Nettoyage du PC Fermé

Question

Bonjour,

mon ordinateur est très lent et je soupçonne la présence de plusieurs virus!

Comme le dit cette astuce du forum
https://www.commentcamarche.net/faq/2490-supprimer-les-adwares-publicites-intempestives-pop-up-etc#1-execution-de-random-s-system-information-tool

j'ai fait le Random system information tool : 




Logfile of random's system information tool 1.06 (written by random/random)
Run by Francis Rouillier at 2010-02-26 21:28:55
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 16 GB (43%) free of 38 GB
Total RAM: 1023 MB (17% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:29:18, on 2010-02-26
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe
D:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\NetMeter\NetMeter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Francis Rouillier\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\iTunes\iTunes.exe
C:\Program Files\PokerStars\PokerStars.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\RSIT.exe
C:\Program Files	rend micro\Francis Rouillier.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - d:\program filespbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Netlog Music Tool] "C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe"
O4 - HKCU\..\Run: [VistaStartMenu] "D:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [D:\Program Files\NetMeter\NetMeter.exe] D:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Documents and Settings\Francis Rouillier\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?e55e44394b784609ad8c058ee768df07
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?e55e44394b784609ad8c058ee768df07
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Fichiers communs\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

docnono · Answer

attend je vais être clair :
Les antivirus gratuits sont très souvent insuffisant pour protéger son PC !
et meme si ça bloque certain ça netoi trés mal.

J'ai pas regardé le detail mais deja ça :
C:\Program Files\PokerStars\PokerStars.exe 
C:\Program Files	rend micro\Francis Rouillier.exe 
Semble un peu louche !


Je te conseille de désinstaller Avast redémarrer et installer "Kaspersky internet suite" gratuit 1 mois

benurrr · Answer

bonjour

Télécharge UsbFix de C_XX & Chiquitine29

http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe


(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

• Double clic sur "UsbFix.exe" présent sur ton bureau  ( clic droit "exécuter en tant qu'administrateur" pour Vista & 7 ) 

• Choisis l'option F pour français et tape sur [entrée] .

• Choisis l'option 1 ( Recherche ) et tape sur [entrée] .

• Laisse travailler l'outil.

• Ensuite poste le rapport UsbFix.txt qui apparaitra.

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

maggot26 · Answer

@ Docnono, pour ce qui est de pokerstars, je l'ai installé la journée même que j'ai fait le scan, alors je ne pense pas qu'il soit la cause de problèmes...

Pour l'antivirus, j'ai déjà épuisé la version d'essai de kaspersky


@ Benurrr

Voici le rapport : 



############################## | UsbFix V6.097 |

User : Francis Rouillier (Administrateurs) # FRANCIS
Update on 20/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 11:14:58 | 2010-02-27
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

              Intel(R) Pentium(R) 4 CPU 2.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1356 [VPS 100227-0] 4.8.1356 [ Enabled | Updated ]

C:\ -> Disque fixe local # 37,27 Go (15,91 Go free) # NTFS
D:\ -> Disque fixe local # 279,47 Go (177,71 Go free) [DRV2_VOL1] # NTFS
E:\ -> Disque CD-ROM

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe
D:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\NetMeter\NetMeter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Francis Rouillier\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\McAfee\Common Framework
aPrdMgr.exe
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Elements infectieux |


################## | Registre |

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"  
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"  

################## | Mountpoints2 |


################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné !  

################## | ! Fin du rapport # UsbFix V6.097 ! |

benurrr · Answer

C:\Program Files	rend micro\Francis Rouillier.exe  c'est hijack renommer no soucie

                         Suppression 

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe......) susceptibles d'avoir été infectés sans les ouvrir

(1) Double clic sur le raccourci UsbFix présent sur ton bureau

(2) Choisi l option 2 ( Suppression )

 Ton bureau disparaitra et le pc redémarrera .

 Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.

 Ensuite poste le rapport UsbFix.txt qui apparaitra avec le bureau .

 Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

maggot26 · Answer

Voici le rapport : 



############################## | UsbFix V6.097 |

User : Francis Rouillier (Administrateurs) # FRANCIS
Update on 20/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 18:45:07 | 2010-02-27
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

              Intel(R) Pentium(R) 4 CPU 2.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1356 [VPS 100227-2] 4.8.1356 [ Enabled | Updated ]

C:\ -> Disque fixe local # 37,27 Go (15,87 Go free) # NTFS
D:\ -> Disque fixe local # 279,47 Go (177,72 Go free) [DRV2_VOL1] # NTFS
E:\ -> Disque CD-ROM

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Common Framework
aPrdMgr.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe

################## | Elements infectieux |

Supprimé ! C:\Recycler\S-1-5-21-1715567821-287218729-725345543-1003 
Supprimé ! D:\Recycler\S-1-5-21-1275210071-651377827-839522115-1003 
Supprimé ! D:\Recycler\S-1-5-21-1715567821-287218729-725345543-1003 

################## | Registre |

Supprimé ! [HKLM\software\microsoft\shared tools\msconfig\startupreg\Monopod]  
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"  
Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"  

################## | Mountpoints2 |


################## | Listing des fichiers présent |

[2007-03-01 17:31|--a------|6659716] C:\01 When I'm Gone.mp3 
[2008-03-25 09:24|--a------|0] C:\AUTOEXEC.BAT 
[2009-10-04 15:38|--a------|212] C:\Boot.bak 
[2009-10-04 15:54|-rahs----|282] C:\boot.ini 
[2003-04-24 07:00|-rahs----|4952] C:\Bootfont.bin 
[2004-08-03 22:00|--a------|263488] C:\cmldr 
[2009-10-04 16:24|--a------|16758] C:\ComboFix.txt 
[2008-03-25 09:24|--a------|0] C:\CONFIG.SYS 
[2009-11-20 09:58|--a------|65440] C:\hpfr3320.log 
[2009-03-29 15:31|--a------|230424] C:\img2-001.raw 
[2008-03-25 09:24|-rahs----|0] C:\IO.SYS 
[2008-10-12 10:53|--a------|9909] C:\lopR.txt 
[2008-11-03 21:43|--a------|2981] C:\MDL 2.0 Debug.txt 
[2008-06-08 19:30|--a------|37376] C:\Module+3-O4+436.doc 
[2009-11-15 01:00|--a------|174] C:\mp4log.txt 
[2008-03-25 09:24|-rahs----|0] C:\MSDOS.SYS 
[2008-04-27 16:50|-rahs----|47564] C:\NTDETECT.COM 
[2008-09-28 13:00|-rahs----|252240] C:
tldr 
[?|?|?] C:\pagefile.sys 
[2009-10-04 17:07|--a------|23834] C:esult.txt 
[2008-10-12 10:59|--a------|2183] C:\TB.txt 
[2010-02-27 19:00|--a------|3998] C:\UsbFix.txt 
[2009-04-05 11:52|--a------|509602] C:\vcredist_x86.log 
[2007-07-09 11:41|--a------|4130816] D:\01 30_30-150.mp3 
[2007-10-06 10:40|--a------|883560] D:\Google_Updater.exe 

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). 
# D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). 

################## | Upload | 

Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_FRANCIS.zip : https://www.ionos.fr/?affiliate_id=77097 
Merci pour votre contribution .  

################## | ! Fin du rapport # UsbFix V6.097 ! |

benurrr · Answer

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

 Télécharge et installe List&Kill'em et enregistre le sur ton bureau

http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe


 Branche clés usb , disques durs externes , mp3 , mp4 , etc..

double clique ( clic droit "exécuter en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

coche la case "créer une icône sur le bureau"

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis la langue puis choisis l'option 1 = Mode Recherche

 laisse travailler l'outil

à l'apparition de la fenêtre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'écran "COMPLETED"

maggot26 · Answer

List'em by g3n-h@ckm@n 1.2.8.1

User : Francis Rouillier (Administrateurs) 
Update on 26/02/2010 by g3n-h@ckm@n ::::: 14.30 
Start at: 20:37:40 | 2010-02-27
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

              Intel(R) Pentium(R) 4 CPU 2.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1368 [VPS 100227-2] 4.8.1368 [ (!) Disabled | Updated ]

C:\ -> Disque fixe local | 37,27 Go (16,29 Go free) | NTFS
D:\ -> Disque fixe local | 279,47 Go (177,75 Go free) [DRV2_VOL1] | NTFS
E:\ -> Disque CD-ROM
 
Boot: Normal 
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running 

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Common Framework
aPrdMgr.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe
D:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\NetMeter\NetMeter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Francis Rouillier\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Francis Rouillier\Local Settings\Temp\B.tmp\pv.exe

======================
Keys "Run" 
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
swg	REG_SZ         	C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Netlog Music Tool	REG_SZ         	"C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe"
VistaStartMenu	REG_SZ         	"D:\Program Files\Vista Start Menu\VistaStartMenu.exe"
msnmsgr	REG_SZ         	"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
D:\Program Files\NetMeter\NetMeter.exe	REG_SZ         	D:\Program Files\NetMeter\NetMeter.exe
ctfmon.exe	REG_SZ         	C:\WINDOWS\system32\ctfmon.exe
SpybotSD TeaTimer	REG_SZ         	C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
WeatherEye	REG_SZ         	C:\Documents and Settings\Francis Rouillier\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
NvCplDaemon	REG_SZ         	RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup 
VX3000	REG_SZ         	C:\WINDOWS\vVX3000.exe 
nwiz	REG_SZ         	nwiz.exe /install 
NvMediaCenter	REG_SZ         	RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit 
McAfeeUpdaterUI	REG_SZ         	"C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey 
LyraHD2TrayApp	REG_SZ         	"C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" 
ISUSPM	REG_SZ         	"C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler 
Adobe Reader Speed Launcher	REG_SZ         	"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" 
LifeCam	REG_SZ         	"C:\Program Files\Microsoft LifeCam\LifeExp.exe" 
TrojanScanner	REG_SZ         	C:\Program Files\Trojan Remover\Trjscan.exe /boot 
QuickTime Task	REG_SZ         	"C:\Program Files\QuickTime\QTTask.exe" -atboottime 
TkBellExe	REG_SZ         	"C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot 
Malwarebytes Anti-Malware (reboot)	REG_SZ         	"D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript 
avast!	REG_SZ         	C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 
SunJavaUpdateSched	REG_SZ         	"C:\Program Files\Java\jre6\bin\jusched.exe" 
iTunesHelper	REG_SZ         	"D:\Program Files\iTunes\iTunesHelper.exe" 
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] 
dontdisplaylastusername	REG_DWORD      	0 (0x0) 
legalnoticecaption	REG_SZ         	 
legalnoticetext	REG_SZ         	 
shutdownwithoutlogon	REG_DWORD      	1 (0x1) 
undockwithoutlogon	REG_DWORD      	1 (0x1) 

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
NoDriveTypeAutoRun	REG_DWORD      	255 (0xff) 
NoDriveAutoRun	REG_DWORD      	255 (0xff) 
HonorAutoRunSetting	REG_DWORD      	0 (0x0) 

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
HonorAutoRunSetting	REG_DWORD      	0 (0x0) 
NoDriveAutoRun	REG_DWORD      	255 (0xff) 
NoDriveTypeAutoRun	REG_DWORD      	255 (0xff) 

=============== 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 
 AutoRestartShell	REG_DWORD      	1 (0x1) 
 DefaultDomainName	REG_SZ         	FRANCIS 
 DefaultUserName	REG_SZ         	Francis Rouillier 
 LegalNoticeCaption	REG_SZ         	 
 LegalNoticeText	REG_SZ         	 
 PowerdownAfterShutdown	REG_SZ         	0 
 ReportBootOk	REG_SZ         	1 
 Shell	REG_SZ         	Explorer.exe 
 ShutdownWithoutLogon	REG_SZ         	0 
 System	REG_SZ         	 
 Userinit	REG_SZ         	C:\WINDOWS\system32\userinit.exe, 
 VmApplet	REG_SZ         	rundll32 shell32,Control_RunDLL "sysdm.cpl" 
 SfcQuota	REG_DWORD      	-1 (0xffffffff) 
 allocatecdroms	REG_SZ         	0 
 allocatedasd	REG_SZ         	0 
 allocatefloppies	REG_SZ         	0 
 cachedlogonscount	REG_SZ         	10 
 forceunlocklogon	REG_DWORD      	0 (0x0) 
 passwordexpirywarning	REG_DWORD      	14 (0xe) 
 scremoveoption	REG_SZ         	0 
 AllowMultipleTSSessions	REG_DWORD      	1 (0x1) 
 UIHost	REG_EXPAND_SZ  	logonui.exe 
 LogonType	REG_DWORD      	1 (0x1) 
 Background	REG_SZ         	0 0 0 
 DebugServerCommand	REG_SZ         	no 
 SFCDisable	REG_DWORD      	0 (0x0) 
 WinStationsDisabled	REG_SZ         	0 
 HibernationPreviouslyEnabled	REG_DWORD      	1 (0x1) 
 ShowLogonOptions	REG_DWORD      	0 (0x0) 
 AltDefaultUserName	REG_SZ         	Francis Rouillier 
 AltDefaultDomainName	REG_SZ         	FRANCIS 
 ChangePasswordUseKerberos	REG_DWORD      	1 (0x1) 

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify	ermsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972}	REG_SZ         	 

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe	REG_SZ         	%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe	REG_SZ         	%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Mozilla Firefox\firefox.exe	REG_SZ         	C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
D:\Program Files\LimeWire\LimeWire.exe	REG_SZ         	D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
C:\Program Files\Bonjour\mDNSResponder.exe	REG_SZ         	C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\McAfee\Common Framework\FrameworkService.exe	REG_SZ         	C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service
D:\Program Files\Blazers Angel\bin\MainR.exe	REG_SZ         	D:\Program Files\Blazers Angel\bin\MainR.exe:*:Enabled:Blazing Angels
C:\Program Files\GameSpy Arcade\Aphex.exe	REG_SZ         	C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade
C:\Program Files\InterVideo\DVD8\WinDVD.exe	REG_SZ         	C:\Program Files\InterVideo\DVD8\WinDVD.exe:*:Enabled:WinDVD
C:\Program Files\Microsoft LifeCam\LifeCam.exe	REG_SZ         	C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe
C:\Program Files\Microsoft LifeCam\LifeEnC2.exe	REG_SZ         	C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe
C:\Program Files\Microsoft LifeCam\LifeExp.exe	REG_SZ         	C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe
C:\Program Files\Microsoft LifeCam\LifeTray.exe	REG_SZ         	C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe
D:\Program Files\iTunes\iTunes.exe	REG_SZ         	D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
C:\Program Files\Windows Live\Messenger\wlcsdk.exe	REG_SZ         	C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe	REG_SZ         	C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe	REG_SZ         	C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\WINDOWS\system32\muzapp.exe	REG_SZ         	C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe	REG_SZ         	%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe	REG_SZ         	%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe	REG_SZ         	C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe	REG_SZ         	C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe	REG_SZ         	C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{17492023-C23A-453E-A040-C7C580BBF700}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{20A60F0D-9AFA-4515-A0FD-83BD84642501}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{867E13F2-7F31-44FB-AC97-CD38E0DC46EF}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{CB58DED6-4AF3-4080-9DF1-DEE72075169F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1325db73-d9f1-48f8-8895-6d814ec58889}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3F7924B9-D148-3141-87B1-68F36043A940}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4d64f3ba-f112-4efe-a02e-96680859937c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{50D96BEC-03A8-F0AE-6A6B-7A6EFCF4DEFE}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5b7bf89d-d196-4c32-a303-a57b8ab7f18d}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{dd772a76-bef3-44d7-8b39-502c8504c1f1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{f15ee071-deb7-4cbb-951f-431c98338d8e}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1827766B-9F49-4854-8034-F6EE26FCB1EC}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

===
DNS
===

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3C23CB85-1365-4B87-8F34-203301293409}: DhcpNameServer=192.168.0.1 
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3C23CB85-1365-4B87-8F34-203301293409}: DhcpNameServer=192.168.0.1 
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3C23CB85-1365-4B87-8F34-203301293409}: DhcpNameServer=192.168.0.1 
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.msn.com/fr-fr

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services] 

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Francis Rouillier\Local Settings\Temp\B.tmp
## C:\> hashdeep.exe C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
## 
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Francis Rouillier\Local Settings\Temp\B.tmp
## C:\> hashdeep.exe C:\WINDOWS\ServicePackFiles\i386\atapi.sys
## 
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\ServicePackFiles\i386\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Francis Rouillier\Local Settings\Temp\B.tmp
## C:\> hashdeep.exe C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\atapi.sys
## 
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Francis Rouillier\Local Settings\Temp\B.tmp
## C:\> hashdeep.exe C:\WINDOWS\system32\drivers\atapi.sys
## 
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\system32\drivers\atapi.sys

Référence :
==========

Win 2000_SP2   : ff953a8f08ca3f822127654375786bbe
Win XP_32b     : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b      : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b  : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b  : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b  : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b  : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b  : 02062C0B390B7729EDC9E69C680A6F3C
 
=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse                 	 
    37,27 Go total,  16,29 Go libre (43%),  18% fragment‚ (fragmentation du fichier 37%)

Vous devriez d‚fragmenter ce volume. 	 

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadD500.exe  
Present !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadX800.exe  
Present !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadZ510.exe  
Present !! : C:\WINDOWS\002292_.tmp  
Present !! : C:\WINDOWS\005572_.tmp  
Present !! : C:\WINDOWS\SET3.tmp  
Present !! : C:\WINDOWS\SET7.tmp  
Present !! : C:\WINDOWS\System32\clauth1.dll 
Present !! : C:\WINDOWS\System32\clauth2.dll 
Present !! : C:\WINDOWS\System32\drivers\Cdaudio.sys 
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn 
Present !! : C:\WINDOWS\System32\muzapp.exe"  
Present !! : C:\WINDOWS\System32\SET*.tmp 
Present !! : C:\WINDOWS\System32\ssprs.dll 
Present !! : C:\WINDOWS\xobglu16.dll  
Present !! : C:\WINDOWS\xobglu32.dll  
Present !! : C:\Documents and Settings\Francis Rouillier\Application Data\filterclsid.dat  
Present !! : C:\Documents and Settings\Francis Rouillier\Application Data\filterclsid.dat  
Present !! : C:\Documents and Settings\Francis Rouillier\LOCAL Settings\Temp\FFSetup215.exe  
Present !! : C:\Documents and Settings\Francis Rouillier\LOCAL Settings\Temp\jre-6u15-windows-i586-iftw.exe  
Present !! : C:\Documents and Settings\Francis Rouillier\LOCAL Settings\Temp\wlsetup-cvr.exe  
Present !! : C:\Documents and Settings\Francis Rouillier\LOCAL Settings\Temp	mp7A.tmp  
Present !! : C:\Documents and Settings\Francis Rouillier\LOCAL Settings\Temp	mpA.tmp  
 
¤¤¤¤¤¤¤¤¤¤ Keys : 

Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}  
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"  
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"  
Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}  
Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}  
Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}  
Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}  
Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}  

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-27 21:10:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
kernel: MBR read successfully
user & kernel MBR OK 

==========
Programs
==========

Accessdiver
Adobe
Advanced Registry Optimizer
Alwil Software
Apple Software Update
Ask Search Assistant
AVG
AxBx
Bonjour
CCleaner
COMODO
ComPlus Applications
CyberLink
DivX
Fichiers communs
File Properties Changer
FlashGet
GameSpy Arcade
GoldWave
Google
HEARTTHIRDLICENSE
Hewlett-Packard
hp deskjet 3320 series
InstallShield Installation Information
Internet Explorer
InterVideo
InterVideo Information Service
iPod
Java
jSVIcoder
Kaspersky Lab
List_Kill'em
LucasArts
MarkAny
Maxis
McAfee
Messenger
MessengerDiscovery
Microsoft
microsoft frontpage
Microsoft LifeCam
Microsoft Office
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Movie Maker
Mozilla Firefox
MSBuild
MSECache
MSN
MSN Gaming Zone
MSXML 4.0
MySlideShow Gold 3
MySlideShow Plug-ins 3
M‚t‚oM‚dia
Netlog Music Tool
NetMeeting
Outlook Express
Password Generator
PokerStars
QuickTime
Real
Reference Assemblies
Replay Media Catcher
Samsung
Services en ligne
Sierra On-Line
SiS7012
Spybot - Search & Destroy
Spyware Doctor
STOPzilla!
Sun
Tablet
Tap'Touche 3
Thomson
Trend Micro
Trojan Remover
Uninstall Information
UxTheme Multipatcher Fr
Windows Live
Windows Live Favorites
Windows Live SkyDrive
Windows Live Toolbar
Windows Media Components
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinLemm
xerox
Yahoo!
Zoom Player
Zylom Games

============
Drive C:
============

$AVG8.VAULT$
01 When I'm Gone.mp3
AUTOEXEC.BAT
autorun.inf
Boot.bak
boot.ini
Bootfont.bin
cmdcons
cmldr
ComboFix.txt
CONFIG.SYS
Documents and Settings
Downloads
games
hpfr3320.log
img2-001.raw
IO.SYS
Kill'em
List'em.txt
Lop SD
lopR.txt
MDL 2.0 Debug.txt
Module+3-O4+436.doc
mp4log.txt
MSDOS.SYS
My Music
NTDETECT.COM
ntldr
pagefile.sys
Program Files
Qoobox
QUARANTINE
RECYCLER
result.txt
rimes
rsit
SIERRA
System Volume Information
TB.txt
ToolBar SD
UsbFix
UsbFix.txt
UsbFix_Upload_Me_FRANCIS.zip
vcredist_x86.log
videooutput
WINDOWS
WTablet
 
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials 
 
 
 
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 21:51:18,12

benurrr · Answer

&#9654; Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :

&#9654; choisis l'option 2 = Mode Suppression

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

&#9654; colle le contenu dans ta réponse

ensuite :

&#9654; Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :

&#9654; choisis l'option 6 = Restore MBR

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

&#9654; colle le contenu dans ta réponse

maggot26 · Answer

Kill'em by g3n-h@ckm@n 1.2.8.1 
 
User : Francis Rouillier (Administrateurs) 
Update on 26/02/2010 by g3n-h@ckm@n ::::: 14.30 
Start at: 12:23:45 | 2010-02-28
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

              Intel(R) Pentium(R) 4 CPU 2.00GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1368 [VPS 100228-0] 4.8.1368 [ Enabled | Updated ]

C:\ -> Disque fixe local | 37,27 Go (16,23 Go free) | NTFS
D:\ -> Disque fixe local | 279,47 Go (177,75 Go free) [DRV2_VOL1] | NTFS
E:\ -> Disque CD-ROM
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
 
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Netlog Music Tool\NetlogMusicTool.exe
D:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
D:\Program Files\NetMeter\NetMeter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Francis Rouillier\Local Settings\Application Data\MétéoMédia\MétéoÉclair\WeatherEye.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\McAfee\Common Framework
aPrdMgr.exe
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Francis Rouillier\Local Settings\Temp\C.tmp\pv.exe
 
Detections : 
========== 
 

¤¤¤¤¤¤¤¤¤¤ Files/folders : 

Quarantined & Deleted !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadD500.exe 
Quarantined & Deleted !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadX800.exe 
Quarantined & Deleted !! : C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadZ510.exe 
Quarantined & Deleted !! : C:\WINDOWS\002292_.tmp 
Quarantined & Deleted !! : C:\WINDOWS\005572_.tmp 
Quarantined & Deleted !! : C:\WINDOWS\SET3.tmp 
Quarantined & Deleted !! : C:\WINDOWS\SET7.tmp 
 
Quarantined & Deleted !! : C:\WINDOWS\System32\clauth1.dll 
Quarantined & Deleted !! : C:\WINDOWS\System32\clauth2.dll 
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\Cdaudio.sys 
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn 
Quarantined & Deleted !! : C:\WINDOWS\System32\muzapp.exe 
Quarantined & Deleted !! : C:\WINDOWS\System32\SET6FC.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SET6FD.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SET6FF.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SET703.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SET70B.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SET70D.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\ssprs.dll 
Quarantined & Deleted !! : C:\WINDOWS\xobglu16.dll 
Quarantined & Deleted !! : C:\WINDOWS\xobglu32.dll 
Quarantined & Deleted !! : C:\Documents and Settings\Francis Rouillier\Application Data\filterclsid.dat 
Quarantined & Deleted !! : C:\Documents and Settings\Francis Rouillier\LOCAL Settings\Temp\FFSetup215.exe 
Quarantined & Deleted !! : C:\Documents and Settings\Francis Rouillier\LOCAL Settings\Temp\jre-6u15-windows-i586-iftw.exe 
Quarantined & Deleted !! : C:\Documents and Settings\Francis Rouillier\LOCAL Settings\Temp\wlsetup-cvr.exe 
Quarantined & Deleted !! : C:\Documents and Settings\Francis Rouillier\LOCAL Settings\Temp	mp7A.tmp 
Quarantined & Deleted !! : C:\Documents and Settings\Francis Rouillier\LOCAL Settings\Temp	mpA.tmp 
 
==============
host file OK !
==============

========
Registry
========

Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}  
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"  
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"  
Deleted : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}  
Deleted : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}  
Deleted : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}  
Deleted : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}  
Deleted : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}  
========
Services
=========

 Ndisuio : Start = 3   
 EapHost : Start = 2   
 Ip6Fw : Start = 2   
 SharedAccess : Start = 2   
 wuauserv : Start = 2   
 wscsvc : Start = 2   

============
Disk Cleaned
============
 
=================
anti-ver blaster : OK !! 
=================

================
Prefetch cleaned 
================
 
 
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 









Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

benurrr · Answer

salut

télécharge

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

a l'installation vérifie que mise a jour et lancer programme et scan complet sont bien cocher

Une fois a jour, le programme va se lancer; clic sur l´onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".

A la fin du scan clique sur Afficher les résultats

Vérifier si tout est coché et clic Supprimer la sélection

S'il t'es demandé de redémarrer >>> clique sur "Yes"

Et tu poste le rapport générer

maggot26 · Answer

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3807
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2010-02-28 14:10:15
mbam-log-2010-02-28 (14-10-15).txt

Type de recherche: Examen rapide
Eléments examinés: 116362
Temps écoulé: 13 minute(s), 43 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


Le scan n'a trouvé aucun élément nuisible.. alors j'imagine que je ne peux pas tout supprimer comme tu me l'as indiqué.. Mais voici le rapport!

benurrr · Answer

c'est bon signe pas de malware et trojan donc rien a suprimmer 

pour ask

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau. 
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3

* Lance l'installation du programme en exécutant le fichier téléchargé. 
* Double-clique maintenant sur le raccourci de Toolbar-S&D. 
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée. 
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche. 
* Poste le rapport généré. (C:\TB.txt) 

Par Manque De Curiosité On Risque De Mourir Ignorant;Tu es libre de penser que tu es C..,
Mais C.. de penser que ­tu es libre...Merci a australe13

maggot26 · Answer

-----------\  ToolBar S&D 1.2.2   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free :               Intel(R) Pentium(R) 4 CPU 2.00GHz )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : Francis Rouillier ( Administrator )
   BOOT : Normal boot
   Antivirus : avast! antivirus 4.8.1368 [VPS 100228-0] 4.8.1368 (Activated)
   C:\ (Local Disk) - NTFS - Total : 37 Go Free : 16 Go
   D:\ (Local Disk) - NTFS - Total : 279 Go Free : 177 Go
   E:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )
   Option : [1] ( 2010-02-28|15:09 )

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\DOCUME~1\FRANCI~1\Cookies\francis_rouillier@alot[1].txt
   C:\DOCUME~1\FRANCI~1\Cookies\francis_rouillier@try.alot[2].txt
   C:\DOCUME~1\FRANCI~1\Cookies\francis_rouillier@webcrawler[2].txt
   C:\DOCUME~1\FRANCI~1\Cookies\francis_rouillier@www.webcrawler[1].txt
   C:\DOCUME~1\FRANCI~1\Cookies\francis_rouillier@downloadmytoolbar[1].txt
   C:\DOCUME~1\FRANCI~1\Cookies\francis_rouillier@mywebsearch[1].txt
   C:\DOCUME~1\FRANCI~1\Cookies\francis_rouillier@7search[2].txt

   -----------\  Extensions

   (Francis Rouillier) - {1280606b-2510-4fe0-97ef-9b5a22eafe41} => fission
   (Francis Rouillier) - {B5EDFBB0-9827-11DA-A72B-0800200C9A66} => forecastfox
   (Francis Rouillier) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
   (Francis Rouillier) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
   "Start Page Redirect Cache"="https://www.msn.com/fr-ca?lang=fr-ca&OCID=iehp"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Start Page"="https://www.msn.com/fr-fr"


   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\FRANCI~1\Recent\Demolished_Cracks__2__by_env1ro Folder.lnk
   C:\DOCUME~1\FRANCI~1\Recent\Spyware_Doctor_[Keygen.exe].4088583.TPB.lnk



   1 - "C:\ToolBar SD\TB_1.txt" - 2008-10-12|11:06 - Option : [1]
   2 - "C:\ToolBar SD\TB_2.txt" - 2008-10-12|11:59 - Option : [2]
   3 - "C:\ToolBar SD\TB_3.txt" - 2010-02-28|15:13 - Option : [1]

   -----------\  Fin du rapport a 15:13:24,03

benurrr · Answer

Nettoyage avec Ad-Remover :

/!\ Déconnectes toi et fermes toutes applications en cours, désactive ton antivirus le temps de la manipulation/!\
Double clique ( clic droit "exécuter en tant qu'administrateur" pour Vista/7 ) sur l’exécutable pour le lancer.
Au message d’avertissement qui s’affiche, sélectionne ‘Oui’.
Au menu principal choisi l’option "L" et tape ensuite sur la touche Entrée.Poste le rapport qui apparaît à la fin de l’analyse qui peut prendre du temps.
(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)
(CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

maggot26 · Answer

.
======= LOGFILE OF AD-REMOVER 1.1.4.6_J | ONLY XP/VISTA/7 =======
.
Updated by C_XX on 05.02.2010 at 17:34
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Launch at: 15:58:07, 2010-02-28 | Normal Boot | Option: CLEAN
Executed from: C:\Ad-Remover\
Operating system: Microsoft® Windows XP™  Service Pack 3 v5.1.2600
Computer Name: FRANCIS | Current user: Francis Rouillier
.
============== NEUTRALIZED ELEMENT(S) ==============
.

C:\DOCUME~1\FRANCI~1\MENUDM~1\PROGRA~1\Ask Search Assistant 
C:\Program Files\Ask Search Assistant 
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar2 
C:\Documents and Settings\Francis Rouillier\Local Settings\Application Data\Kiwee Toolbar2 

(!) -- Temp files deleted.
 
.
HKLM\Software\Classes\CLSID\{4260e0cc-0f75-462e-88a3-1e05c248bf4c}
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\AskSearchAsst.exe
HKLM\software\microsoft\windows\currentversion\uninstall\Ask.com Search Assistant
.
============== Added scan ==============
.
.
* Mozilla FireFox Version 3.5.8 [fr] *
.
 ProfilePath: ulv9as6o.default (Francis Rouillier)
.
(FRANCI~1, prefs.js) Browser.download.lastDir, D:\Program Files
(FRANCI~1, prefs.js) Browser.startup.homepage, hxxp://www.google.fr
(FRANCI~1, prefs.js) Extensions.enabledItems, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3,aging-tabs@design-noir.de:0.7.1,askopensearch-VTS@ask.com:1.0.0.0,en-CA@dictionaries.addons.mozilla.org:1.1.5,piclens@cooliris.com:1.11.6,{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7,{B5EDFBB0-9827-11DA-A72B-0800200C9A66}:0.7.2008093001,{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:0.0.0,{ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0,smartbookmarksbar@remy.juteau:1.4.3,{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7,sxipper@sxip.com:2.3.2,TabSidebar@blueprintit.co.uk:2.5,{5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.3,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8
(FRANCI~1, prefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
. 
(FRANCI~1, prefs.js) ERASED - Extensions.enabledItems, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3,aging-tabs@design-noir.de:0.7.1,askopensearch-VTS@ask.com:1.0.0.0,en-CA@dictionaries.addons.mozilla.org:1.1.5,piclens@cooliris.com:1.11.6,{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7,{B5EDFBB0-9827-11DA-A72B-0800200C9A66}:0.7.2008093001,{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15,jqs@sun.com:1.0,{20a82645-c095-46ed-80e3-08825760534b}:0.0.0,{ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0,smartbookmarksbar@remy.juteau:1.4.3,{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7,sxipper@sxip.com:2.3.2,TabSidebar@blueprintit.co.uk:2.5,{5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.3,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8
(FRANCI~1, prefs.js) ERASED - Extensions.opensearch@ask.com.install-event-fired, true
. 
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
Start Page Redirect Cache: hxxp://ca.msn.com/defaultf.aspx?lang=fr-ca&OCID=iehp
Start Page Redirect Cache_TIMESTAMP: fa33478ecc9fca01
Start Page Redirect Cache AcceptLangs: fr-ca
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
4500 Byte(s) - C:\Ad-Report-CLEAN[1].log 
.
1032 File(s) - C:\DOCUME~1\FRANCI~1\LOCALS~1\Temp 
98 File(s) - C:\WINDOWS\Temp 
9 File(s) - C:\WINDOWS\Prefetch 
.
17 File(s) - C:\Ad-Remover\BACKUP
7 File(s) - C:\Ad-Remover\QUARANTINE
.
End at: 16:12:27 | 2010-02-28 - CLEAN[1]
.
============== E.O.F ==============
.

benurrr · Answer

bonjour

relance usbfix
Double clic sur le raccourci UsbFix présent sur ton bureau

Choisi l option 5 ( Désinstaller ) ....

relance List&Kill'em.

et choisie l'option 3 désinstallation

ensuite

pour nettoyer les fix qui ont servit

Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.
http://pc-system.fr/

Double clique sur ToolsCleaner2.exe >
puis Recherche
et sur Suppression
Note : ton bureau va disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

tu poste le rapport générer après suppression