Sujet Précédent Sujet Suivant

Ordi infecter

photo66000 -  
 Utilisateur anonyme -
Bonjour,
mon avast detect Win32:Alureon-EH [Rtk] et que je mete suprimer ou en quarantaine il rvien tout le temp quand je vais voir mes mail sur msn que dois-je faire ????
A voir également:

19 réponses

Réponse 1 / 19
Utilisateur anonyme
 
Bonjour

• Télécharge : http://images.malwareremoval.com/random/RSIT.exe
* Sous XP : double-cliquez sur RSIT.exe pour lancer l'outil.
* Si vous êtes sous vista vous devez exécuter RSIT avec les droits d'administrateur, pour cela Clique droit sur RSIT et "Lancer en tant qu'administrateur"
• Double clique sur RSIT.exe pour lancer l'outil.
• Clique sur 'Continue' à l'écran Disclaimer.
• Si l'outil Hijackthis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
• Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports.
( C:\RSIT\log.txt et C:\RSIT\info.txt )
• CTRL A pour sélectionner tout, CTRL C pour copier et puis CTRL V pour coller
0
Réponse 2 / 19
photo66000
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by jp at 2009-11-23 06:44:01
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 71 GB (51%) free of 141 GB
Total RAM: 2046 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:44:21, on 23/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\SFR\Media Center\MediaCenter.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Users\jp\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\WINDOWS\System32\rundll32.exe
C:\Users\jp\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\jp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XEW4S36O\RSIT[1].exe
C:\Program Files\trend micro\jp.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vizzeo.fr/inverse
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [lsdefrag] C:\Windows\TEMP\ie73DB.tmp
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\jp\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
0
Réponse 3 / 19
Utilisateur anonyme
 
• Telecharge et install UsbFix par Chiquitine29
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
• Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisis "éxécuter en tant qu'administrateur" .
• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
• Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
• Laisse travailler l outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé à la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
0
Réponse 4 / 19
photo66000
 
############################## | UsbFix V6.056 |

User : jp (Administrateurs) # PC-DE-JP
Update on 23/11/2009 by Chiquitine29, C_XX & Chimay8
Start at: 13:08:24 | 23/11/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18828
Windows Firewall Status : Disabled
AV : Spyware Terminator 2.6.0.110 [ Enabled | Updated ]

C:\ -> Disque fixe local # 137,6 Go (69,51 Go free) # NTFS
D:\ -> Disque fixe local
E:\ -> Disque CD-ROM
G:\ -> Disque fixe local # 596,17 Go (469,56 Go free) [PeekBox] # NTFS
H:\ -> Disque amovible

############################## | Processus actifs |

C:\Windows\System32\smss.exe 572
C:\Windows\system32\csrss.exe 644
C:\Windows\system32\wininit.exe 696
C:\Windows\system32\csrss.exe 704
C:\Windows\system32\services.exe 744
C:\Windows\system32\lsass.exe 756
C:\Windows\system32\lsm.exe 764
C:\Windows\system32\svchost.exe 916
C:\Windows\system32\winlogon.exe 944
C:\Windows\system32\svchost.exe 1032
C:\Windows\System32\svchost.exe 1080
C:\Windows\System32\svchost.exe 1140
C:\Windows\System32\svchost.exe 1176
C:\Windows\system32\svchost.exe 1196
C:\Windows\system32\svchost.exe 1324
C:\Windows\system32\SLsvc.exe 1340
C:\Windows\system32\svchost.exe 1396
C:\Windows\system32\svchost.exe 1516
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1620
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1632
C:\Windows\system32\WLANExt.exe 1648
C:\Windows\System32\spoolsv.exe 1956
C:\Windows\system32\svchost.exe 1996
C:\Windows\system32\taskeng.exe 2136
C:\Windows\system32\Dwm.exe 2156
C:\Windows\Explorer.EXE 2200
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 2428
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe 2436
C:\WINDOWS\RtHDVCpl.exe 2464
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 2520
C:\Windows\system32\svchost.exe 2536
C:\Program Files\Hp\QuickPlay\QPService.exe 2556
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe 2604
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe 2612
C:\Program Files\Windows Defender\MSASCui.exe 2628
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe 2644
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe 2664
C:\Windows\system32\svchost.exe 2684
C:\Program Files\Alwil Software\Avast4\ashDisp.exe 2692
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe 2708
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe 2868
C:\WINDOWS\System32\rundll32.exe 2936
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe 2952
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe 2960
C:\Program Files\Java\jre6\bin\jusched.exe 2968
C:\Program Files\Windows Sidebar\sidebar.exe 3000
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe 3024
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 3048
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 3072
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe 3112
C:\Program Files\SFR\Media Center\MediaCenter.exe 3124
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe 3192
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe 3204
C:\Program Files\PC Tools Firewall Plus\FWService.exe 3380
C:\Users\jp\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe 3440
C:\Windows\system32\svchost.exe 3556
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe 3568
C:\WINDOWS\System32\rundll32.exe 3612
C:\Users\jp\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe 3888
C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2068
C:\Program Files\Internet Explorer\iexplore.exe 2312
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2368
C:\Program Files\Spyware Terminator\sp_rsser.exe 588
C:\Program Files\Internet Explorer\iexplore.exe 124
C:\Windows\system32\svchost.exe 228
C:\Windows\System32\svchost.exe 3452
C:\Windows\system32\SearchIndexer.exe 3988
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 3424
C:\Program Files\Windows Live\Toolbar\wltuser.exe 4392
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe 4492
C:\PROGRA~1\Crawler\CToolbar.exe 4964
C:\Program Files\SFR\Media Center\httpd\httpd.exe 4984
C:\Program Files\SFR\Media Center\httpd\httpd.exe 5228
C:\Windows\system32\taskeng.exe 5804
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe 4776
C:\Program Files\Internet Explorer\iexplore.exe 5404
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 3156
C:\Windows\system32\wbem\wmiprvse.exe 3488
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe 1764
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe 5416
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe 4376
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe 5328
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 3788
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 5280
C:\Program Files\Windows Live\Contacts\wlcomm.exe 3244
C:\Windows\system32\conime.exe 5920
C:\Windows\system32\taskeng.exe 2308
\\?\C:\Windows\system32\wbem\WMIADAP.EXE 4328
C:\Windows\system32\wbem\wmiprvse.exe 3664
C:\Windows\System32\mobsync.exe 6084

################## | Fichiers # Dossiers infectieux |

################## | Registre # Clés infectieuses |

################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{25e71f90-2767-11de-951f-001e68ab699c}
shell\AutoRun\command =F:\wd_windows_tools\WDSetup.exe

HKCU\..\..\Explorer\MountPoints2\{a247cd08-9304-11de-82f3-001e68ab699c}
shell\AutoRun\command =F:\r2g20.exe
shell\open\Command =F:\r2g20.exe

################## | Cracks / Keygens / Serials |

"C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe"
17/01/2007 14:34 |Size 634880 |Crc32 0589236e |Md5 4bbe1550c346fce2d4927bf6eacd3cf7

################## | ! Fin du rapport # UsbFix V6.056 ! |
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 19
Utilisateur anonyme
 
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau
• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
• Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]
• Ton bureau disparaitra et le pc redémarrera .
• Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

0
Réponse 6 / 19
photo66000 Messages postés 5 Statut Membre
 
j'ai fais tous ce que vous m'avez dit mais je n'ai ni de raport et le viruset toujours la !!
le scan a durée tres peu de temp !!
0
Réponse 7 / 19
Utilisateur anonyme
 
Bon tu recommences Usbfix mais cette fois en mode sans échec .Post le rapport

(Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier (F5 ou F10 sur certains PC) jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.

0
Réponse 8 / 19
photo66000 Messages postés 5 Statut Membre
 
toujours pas de rapport rien de mieu !!
0
Réponse 9 / 19
Utilisateur anonyme
 
/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.

/!\ Désactive tous tes logiciels de protection /!\

• Télécharge combofix(de sUBs) sur ton Bureau.
• Double-clique sur ComboFix.exe afin de le lancer.
• Il va te demander d'installer la console de récupération : accepte. (important en cas de problème)
• Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
#Si combofix ne veut pas se lancer renommes le en ccm.exe et éxécutes le en mode sans échec .
Tutoriel officiel de Combofix : http://www.bleepingcomputer.com/combofix/fr/comment-utiliser¬-combofix
0
Réponse 10 / 19
photo66000
 
ComboFix 09-11-22.08 - jp 23/11/2009 20:12.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.1337 [GMT 1:00]
Lancé depuis: c:\users\jp\Documents\ComboFix.exe
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-213232434-3522165600-3724678075-500
c:\$recycle.bin\S-1-5-21-2429910065-444080233-781744909-500
c:\users\jp\AppData\Local\Microsoft\Windows\Temporary Internet Files\TestBrowser.html
c:\windows\system32\oem4.inf

Une copie infectée de c:\windows\system32\drivers\atapi.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty ate it :p
Une copie infectée de c:\windows\system32\DRIVERS\iaStor.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty ate it :p
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-23 au 2009-11-23 ))))))))))))))))))))))))))))))))))))
.

2009-11-23 19:23 . 2009-11-23 19:23 -------- d-----w- c:\users\jp\AppData\Local\temp
2009-11-23 19:23 . 2009-11-23 19:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-23 19:07 . 2008-01-21 02:23 28728 ----a-w- c:\windows\system32\drivers\msahci.sys
2009-11-23 12:05 . 2009-11-23 18:27 4096 d-----w- C:\UsbFix
2009-11-23 05:44 . 2009-11-23 05:44 -------- d-----w- c:\program files\trend micro
2009-11-23 05:44 . 2009-11-23 05:44 -------- d-----w- C:\rsit
2009-11-19 23:13 . 2008-01-21 02:24 25088 ----a-w- c:\windows\system32\stu2.exe
2009-11-17 13:41 . 2009-11-17 13:41 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-17 12:43 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-17 12:43 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-17 12:43 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-17 12:41 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-11-17 12:41 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-11-17 12:41 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-11-17 12:41 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-11-17 12:41 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-11-17 12:41 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-11-17 12:41 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-11-17 12:41 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-11-17 12:40 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-17 12:40 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-17 12:40 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-13 19:17 . 2009-11-13 19:17 -------- d-----w- c:\users\jp\AppData\Roaming\AVS4YOU
2009-11-13 19:17 . 2009-11-13 19:17 -------- d-----w- c:\programdata\AVS4YOU
2009-11-13 19:15 . 2009-11-13 19:23 4096 d-----w- c:\program files\Common Files\AVSMedia
2009-11-13 19:15 . 2009-11-13 19:24 4096 d-----w- c:\program files\AVS4YOU
2009-11-13 19:15 . 2008-08-13 09:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-11-13 12:41 . 2009-11-20 12:34 -------- d-----w- c:\programdata\VistaCodecs
2009-11-12 10:31 . 2009-11-12 10:37 -------- d-----w- c:\programdata\WSG32
2009-11-12 10:30 . 2009-11-13 06:57 -------- d-----w- c:\windows\sagkl
2009-11-11 06:23 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 06:23 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-08 12:15 . 2009-11-21 17:37 4096 d-----w- c:\users\jp\AppData\Local\PokerStars
2009-11-08 12:15 . 2009-11-11 14:45 8192 d-----w- c:\program files\PokerStars
2009-11-07 10:56 . 2009-11-08 17:34 -------- d-----w- C:\Poker
2009-11-03 19:09 . 2009-11-03 19:10 -------- d-----w- c:\users\jp\AppData\Local\Ares
2009-11-02 19:38 . 2009-11-02 19:38 8192 d-----w- c:\program files\A4Proxy
2009-11-02 19:33 . 2009-11-02 19:34 4096 d-----w- C:\Identity Cloaker
2009-10-28 05:22 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 05:22 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-23 19:16 . 2008-03-08 10:27 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-23 19:16 . 2008-03-08 10:27 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-23 19:07 . 2009-06-22 19:21 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-23 19:04 . 2009-09-07 22:07 4096 d-----w- c:\program files\Crawler
2009-11-23 19:02 . 2009-08-28 16:14 4096 d-----w- c:\users\jp\AppData\Roaming\Spyware Terminator
2009-11-23 10:53 . 2009-09-07 22:01 4096 d-----w- c:\program files\WinClamAVShield
2009-11-23 10:53 . 2009-08-28 16:14 4096 d-----w- c:\programdata\Spyware Terminator
2009-11-22 18:35 . 2009-08-22 22:13 4096 d-----w- c:\users\jp\AppData\Roaming\VSO
2009-11-22 01:36 . 2009-04-11 13:56 1126 ----a-w- c:\users\jp\AppData\Roaming\wklnhst.dat
2009-11-20 21:46 . 2009-06-20 21:16 163840 d-----w- c:\users\jp\AppData\Roaming\BitTorrent
2009-11-19 22:11 . 2009-03-28 23:38 49152 d-----w- c:\users\jp\AppData\Roaming\dvdcss
2009-11-18 14:38 . 2009-04-11 14:40 -------- d-----w- c:\users\jp\AppData\Roaming\HP
2009-11-17 13:41 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 13:37 . 2009-11-17 13:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-13 21:07 . 2009-08-28 16:14 4096 d-----w- c:\program files\Spyware Terminator
2009-11-11 06:37 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-11 06:30 . 2008-03-08 02:43 8192 d-----w- c:\programdata\Microsoft Help
2009-11-02 19:42 . 2009-10-03 08:33 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-21 16:04 . 2008-03-08 03:05 4096 d-----w- c:\program files\Java
2009-10-16 10:42 . 2009-08-29 10:58 -------- d-----w- c:\programdata\WinZip
2009-10-14 10:33 . 2009-10-14 10:33 -------- d-----w- c:\users\jp\AppData\Roaming\Uniblue
2009-10-12 20:22 . 2009-08-21 11:28 4096 d-----w- c:\program files\Common Files\ACD Systems
2009-10-12 20:21 . 2009-10-12 20:21 -------- d-----w- c:\program files\ACD Systems
2009-10-06 18:57 . 2009-10-06 18:57 -------- d-----w- c:\program files\Neuf
2009-10-02 11:01 . 2009-10-02 11:01 10134 ----a-r- c:\users\jp\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2009-10-02 07:17 . 2009-10-02 07:17 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-10-01 15:53 . 2009-08-07 09:43 -------- d-----w- c:\program files\SFR
2009-10-01 01:02 . 2009-11-17 12:42 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-17 12:42 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-17 12:42 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-17 12:42 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-09-30 20:35 . 2009-03-24 14:26 4096 d-----w- c:\program files\Windows Live
2009-09-26 20:33 . 2009-09-26 20:30 -------- d-----w- c:\users\jp\AppData\Roaming\ManyCam
2009-09-26 19:20 . 2009-09-26 19:14 -------- d-----w- c:\users\jp\AppData\Roaming\XnView
2009-09-25 21:41 . 2008-03-08 02:47 4096 d-----w- c:\program files\Common Files\Adobe
2009-09-25 02:10 . 2009-11-17 12:42 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-17 12:42 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-17 12:42 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-17 12:42 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-17 12:42 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-17 12:42 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-17 12:42 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-17 12:42 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-17 12:42 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-17 12:42 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-17 12:42 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-17 12:42 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-17 12:42 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-17 12:42 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-17 12:42 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-17 12:42 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-17 12:42 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-17 12:42 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-17 12:42 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-17 12:42 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-17 12:42 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-17 12:42 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-17 12:42 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-17 12:42 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-17 12:42 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-17 12:42 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-17 12:42 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-23 19:46 . 2009-03-24 12:55 76952 ----a-w- c:\users\jp\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-14 09:29 . 2009-10-14 04:14 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-11 20:41 . 2009-09-11 20:42 49152 ----a-w- c:\programdata\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
2009-09-10 16:48 . 2009-10-14 04:15 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 11:41 . 2009-10-14 04:14 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 00:27 . 2009-09-02 21:19 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 21:19 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 16:14 . 2009-08-28 16:14 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2009-08-28 16:14 . 2009-08-28 16:14 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2009-08-28 16:14 . 2009-08-28 16:14 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-08-27 05:22 . 2009-10-14 04:14 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-14 04:14 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 05:17 . 2009-10-14 04:14 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 03:42 . 2009-10-14 04:14 133632 ----a-w- c:\windows\system32\ieUnatt.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-19 39408]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-08-28 3055616]
"Neuf Media Center"="c:\program files\SFR\Media Center\MediaCenter.exe" [2008-10-10 726336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-07 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-07 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-07 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-08-28 2171904]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-09 4702208]

c:\users\jp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de notification Live Search.lnk - c:\users\jp\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2009-3-24 143360]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-9-25 110592]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
"VistaSp2"=hex(b):b8,6c,fd,5f,26,e4,c9,01

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [28/08/2009 12:13 130936]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [24/03/2009 16:22 114768]
R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [28/08/2009 12:13 159600]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [28/08/2009 17:14 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [24/03/2009 16:22 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [24/03/2009 16:21 53328]
R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [28/08/2009 12:14 95640]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 03:23 21504]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [30/09/2009 21:36 54632]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2011-12-17 c:\windows\Tasks\User_Feed_Synchronization-{344F973D-B9D9-4AE1-A3FA-69A6E7FA7DCF}.job
- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.vizzeo.fr/inverse
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
.
- - - - ORPHELINS SUPPRIMES - - - -

AddRemove-BitTorrent DNA - c:\users\jp\Program Files\DNA\btdna.exe
AddRemove-Live Search - c:\users\jp\AppData\Roaming\Microsoft\Live Search\Suppression-Live-Search.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-23 20:23
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.032"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.abr"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ani"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2429910065-444080233-781744909-1000)
"Progid"="ACDSee Pro 2.5.arw"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bay"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2429910065-444080233-781744909-1000)
"Progid"="ACDSee Pro 2.5.bmp"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.bw"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2429910065-444080233-781744909-1000)
"Progid"="ACDSee Pro 2.5.cr2"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2429910065-444080233-781744909-1000)
"Progid"="ACDSee Pro 2.5.crw"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cs1"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.cur"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2429910065-444080233-781744909-1000)
"Progid"="ACDSee Pro 2.5.dcr"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dcx"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.dib"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djv"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.djvu"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2429910065-444080233-781744909-1000)
"Progid"="ACDSee Pro 2.5.dng"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.emf"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.eps"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.erf"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fff"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.fpx"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2429910065-444080233-781744909-1000)
"Progid"="ACDSee Pro 2.5.gif"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.hdr"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icl"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.icn"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.iff"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ilbm"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.int"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.inta"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.iw4"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.j2c"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.j2k"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jbr"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jfif"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jif"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jp2"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpc"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2429910065-444080233-781744909-1000)
"Progid"="ACDSee Pro 2.5.jpe"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2429910065-444080233-781744909-1000)
"Progid"="ACDSee Pro 2.5.jpeg"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2429910065-444080233-781744909-1000)
"Progid"="ACDSee Pro 2.5.jpg"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpk"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.jpx"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2429910065-444080233-781744909-1000)
"Progid"="ACDSee Pro 2.5.kdc"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.lbm"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mef"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.mos"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2429910065-444080233-781744909-1000)
"Progid"="ACDSee Pro 2.5.mrw"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2429910065-444080233-781744909-1000)
"Progid"="ACDSee Pro 2.5.nef"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2429910065-444080233-781744909-1000)
"Progid"="ACDSee Pro 2.5.orf"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbm"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pbr"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pcd"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pct"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pcx"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2429910065-444080233-781744909-1000)
"Progid"="ACDSee Pro 2.5.pef"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pgm"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pic"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pict"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pix"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2429910065-444080233-781744909-1000)
"Progid"="ACDSee Pro 2.5.png"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ppm"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.psd"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.psp"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pspbrush"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.pspimage"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2429910065-444080233-781744909-1000)
"Progid"="ACDSee Pro 2.5.raf"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ras"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2429910065-444080233-781744909-1000)
"Progid"="ACDSee Pro 2.5.raw"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgb"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rgba"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rle"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.rsb"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2429910065-444080233-781744909-1000)
"Progid"="ACDSee Pro 2.5.rw2"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.sgi"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2429910065-444080233-781744909-1000)
"Progid"="ACDSee Pro 2.5.sr2"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2429910065-444080233-781744909-1000)
"Progid"="ACDSee Pro 2.5.srf"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2429910065-444080233-781744909-1000)
"Progid"="ACDSee Pro 2.5.tga"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.THM\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.thm"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2429910065-444080233-781744909-1000)
"Progid"="ACDSee Pro 2.5.tif"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2429910065-444080233-781744909-1000)
"Progid"="ACDSee Pro 2.5.tiff"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttc"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.ttf"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25po"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25pp"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v25ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.v25ppf"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbm"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wbmp"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.wmf"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xbm"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xif"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xmp"

[HKEY_USERS\S-1-5-21-2429910065-444080233-781744909-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.5.xpm"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2009-11-23 20:27
ComboFix-quarantined-files.txt 2009-11-23 19:27

Avant-CF: 76 263 022 592 octets libres
Après-CF: 76 240 371 712 octets libres

- - End Of File - - 2606DF6510BC604F7D33D8D109CA52E9
0
Réponse 11 / 19
Utilisateur anonyme
 
• Télécharge: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe sur ton bureau.
• Double-clique sur drweb-cureit.exe et clique sur Commencer le scan.
• Si il trouve des processus infectés, clique sur le bouton Oui pour Tout à l'invite.
• Lorsque le scan rapide est terminé, clique sur Options > Changer la configuration.
• Choisis l'onglet Scanner, et décoche Analyse heuristique.
• De retour à la fenêtre principale : choisis Analyse complète.
• Clique la flèche verte sur la droite et le scan débutera. Une publicité apparaît quelquefois, ferme-la.
• Clique Oui pour Tout si un fichier est détecté.
• A la fin du scan, si des infections sont trouvées, clique sur Tout sélectionner, puis surDésinfecter.
• Si la désinfection est impossible, clique sur Quarantaine.
• Au menu principal de l'outil, en haut à gauche, clique sur le menu Fichier et choisis Enregistrer le rapport.
• Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv.
• Ferme Dr.Web CureIt!
• /!\ Important /!\ Redémarre ton ordinateur car certains fichiers peuvent être déplacés/réparés au redémarrage.
• Après le redémarrage, fais un copié/collé du rapport dans ta prochaine réponse
0
Réponse 12 / 19
photo66000 Messages postés 5 Statut Membre
 
voila le scan est terminer il ma trouver un dernier survivant lol un trojan qui n'est maintenant plus la !!!
je vous remercie beaucoup pour cette aide et ce suivie qui ma était d'une aide tres précieuse !!!
j'ai cependant une derniere info a vous demandez quel sont les logitiels que vous me recommandez pour la protection de mon ordi !!!!
0
Réponse 13 / 19
Utilisateur anonyme
 
Post un nouveau rapport rsit pour vérifier si toutes les infections ont disparues.
0
Réponse 14 / 19
photo66000 Messages postés 5 Statut Membre
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by jp at 2009-11-23 22:31:10
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 73 GB (52%) free of 141 GB
Total RAM: 2046 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:31:30, on 23/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\SFR\Media Center\MediaCenter.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Users\jp\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\jp\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\jp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SSU5EHCD\RSIT[1].exe
C:\Program Files\trend micro\jp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vizzeo.fr/inverse
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\jp\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} (ContactExtractor Class) - http://www.facebook.com/controls/contactx.dll
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
0
Réponse 15 / 19
Utilisateur anonyme
 
• Télécharge et enregistre le fichier d installation sur ton bureau :
http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe
ou
https://www.androidworld.fr/
• Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( le bureau )
• Ouvre le dossier Ad-remover présent sur ton bureau, et double clique sur Ad-remover.bat.
* Sous XP : double-cliquez sur l'icône pour lancer l'outil.
* Si tu es sous Vista : clic droit sur AD-Remover et sélectionner "Exécuter en tant qu'administrateur"
• Au menu principal choisi l'option "L" et tape sur [entrée] .
• Laisse travailler l'outil et ne touche à rien ...
• Poste le rapport qui apparait à la fin.
• ( le rapport est sauvegardé aussi sous C:\Ad-report.log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note :
Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis
entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels
de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces
antivirus.

0
Réponse 16 / 19
photo66000 Messages postés 5 Statut Membre
 
il me dis controles des comptes de l'utilisateurs actifs que dois-je faire ??
0
Réponse 17 / 19
Utilisateur anonyme
 
Désactiver l'UAC de vista

Pour se faire allez dans le "Panneau de configuration" puis cliquer sur "Comptes d'utilisateurs". Dans la nouvelle fenêtre cliquer encore une fois sur "Comptes d'utilisateurs".

Ensuite en bas cliquer sur "activer ou désactiver le contrôle des comptes d'utilisateurs". Dans la fenêtre en résultant décocher la case "utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur"

et cliquer sur OK.

Il vous sera demandé de redémarrer. Sitôt l'ordinateur redémarré, vous n'aurez plus d'assombrissement de la luminosité de votre écran avec la demande de votre autorisation pour continuer à installer un logiciel ou modifier un paramètre.
0
Réponse 18 / 19
photo66000
 
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_D | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 22.11.2009 à 23:00
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 16:47:12, 24/11/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 2 v6.0.6002
Nom du PC: PC-DE-JP | Utilisateur actuel: jp
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Barre d'outils Crawler
C:\Program Files\Crawler
C:\Users\jp\AppData\Roaming\MICROS~1\Windows\Cookies\jp@dnl.crawler[1].txt
C:\Users\jp\AppData\Roaming\MICROS~1\Windows\Cookies\jp@dnl.crawler[2].txt
C:\Users\jp\AppData\Roaming\MICROS~1\Windows\Cookies\jp@kiwee[2].txt
C:\Users\jp\AppData\Roaming\MICROS~1\Windows\Cookies\jp@partypoker[1].txt
C:\Users\jp\AppData\Roaming\MICROS~1\Windows\Cookies\jp@www1.kiwee[1].txt
C:\Users\jp\AppData\Roaming\MICROS~1\Windows\Cookies\Low\jp@ask[1].txt
C:\Users\jp\AppData\Roaming\MICROS~1\Windows\Cookies\Low\jp@ask[3].txt
C:\Users\jp\AppData\Roaming\MICROS~1\Windows\Cookies\Low\jp@crawler[10].txt
C:\Users\jp\AppData\Roaming\MICROS~1\Windows\Cookies\Low\jp@crawler[1].txt
C:\Users\jp\AppData\Roaming\MICROS~1\Windows\Cookies\Low\jp@crawler[2].txt
C:\Users\jp\AppData\Roaming\MICROS~1\Windows\Cookies\Low\jp@crawler[3].txt
C:\Users\jp\AppData\Roaming\MICROS~1\Windows\Cookies\Low\jp@crawler[4].txt
C:\Users\jp\AppData\Roaming\MICROS~1\Windows\Cookies\Low\jp@crawler[5].txt
C:\Users\jp\AppData\Roaming\MICROS~1\Windows\Cookies\Low\jp@crawler[6].txt
C:\Users\jp\AppData\Roaming\MICROS~1\Windows\Cookies\Low\jp@crawler[7].txt
C:\Users\jp\AppData\Roaming\MICROS~1\Windows\Cookies\Low\jp@crawler[8].txt
C:\Users\jp\AppData\Roaming\MICROS~1\Windows\Cookies\Low\jp@crawler[9].txt
C:\Users\jp\AppData\Roaming\MICROS~1\Windows\Cookies\Low\jp@funkyemoticons[2].txt
C:\Users\jp\AppData\Roaming\MICROS~1\Windows\Cookies\Low\jp@partypoker[2].txt
.
HKCR\VirtualStore\MACHINE\Software\CToolbar
HKCU\software\CToolbar
HKCU\Software\Microsoft\Internet Explorer\MenuExt\Crawler Search
HKCU\software\microsoft\internet explorer\searchscopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
HKCU\software\Poker 770
HKCU\software\pokerinstaller
HKLM\software\classes\ctbr.R404Pro
HKLM\software\classes\CToolbar.TB4Client
HKLM\software\classes\CToolbar.TB4Script
HKLM\software\classes\CToolbar.TB4Server
HKLM\software\CToolbar
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7459F1D0-9FB6-4D71-AA7B-9DECB34EB704}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBF1B8D2-9A06-4174-A8B5-E38606DDB92B}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\Crawler
HKLM\software\microsoft\windows\currentversion\uninstall\CToolbar_UNINSTALL
HKLM\software\Poker 770

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version [Impossible d'obtenir la version] *
.
Nom du profil: 2htt1zvb.default (jp)
.
(jp, prefs.js) Browser.download.lastDir, C:\Users\jp\Downloads
.
.
* Internet Explorer Version 8.0.6001.18828 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Start Page Redirect Cache_TIMESTAMP: NARY 0023e7e14d22ca01
Start Page Redirect Cache: hxxp://fr.msn.com/?ocid=iehp
Start Page Redirect Cache AcceptLangs: fr
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Users\All Users\Spyware Terminator\SharedFiles\SPT_38_DB_3.011.023.0000_patch_3.011.019.000.torrent
C:\Users\All Users\Spyware Terminator\SharedFiles\SPT_38_DB_3.011.024.0000_patch_3.011.023.000.torrent
C:\Users\jp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HF2MJ02O\SPT_38_DB_3.011.024.0000_patch_3.011.023.000[1].torrent
C:\Users\jp\AppData\Roaming\BitTorrent\Photoshop CS4 Extrator (Keygen).rar.torrent
C:\Users\jp\AppData\Roaming\BitTorrent\WinRAR 3.80 Beta3 - [Keygen Patch].torrent
C:\Users\jp\AppData\Roaming\BitTorrent\WinRAR 3.80 FULL PRO pre-cracked VISTA compatible.torrent
C:\Users\jp\AppData\Roaming\BitTorrent\WinRAR Beta 3.80 + Keygenpatch.torrent
C:\Users\jp\AppData\Roaming\BitTorrent\WinRAR Beta 3.80 Includes Working Patch.torrent
C:\Users\jp\Favorites\CRACK.MS - Download winzip CRACK or SERIAL for FREE.url
.
===================================
.
5475 Octet(s) - C:\Ad-Report-CLEAN[1].log
.
39 Fichier(s) - C:\Users\jp\AppData\Local\Temp
1 Fichier(s) - C:\Windows\Temp
.
19 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
141 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 16:55:33 | 24/11/2009 - CLEAN[1]
.
============== E.O.F ==============
.
0
Réponse 19 / 19
Utilisateur anonyme
 
Supprimes tous les cracks et keygen

============== Suspect (Cracks, Serials, ...) ==============
.
C:\Users\All Users\Spyware Terminator\SharedFiles\SPT_38_DB_3.011.023.0000_patch_3.011.019.000.torrent
C:\Users\All Users\Spyware Terminator\SharedFiles\SPT_38_DB_3.011.024.0000_patch_3.011.023.000.torrent
C:\Users\jp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HF2MJ02O\SPT_38_DB_3.011.024.0000_patch_3.011.023.000[1].torrent
C:\Users\jp\AppData\Roaming\BitTorrent\Photoshop CS4 Extrator (Keygen).rar.torrent
C:\Users\jp\AppData\Roaming\BitTorrent\WinRAR 3.80 Beta3 - [Keygen Patch].torrent
C:\Users\jp\AppData\Roaming\BitTorrent\WinRAR 3.80 FULL PRO pre-cracked VISTA compatible.torrent
C:\Users\jp\AppData\Roaming\BitTorrent\WinRAR Beta 3.80 + Keygenpatch.torrent
C:\Users\jp\AppData\Roaming\BitTorrent\WinRAR Beta 3.80 Includes Working Patch.torrent
C:\Users\jp\Favorites\CRACK.MS - Download winzip CRACK or SERIAL for FREE.url

**************************************************************************
Scanner en ligne avec TrendMicro HouseCall
Prenez Internet Explorer et allez sur https://www.trendmicro.com/en_us/forHome/products/housecall.html
Si un virus est trouvé, l'antivirus vous le signalera.
Il vous suffit alors de cliquer sur "Nettoyer":
Tutoriel.
https://www.commentcamarche.net/faq/8873-scanner-en-ligne-avec-trendmicro-housecall

.
0