Fun Web Products
HKLM\Software\FunWebProducts
HKLM\Software\GamesBarSetup
HKLM\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481­}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7­}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907­}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127­}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7­}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA­}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}­
HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
HKLM\Software\Microsoft\Office\Outlook\Addins\MyWebSearch.Ou­tlookAddin
HKLM\Software\Microsoft\Office\Word\Addins\MyWebSearch.Outlo­okAddin
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWebSearch bar Uninstall
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Brow­ser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Brow­ser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApprov­ed\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApprov­ed\{25560540-9571-4D7B-9389-0F166788785A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApprov­ed\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApprov­ed\{3E720452-B472-4954-B7AA-33069EB53906}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApprov­ed\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApprov­ed\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApprov­ed\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApprov­ed\{9FF05104-B030-46FC-94B8-81276E4E27DF}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApprov­ed\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ask­SBar Uninstall
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyW­ebSearch bar Uninstall
HKLM\Software\MyWebSearch
HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_MYWEBSEARCHSERVIC­E ... [b]ERREUR SUPPRESSION !!/b
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MYWEBSEARCHSE­RVICE ... [b]ERREUR SUPPRESSION !!/b
HKU\S-1-5-21-117609710-492894223-725345543-1003\Software\Mic­rosoft\Internet Explorer\Searchscopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}­
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\post platform\\FunWebProducts
HKLM\Software\Microsoft\Windows Media\Wmsdk\Sources\\F3PopularScreenSavers
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSea­rch Email Plugin
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSea­rch Plugin
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSea­rch Email Plugin
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44CF-8957-5838F569A3­1D}
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0579B4B6-0293-4D73-B02D-5EBB0BA0F0­A2}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0D4B239-DA4B-4daf-81E4-DFEE49­31A4AA}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4­475CCA}
HKLM\Software\Classes\CLSID\{0579B4B1-0293-4d73-B02D-5EBB0BA­0F0A2}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Brow­ser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}
HKLM\Software\Classes\CLSID\{06663B51-0D73-4f9f-BCC5-4AA9414­70AFD}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Brow­ser Helper Objects\{06663B51-0D73-4f9f-BCC5-4AA941470AFD}
HKLM\Software\Classes\CLSID\{B15FD82E-85BC-430d-90CB-65DB1B0­30510}
HKLM\Software\Classes\CLSID\{F0D4B231-DA4B-4daf-81E4-DFEE493­1A4AA}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Brow­ser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}
HKLM\Software\Classes\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE493­1A4AA}
HKLM\Software\Classes\CLSID\{F0D4B23B-DA4B-4daf-81E4-DFEE493­1A4AA}
.
C:\DOCUME~1\User\APPLIC~1\FunWebProducts
C:\DOCUME~1\User\APPLIC~1\Mozilla\Firefox\Profiles\6ec61vqk.­default\searchplugins\mywebsearch.xml
C:\Program Files\AskSBar
C:\Program Files\FunWebProducts
C:\Program Files\GamesBar
C:\Program Files\Mozilla FireFox\chrome\m3ffxtbr.jar
C:\Program Files\Mozilla FireFox\chrome\m3ffxtbr.manifest
C:\Program Files\Mozilla FireFox\Plugins\NPMyWebS.dll
C:\Program Files\MyWebSearch ... [b]ERREUR SUPPRESSION !!/b
C:\WINDOWS\System32\f3PSSavr.scr
C:\Program Files\Internet Explorer\msimg32.dll
C:\DOCUME~1\User\Cookies\user@ask[2].txt
C:\DOCUME~1\User\Cookies\user@mywebsearch[2].txt

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.0.6 [fr] *
.
Nom du profil: 6ec61vqk.default (User)
.
(Prefs.js) user_pref("browser.search.selectedEngine", "MyWebSearch");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT1392740&SearchSource=13");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.6");
.
(prefs.js) EFFACÉ: user_pref("browser.search.selectedEngine", "MyWebSearch");
(prefs.js) EFFACÉ: user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=ZCxdm451YYDZ&ptb=rL7RzSBPK94hRG654Ex7sg");
(prefs.js) EFFACÉ: user_pref("extensions.mywebsearch.prevKwdEnabled", true);
(prefs.js) EFFACÉ: user_pref("extensions.mywebsearch.prevKwdURL", "chrome://browser-region/locale/region.properties");
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Search Page: hxxp://www.cherche.us
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://search.msn.com/spbasic.htm
Search page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials ... ) ==============
.
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Lue\Downloads\1254858466jtun_fixpatchreg.zip
C:\Documents and Settings\User\Application Data\HouseCall 6.6\patch.exe
C:\Documents and Settings\User\Bureau\EVEREST.Ultimate.Edition.v2.20.405.Multilingual.WinALL.Incl.Keygen-ViRiLiTY\setup.exe
C:\Documents and Settings\User\Bureau\EVEREST.Ultimate.Edition.v2.20.405.Multilingual.WinALL.Incl.Keygen-ViRiLiTY\virility.nfo
.
===================================
.
16687 Octet(s) - C:\Ad-Report-CLEAN[1].log
.
24 Fichier(s) - C:\DOCUME~1\User\LOCALS~1\Temp
11 Fichier(s) - C:\WINDOWS\Temp
.
18 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
127 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 23:14:44 | 02/11/2009 - CLEAN[1]
.
============== E.O.F ==============
.



J'ai ensuite lancé RSIT comme tu l'avais recommandé et les deux rapports produits sont les suivants :
Info :
nfo.txt logfile of random's system information tool 1.06 2009-11-02 23:22:16

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-040C-1E257A25E34D}
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
Adobe® Photoshop® Album Edition Découverte 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Ad-Remover By C_XX-->"C:\Program Files\Ad-Remover\Uninstall ADR.exe"
ADSL Modem-->rundll32.exe stmcfg32.dll,Uninstall
Alex4 v1.1-->c:\games\alex4\unins000.exe
AltaVista FreeAccess-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\FreeAV\Uninst.isu" -c"C:\Program Files\FreeAV\uninstdll.dll"
Apple Software Update-->MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
AutoCAD 2006 - Français-->MsiExec.exe /I{5783F2D7-4001-040C-0002-0060B0CE6BBA}
Autodesk Design Review 2010-->C:\Program Files\Autodesk\Autodesk Design Review\Setup\Setup.exe /P {55D9E026-DCB0-46FF-B60A-68B972228CF6} /M ADR
Backspin Billiards-->"C:\Program Files\orange\jeux\Backspin Billiards\Uninstall.exe" "C:\Program Files\orange\jeux\Backspin Billiards\install.log"
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
BILLARD By RY's-->C:\WINDOWS\uninst.exe -f"C:\Program Files\RY's Games\BILLARD\DeIsL1.isu" -c"C:\Program Files\RY's Games\BILLARD\_ISREG32.DLL"
BlueSoleil-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\setup.exe" -l0x40c
BMW M3 Challenge-->"D:\Jeux\BMW M3 Challenge\Support\unins000.exe"
Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}\SETUP.EXE" -l0x40c UNINST
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
Corel Paint Shop Pro Photo X2-->MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Creative DVD Audio Plugin for Audigy Series-->"C:\Program Files\Creative\CTDPlugin\CTUIDVD.exe " -u
CX4300_5500_DX4400 Manuel-->C:\Program Files\EPSON\TPMANUAL\CX4300_5500_DX4400\FRA\USE_G\DOCUNINS.EXE
DVD Solution-->"C:\Program Files\Uninstall_CDS.exe"
DWG TrueView 2010-->C:\Program Files\DWG TrueView 2010\Setup\Setup.exe /P {5783F2D7-8028-0409-0000-0060B0CE6BBA} /M AOEM /language en-US
EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}\SETUP.EXE" -l0x40c UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x40c UNINST
EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
EVEREST Ultimate Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Favorit-->"c:\documents and settings\user\local settings\application data\diocc.exe" -uninstall
Futuremark SystemInfo-->"C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly
getPlus(R)_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Harold's Hills v1.0-->"c:\games\haroldshills\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
HouseCall 6.6-->"C:\Documents and Settings\User\Application Data\HouseCall 6.6\uninstaller.exe"
HP PSC & Officejet 5.3.B Corporate Edition-->"C:\Program Files\HP\Digital Imaging\{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}\setup\hpzscr01.exe" -datfile hposcr07.dat
Icy Tower v1.3.1-->"c:\games\icytower1.3\unins000.exe"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
InterVideo WinDVD 7-->"C:\Program Files\InstallShield Installation Information\{90885A82-9673-49EA-AB39-AF776639C67C}\setup.exe" REMOVEALL
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JPEG USB Video Camera Driver v0.51-->MsiExec.exe /I{9D2C81AC-B2B6-4DAC-A99C-5F09925F2C5F}
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LimeWire 4.14.8-->"C:\Program Files\LimeWire\uninstall.exe"
Madagascar-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{0FB261F3-6F16-43FD-A404-F377C169B937}
Micro Application - Cartes de visite 2002-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Micro Application\Cartes de visite 2002\Uninst.isu" -c"C:\Program Files\Micro Application\Cartes de visite 2002\_UNODBC.DLL"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta 2009 - Collection-->MsiExec.exe /I{09180081-2C94-4A67-8E55-8483C019C7D2}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
mobiConnect-->C:\Program Files\mobiConnect\uninst.exe
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Moto Geeks-->"C:\Program Files\MyPlayCity.com\Moto Geeks\unins000.exe"
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Multimedia Launcher-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
MySQL Connector/ODBC 3.51-->MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723}
Nero 7 Demo-->MsiExec.exe /I{ABDA708A-5180-207F-30CE-675965461036}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{E4DD8B33-6F9B-41C5-96FF-5DBF27ED23E7}
Nokia Lifeblog 2.1-->MsiExec.exe /I{EE565795-2776-415A-B31C-EB3A8D7C6FA4}
Nokia MTP driver-->MsiExec.exe /I{59359B3D-ABE7-46BF-AB55-43B67A64DC68}
Nokia N73 highlights-->MsiExec.exe /I{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}
Nokia PC Connectivity Solution-->MsiExec.exe /I{588AA47B-9115-44D3-B2E5-4F10BC659D6C}
Nokia PC Suite-->MsiExec.exe /I{508FA22B-AFFC-46CD-9441-2567976574A4}
Nokia themes for your device-->MsiExec.exe /I{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}
Norton 360-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\562C4DD5\3.5.2.11\InstStub.exe /X
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
OxyTech LITESTAR 10-->"C:\Program Files\OxyTech\LITESTAR 10\unins000.exe"
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Pando Toolbar-->rundll32 C:\PROGRA~1\PandoBar\bar\1.bin\PandoBar.dll,O
Pando-->MsiExec.exe /I{AB480DA0-7EE9-465D-9C12-4CDE65BF18FB}
PC Speed Maximizer v2.0-->"C:\Program Files\PC Speed Maximizer\unins000.exe"
PDFCreator Toolbar-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_531.exe" _?=C:\Program Files\PDFCreator Toolbar
PDFCreator-->"C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_531.exe" -hu _?=C:\Program Files\PDFCreator Toolbar
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RegCure 1.5.0.1-->C:\Program Files\RegCure\uninst.exe
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SMPE v1.0-->c:\games\smpe\unins000.exe
SoundCheck V3.0-->"C:\Program Files\SoundCheck\unins000.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x40c -removeonly
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Windows Driver Package - Nokia Modem (04/06/2006 6.8.0.17)-->C:\PROGRA~1\DIFX\dpinst.exe /u C:\WINDOWS\System32\DRVSTORE\nokbtmdm_7F91C37896B530901B0665F9EF32E19FF06F5687\nokbtmdm.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
X-MEN By RY's-->C:\WINDOWS\uninst.exe -f"C:\Program Files\RY's Games\X-MEN\DeIsL1.isu" -c"C:\Program Files\RY's Games\X-MEN\_ISREG32.DLL"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Yahoo! Extras-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~2.DLL
Yahoo! Mail Advisor-->C:\PROGRA~1\Yahoo!\Common\UNINST~1.EXE
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

=====HijackThis Backups=====

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF [2009-11-01]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp [2009-11-01]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF [2009-11-01]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = // ;) anna I Liebe YOU ==> MILK@3|_!!! [2009-11-01]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr [2009-11-01]

======Security center information======

AV: Norton 360 (outdated)
FW: Norton 360

======System event log======

Computer Name: HOME
Event Code: 7036
Message: Le service avast! Web Scanner est entré dans l'état : en cours d'exécution.

Record Number: 29750
Source Name: Service Control Manager
Time Written: 20090925201141.000000+060
Event Type: Informations
User:

Computer Name: HOME
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service avast! Web Scanner.

Record Number: 29749
Source Name: Service Control Manager
Time Written: 20090925201141.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: HOME
Event Code: 7036
Message: Le service avast! Mail Scanner est entré dans l'état : en cours d'exécution.

Record Number: 29748
Source Name: Service Control Manager
Time Written: 20090925201141.000000+060
Event Type: Informations
User:

Computer Name: HOME
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service avast! Mail Scanner.

Record Number: 29747
Source Name: Service Control Manager
Time Written: 20090925201141.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: HOME
Event Code: 7036
Message: Le service ServiceLayer est entré dans l'état : en cours d'exécution.

Record Number: 29746
Source Name: Service Control Manager
Time Written: 20090925201141.000000+060
Event Type: Informations
User:

=====Application event log=====

Computer Name: HOME
Event Code: 0
Message:
Record Number: 2714
Source Name: gusvc
Time Written: 20090901155539.000000+060
Event Type: Informations
User:

Computer Name: HOME
Event Code: 0
Message:
Record Number: 2713
Source Name: gusvc
Time Written: 20090901155440.000000+060
Event Type: Informations
User:

Computer Name: HOME
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 2712
Source Name: SecurityCenter
Time Written: 20090901155405.000000+060
Event Type: Informations
User:

Computer Name: HOME
Event Code: 0
Message:
Record Number: 2711
Source Name: ServiceLayer
Time Written: 20090901155402.000000+060
Event Type: Informations
User:

Computer Name: HOME
Event Code: 0
Message:
Record Number: 2710
Source Name: gupdate1c9bf591942390
Time Written: 20090901155402.000000+060
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Fichiers communs\Autodesk Shared\;C:\Program Files\Samsung\Samsung PC Studio 3\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------
0
Réponse 6 / 37
raoufrafik Messages postés 26 Date d'inscription lundi 2 novembre 2009 Statut Membre Dernière intervention 28 janvier 2013 1
2 nov. 2009 à 23:44
Suite : rapport logfile :

Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2009-11-02 23:22:04
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 8 GB (22%) free of 34 GB
Total RAM: 1023 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:22:13, on 02/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\documents and settings\user\local settings\application data\diocc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ww12.cherche.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ww12.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = // ;) anna I Liebe YOU ==> MILK@3|_!!!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll (file missing)
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [kubernscan] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\kubernscan.vbe
O4 - HKLM\..\Run: [kubernesis.dll] C:\WINDOWS\kubernesis.dll.vbe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [E09FXLRD_415031] "C:\Program Files\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\DOCUME~1\User\LOCALS~1\Temp\E_S27.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [diocc] "c:\documents and settings\user\local settings\application data\diocc.exe" diocc
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; FunWebProducts; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://fr.midas.games.yahoo.net/single_play.jsp?game=links&altVer=false&gameMode=2"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: kubernscan.vbe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - https://benchmarks.ul.com?redirected=true
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F141915-CC39-40D8-A9BF-793EA4BFD039}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{466A185E-9B18-4A09-A7EB-0FBC1BB6C8E3}: NameServer = 208.67.222.222 208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O20 - Winlogon Notify: opnmklk - opnmklk.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Service Google Update (gupdate1c9bf591942390) (gupdate1c9bf591942390) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
0
Réponse 7 / 37
Nemesis31 Messages postés 436 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 3 avril 2014 78
3 nov. 2009 à 14:00
re,

raoufrafik et dougrdah sont la même personne ??

------------------

Toutefois je te signale que sur la fenêtre du navigateur l'inscription anna I Liebe YOU subsiste toujours.
Oui, j'ai vu qu'elle était restée, mais ne t'inquiète, on l'a fera partir dans pas longtemps :)
-------------------

Je vois que tu as Norton, tu y tiens vraiment ? (en clair, veux-tu le changer?)




Supprime ce dossier: C:\Program Files\MyWebSearch

Et cela aussi:
C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Lue\Downloads\1254858466jtun_fixpatchreg.zip
C:\Documents and Settings\User\Application Data\HouseCall 6.6\patch.exe
C:\Documents and Settings\User\Bureau\EVEREST.Ultimate.Edition.v2.20.405.Multilingual.WinALL.Incl.Keygen-ViRiLiTY\setup.exe
C:\Documents and Settings\User\Bureau\EVEREST.Ultimate.Edition.v2.20.405.Multilingual.WinALL.Incl.Keygen-ViRiLiTY\virility.nfo

Un peu de lecture: Le danger des cracks!


Et désinstalle ces programmes:
BOONTY Games
RegCure 1.5.0.1

-----------------------

Relances HJT qui se trouve ici:
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


Coches ces lignes:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = // ;) anna I Liebe YOU ==> MILK@3|_!!!

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL

O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL


O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL


O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; FunWebProducts; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://fr.midas.games.yahoo.net/single_play.jsp?game=links&altVer=false&gameMode=2"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: BlueSoleil.lnk = ?

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm451YYDZ

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

Et cliques dur "Fix Checked".


Ensuite, vas ICI et fais analyser ces 2 fichiers:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\kubernscan.vbe
C:\WINDOWS\kubernesis.dll.vbe

--------------------------


Petite vérification:
* Télécharge ToolbarSD (de Team IDN) sur ton Bureau

* (c est le numéro 6 en bas de la page) :

* Lance l'installation du programme en exécutant le fichier téléchargé.

* Double-clique maintenant sur le raccourci de Toolbar-S&D.

* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.

* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.

* Poste le rapport généré. (C:\TB.txt)

---------------------------------

Tu as une infection Navipromo:


Passe cet outil:
* Télécharge sur le bureau Navilog1

* (c est le numéro 1 en bas de la page):

* Si ton antivirus s'affole , le désactiver

* sous XP : double-clic dessus pour le lancer

* taper F

* Appuyer sur une touche jusqu'à arriver aux options

* Choisir [b]Recherche/Désinfection automatique/b ( = taper 1 )

* un rapport : fixnavi.txt dans ==> C :

* le copier et le coller dans la réponse



En résumé:
-2 rapports de virustotal
-1 rapport de Toolbar S&D
-1 rapport de Navilog1

++
0
raoufrafik Messages postés 26 Date d'inscription lundi 2 novembre 2009 Statut Membre Dernière intervention 28 janvier 2013 1
4 nov. 2009 à 21:13
Bonjour,

Merci Nemesis31 pour ton aide.

Oui, dougrdah et raoufrafik ne font qu'un. Une erreur au niveau de l'inscription. J'ai accédé au site en invité avec le 1er pseudo, et en voulant m'enregistrer celui-ci me fut refusé. J'en ai pris donc un autre mais comme on ne doit pas changer de pseudo pour un même thème (règle stricte sur le site), mon souci avec anna I Liebe YOU s'affichera avec le pseudo dougrdah. Ce n'est pas grave.

J'ai appliqué à la lettre tes dernières recommandations, à savoir :
- suppressions / désinstallation de tous les fichiers et dossiers mywebsearch, regcure et boonty. Pour ce faire, j'ai utilisé la commande recherche de fichiers de la barre démarrer.
- J'ai relancé HJT et supprimé (avec fix checked) les processus indiqués.
- J'ai lancé virus total et analysé le fichier : Kubernscan.vbe , mais pas kubernesis.dll.vbe car introuvable sous C:\WINDOWS. J'ai posté ci-dessous le résultat.
- J'ai lancé Toolbar SD puis Navilog. Les deux rapports sont présentés ci-dessous.

Après avoir procédé à ces opérations, j'ai constaté qu'hélas l'inscription d'anna I Liebe YOU sur la fenêtre du navigateur est toujours là et qu'un dernier scan avec HJT le confirme d'ailleurs. J'ai peut être sauté une opération ou mal procédé? Merci infiniment de bien vouloir m'apporter ton aide.

Analyse par virustotal du fichier Kubernscan.vbe
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.41 2009.11.03 -
AhnLab-V3 5.0.0.2 2009.11.03 VBS/Autorun
AntiVir 7.9.1.53 2009.11.03 -
Antiy-AVL 2.0.3.7 2009.11.03 -
Authentium 5.1.2.4 2009.11.03 -
Avast 4.8.1351.0 2009.11.03 -
AVG 8.5.0.423 2009.11.03 VBS/Worm
BitDefender 7.2 2009.11.03 Generic.ScriptWorm.8FA328FF
CAT-QuickHeal 10.00 2009.11.03 VBS.SsiWg
ClamAV 0.94.1 2009.11.03 -
Comodo 2831 2009.11.03 -
DrWeb 5.0.0.12182 2009.11.03 -
eTrust-Vet 35.1.7100 2009.11.03 -
F-Prot 4.5.1.85 2009.11.03 -
F-Secure 9.0.15370.0 2009.10.30 Generic.ScriptWorm.8FA328FF
Fortinet 3.120.0.0 2009.11.03 -
GData 19 2009.11.03 Generic.ScriptWorm.8FA328FF
Ikarus T3.1.1.72.0 2009.11.03 -
Jiangmin 11.0.800 2009.11.03 -
K7AntiVirus 7.10.887 2009.11.03 -
Kaspersky 7.0.0.125 2009.11.03 -
McAfee 5791 2009.11.03 VBS/Autorun.worm.k
McAfee+Artemis 5791 2009.11.03 VBS/Autorun.worm.k
McAfee-GW-Edition 6.8.5 2009.11.03 -
Microsoft 1.5202 2009.11.03 Worm:VBS/Slogod.F
NOD32 4570 2009.11.03 -
Norman 6.03.02 2009.11.03 -
nProtect 2009.1.8.0 2009.11.03 -
Panda 10.0.2.2 2009.11.03 -
PCTools 7.0.3.5 2009.11.03 -
Prevx 3.0 2009.11.03 -
Rising 21.54.14.00 2009.11.03 -
Sophos 4.47.0 2009.11.03 -
Sunbelt 3.2.1858.2 2009.11.03 -
Symantec 1.4.4.12 2009.11.03 -
TheHacker 6.5.0.2.059 2009.11.03 -
TrendMicro 8.950.0.1094 2009.11.03 -
VBA32 3.12.10.11 2009.11.03 -
ViRobot 2009.11.3.2019 2009.11.03 -
VirusBuster 4.6.5.0 2009.11.03 -

Information additionnelle
File size: 5304 bytes
MD5...: 8048cabde85fdc1af37c4c86e8149e62
SHA1..: 01f63c6a64af52c2e8bf35a6d359f812c577861a
SHA256: abafbf29e9561a69841bc07feb03cf900aa2531c592799d20384555367bb1f4b
ssdeep: 96:6eLHHVy6Tl2i+xALIQntV9xYQzbhg9FOGAG+IXDGvO20qJhOF/3RofS7txiIW
gAk:6eTHV/p08FntvxYSbhgxZDsO20h/3Ro+
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Text - UTF-16 (LE) encoded (64.4%)
MP3 audio (32.2%)
Lumena CEL bitmap (2.0%)
Corel Photo Paint (1.3%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (F-Prot): Unicode

Analyse par toolbar sd :
-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.06GHz )
BIOS : Award Modular BIOS v6.00PG
USER : User ( Administrator )
BOOT : Normal boot
Antivirus : Norton 360 3.5.2.11 (Activated)
Firewall : Norton 360 3.5.2.11 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:33 Go (Free:7 Go)
D:\ (Local Disk) - NTFS - Total:43 Go (Free:6 Go)
E:\ (CD or DVD) - CDFS - Total:4 Go (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 03/11/2009|23:38 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(User) - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} => myplaycity


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="about:blank"
"Search Page"="http://ww12.cherche.us"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"SearchMigratedDefaultUrl"="http://ww12.cherche.us{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_page_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr"
"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_page_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search bar"="http://www.bing.com/spresults.aspx"
"Search page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"


--------------------\\ Recherche d'autres infections


C:\DOCUME~1\User\LOCALS~1\APPLIC~1\diocc.dat
C:\DOCUME~1\User\LOCALS~1\APPLIC~1\diocc.exe
C:\DOCUME~1\User\LOCALS~1\APPLIC~1\diocc_navps.dat
C:\DOCUME~1\User\LOCALS~1\APPLIC~1\kifrpm.dat
C:\DOCUME~1\User\LOCALS~1\APPLIC~1\kifrpm_nav.dat
C:\DOCUME~1\User\LOCALS~1\APPLIC~1\kifrpm_navps.dat
C:\DOCUME~1\User\LOCALS~1\APPLIC~1\vkbqxnds.dat
C:\DOCUME~1\User\LOCALS~1\APPLIC~1\vkbqxnds_nav.dat
C:\DOCUME~1\User\LOCALS~1\APPLIC~1\vkbqxnds_navps.dat
[b]==> EGDACCESS <==/b

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\User\Bureau\EVEREST.Ultimate.Edition.v2.20.405.Multilingual.WinALL.Incl.Keygen-ViRiLiTY
C:\DOCUME~1\User\Bureau\EVEREST.Ultimate.Edition.v2.20.405.Multilingual.WinALL.Incl.Keygen-ViRiLiTY\Desktop_.ini
C:\DOCUME~1\User\Bureau\EVEREST.Ultimate.Edition.v2.20.405.Multilingual.WinALL.Incl.Keygen-ViRiLiTY\everest.key
C:\DOCUME~1\User\Local Settings\Temporary Internet Files\Content.IE5\4LZOYOQY\crack_danger0[1].jpg
C:\DOCUME~1\User\Local Settings\Temporary Internet Files\Content.IE5\95YV8AEQ\crack_danger4[1].jpg
C:\DOCUME~1\User\Local Settings\Temporary Internet Files\Content.IE5\95YV8AEQ\danger-des-cracks-t893[1].html
C:\DOCUME~1\User\Local Settings\Temporary Internet Files\Content.IE5\B9Y3IPCM\crack_danger3[1].jpg
C:\DOCUME~1\User\Local Settings\Temporary Internet Files\Content.IE5\Z9S5GBYQ\crack_danger2[1].jpg
C:\DOCUME~1\User\Local Settings\Temporary Internet Files\Content.IE5\Z9S5GBYQ\crack_danger[1].jpg
C:\DOCUME~1\User\Recent\EVEREST.Ultimate.Edition.v2.20.405.Multilingual.WinALL.Incl.Keygen-ViRiLiTY.lnk



1 - "C:\ToolBar SD\TB_1.txt" - 03/11/2009|23:39 - Option : [1]

-----------\\ Fin du rapport a 23:39:38,59


Analyse par Navilog :
Fix Navipromo version 4.0.4 commencé le 03/11/2009 23:44:11,93

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 02.11.2009 à 22h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.06GHz )
BIOS : Award Modular BIOS v6.00PG
USER : User ( Administrator )
BOOT : Normal boot

Antivirus : Norton 360 3.5.2.11 (Activated)
Firewall : Norton 360 3.5.2.11 (Activated)

A:\ (USB)
C:\ (Local Disk) - NTFS - Total:33 Go (Free:7 Go)
D:\ (Local Disk) - NTFS - Total:43 Go (Free:6 Go)
E:\ (CD or DVD) - CDFS - Total:4 Go (Free:0 Go)


Recherche executée en mode normal

Nettoyage exécuté au redémarrage de l'ordinateur


c:\docume~1\user\locals~1\applic~1\diocc.exe supprimé !
c:\docume~1\user\locals~1\applic~1\diocc.dat supprimé !
c:\docume~1\user\locals~1\applic~1\diocc_navps.dat supprimé !
c:\docume~1\user\locals~1\applic~1\kifrpm.dat supprimé !
c:\docume~1\user\locals~1\applic~1\kifrpm_nav.dat supprimé !
c:\docume~1\user\locals~1\applic~1\kifrpm_navps.dat supprimé !
C:\WINDOWS\prefetch\kifrpm*.pf supprimé !
c:\docume~1\user\locals~1\applic~1\vkbqxnds.dat supprimé !
c:\docume~1\user\locals~1\applic~1\vkbqxnds_nav.dat supprimé !
c:\docume~1\user\locals~1\applic~1\vkbqxnds_navps.dat supprimé !


Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\User\locals~1\Temp effectué !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !



*** Scan terminé 03/11/2009 23:51:05,15 ***
0
Réponse 8 / 37
Nemesis31 Messages postés 436 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 3 avril 2014 78
5 nov. 2009 à 18:42
re,

Supprime ça:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\kubernscan.vbe



Refais un RSIT stp (un seul rapport s'affichera, c'est normal)


Ensuite, fais ceci:
* Rends-toi à cette adresse afin de télécharger UsbFix (créé par Chiquitine29 & C_XX) :

* https://www.androidworld.fr/

* Clique sur TÉLÉCHARGER et enregistre-le sur ton bureau.

*Tutoriel recherche

* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d'avoir été infectés sans les ouvrir

* Double clic sur le raccourci UsbFix sur ton bureau, l'installation se fera automatiquement

* Choisi l'option 1 (recherche)

* Laisse travailler l'outil

* Ensuite post le rapport UsbFix.txt qui apparaîtra

* Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
* Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus




0
Réponse 9 / 37
raoufrafik Messages postés 26 Date d'inscription lundi 2 novembre 2009 Statut Membre Dernière intervention 28 janvier 2013 1
5 nov. 2009 à 21:41
Salut,

J'ai tenté de supprimer Kubernscan.vbe mais en vain. Un message s'affiche annonçant que la ressource serait utilisée par d'autres personnes ou programmes. J'avais pourtant fermé toutes les fenêtres et annulé la connexion.

Dois-je quand même lancer RSIT?

Merci.
0
Réponse 10 / 37
Nemesis31 Messages postés 436 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 3 avril 2014 78
5 nov. 2009 à 22:38
re,

kubernscan.vbe ==> on verra pour lui plus tard.


oui, fais un RSIT

ainsi que USBFix !
0
Réponse 11 / 37
raoufrafik Messages postés 26 Date d'inscription lundi 2 novembre 2009 Statut Membre Dernière intervention 28 janvier 2013 1
5 nov. 2009 à 22:55
Salut,

Voilà, c'est fait et merci.

Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2009-11-05 22:47:08
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 7 GB (22%) free of 34 GB
Total RAM: 1023 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:47:15, on 05/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\System32\WScript.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ww12.cherche.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ww12.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = // ;) anna I Liebe YOU ==> MILK@3|_!!!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll (file missing)
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [kubernscan] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\kubernscan.vbe
O4 - HKLM\..\Run: [kubernesis.dll] C:\WINDOWS\kubernesis.dll.vbe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [E09FXLRD_415031] "C:\Program Files\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\DOCUME~1\User\LOCALS~1\Temp\E_S27.tmp" /EF "HKCU"
O4 - Global Startup: kubernscan.vbe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - https://benchmarks.ul.com?redirected=true
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F141915-CC39-40D8-A9BF-793EA4BFD039}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{466A185E-9B18-4A09-A7EB-0FBC1BB6C8E3}: NameServer = 208.67.222.222 208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O20 - Winlogon Notify: opnmklk - opnmklk.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Service Google Update (gupdate1c9bf591942390) (gupdate1c9bf591942390) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
0
Réponse 12 / 37
Nemesis31 Messages postés 436 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 3 avril 2014 78
5 nov. 2009 à 23:05
re,


"C:\Adobe Creative suite 3 Master collection\Num‚ro De S‚rie\keygen_master.exe"
28/10/2007 18:43 |Size 33792 |Crc32 08bfe59f |Md5 add33009127c1d1f3e56215b6a4e4d9c

"C:\Program Files\RY's Games\empires2\Crack\empires2.exe"
21/09/1999 17:46 |Size 2560000 |Crc32 1222c356 |Md5 c5a1d96f94aad024fa0e3107a994128c

"C:\Program Files\RY's Games\empires2\Crack\SETUPREG.EXE"

==> à supprimer !!

Le danger des cracks !



Ensuite, fais ceci:
* Tutoriel nettoyage

* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectés sans les ouvrir

* Double clic sur le raccourci UsbFix présent sur ton bureau

* choisi l'option 2 ( Suppression )

* Ton bureau disparaîtra et le pc redémarrera .

* Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

* Ensuite poste le rapport UsbFix.txt qui apparaîtra avec le bureau .

* Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

* ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

* :!: UsbFix te proposera d'uploader un dossier compressé à cette adresse : https://www.androidworld.fr/

* Ce dossier a été créé par UsbFix et est enregistré sur ton bureau.

* Merci de l'envoyer à l'adresse indiquée afin d'aider l'auteur de UsbFix dans ses recherches.

* Merci d'avance pour ta contribution !!

---------------------------------

Veux-tu garder Norton ? si tu veux un gratuit, j'ai mieux à te proposer :) (sauf si tu l'as payé.... il vaut mieux ne pas jeter l'argent par les fenêtres...)

++
0
Réponse 13 / 37
raoufrafik Messages postés 26 Date d'inscription lundi 2 novembre 2009 Statut Membre Dernière intervention 28 janvier 2013 1
6 nov. 2009 à 14:10
Salut,

Visiblement ça a marché, merci beaucoup Nemesis.

Pour ce qui est de l'antivirus, mon Norton je l'ai eu gratuitement et s'il y a mieux je ne dis pas non.

Merci encore une fois.
0
Réponse 14 / 37
raoufrafik Messages postés 26 Date d'inscription lundi 2 novembre 2009 Statut Membre Dernière intervention 28 janvier 2013 1
6 nov. 2009 à 21:32
Salut,

C'est de la vraie vermine ce virus. Il a réapparu. Je ne sais plus quoi faire. J'ai lu sur le forum que COMBOFIX pouvait résoudre le problème. Il est lancé en mode sans echec. Qu'est ce que tu en penses Nemesis31.

Si ce n'est pas le cas, je crois qu'il ne me reste que deux choses à faire :
- Réinstaller Windows en écrasant la version existante
- Ou, si ça ne donne aucun résultat, formater mon pc, chose que je redoute.

Merci de bien vouloir m'apporter votre aide.
0
Réponse 15 / 37
Nemesis31 Messages postés 436 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 3 avril 2014 78
Modifié par Jeff le 7/06/2013 à 10:55
re,


attends..... déjà, postes le rapport de l'option 2 d'USBFix... après on verra


J'ai mieux que Norton a te proposé: Avira d'Antivir

-Télécharge Avira d'Antivir
-Désinstalle Norton
-Installe Antivir : TUTO
-Redémarre

++

/!\ Helper en Formation /!\
0
Réponse 16 / 37
Nemesis31 Messages postés 436 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 3 avril 2014 78
6 nov. 2009 à 23:35
refais un RSIT stp

0
Réponse 17 / 37
raoufrafik Messages postés 26 Date d'inscription lundi 2 novembre 2009 Statut Membre Dernière intervention 28 janvier 2013 1
7 nov. 2009 à 15:29
Salut,

Je t'envois les rapports USBFIX et RSIT ci-dessous. Pour AVIRA je te signale qu'il était installé dans mon pc quand j'ai chopé le virus anna. D'ailleurs je l'ai desinstallé et installé Norton pour cette raison. Néanmoins, si si la version que tu proposes est meilleure, je te fais confiance. Et merci.


############################## | UsbFix V6.046 |

User : User (Administrateurs) # HOME
Update on 29/10/2009 by Chiquitine29, C_XX & Chimay8
Start at: 14:32:19 | 07/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Pentium(R) 4 CPU 3.06GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : Norton 360 3.5.2.11 [ Enabled | (!) Outdated ]
FW : Norton 360[ Enabled ]3.5.2.11

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 33,11 Go (7,32 Go free) # NTFS
D:\ -> Disque fixe local # 43,58 Go (6,92 Go free) [Data] # NTFS
E:\ -> Disque CD-ROM # 4,23 Go (0 Mo free) [MANCESTER] # CDFS
F:\ -> Disque CD-ROM
G:\ -> Disque amovible # 3,72 Go (2,67 Go free) # FAT32

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe

################## | Fichiers # Dossiers infectieux |

Supprimé ! C:\WINDOWS\kubernesis.dll.vbe
Supprimé ! C:\kubernesis.vbe
Supprimé ! D:\kubernesis.vbe
Supprimé ! G:\kubernesis.vbe

################## | Registre # Clés Run infectieuses |

Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "kubernesis.dll"

################## | Registre # Mountpoints2 |


################## | Listing des fichiers présent |

[02/11/2009 23:14|--a--c---|17018] C:\Ad-Report-CLEAN[1].log
[12/07/2009 15:44|--a--c---|0] C:\AILog.txt
[02/03/2009 22:09|--a--c---|1936360] C:\aresregular211_installer.exe
[05/02/2007 03:13|--a--c---|0] C:\AUTOEXEC.BAT
[31/08/2007 21:28|-rahsc---|212] C:\boot.ini
[28/08/2001 13:00|-rahsc---|4952] C:\Bootfont.bin
[03/11/2009 23:51|--a--c---|1944] C:\cleannavi.txt
[05/02/2007 03:13|--a--c---|0] C:\CONFIG.SYS
[03/02/2009 22:25|--a--c---|216] C:\DebugTrace-RockallDLL.log
[27/12/2007 22:52|--a--c---|305571] C:\dictionnaire_myspell_en_fran__ais__r__forme_1990_-1.6-fx+tb+sm.xpi
[04/02/2009 22:17|--a--c---|7055134] C:\directx_nov2007_redist.exe
[05/11/2008 20:54|--a--c---|0] C:\download.log
[14/03/2009 12:19|--a--c---|4179293] C:\everest_everest_2.20_francais_12281.exe
[20/02/2009 20:37|--a--c---|7620336] C:\Firefox Setup 3.0.6.exe
[05/02/2007 03:13|-rahsc---|0] C:\IO.SYS
[28/02/2009 21:45|--a--c---|3] C:\ks-urp-xhr-handler.php
[05/02/2007 03:13|-rahsc---|0] C:\MSDOS.SYS
[31/08/2007 21:19|-rahs----|47564] C:\NTDETECT.COM
[31/08/2007 21:19|-rahs----|251712] C:\ntldr
[?|?|?] C:\pagefile.sys
[07/05/2009 14:05|--a--c---|1489] C:\PlotandPublishLog.CSV
[29/07/2009 22:20|--a--c---|140408] C:\Super-Mario-World-(Unl)-[c][!].gs0
[03/11/2009 23:39|--a--c---|3936] C:\TB.txt
[05/11/2009 22:53|--a--c---|4182] C:\UsbFix 02.txt
[07/11/2009 14:40|--a--c---|3944] C:\UsbFix.txt
[24/08/2008 21:04|--a--c---|127839] C:\VISA USA ds157fr.pdf
[04/09/2007 21:35|--a--c---|146] C:\YServer.txt
[01/01/2007 16:27|--a------|116730] D:\1-AberdeenMall-popup.jpg
[01/01/2007 16:26|--a------|110446] D:\1-CapeTownTerminal-popup.jpg
[23/04/2009 09:34|--a------|136047880] D:\182.50_geforce_winvista_64bit_international_whql.exe
[01/01/2007 16:26|--a------|128372] D:\2-MetripolitanHotel-popup.jpg
[05/11/2008 21:02|--a------|204] D:\20081105
[01/01/2007 16:26|--a------|97594] D:\4-Praha Airport-popup.jpg
[01/01/2007 16:25|--a------|122584] D:\5-KartodromiSchumacher-popup.jpg
[01/01/2007 16:25|--a------|63536] D:\6-JLennonMuseum-popup.jpg
[01/01/2007 16:25|--a------|112084] D:\7-LandRover-popup.jpg
[01/01/2007 16:24|--a------|76266] D:\8-ResidenzaPrivPilsen-popup.jpg
[09/05/2008 13:26|--a------|2643392] D:\age2upa-frn1.exe
[11/05/2007 00:11|--a------|0] D:\AILog.txt
[15/05/2009 13:18|--a------|3121664] D:\alex4_install.exe
[19/01/2007 18:15|--a------|49083656] D:\AoE2demo.exe
[12/04/2009 22:33|--a------|22] D:\aoe3-110-french_JeuxVideo.com_13108.zip
[22/06/2008 21:46|--a------|1226074] D:\aresregular193.exe
[24/06/2008 21:39|--a------|2018372] D:\aresregular209_installer.exe
[07/05/2009 10:16|--a------|289080] D:\AutodeskDesignRevSetup.exe
[12/12/2006 00:02|--a------|0] D:\AUTOEXEC.BAT
[09/04/2008 19:21|--a------|14544031] D:\Azteca.exe
[12/08/2007 12:08|-rahs----|211] D:\boot.ini
[28/08/2001 13:00|-rahs----|4952] D:\Bootfont.bin
[09/04/2008 19:30|--a------|4324863] D:\BubbleSnooker.exe
[03/04/2008 13:34|--a------|750505] D:\Caesar_PC_jeu_gratuit.zip
[08/05/2009 22:09|--a------|2771] D:\CARTE VISITE de ARADJ SAFIR.rtf
[08/05/2009 21:54|--a------|18545] D:\CARTE VISITE.docx
[11/05/2009 21:52|--a------|3227248] D:\ccsetup219.exe
[05/01/2007 22:10|--a------|67287] D:\CNIL.PDF
[01/01/2007 22:01|--a------|6899193] D:\cobra.zip
[12/12/2006 00:02|--a------|0] D:\CONFIG.SYS
[12/12/2006 16:49|--a------|32] D:\csb.log
[09/05/2008 22:43|--a------|8577048] D:\dap86.exe
[05/01/2007 22:06|--a------|373446] D:\Deroulement.PDF
[05/01/2007 22:09|--a------|786971] D:\Descriptives.pdf
[08/05/2009 22:06|--a------|3158085] D:\Docx2Rtf.zip
[05/01/2007 22:07|--a------|582413] D:\Donnees.pdf
[11/01/2007 00:14|--a------|5415774] D:\freeciv-1.14.0-win32-sound.exe
[05/05/2008 21:17|--a------|878856] D:\Google Updater.exe
[15/05/2009 13:10|--a------|4025856] D:\haroldshills_install.exe
[31/10/2009 21:27|--a------|812344] D:\HJTInstall.exe
[15/05/2009 11:41|--a------|4616192] D:\icytower13_install.exe
[17/04/2009 23:18|--a------|19418864] D:\ie8-setup-full.exe
[12/12/2006 00:02|-rahs----|0] D:\IO.SYS
[27/10/2009 23:13|--a------|14936193] D:\iPhoto_712.dmg
[31/12/2006 23:32|--a------|36808256] D:\iTunesSetup.exe
[01/01/2007 21:17|--a------|855597] D:\JPuzzles.exe
[28/11/2008 14:06|--a------|28494185] D:\Kriegspiel_Win_beta_v14.zip
[05/01/2007 22:06|--a------|190371] D:\Logiciels.pdf
[08/01/2007 22:10|--a------|24631975] D:\logomaker_fr_trial.exe
[01/01/2009 13:34|--a------|1132032] D:\MEILLEURS_VOEUX_POUR_ANNEE_2009.ppt
[04/07/2008 19:17|--a------|13122160] D:\MPSetup.exe
[12/12/2006 00:02|-rahs----|0] D:\MSDOS.SYS
[05/01/2007 22:10|--a------|220584] D:\Neurones.PDF
[28/08/2002 20:08|-rahs----|47580] D:\NTDETECT.COM
[29/08/2002 00:05|-rahs----|235824] D:\ntldr
[01/01/2006 01:11|--ahs----|704643072] D:\PAGEFILE.SYS
[30/04/2009 16:25|--a------|6687800] D:\PandoSetup.exe
[05/01/2007 22:08|--a------|905332] D:\Predictives.PDF
[05/01/2007 22:06|--a------|224828] D:\Presentation.PDF
[27/11/2008 21:19|--a------|5934255] D:\Risk_install_1.0.9.8.jar
[01/01/2007 16:24|--a------|97840] D:\rupertus-terme-popup.jpg
[31/12/2006 22:50|--a------|7101481] D:\SADDAM.mov
[05/01/2007 22:16|--a------|3031822] D:\setup_tanagra.exe
[15/05/2009 13:19|--a------|4755968] D:\smpe_install.exe
[19/01/2007 18:25|--a------|17372875] D:\stellarium-0.8.2.exe
[21/04/2008 18:04|--a------|292352] D:\STOPzilla_Setup.exe
[05/01/2007 22:10|--a------|284774] D:\Textmining.PDF
[26/07/2007 10:56|--ahs----|40448] D:\Thumbs.db
[13/07/2000 13:46|--a------|112] D:\vdebug.txt
[23/12/2008 21:19|--a------|2532838] D:\yahooqrguide.pdf
[11/04/2009 20:00|--a------|462800] D:\yukongold.exe
[15/05/2009 13:12|--a------|2679808] D:\zombiepox_install.exe
[16/05/2008 23:10|-r-------|882053354] E:\8MM.divx
[06/06/2007 11:25|-r-------|731994112] E:\Les Ailes De L'enfer (1997) De Simon West Avec Nicolas Cage, John Cusack, Monica Potter Et Landry.avi
[18/05/2007 12:52|-r-------|733933568] E:\Les.associ‚s_DVDRip_fr_[Ripped.by.Sel.2.mer.(2004)].VERSION.FR.par.eMule-Paradise.com.avi
[27/10/2006 13:06|-r-------|733720576] E:\Lord.of.War.FRENCH.DVDRip-HELLSING.avi
[08/02/2006 01:47|-r-------|726591488] E:\the weather man.avi
[27/04/2007 23:07|-r-------|732624896] E:\wintalkers.avi
[20/02/2007 11:26|-ra------|1598680] G:\Lilia M‚d‚a.JPG
[12/04/2009 10:17|--a------|238119] G:\img061.jpg
[12/04/2009 00:49|--a------|2863854] G:\Lilia M‚d‚a modŠle.bmp
[25/10/2008 18:57|--a------|4892382] G:\ELENA 01.jpg
[01/04/2002 09:57|--a------|155795] G:\img053.jpg
[17/03/2002 11:08|--a------|286620] G:\img047.jpg
[17/03/2002 11:28|--a------|241713] G:\img048.jpg
[12/04/2009 00:48|--a------|2541558] G:\Bd Tlemcen simul‚ Lilia.bmp
[01/04/2002 09:58|--a------|186247] G:\img054.jpg
[19/03/2009 10:15|--a------|43216] G:\LETTRE INVITATION MOHAMMED BRAHIM Mustapha.pdf
[17/02/2009 09:04|--a------|175908358] G:\video alger.avi
[20/03/2009 17:19|--a------|18579935] G:\Pr‚sentation ALGER - 210309 - 01.pptx
[12/04/2009 00:51|--a------|1155102] G:\Autoroute temouchent simul‚e Lilia.bmp
[12/04/2009 00:52|--a------|2359350] G:\Autoroute temouchent simul‚e Bailen.bmp
[21/03/2009 11:15|--a------|14392320] G:\Pr‚sentation Wilaya d'Alger du 22-03-09.ppt
[25/10/2008 19:00|--a------|4400454] G:\ELENA 02.jpg
[25/10/2008 19:02|--a------|4335583] G:\ELENA 03.jpg
[07/12/2008 12:41|--a------|83968] G:\rapport de visite Alger.doc
[09/03/2009 19:35|--a------|362496] G:\BEP EL BAYADH.VD.doc
[01/04/2002 09:59|--a------|156626] G:\img055.jpg
[25/04/2009 15:12|--a------|1173323] G:\DSC00791.JPG
[10/06/2008 18:26|--a------|398098] G:\10062008369.jpg
[10/06/2008 18:25|--a------|553665] G:\10062008367.jpg
[14/04/2009 21:21|--a------|217088] G:\C.V Brahmia nor eddine Mars 2009.doc
[12/09/1991 12:46|--a------|147584] G:\KLOTSKI.EXE
[25/04/2009 15:27|--a------|1290728] G:\DSC00828.JPG
[25/04/2009 15:39|--a------|1202900] G:\DSC00838.JPG
[05/04/2009 16:56|--a------|21504] G:\Note d'honoraires EGGR RELIZANE.doc
[22/05/2009 23:00|--a------|125952] G:\Le MCO en D1.xls
[05/04/2009 17:01|--a------|23040] G:\Dossier fournitures et autres d‚penses.xls
[18/07/2009 13:01|--a------|24576] G:\Note d'honoraires CNAT.doc
[05/04/2009 17:01|--a------|25600] G:\D‚penses.xls
[25/04/2009 15:21|--a------|1421369] G:\DSC00819.JPG
[01/07/2009 18:54|--a------|3238] G:\BOOTEX.LOG
[01/01/2050 00:00|--a------|84834] G:\_0504140439_001.pdf
[31/03/2009 15:59|--a------|11197446] G:\REALISATION FEUX ROUGE.dwg
[07/05/2009 13:58|--a------|34852] G:\Mus 01.XBC
[08/05/2009 19:17|--a------|35421] G:\Mus 02.XBC
[09/05/2009 10:17|--a------|28160] G:\Certificat de travail MELIANI.doc
[31/05/2009 16:05|--a------|81408] G:\DRIM secteur militaire Ain T‚mouchent.xls
[25/04/2009 15:09|---------|1200299] G:\DSC00783.JPG
[02/06/2009 16:30|--a------|27136] G:\LISTE ACTIONNAIRES POUR AGO 2008.xls
[25/04/2009 15:10|---------|1268882] G:\DSC00786.JPG
[03/06/2009 15:36|--a------|4440064] G:\Cahier de charge Feux tricolores.doc
[25/04/2009 15:11|---------|1267570] G:\DSC00787.JPG
[25/04/2009 15:15|---------|1127304] G:\DSC00803.JPG
[30/03/2009 16:34|--a------|71168] G:\Cahier de charge signalisation5 verticale.doc
[25/04/2009 15:21|---------|1354955] G:\DSC00818.JPG
[12/01/2008 16:31|--a------|303616] G:\Cahier de charge signalisation verticale.doc
[25/04/2009 15:21|---------|1465803] G:\DSC00820.JPG
[12/01/2008 17:26|--a------|4413952] G:\Cahier de charge signalisation verticale_Feux tricolor.doc
[25/04/2009 15:25|---------|1296363] G:\DSC00823.JPG
[30/03/2008 14:34|--a------|32256] G:\ENIP entretien ‚clairage sites ORAN et ARZEW.xls
[25/04/2009 15:25|---------|1203393] G:\DSC00824.JPG
[25/04/2009 15:26|---------|1272015] G:\DSC00827.JPG
[01/07/2009 11:17|--a------|313943] G:\Invitation IVAN DESSIN AXIMUM.jpg
[25/04/2009 15:40|---------|1187314] G:\DSC00839.JPG
[13/07/2002 14:53|--a------|41984] G:\Le Bordereau PU 138 LOGTS aadl.doc
[25/04/2009 15:43|---------|1445660] G:\DSC00851.JPG
[08/04/2009 11:48|---------|1398255] G:\DSC00720.JPG
[19/04/2009 16:18|---------|2471218] G:\DSC00765.JPG
[25/04/2009 15:07|---------|1270327] G:\DSC00776.JPG
[14/09/2009 11:28|--a------|52224] G:\Etat EP secteurs urb bouamama mokrani grds arteres.doc
[25/04/2009 15:08|---------|1437135] G:\DSC00780.JPG
[01/10/2009 12:20|--a------|172544] G:\Salon SPS IPC DRIVES Nuremberg nov 24 26 2009.doc
[11/05/2009 18:06|--a------|28160] G:\EURL IRRIPLAINE.doc
[05/10/2002 09:26|--a------|344576] G:\cahier des charges DUC ORAN EP 226 LOT A MISSERGHINE.doc
[05/10/2009 22:33|--a------|345600] G:\Cahier des charges APC 31 Installation panneaux directionnels lumineux.doc
[06/10/2009 15:04|--a------|1698816] G:\FICHE TECHNIQUE PANNEAUX DIRECTIONNELS APC 31.doc
[19/10/2009 14:03|--a------|24064] G:\djamel carte prof.doc
[19/10/2009 23:01|--a------|45568] G:\djamel carte prof 02.doc
[20/10/2009 00:18|--a------|5329284] G:\LUMIPRIX_1er_septembre_2009.pdf
[28/10/2009 21:45|--a------|156672] G:\Site kouadria com Appel d'offres Alg‚rie.doc
[28/10/2009 23:12|--a------|133632] G:\Abonnement … Algeriatenders com.doc
[28/10/2009 23:12|--a------|330240] G:\Appels d'offres Kouadria com.doc
[29/10/2009 08:41|--a------|115712] G:\Algeriatenders appels d'offres.xls
[02/11/2009 22:19|--a------|20480] G:\Coordonn‚es algeriatenders.doc
[05/11/2009 13:46|--a------|44032] G:\Diplomatie SUR TSA.doc

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix.
# D:\autorun.inf -> Dossier créé par UsbFix.
# G:\autorun.inf -> Dossier créé par UsbFix.

################## | Suspect | https://www.virustotal.com/gui/ |


################## | Cracks / Keygens / Serials |



Rapport RSIT :

Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2009-11-07 15:27:14
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 7 GB (22%) free of 34 GB
Total RAM: 1023 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:27:21, on 07/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\User\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ww12.cherche.us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ww12.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll (file missing)
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [kubernscan] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\kubernscan.vbe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Fichiers communs\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [E09FXLRD_415031] "C:\Program Files\Microsoft Encarta 2009 - Collection DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\DOCUME~1\User\LOCALS~1\Temp\E_S27.tmp" /EF "HKCU"
O4 - Global Startup: kubernscan.vbe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - https://benchmarks.ul.com?redirected=true
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F141915-CC39-40D8-A9BF-793EA4BFD039}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{466A185E-9B18-4A09-A7EB-0FBC1BB6C8E3}: NameServer = 208.67.222.222 208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O20 - Winlogon Notify: opnmklk - opnmklk.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Service Google Update (gupdate1c9bf591942390) (gupdate1c9bf591942390) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
0
Réponse 18 / 37
Nemesis31 Messages postés 436 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 3 avril 2014 78
8 nov. 2009 à 19:39
re,

je ne pense pas que tu es attrapé ce malware à cause de ton antivirus :) mais plutôt car tu n'as aps mis à jour ton système... (on le fera à la fin de la désinfection)


Fais ça stp:

* Télécharge OTM (OtmoveIT de Old_Timer) sur ton Bureau

* (c'est le numéro 7 en bas de la page) :

* Double-clique sur OTM.exe pour le lancer.

* Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.

* Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTM sous Paste List of Files/Folders to move.
-----------------------------

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\kubernscan.vbe

-----------------------------
* clique sur MoveIt! pour lancer la suppression.

* Le résultat apparaitra dans le cadre "Results".

* Clique sur Exit pour fermer.

* Poste le rapport situé dans C:\_OTM\MovedFiles.

* Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

Ensuite redémarre le pc


Ensuite:

Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !). Pour cela, fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " et tape C-Fix dans la fenêtre qui s'ouvre et valide.

Déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENSES, antivirus...
(qui pourraient gêner fortement l'outil...Tu les réactiveras donc après ! )


Tuto ici pour installer la Console de récupération (important en cas de problème) : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Postes le rapport stp

(ne touche a rien pendant que l'outil travaille pour ne pas figer ton pc)

(si par hasard tu n'arrives pas a l'ouvrir, fais ceci :
• Télécharge [ http://sd-1.archive-host.com/membres/up/7739387536519291/DDO.bat DDO (de Anthony5151)] sur ton Bureau
• Lance DDO
• Lis les informations données et appuie sur une touche pour continuer
• Une autre fenêtre va apparaître : tape Combofix.exe et appuie sur Entrée )



Enfin: refais un RSIT


Résumé:
-1 rapport de OtmoveIT de Old_Timer
-1 rapport de Combofix
-1 rapport RSIT


++ (Avira est mieux que Norton :))
0
Réponse 19 / 37
Nemesis31 Messages postés 436 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 3 avril 2014 78
8 nov. 2009 à 19:59
ah?

je le dirai à geoffrey alors.... vu que je l'ai pris sur son site


Je l'ai exécuté car USBFix n'a pas eu l'air de l'avoir enlevé (on voit bien supprimé sur le rapport mais par sur celui d'HJT...)
0
Réponse 20 / 37
Utilisateur anonyme
8 nov. 2009 à 20:02
hé bien passe l info à geofrrey , si il n est pas a jours ..


Je l'ai exécuté car USBFix n'a pas eu l'air de l'avoir enlevé (on voit bien supprimé sur le rapport mais par sur celui d'HJT...)

Le fichier concerné n apparait pas sur le rapport usbfix , donc il est logique qu il ne le supprime pas .

Bonne suite ;)
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Tréma sur "i" minuscule
turfette -
Jhenny09 -

2 réponses
Bouton ON OFF, O ou I ?
Stargirlfr -
kaparzo23 -

12 réponses
Comment faire un i tréma
Johanna -
PSud -

11 réponses
Cherche vieille chanson avec "I love you"
Charlenee22 -
gwadil -

11 réponses