Mon pc est infecte

Fermé
meastikmetal - 21 déc. 2009 à 19:41
meastik Messages postés 16 Date d'inscription lundi 21 décembre 2009 Statut Membre Dernière intervention 5 avril 2010 - 24 déc. 2009 à 20:33
Bonjour,
j ai un gros probleme avec mon pc le virus je pense se nome security tools j ai fait un hijackthis et je demande de l aide. voici le rapport
Logfile of HijackThis v1.99.1
Scan saved at 1:36:34 PM, on 12/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\LE KING\My Documents\Downloads\Programs\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ww12.cherche.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ww12.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://ww12.cherche.us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 78.159.110.59 www.google.com
O1 - Hosts: 78.159.110.59 www.google.de
O1 - Hosts: 78.159.110.59 www.google.fr
O1 - Hosts: 78.159.110.59 www.google.co.uk
O1 - Hosts: 78.159.110.59 www.google.com.br
O1 - Hosts: 78.159.110.59 www.google.it
O1 - Hosts: 78.159.110.59 www.google.es
O1 - Hosts: 78.159.110.59 www.google.co.jp
O1 - Hosts: 78.159.110.59 www.google.com.mx
O1 - Hosts: 78.159.110.59 www.google.ca
O1 - Hosts: 78.159.110.59 www.google.com.au
O1 - Hosts: 78.159.110.59 www.google.nl
O1 - Hosts: 78.159.110.59 www.google.co.za
O1 - Hosts: 78.159.110.59 www.google.be
O1 - Hosts: 78.159.110.59 www.google.gr
O1 - Hosts: 78.159.110.59 www.google.at
O1 - Hosts: 78.159.110.59 www.google.se
O1 - Hosts: 78.159.110.59 www.google.ch
O1 - Hosts: 78.159.110.59 www.google.pt
O1 - Hosts: 78.159.110.59 www.google.dk
O1 - Hosts: 78.159.110.59 www.google.fi
O1 - Hosts: 78.159.110.59 www.google.ie
O1 - Hosts: 78.159.110.59 www.google.no
O1 - Hosts: 78.159.110.59 search.yahoo.com
O1 - Hosts: 78.159.110.59 us.search.yahoo.com
O1 - Hosts: 78.159.110.59 uk.search.yahoo.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {24E9519B-3F70-429B-99BC-4B2B49B96F66} - C:\WINDOWS\system32\mlJBUOfc.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [68740126] C:\DOCUME~1\ALLUSE~1\APPLIC~1\68740126\68740126.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\voipcheapcom.exe" -nosplash -minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ViGlance] C:\PROGRA~1\ViGlance\ViGlance.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WeatherEye] C:\Documents and Settings\LE KING\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: IMVU.lnk = C:\Documents and Settings\LE KING\Application Data\IMVUClient\IMVUClient.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: VirtuaGirl2.lnk = C:\Program Files\Vg\VirtuaGirl2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer via Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Envoyer via message(&M)... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\LE KING\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: mlJBUOfc - mlJBUOfc.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: Google Update Service (gupdate1c9f9324a9bfc6c) (gupdate1c9f9324a9bfc6c) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security (NIS) - Unknown owner - C:\Program Files\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe" /s "NIS" /m "C:\Program Files\Norton Internet Security\Engine\17.0.0.136\diMaster.dll" /prefetch:1 (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

please help me
A voir également:

22 réponses

jacques.gache Messages postés 33453 Date d'inscription mardi 13 novembre 2007 Statut Contributeur sécurité Dernière intervention 25 janvier 2016 1 616
22 déc. 2009 à 22:14
bonjour, OUI une collection de cracks et autre , notre amis ou plutôt ton ami lainvi !! joue même dans le crackage des outils comme malwarebytes qui déjà en gratuit est très bien !! perso je pense que des personnes avec cette mentalité sur le crackage des outils de sécurité , mériterais de se débrouiller tout seul, quand on est assé grand pour cracker des outils comme malwarebytes on devrait être assé grand pour se sortir de sa propre mer.e !! @+
"Z:\Malwarebytes' Anti-Malware v1.39+Serial [ kk ]\mbam-setup.exe" 
07/21/2009 11:45 PM |Size 3775176 |Crc32 79c70008 |Md5 ff32d7e4ed1c4638a96da158da0fd91d 
"Z:\Malwarebytes' Anti-Malware v1.39+Serial [ kk ]\Malwarebytes' Anti-Malware v1.39+Serial [ kk ].rar" 
-> contain : mbam-setup.exe 

1
Utilisateur anonyme
21 déc. 2009 à 19:45
Salut,

la version de HijakcThis que tu utilises est obsolète, je te propose plutôt de faire un diagnostic avec RSIT :

* Télécharge Random's system information tool (RSIT) et enregistre le sur ton bureau.
* Double clique sur RSIT.exe pour lancer l'outil.
* Clique sur ' continue ' à l'écran Disclaimer.
* Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
* Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports.


( C:\RSIT\log.txt & C:\RSIT\info.txt )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
0
jacques.gache Messages postés 33453 Date d'inscription mardi 13 novembre 2007 Statut Contributeur sécurité Dernière intervention 25 janvier 2016 1 616
21 déc. 2009 à 19:48
lainvi bonjour, même avec une version périmé tu aurais pu passer ad-remover et après demander un RSIT , mais bon je suis arrivé trop tard !!! @+
0
Utilisateur anonyme
21 déc. 2009 à 19:49
Bonsoir

A toi la main lainvi ;-)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
meastik Messages postés 16 Date d'inscription lundi 21 décembre 2009 Statut Membre Dernière intervention 5 avril 2010
21 déc. 2009 à 19:59
c est fait je suis entrain de suivre les instructions je te renvoi les donnees des qu ils sont disponibles. et merci pour l aide.
ps est ce normal que rsit prenne du temps pour telecharger la derniere version de hijackthis?
0
meastik Messages postés 16 Date d'inscription lundi 21 décembre 2009 Statut Membre Dernière intervention 5 avril 2010
21 déc. 2009 à 20:03
merci guillaume je suis les instructions et jte fait signe
0
voici le rapport
info.txt logfile of random's system information tool 1.06 2009-12-21 17:15:13

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec /X{27DC856A-0916-4988-8198-8714DDD3183D}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\setup.exe" -l0x9 anything
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
32 Bit HP CIO Components Installer-->MsiExec.exe /I{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}
3D Driving-School-->"C:\program files\3D Driving-School\uninstall.exe"
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
AGEIA PhysX v7.05.17-->MsiExec.exe /X{27DC856A-0916-4988-8198-8714DDD3183D}
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
BearShare MediaBar-->C:\Program Files\BearShare Applications\BearShare MediaBar\Uninstall.exe
Blaze Media Pro-->C:\PROGRA~1\MYSTIK~1\BLAZEM~1\UNWISE.EXE C:\PROGRA~1\MYSTIK~1\BLAZEM~1\INSTALL.LOG
Bluesoleil 6.4.249.0-->MsiExec.exe /X{5D6DA9E8-A37F-4297-8B03-C8CC1F4F2F36}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom 802.11 Driver-->C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11\UninstallInfo
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -IAt8VEN5a.inf
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Empire Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\3.0.195.38\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
HP Customer Participation Program 13.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Deskjet F4400 Printer Driver Software 13.0 Rel .5-->C:\Program Files\HP\Digital Imaging\{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}\setup\hpzscr01.exe -datfile hposcr37.dat -onestop -forcereboot
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\Setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 13.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Pavilion Webcam-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\Setup.exe" -l0x9 -u
HP Print Projects 1.0-->C:\Program Files\HP\Digital Imaging\HPPrintProjects\hpzscr01.exe -datfile hpqbud19.dat
HP Quick Launch Buttons 6.30 J1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe -runfromtemp -l0x0009 -removeonly uninst
HP Smart Web Printing 4.5-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 13.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
ImTOO HD Video Converter-->C:\Program Files\ImTOO\HD Video Converter\Uninstall.exe
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
jetAudio Plus VX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe" -l0x9 -removeonly
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Kasparov Chessmate-->"C:\Program Files\Kasparov Chessmate\unins000.exe"
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LimeWire PRO 5.0.11-->"C:\Program Files\LimeWire\uninstall.exe"
Loupe-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Loupe\ST6UNST.LOG"
Magic ISO Maker v5.5 (build 0276)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Magic Video Converter Trial Version (English) 8.0.2.18-->"C:\Program Files\Magic Video Converter\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! 3-->"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Speech Recognition Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mscsrgpc.inf, Uninstall.NT
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Xbox 360 Accessories 1.2-->MsiExec.exe /X{046AB4DC-0B95-41A7-8DF7-98680297CC03}
Mouse Suite-->Pmuninst.exe MouseSuite98
Movavi VideoSuite 7-->MsiExec.exe /I{8288EF0A-D841-40DD-9ED2-29DED1B31598}
Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3MyMP3 3.0-->"C:\Program Files\MP3MyMP3 3.0\unins000.exe"
MPEG Encoder 3-->C:\Program Files\ImTOO\MPEG Encoder 3\Uninstall.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
Nmap 5.00-->"C:\Program Files\Nmap\uninstall.exe"
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.1.0.19\InstStub.exe /X
ObjectDock-->C:\PROGRA~1\Stardock\OBJECT~2\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~2\INSTALL.LOG
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PaltalkScene-->"C:\WINDOWS\PaltalkScene\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml"
Pinnacle VideoSpin-->MsiExec.exe /I{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Pro Evolution Soccer 2010-->MsiExec.exe /X{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}
Proxomitron v4.5-->C:\Program Files\Proxomitron Naoko v4.5\Uninstal.exe
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Scrabble™ Interactive 2009 Edition-->"C:\Program Files\Ubisoft\Scrabble2009\unins000.exe"
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Tap'Touche 5-->"C:\Program Files\Tap'Touche 5\désinstaller.exe"
TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Outlook 2007 Junk Email Filter (kb976884)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FB60F280-C70F-4174-BADB-471412AA42F0}
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
uTorrent Turbo Accelerator-->C:\Program Files\uTorrent Turbo Accelerator\uninstall.exe
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VirtuaGirl 2-->C:\PROGRA~1\Vg\UNWISE.EXE C:\PROGRA~1\Vg\INSTALL.LOG
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VoipCheapCom-->"C:\Program Files\VoipCheapCom\unins000.exe"
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
winpcap-nmap 4.02-->"C:\Program Files\WinPcap\uninstall.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

78.159.110.59 www.google.com
78.159.110.59 www.google.de
78.159.110.59 www.google.fr
78.159.110.59 www.google.co.uk
78.159.110.59 www.google.com.br
78.159.110.59 www.google.it
78.159.110.59 www.google.es
78.159.110.59 www.google.co.jp
78.159.110.59 www.google.com.mx
78.159.110.59 www.google.ca

======Security center information======

AV: Norton Internet Security
FW: Norton Internet Security

======System event log======

Computer Name: CINU-2BE4DD75F2
Event Code: 32003
Message: The Network Address Translator (NAT) was unable to request an operation
of the kernel-mode translation module.
This may indicate misconfiguration, insufficient resources, or
an internal error.
The data is the error code.

Record Number: 58277
Source Name: ipnathlp
Time Written: 20091221031033.000000-480
Event Type: error
User:

Computer Name: CINU-2BE4DD75F2
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001B77659F70. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 58273
Source Name: Dhcp
Time Written: 20091221031025.000000-480
Event Type: warning
User:

Computer Name: CINU-2BE4DD75F2
Event Code: 10010
Message: The server {641B9FB0-C2B1-41BD-8563-5F484E3BE84A} did not register with DCOM within the required timeout.

Record Number: 58268
Source Name: DCOM
Time Written: 20091221030018.000000-480
Event Type: error
User: CINU-2BE4DD75F2\LE KING

Computer Name: CINU-2BE4DD75F2
Event Code: 10010
Message: The server {641B9FB0-C2B1-41BD-8563-5F484E3BE84A} did not register with DCOM within the required timeout.

Record Number: 58267
Source Name: DCOM
Time Written: 20091221024145.000000-480
Event Type: error
User: CINU-2BE4DD75F2\LE KING

Computer Name: CINU-2BE4DD75F2
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 58266
Source Name: Tcpip
Time Written: 20091221024139.000000-480
Event Type: warning
User:

=====Application event log=====

Computer Name: CINU-2BE4DD75F2
Event Code: 1517
Message: Windows saved user CINU-2BE4DD75F2\LE KING registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 2212
Source Name: Userenv
Time Written: 20091003020303.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: CINU-2BE4DD75F2
Event Code: 1101
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe . Error code = 0x80131047


Record Number: 2211
Source Name: .NET Runtime Optimization Service
Time Written: 20091002235213.000000-420
Event Type: error
User:

Computer Name: CINU-2BE4DD75F2
Event Code: 10005
Message: Product: Windows Live Communications Platform -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2762. The arguments are: , ,

Record Number: 2199
Source Name: MsiInstaller
Time Written: 20091002233913.000000-420
Event Type: error
User: CINU-2BE4DD75F2\LE KING

Computer Name: CINU-2BE4DD75F2
Event Code: 10005
Message: Product: Windows Live Communications Platform -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2762. The arguments are: , ,

Record Number: 2198
Source Name: MsiInstaller
Time Written: 20091002233913.000000-420
Event Type: error
User: CINU-2BE4DD75F2\LE KING

Computer Name: CINU-2BE4DD75F2
Event Code: 10005
Message: Produit : Windows Live Mail -- Windows Installer a rencontré une erreur inattendue lors de l'installation de ce package. Il s'agit peut-être d'un problème lié au package. Le code d'erreur est 2762. Les arguments sont : , ,

Record Number: 2196
Source Name: MsiInstaller
Time Written: 20091002233909.000000-420
Event Type: error
User: CINU-2BE4DD75F2\LE KING

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\IVT Corporation\BlueSoleil\Mobile;C:\Program Files\Pinnacle\Shared Files\;C:\Program Files\Pinnacle\Shared Files\Filter\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
0
meastik Messages postés 16 Date d'inscription lundi 21 décembre 2009 Statut Membre Dernière intervention 5 avril 2010
21 déc. 2009 à 23:22
voici un des log j envoi le deuxieme

Logfile of random's system information tool 1.06 (written by random/random)
Run by LE KING at 2009-12-21 17:14:57
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 6 GB (6%) free of 100 GB
Total RAM: 2038 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:15:08 PM, on 12/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\LE KING\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\LE KING\My Documents\Downloads\Programs\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\LE KING.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ww12.cherche.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ww12.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://ww12.cherche.us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 78.159.110.59 www.google.com
O1 - Hosts: 78.159.110.59 www.google.de
O1 - Hosts: 78.159.110.59 www.google.fr
O1 - Hosts: 78.159.110.59 www.google.co.uk
O1 - Hosts: 78.159.110.59 www.google.com.br
O1 - Hosts: 78.159.110.59 www.google.it
O1 - Hosts: 78.159.110.59 www.google.es
O1 - Hosts: 78.159.110.59 www.google.co.jp
O1 - Hosts: 78.159.110.59 www.google.com.mx
O1 - Hosts: 78.159.110.59 www.google.ca
O1 - Hosts: 78.159.110.59 www.google.com.au
O1 - Hosts: 78.159.110.59 www.google.nl
O1 - Hosts: 78.159.110.59 www.google.co.za
O1 - Hosts: 78.159.110.59 www.google.be
O1 - Hosts: 78.159.110.59 www.google.gr
O1 - Hosts: 78.159.110.59 www.google.at
O1 - Hosts: 78.159.110.59 www.google.se
O1 - Hosts: 78.159.110.59 www.google.ch
O1 - Hosts: 78.159.110.59 www.google.pt
O1 - Hosts: 78.159.110.59 www.google.dk
O1 - Hosts: 78.159.110.59 www.google.fi
O1 - Hosts: 78.159.110.59 www.google.ie
O1 - Hosts: 78.159.110.59 www.google.no
O1 - Hosts: 78.159.110.59 search.yahoo.com
O1 - Hosts: 78.159.110.59 us.search.yahoo.com
O1 - Hosts: 78.159.110.59 uk.search.yahoo.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\IPSBHO.DLL
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\voipcheapcom.exe" -nosplash -minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ViGlance] C:\PROGRA~1\ViGlance\ViGlance.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WeatherEye] C:\Documents and Settings\LE KING\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: IMVU.lnk = C:\Documents and Settings\LE KING\Application Data\IMVUClient\IMVUClient.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: VirtuaGirl2.lnk = C:\Program Files\Vg\VirtuaGirl2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer via Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Envoyer via message(&M)... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\LE KING\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: Google Update Service (gupdate1c9f9324a9bfc6c) (gupdate1c9f9324a9bfc6c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
0
meastik Messages postés 16 Date d'inscription lundi 21 décembre 2009 Statut Membre Dernière intervention 5 avril 2010
21 déc. 2009 à 23:24
et voici et second merci pour votre aide



Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3405
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

12/21/2009 5:01:30 PM
mbam-log-2009-12-21 (17-01-30).txt

Type de recherche: Examen complet (C:\|Z:\|)
Eléments examinés: 211308
Temps écoulé: 2 hour(s), 47 minute(s), 19 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24e9519b-3f70-429b-99bc-4b2b49b96f66} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljbuofc (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{24e9519b-3f70-429b-99bc-4b2b49b96f66} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{24e9519b-3f70-429b-99bc-4b2b49b96f66} (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\68740126 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{24e9519b-3f70-429b-99bc-4b2b49b96f66} (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\68740126 (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\mlJBUOfc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\68740126\68740126.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\LE KING\Desktop\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\LE KING\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
0
Utilisateur anonyme
22 déc. 2009 à 18:00
Salut,

Tu vas faire ceci :

==> Vas dans "Démarrer" puis Panneau de configuration.
==> Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.
==> Clique sur Continuer.
==> Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
==> Valide par OK et redémarre.

Ensuite :

Tu as des toolbar infectées sur ton ordinateur, lorsque tu installes un programme fais attention de cocher ou décocher des cases avant de cliquer sur suivant pour éviter d'installer les toolbars associées.

* Télécharge et enregistre le fichier d installation d'Ad-Remover sur ton bureau
* Double clique sur le programme d'installation , et installe le dans son emplacement par défaut.
* Double clique sur Ad-remover.exe présent sur ton bureau.
* Sous Vista : clic droit sur AD-Remover et sélectionner "Exécuter en tant qu'administrateur"
* Au menu principal choisi l'option "L" et tape sur [entrée] .
* Laisse travailler l'outil et ne touche à rien ...
* Poste le rapport qui apparait à la fin.


( le rapport est sauvegardé aussi sous C:\Ad-report.log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
meastik Messages postés 16 Date d'inscription lundi 21 décembre 2009 Statut Membre Dernière intervention 5 avril 2010
22 déc. 2009 à 19:06
slt lainvi
je suis les instructions que tu me donnes mais j ai encore un probleme en effet lorsque je vais dans panneau de config je retrouve l icone des comptes utilisateur mais pas celui de < Activer ou désactiver le contrôle des comptes d'utilisateurs. > mon systeme d exploitation est en anglais mais je comprend la langue et je ne vois aucune icone ki ressemble a ca aide moi encore stp merci d avance
meastik
0
Utilisateur anonyme
22 déc. 2009 à 19:22
Salut,

Je n'ai pas cet OS en anglais et je ne suis pas un pro dans cette langue.

Je te propose de read cette page (in english) avec des pictures qui pourra help you : :)

https://petri.com/disable_uac_in_windows_vista
0
meastik Messages postés 16 Date d'inscription lundi 21 décembre 2009 Statut Membre Dernière intervention 5 avril 2010
22 déc. 2009 à 19:41
je suis sur xp
0
Utilisateur anonyme
22 déc. 2009 à 19:51
Ouarfff, la boulette, ;)

Je vais changer de lunettes :), je suis vraiment désolé....

Ne tiens pas compte de la désactivation de l'uac, passe directement à l'utilisation de AD-Remover comme ceci :

* Télécharge et enregistre le fichier d installation d'Ad-Remover sur ton bureau
* Double clique sur le programme d'installation , et installe le dans son emplacement par défaut.
* Double clique sur Ad-remover.exe présent sur ton bureau.

* Sous Vista : clic droit sur AD-Remover et sélectionner "Exécuter en tant qu'administrateur"
* Au menu principal choisi l'option "L" et tape sur [entrée] .
* Laisse travailler l'outil et ne touche à rien ...
* Poste le rapport qui apparait à la fin.


( le rapport est sauvegardé aussi sous C:\Ad-report.log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
voici le log tx
.
======= LOGFILE OF AD-REMOVER 1.1.4.6_F | ONLY XP/VISTA/7 =======
.
Updated by C_XX on 21.12.2009 at 22:30
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Launch at: 14:18:07, Tue 12/22/2009 | Normal Boot | Option: CLEAN
Executed from: C:\Program Files\Ad-Remover\
Operating system: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
Computer Name: CINU-2BE4DD75F2 | Current user: LE KING
.
============== NEUTRALIZED ELEMENT(S) ==============
.

C:\DOCUME~1\LEKING~1\APPLIC~1\Mozilla\FireFox\Profiles\d0216rv9.default\extensions\toolbar@ask.com
C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
C:\DOCUME~1\LEKING~1\LOCALS~1\Temp\AskSearch
C:\DOCUME~1\LEKING~1\LOCALS~1\Temp\AskToolbarInstaller.exe
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
C:\Program Files\Ask.com
C:\Documents and Settings\LE KING\Local Settings\Application Data\AskToolbar

(!) -- Temp files deleted.

.
HKCU\software\appdatalow\AskToolbarInfo
HKCU\software\Ask.com
HKCU\software\AskToolbar
HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
HKLM\software\classes\appid\GenericAskToolbar.DLL
HKLM\Software\Classes\CLSID\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}
HKLM\Software\Classes\CLSID\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}
HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\software\classes\GenericAskToolbar.ToolbarWnd
HKLM\software\classes\GenericAskToolbar.ToolbarWnd.1
HKLM\software\classes\installer\Products\A28B4D68DEBAA244EB686953B7074FEF
HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
HKLM\Software\Classes\TypeLib\{DC3020B4-815F-427B-A5DA-82DC6634EBAD}
HKLM\Software\Classes\TypeLib\{F0CF944C-F160-4F65-8F0A-2773322FF357}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
HKLM\software\microsoft\windows\currentversion\uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
.
============== Added scan ==============
.
.
* Mozilla FireFox Version 3.5.6 [en-US] *
.
ProfilePath: d0216rv9.default (LE KING)
.
(LEKING~1, prefs.js) Browser.download.dir, C:\Documents and Settings\LE KING\Desktop
(LEKING~1, prefs.js) Browser.download.lastDir, C:\Documents and Settings\LE KING\Desktop
(LEKING~1, prefs.js) Browser.startup.homepage, hxxp://www.yahoo.fr/
(LEKING~1, prefs.js) Extensions.enabledItems, toolbar@ask.com:3.5.1.110,{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4,{1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.17,smartwebprinting@hp.com:4.5,mozilla_cc@internetdownloadmanager.com:6.8,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,jqs@sun.com:1.0,linkfilter@kaspersky.ru:9.0.0.736,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0,{4C0766D3-67A7-45a3-85A2-752F77312F32}:4.0,{B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6
(LEKING~1, prefs.js) Keyword.URL, hxxp://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q=
.
(LEKING~1, prefs.js) ERASED - Extensions.asktb.cbid, UF
(LEKING~1, prefs.js) ERASED - Extensions.asktb.default-channel-url-mask, hxxp://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}
(LEKING~1, prefs.js) ERASED - Extensions.asktb.fresh-install, false
(LEKING~1, prefs.js) ERASED - Extensions.asktb.l, dis
(LEKING~1, prefs.js) ERASED - Extensions.asktb.last-config-req, 1261473834177
(LEKING~1, prefs.js) ERASED - Extensions.asktb.locale, en_US
(LEKING~1, prefs.js) ERASED - Extensions.asktb.o, 15150
(LEKING~1, prefs.js) ERASED - Extensions.asktb.overlay-reloaded-using-restart, true
(LEKING~1, prefs.js) ERASED - Extensions.asktb.qsrc, 2871
(LEKING~1, prefs.js) ERASED - Extensions.asktb.r, 5
(LEKING~1, prefs.js) ERASED - Extensions.enabledItems, toolbar@ask.com:3.5.1.110,{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4,{1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.17,smartwebprinting@hp.com:4.5,mozilla_cc@internetdownloadmanager.com:6.8,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,jqs@sun.com:1.0,linkfilter@kaspersky.ru:9.0.0.736,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0,{4C0766D3-67A7-45a3-85A2-752F77312F32}:4.0,{B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6
.
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Enable Browser Extensions: yes
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Documents and Settings\LE KING\Application Data\Azureus\torrents\[MONOVA.ORG] Malwarebytes Anti-Malware v1 39Serial [ kk ].torrent
C:\Documents and Settings\LE KING\Application Data\Azureus\torrents\Adobe_Photoshop_CS4_Extended___Keygen___Activation_Patch.4675995.TPB.torrent
C:\Documents and Settings\LE KING\Application Data\Azureus\torrents\BearShare_Pro_5_3_0_0_Fully_Cracked_rar.torrent
C:\Documents and Settings\LE KING\Application Data\Azureus\torrents\MagicISO Maker v5.5 (Build 265) [BRAiGHTLiNG Crack][h33t][matt14] [mininova].torrent
C:\Documents and Settings\LE KING\Application Data\Azureus\torrents\Movavi_VideoSuite_7_0_2___crack.torrent
C:\Documents and Settings\LE KING\Application Data\Azureus\torrents\Need For Speed Most Wanted [ENG][(PC DVD - ISO - Keygen & Crack]_KaYz 2008 [mininova].torrent
C:\Documents and Settings\LE KING\Desktop\LOADER CAPTIVWORK\CW650S_Classic_Patch_2009_10_04.zip
C:\Documents and Settings\LE KING\My Documents\Azureus Downloads\New Folder\1000 Hacker Tutorials 2008\More Hacking\A Cracking Tutorial\ED!SON.NFO
C:\Documents and Settings\LE KING\My Documents\Azureus Downloads\Pinnacle VideoSpin v2.0.0.669 Multi\Crack\VideoSpin.exe
.
===================================
.
10036 Byte(s) - C:\Ad-Report-CLEAN[1].log
.
6 File(s) - C:\DOCUME~1\LEKING~1\LOCALS~1\Temp
2 File(s) - C:\WINDOWS\Temp
0 File(s) - C:\WINDOWS\Prefetch
.
18 File(s) - C:\Program Files\Ad-Remover\BACKUP
90 File(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
End at: 14:27:24 | Tue 12/22/2009 - CLEAN[1]
.
============== E.O.F ==============
.
0
Utilisateur anonyme
22 déc. 2009 à 20:45
Tu as quelques cracks sur ton ordinateur, je te conseil vivement de les supprimer, ils sont vecteurs d'infections.

Pour mettre ton fichier hosts à l'état initial, fais ceci :

* Télécharges RHosts (de SiRi)
* Double-clique dessus pour l'exécuter
* et cliques sur " Restore original Hosts "

* ps : c'est normal que rien ne se passe
* ensuite redémarre le pc

Tu as aussi une infection qui se propage par les supports amovibles, fais donc ceci :

* Telecharge UsbFix de C_XX & Chiquitine29
* Lance l'installation avec les parametres par default
* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d'avoir été infectés sans les ouvrir
* Double clic sur le raccourci UsbFix sur ton bureau
* Choisi l'option 1 (recherche)
* Laisse travailler l'outil
* Ensuite post le rapport UsbFix.txt qui apparaîtra
* Note : le rapport UsbFix.txt est sauvegardé a la racine du disque

* Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus
0
meastik Messages postés 16 Date d'inscription lundi 21 décembre 2009 Statut Membre Dernière intervention 5 avril 2010
22 déc. 2009 à 20:50
le voila le log tx
.
======= LOGFILE OF AD-REMOVER 1.1.4.6_F | ONLY XP/VISTA/7 =======
.
Updated by C_XX on 21.12.2009 at 22:30
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Launch at: 14:18:07, Tue 12/22/2009 | Normal Boot | Option: CLEAN
Executed from: C:\Program Files\Ad-Remover\
Operating system: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
Computer Name: CINU-2BE4DD75F2 | Current user: LE KING
.
============== NEUTRALIZED ELEMENT(S) ==============
.

C:\DOCUME~1\LEKING~1\APPLIC~1\Mozilla\FireFox\Profiles\d0216rv9.default\extensions\toolbar@ask.com
C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
C:\DOCUME~1\LEKING~1\LOCALS~1\Temp\AskSearch
C:\DOCUME~1\LEKING~1\LOCALS~1\Temp\AskToolbarInstaller.exe
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
C:\Program Files\Ask.com
C:\Documents and Settings\LE KING\Local Settings\Application Data\AskToolbar

(!) -- Temp files deleted.

.
HKCU\software\appdatalow\AskToolbarInfo
HKCU\software\Ask.com
HKCU\software\AskToolbar
HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
HKLM\software\classes\appid\GenericAskToolbar.DLL
HKLM\Software\Classes\CLSID\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}
HKLM\Software\Classes\CLSID\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}
HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\software\classes\GenericAskToolbar.ToolbarWnd
HKLM\software\classes\GenericAskToolbar.ToolbarWnd.1
HKLM\software\classes\installer\Products\A28B4D68DEBAA244EB686953B7074FEF
HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
HKLM\Software\Classes\TypeLib\{DC3020B4-815F-427B-A5DA-82DC6634EBAD}
HKLM\Software\Classes\TypeLib\{F0CF944C-F160-4F65-8F0A-2773322FF357}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
HKLM\software\microsoft\windows\currentversion\uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
.
============== Added scan ==============
.
.
* Mozilla FireFox Version 3.5.6 [en-US] *
.
ProfilePath: d0216rv9.default (LE KING)
.
(LEKING~1, prefs.js) Browser.download.dir, C:\Documents and Settings\LE KING\Desktop
(LEKING~1, prefs.js) Browser.download.lastDir, C:\Documents and Settings\LE KING\Desktop
(LEKING~1, prefs.js) Browser.startup.homepage, hxxp://www.yahoo.fr/
(LEKING~1, prefs.js) Extensions.enabledItems, toolbar@ask.com:3.5.1.110,{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4,{1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.17,smartwebprinting@hp.com:4.5,mozilla_cc@internetdownloadmanager.com:6.8,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,jqs@sun.com:1.0,linkfilter@kaspersky.ru:9.0.0.736,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0,{4C0766D3-67A7-45a3-85A2-752F77312F32}:4.0,{B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6
(LEKING~1, prefs.js) Keyword.URL, hxxp://google.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q=
.
(LEKING~1, prefs.js) ERASED - Extensions.asktb.cbid, UF
(LEKING~1, prefs.js) ERASED - Extensions.asktb.default-channel-url-mask, hxxp://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}
(LEKING~1, prefs.js) ERASED - Extensions.asktb.fresh-install, false
(LEKING~1, prefs.js) ERASED - Extensions.asktb.l, dis
(LEKING~1, prefs.js) ERASED - Extensions.asktb.last-config-req, 1261473834177
(LEKING~1, prefs.js) ERASED - Extensions.asktb.locale, en_US
(LEKING~1, prefs.js) ERASED - Extensions.asktb.o, 15150
(LEKING~1, prefs.js) ERASED - Extensions.asktb.overlay-reloaded-using-restart, true
(LEKING~1, prefs.js) ERASED - Extensions.asktb.qsrc, 2871
(LEKING~1, prefs.js) ERASED - Extensions.asktb.r, 5
(LEKING~1, prefs.js) ERASED - Extensions.enabledItems, toolbar@ask.com:3.5.1.110,{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4,{1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.17,smartwebprinting@hp.com:4.5,mozilla_cc@internetdownloadmanager.com:6.8,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,jqs@sun.com:1.0,linkfilter@kaspersky.ru:9.0.0.736,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0,{4C0766D3-67A7-45a3-85A2-752F77312F32}:4.0,{B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6
.
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Enable Browser Extensions: yes
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Documents and Settings\LE KING\Application Data\Azureus\torrents\[MONOVA.ORG] Malwarebytes Anti-Malware v1 39Serial [ kk ].torrent
C:\Documents and Settings\LE KING\Application Data\Azureus\torrents\Adobe_Photoshop_CS4_Extended___Keygen___Activation_Patch.4675995.TPB.torrent
C:\Documents and Settings\LE KING\Application Data\Azureus\torrents\BearShare_Pro_5_3_0_0_Fully_Cracked_rar.torrent
C:\Documents and Settings\LE KING\Application Data\Azureus\torrents\MagicISO Maker v5.5 (Build 265) [BRAiGHTLiNG Crack][h33t][matt14] [mininova].torrent
C:\Documents and Settings\LE KING\Application Data\Azureus\torrents\Movavi_VideoSuite_7_0_2___crack.torrent
C:\Documents and Settings\LE KING\Application Data\Azureus\torrents\Need For Speed Most Wanted [ENG][(PC DVD - ISO - Keygen & Crack]_KaYz 2008 [mininova].torrent
C:\Documents and Settings\LE KING\Desktop\LOADER CAPTIVWORK\CW650S_Classic_Patch_2009_10_04.zip
C:\Documents and Settings\LE KING\My Documents\Azureus Downloads\New Folder\1000 Hacker Tutorials 2008\More Hacking\A Cracking Tutorial\ED!SON.NFO
C:\Documents and Settings\LE KING\My Documents\Azureus Downloads\Pinnacle VideoSpin v2.0.0.669 Multi\Crack\VideoSpin.exe
.
===================================
.
10036 Byte(s) - C:\Ad-Report-CLEAN[1].log
.
6 File(s) - C:\DOCUME~1\LEKING~1\LOCALS~1\Temp
2 File(s) - C:\WINDOWS\Temp
0 File(s) - C:\WINDOWS\Prefetch
.
18 File(s) - C:\Program Files\Ad-Remover\BACKUP
90 File(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
End at: 14:27:24 | Tue 12/22/2009 - CLEAN[1]
.
============== E.O.F ==============
.
0
meastik Messages postés 16 Date d'inscription lundi 21 décembre 2009 Statut Membre Dernière intervention 5 avril 2010
22 déc. 2009 à 21:10
here is the log tx again voila le log merci encore

############################## | UsbFix V6.066 |

User : LE KING (Administrators) # CINU-2BE4DD75F2
Update on 20/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 3:04:28 PM | 12/22/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 CPU T5300 @ 1.73GHz
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : Norton Internet Security 17.0.0.136 [ (!) Disabled | Updated ]
FW : Norton Internet Security[ Enabled ]17.0.0.136

C:\ -> Local Fixed Disk # 97.65 Go (10 Go free) # NTFS
D:\ -> CD-ROM Disc
E:\ -> CD-ROM Disc
F:\ -> CD-ROM Disc
G:\ -> CD-ROM Disc
I:\ -> Removable Disk # 1.95 Go (1.28 Go free) [KING KEY] # FAT
Z:\ -> Local Fixed Disk # 51.39 Go (9.69 Go free) # NTFS

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 888
C:\WINDOWS\system32\csrss.exe 944
C:\WINDOWS\system32\winlogon.exe 976
C:\WINDOWS\system32\services.exe 1020
C:\WINDOWS\system32\lsass.exe 1032
C:\WINDOWS\system32\svchost.exe 1184
C:\WINDOWS\system32\svchost.exe 1296
C:\WINDOWS\System32\svchost.exe 1336
C:\WINDOWS\system32\svchost.exe 1456
C:\WINDOWS\system32\svchost.exe 1540
C:\WINDOWS\system32\spoolsv.exe 1828
C:\WINDOWS\system32\svchost.exe 1896
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1928
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe 224
C:\Program Files\Bonjour\mDNSResponder.exe 244
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe 604
C:\WINDOWS\system32\cisvc.exe 636
C:\WINDOWS\system32\svchost.exe 732
C:\Program Files\Java\jre6\bin\jqs.exe 1224
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 1648
C:\WINDOWS\System32\svchost.exe 1740
C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe 1856
C:\WINDOWS\System32\svchost.exe 1964
C:\WINDOWS\system32\PnkBstrA.exe 1976
C:\WINDOWS\system32\PnkBstrB.exe 1988
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe 2044
C:\WINDOWS\system32\svchost.exe 148
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe 276
C:\WINDOWS\system32\wuauclt.exe 1496
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe 2708
C:\WINDOWS\System32\alg.exe 2836
C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe 3240
C:\WINDOWS\Explorer.EXE 3432
C:\WINDOWS\system32\ICO.EXE 2016
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe 476
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 172
C:\Program Files\MessengerPlus! 3\MsgPlus.exe 920
C:\Program Files\Java\jre6\bin\jusched.exe 1416
C:\WINDOWS\system32\igfxtray.exe 1440
C:\WINDOWS\system32\igfxpers.exe 740
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe 1848
C:\WINDOWS\system32\igfxsrvc.exe 1716
C:\Program Files\Common Files\Real\Update_OB\realsched.exe 2268
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe 2276
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe 2300
C:\WINDOWS\system32\wbem\wmiprvse.exe 2428
C:\Program Files\iTunes\iTunesHelper.exe 2520
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe 2532
C:\Program Files\VoipCheapCom\VoipCheapCom.exe 1136
C:\WINDOWS\system32\ctfmon.exe 2660
C:\Program Files\Messenger\msmsgs.exe 2692
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 1588
C:\Program Files\iPod\bin\iPodService.exe 4028
C:\Program Files\Internet Download Manager\IDMan.exe 3716
C:\WINDOWS\system32\wuauclt.exe 728
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2664
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 3256
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe 3784
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe 2512
C:\Program Files\Internet Download Manager\IEMonitor.exe 1628
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe 2776
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe 3332
C:\Program Files\Windows Live\Contacts\wlcomm.exe 4280
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe 4304
C:\Program Files\Internet Explorer\iexplore.exe 5220
C:\Program Files\Internet Explorer\iexplore.exe 5304
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe 5888
C:\Program Files\Internet Explorer\iexplore.exe 6004
C:\WINDOWS\system32\cidaemon.exe 5616
C:\Program Files\Internet Explorer\iexplore.exe 2128
C:\WINDOWS\system32\wscntfy.exe 2764
C:\WINDOWS\system32\wbem\wmiprvse.exe 996

################## | Fichiers # Dossiers infectieux |


################## | Registre # Clés infectieuses |


################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{81768052-55b9-11de-9123-b09751d07c8f}
Shell\AutoRun\command =G:\setupSNK.exe

HKCU\..\..\Explorer\MountPoints2\{88a73841-5dce-11de-914b-001b77659f70}
Shell\AutoRun\command =RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe
Shell\open\command =RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe

################## | Cracks / Keygens / Serials |

"C:\Documents and Settings\LE KING\My Documents\Azureus Downloads\Pinnacle VideoSpin v2.0.0.669 Multi\Crack\VideoSpin.exe"
12/13/2009 12:43 AM |Size 5432592 |Crc32 6c94e151 |Md5 06465fc70c7dc29a5f3ada108aa4017b

"Z:\BLUET\Bluesoleil 6.4 + Crack + Activation\BlueSoleil 6.4.249.0WithMobile\install\setup.exe"
02/27/2009 03:43 PM |Size 57437 |Crc32 af652d14 |Md5 b4795873fd918ddd854785cca4fa7f15

"Z:\BLUET\Bluesoleil 6.4 + Crack + Activation\BlueSoleil 6.4.249.0WithMobile\install\amd64\setup.exe"
04/20/2009 09:16 AM |Size 253952 |Crc32 88dfd528 |Md5 d3b68da7df48ccad2ef117b16ae2bed0

"Z:\BLUET\Bluesoleil 6.4 + Crack + Activation\BlueSoleil 6.4.249.0WithMobile\install\x86\setup.exe"
04/20/2009 09:14 AM |Size 253952 |Crc32 88dfd528 |Md5 d3b68da7df48ccad2ef117b16ae2bed0

"Z:\BLUET\Bluesoleil 6.4 + Crack + Activation\Crack\ActivationTool.exe"
10/17/2008 04:07 PM |Size 311296 |Crc32 248eb0fc |Md5 2a6e2193baa337c9de64b9f67f797c64

"Z:\BLUET\Bluesoleil 6.4 + Crack + Activation\Crack\keygen.exe"
03/06/2009 07:52 PM |Size 241152 |Crc32 7453598f |Md5 405020fee3174d9e6f5725f5455209fc

"Z:\Crack\pes2009.exe"
10/14/2008 03:03 AM |Size 49157432 |Crc32 fb131ce2 |Md5 305392baef95e316dad278797cf37b50

"Z:\Malwarebytes' Anti-Malware v1.39+Serial [ kk ]\mbam-setup.exe"
07/21/2009 11:45 PM |Size 3775176 |Crc32 79c70008 |Md5 ff32d7e4ed1c4638a96da158da0fd91d

"Z:\small software\Movavi.VideoSuite.7.0.2\crack\AudioCaptureME.exe"
11/06/2009 05:35 PM |Size 5632 |Crc32 44e71cd3 |Md5 fde97c69d993c772274d5e707dda50b2

"Z:\small software\Movavi.VideoSuite.7.0.2\crack\ChiliBurner.exe"
11/06/2009 05:49 PM |Size 5632 |Crc32 c43d6e92 |Md5 8f776574f0e929e1cc52990d176f655a

"Z:\small software\Movavi.VideoSuite.7.0.2\crack\FlashConverter.exe"
11/06/2009 05:24 PM |Size 5632 |Crc32 24fce0a5 |Md5 076bb24b151f1d7262efc27e6b78d59a

"Z:\small software\Movavi.VideoSuite.7.0.2\crack\FlashConverterME.exe"
11/06/2009 05:56 PM |Size 5632 |Crc32 38e32d9b |Md5 323b9396c5f1d046d85f03609c973499

"Z:\small software\Movavi.VideoSuite.7.0.2\crack\MovieEditor.exe"
11/06/2009 05:50 PM |Size 5632 |Crc32 1a8f3eb2 |Md5 13ac7a1b1963edf752024f2f4557fade

"Z:\small software\Movavi.VideoSuite.7.0.2\crack\Octopus.exe"
11/06/2009 05:47 PM |Size 5632 |Crc32 e2f71590 |Md5 70e629c1c7969dede1d1f7bbd7b86e61

"Z:\small software\Movavi.VideoSuite.7.0.2\crack\sched_converter.exe"
11/06/2009 05:42 PM |Size 5632 |Crc32 3e5e136d |Md5 0cc861447709dbb7a758472c94dcbfb5

"Z:\small software\Movavi.VideoSuite.7.0.2\crack\ScreenCaptureME.exe"
11/06/2009 05:26 PM |Size 5632 |Crc32 ff33f029 |Md5 3dc5063f9d3e844631501a181be3e1f2

"Z:\small software\Movavi.VideoSuite.7.0.2\crack\SplitMovie.exe"
11/06/2009 05:38 PM |Size 5632 |Crc32 7e2e487f |Md5 71cba7fe916e81eb2cbeaa7c7222957a

"Z:\small software\Movavi.VideoSuite.7.0.2\crack\Suite.exe"
11/06/2009 06:04 PM |Size 4849664 |Crc32 9cc58133 |Md5 20f752a5562614da21428b3a065498b7

"Z:\small software\Movavi.VideoSuite.7.0.2\crack\VideoCapture.exe"
11/06/2009 05:26 PM |Size 5632 |Crc32 5b54796a |Md5 ac0e1e01ae940b543cdd049143a88568

"Z:\small software\Movavi.VideoSuite.7.0.2\crack\VideoCaptureME.exe"
11/06/2009 05:22 PM |Size 5632 |Crc32 aa1a21a8 |Md5 ed2c33fe8ea41ab494c2a2395ca6e096

"Z:\small software\Movavi.VideoSuite.7.0.2\crack\VideoConverter.exe"
11/06/2009 05:32 PM |Size 5632 |Crc32 23963d47 |Md5 2d2a8144619ea23bcf8595a90fd3dd55

"Z:\Kasparov Chessmate softarchive.net\Kasparov.Chessmate.v1.0.14.WinALL.Incl.Keygen-ECLiPSE\Kasparov.Chessmate.v1.0.14.Keygen.zip"
-> Contain : eclkcm10.exe 112640 DFLT-N 4% 108016 23-10-2004 19:00:18 a3b79114

"Z:\Alcohol\Alcohol_120_v1.9.5.3105_Retail.Offline.KeyGen.rar"
-> contain : keygen.exe

"Z:\Alcohol\Alcohol_120_v1.9.5.3105_Retail_Incl_Offline_KeyGen.rar"
-> contain : setup.exe

"Z:\Malwarebytes' Anti-Malware v1.39+Serial [ kk ]\Malwarebytes' Anti-Malware v1.39+Serial [ kk ].rar"
-> contain : mbam-setup.exe


################## | ! Fin du rapport # UsbFix V6.066 ! |
0
Utilisateur anonyme
22 déc. 2009 à 21:59
okay, un amateur de crack tu fais une collection ;)^^,

Fais ceci maintenant :

* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectés sans les ouvrir
* Double clic sur le raccourci UsbFix présent sur ton bureau
* choisi l'option 2 ( Suppression )
* Ton bureau disparaîtra et le pc redémarrera .
* Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.
* Ensuite post le rapport UsbFix.txt qui apparaîtra avec le bureau .
* Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
* ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
* UsbFix te proposera d'uploader un dossier compressé à cette adresse : https://www.ionos.fr/?affiliate_id=77097
* Ce dossier a été créé par UsbFix et est enregistré sur ton bureau.
* Merci de l'envoyer à l'adresse indiquée afin d'aider l'auteur de UsbFix dans ses recherches.
* Merci d'avance pour ta contribution !!

Ensuite tu vas faire un nouveau rapport RSIT, seul le rapport log.txt va apparaitre, copie/colle son contenu dans une réponse séparée du rapport de USBFix.
0
meastik Messages postés 16 Date d'inscription lundi 21 décembre 2009 Statut Membre Dernière intervention 5 avril 2010
22 déc. 2009 à 22:50
et revoila le log tx

############################## | UsbFix V6.066 |

User : LE KING (Administrators) # CINU-2BE4DD75F2
Update on 20/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 4:15:38 PM | 12/22/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 CPU T5300 @ 1.73GHz
Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : Norton Internet Security 17.0.0.136 [ Enabled | Updated ]
FW : Norton Internet Security[ Enabled ]17.0.0.136

C:\ -> Local Fixed Disk # 97.65 Go (9.97 Go free) # NTFS
D:\ -> CD-ROM Disc
E:\ -> CD-ROM Disc
F:\ -> CD-ROM Disc
I:\ -> Removable Disk # 1.95 Go (1.28 Go free) [KING KEY] # FAT
Z:\ -> Local Fixed Disk # 51.39 Go (9.69 Go free) # NTFS

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 868
C:\WINDOWS\system32\csrss.exe 944
C:\WINDOWS\system32\winlogon.exe 968
C:\WINDOWS\system32\services.exe 1020
C:\WINDOWS\system32\lsass.exe 1032
C:\WINDOWS\system32\svchost.exe 1172
C:\WINDOWS\system32\logonui.exe 1252
C:\WINDOWS\system32\svchost.exe 1304
C:\WINDOWS\System32\svchost.exe 1344
C:\WINDOWS\system32\svchost.exe 1440
C:\WINDOWS\system32\svchost.exe 1532
C:\WINDOWS\system32\spoolsv.exe 1784
C:\WINDOWS\system32\svchost.exe 1860
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1896
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe 1912
C:\Program Files\Bonjour\mDNSResponder.exe 1936
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe 1956
C:\WINDOWS\system32\cisvc.exe 1980
C:\WINDOWS\system32\svchost.exe 152
C:\Program Files\Java\jre6\bin\jqs.exe 164
C:\Program Files\Google\Update\GoogleUpdate.exe 176
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 236
C:\WINDOWS\System32\svchost.exe 416
C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe 492
C:\WINDOWS\System32\svchost.exe 664
C:\WINDOWS\system32\PnkBstrA.exe 676
C:\WINDOWS\system32\PnkBstrB.exe 1400
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe 1496
C:\WINDOWS\system32\svchost.exe 1624
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe 1868
C:\WINDOWS\system32\wuauclt.exe 564
C:\WINDOWS\system32\wbem\wmiprvse.exe 2368
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe 3188
C:\WINDOWS\System32\alg.exe 3356
C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe 3652
C:\WINDOWS\system32\userinit.exe 3776
C:\WINDOWS\Explorer.EXE 3920

################## | Fichiers # Dossiers infectieux |

Supprimé ! C:\Recycler\S-1-5-21-746137067-920026266-725345543-1004
Supprimé ! Z:\Recycler\S-1-5-21-746137067-920026266-725345543-1004
Supprimé ! Z:\Azureus_3_0_windows.exe

################## | Registre # Clés infectieuses |


################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{81768052-55b9-11de-9123-b09751d07c8f}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{88a73841-5dce-11de-914b-001b77659f70}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[12/22/2009 02:27 PM|--a------|10394] C:\Ad-Report-CLEAN[1].log
[06/10/2009 03:21 AM|--a------|0] C:\AUTOEXEC.BAT
[06/11/2009 10:35 PM|--a------|166] C:\bcmwl5.log
[06/10/2009 04:45 AM|-r-hs----|223] C:\boot.ini
[06/10/2009 03:21 AM|--a------|0] C:\CONFIG.SYS
[?|?|?] C:\hiberfil.sys
[06/10/2009 03:21 AM|-rahs----|0] C:\IO.SYS
[06/10/2009 03:21 AM|-rahs----|0] C:\MSDOS.SYS
[08/04/2004 04:00 AM|-rahs----|47564] C:\NTDETECT.COM
[08/04/2004 04:00 AM|-rahs----|250032] C:\ntldr
[?|?|?] C:\pagefile.sys
[12/22/2009 04:27 PM|--a------|3750] C:\UsbFix.txt
[09/09/2009 08:27 PM|--a------|726296576] I:\www.movizddl.blogspot.com - District.9 FR R5 SUBFORCED.avi
[06/20/2009 12:38 PM|--a------|2722784] Z:\1.jpg
[06/20/2009 12:39 PM|--a------|36270882] Z:\2.jpg
[06/20/2009 12:39 PM|--a------|2664038] Z:\3.jpg
[06/20/2009 12:40 PM|--a------|35109487] Z:\4.jpg
[06/20/2009 12:41 PM|--a------|34578938] Z:\5.jpg
[09/25/2009 06:14 PM|--a------|672956] Z:\ded8d1fb42587e9e7eb3fc5a3e0eeed4.PDF
[11/16/2009 06:55 PM|--a------|121668912] Z:\DJ_AIO_05_F4400_NonNet_Full_Win_enu_130_162.exe
[05/27/2009 02:02 PM|--a------|7526856] Z:\Firefox Setup 3.0.10.exe
[08/26/2009 06:17 PM|--a------|27203753] Z:\Hacker News Magazine N.14.pdf
[08/26/2009 06:06 PM|-ra------|24010485] Z:\Hacker.news.magazine.N21..pdf
[08/18/2009 10:32 AM|--a------|11688561] Z:\Hackers Magazine N.30 Aout Septembre 2009.Pdf
[06/15/2009 12:07 PM|--a------|77690152] Z:\iTunesSetup.exe
[09/23/2009 02:25 PM|--a------|1489100] Z:\Le petit chimiste 100 experiences.pdf
[09/23/2009 03:09 PM|--a------|100278928] Z:\LeCercleDeMinsk.-file-a1a0e492
[09/23/2009 02:27 PM|--a------|1779163] Z:\Methode pour Seduire les Femmes psychologie.pdf
[05/31/2009 04:15 PM|--a------|6087035] Z:\mp3mymp3install.exe
[05/23/2009 06:55 AM|--a------|534] Z:\num pers.txt
[11/21/2009 10:20 PM|--a------|8567936] Z:\objectdock_freeware_111.exe
[05/26/2009 07:04 PM|--a------|12666128] Z:\objectdock_objectdock_1.9.536_francais_anglais_62088.exe
[08/11/2009 03:36 PM|--a------|561981440] Z:\office 2007.iso
[05/28/2007 02:37 PM|--a------|29124480] Z:\pack-vista-inspirat-2-1.0.exe
[08/10/2003 01:45 AM|--a------|1212950] Z:\Proxomitron v4.5.exe
[10/07/2009 08:01 PM|--a------|2260619] Z:\PVMsetup.exe
[08/12/2009 02:18 PM|--a------|3113143] Z:\Setup_MagicISO.exe
[06/12/2009 07:57 PM|--a------|3477424] Z:\sp29361.exe
[06/12/2009 08:15 PM|--a------|30702968] Z:\sp33537.exe
[06/12/2009 08:39 PM|--a------|6482752] Z:\sp33839.exe
[06/12/2009 08:27 PM|--a------|8513072] Z:\sp33889.exe
[06/12/2009 10:06 PM|--a------|6132456] Z:\sp34489.exe
[11/06/2006 05:52 PM|--a------|486519] Z:\supercopier2beta1-9.exe
[12/21/2009 12:41 PM|--ahs----|49152] Z:\Thumbs.db
[08/11/2009 03:16 PM|--a------|346666032] Z:\X12-30105.exe
[08/11/2009 01:28 PM|--a------|448702592] Z:\X12-30194.exe
[11/08/2009 11:49 PM|--a------|7526264] Z:\Xbox360_32Fra.exe

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix.
# I:\autorun.inf -> Dossier créé par UsbFix.
# Z:\autorun.inf -> Dossier créé par UsbFix.

################## | Cracks / Keygens / Serials |

"C:\Documents and Settings\LE KING\My Documents\Azureus Downloads\Pinnacle VideoSpin v2.0.0.669 Multi\Crack\VideoSpin.exe"
12/13/2009 12:43 AM |Size 5432592 |Crc32 6c94e151 |Md5 06465fc70c7dc29a5f3ada108aa4017b

"Z:\BLUET\Bluesoleil 6.4 + Crack + Activation\BlueSoleil 6.4.249.0WithMobile\install\setup.exe"
02/27/2009 03:43 PM |Size 57437 |Crc32 af652d14 |Md5 b4795873fd918ddd854785cca4fa7f15

"Z:\BLUET\Bluesoleil 6.4 + Crack + Activation\BlueSoleil 6.4.249.0WithMobile\install\amd64\setup.exe"
04/20/2009 09:16 AM |Size 253952 |Crc32 88dfd528 |Md5 d3b68da7df48ccad2ef117b16ae2bed0

"Z:\BLUET\Bluesoleil 6.4 + Crack + Activation\BlueSoleil 6.4.249.0WithMobile\install\x86\setup.exe"
04/20/2009 09:14 AM |Size 253952 |Crc32 88dfd528 |Md5 d3b68da7df48ccad2ef117b16ae2bed0

"Z:\BLUET\Bluesoleil 6.4 + Crack + Activation\Crack\ActivationTool.exe"
10/17/2008 04:07 PM |Size 311296 |Crc32 248eb0fc |Md5 2a6e2193baa337c9de64b9f67f797c64

"Z:\BLUET\Bluesoleil 6.4 + Crack + Activation\Crack\keygen.exe"
03/06/2009 07:52 PM |Size 241152 |Crc32 7453598f |Md5 405020fee3174d9e6f5725f5455209fc

"Z:\Crack\pes2009.exe"
10/14/2008 03:03 AM |Size 49157432 |Crc32 fb131ce2 |Md5 305392baef95e316dad278797cf37b50

"Z:\Malwarebytes' Anti-Malware v1.39+Serial [ kk ]\mbam-setup.exe"
07/21/2009 11:45 PM |Size 3775176 |Crc32 79c70008 |Md5 ff32d7e4ed1c4638a96da158da0fd91d

"Z:\small software\Movavi.VideoSuite.7.0.2\crack\AudioCaptureME.exe"
11/06/2009 05:35 PM |Size 5632 |Crc32 44e71cd3 |Md5 fde97c69d993c772274d5e707dda50b2

"Z:\small software\Movavi.VideoSuite.7.0.2\crack\ChiliBurner.exe"
11/06/2009 05:49 PM |Size 5632 |Crc32 c43d6e92 |Md5 8f776574f0e929e1cc52990d176f655a

"Z:\small software\Movavi.VideoSuite.7.0.2\crack\FlashConverter.exe"
11/06/2009 05:24 PM |Size 5632 |Crc32 24fce0a5 |Md5 076bb24b151f1d7262efc27e6b78d59a

"Z:\small software\Movavi.VideoSuite.7.0.2\crack\FlashConverterME.exe"
11/06/2009 05:56 PM |Size 5632 |Crc32 38e32d9b |Md5 323b9396c5f1d046d85f03609c973499

"Z:\small software\Movavi.VideoSuite.7.0.2\crack\MovieEditor.exe"
11/06/2009 05:50 PM |Size 5632 |Crc32 1a8f3eb2 |Md5 13ac7a1b1963edf752024f2f4557fade

"Z:\small software\Movavi.VideoSuite.7.0.2\crack\Octopus.exe"
11/06/2009 05:47 PM |Size 5632 |Crc32 e2f71590 |Md5 70e629c1c7969dede1d1f7bbd7b86e61

"Z:\small software\Movavi.VideoSuite.7.0.2\crack\sched_converter.exe"
11/06/2009 05:42 PM |Size 5632 |Crc32 3e5e136d |Md5 0cc861447709dbb7a758472c94dcbfb5

"Z:\small software\Movavi.VideoSuite.7.0.2\crack\ScreenCaptureME.exe"
11/06/2009 05:26 PM |Size 5632 |Crc32 ff33f029 |Md5 3dc5063f9d3e844631501a181be3e1f2

"Z:\small software\Movavi.VideoSuite.7.0.2\crack\SplitMovie.exe"
11/06/2009 05:38 PM |Size 5632 |Crc32 7e2e487f |Md5 71cba7fe916e81eb2cbeaa7c7222957a

"Z:\small software\Movavi.VideoSuite.7.0.2\crack\Suite.exe"
11/06/2009 06:04 PM |Size 4849664 |Crc32 9cc58133 |Md5 20f752a5562614da21428b3a065498b7

"Z:\small software\Movavi.VideoSuite.7.0.2\crack\VideoCapture.exe"
11/06/2009 05:26 PM |Size 5632 |Crc32 5b54796a |Md5 ac0e1e01ae940b543cdd049143a88568

"Z:\small software\Movavi.VideoSuite.7.0.2\crack\VideoCaptureME.exe"
11/06/2009 05:22 PM |Size 5632 |Crc32 aa1a21a8 |Md5 ed2c33fe8ea41ab494c2a2395ca6e096

"Z:\small software\Movavi.VideoSuite.7.0.2\crack\VideoConverter.exe"
11/06/2009 05:32 PM |Size 5632 |Crc32 23963d47 |Md5 2d2a8144619ea23bcf8595a90fd3dd55

"Z:\Kasparov Chessmate softarchive.net\Kasparov.Chessmate.v1.0.14.WinALL.Incl.Keygen-ECLiPSE\Kasparov.Chessmate.v1.0.14.Keygen.zip"
-> Contain : eclkcm10.exe 112640 DFLT-N 4% 108016 23-10-2004 19:00:18 a3b79114

"Z:\Alcohol\Alcohol_120_v1.9.5.3105_Retail.Offline.KeyGen.rar"
-> contain : keygen.exe

"Z:\Alcohol\Alcohol_120_v1.9.5.3105_Retail_Incl_Offline_KeyGen.rar"
-> contain : setup.exe

"Z:\Malwarebytes' Anti-Malware v1.39+Serial [ kk ]\Malwarebytes' Anti-Malware v1.39+Serial [ kk ].rar"
-> contain : mbam-setup.exe
0
Utilisateur anonyme
22 déc. 2009 à 23:04
Fais un nouveau rapport RSIT, cette fois ci tu n'auras qu'un rapport log.txt qui va apparaitre dans un fichier bloc-notes.

Postes son contenu dans ta prochaine réponse.
0