Fenetres pub sous vista

Résolu
clocloaline Messages postés 27 Date d'inscription   Statut Membre Dernière intervention   -  
 bruno03190 -
Bonjour,
Je suis envahi par les fenetres de pub.
C'est infernal.
J'ai exécuté NAVILOG. Voyez le résultat.
Pouvez-vous m'aider.
Dans cette attente
clocloaline
A voir également:

35 réponses

  • 1
  • 2
Réponse 1 / 35
Utilisateur anonyme
 
Salut ,

Poste le rapport de Navilog stp :)


A+++
0
clocloaline Messages postés 27 Date d'inscription   Statut Membre Dernière intervention  
 
comment faire je l'ai dans le bloc note

clocloaline
0
Réponse 2 / 35
clocloaline Messages postés 27 Date d'inscription   Statut Membre Dernière intervention  
 
comment envoyer le rapport je l'ai dans bloc note

clocloaline
0
Réponse 3 / 35
Utilisateur anonyme
 
Re ,

Par un copier/coller


(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
A++
0
Réponse 4 / 35
clocloaline Messages postés 27 Date d'inscription   Statut Membre Dernière intervention  
 
Search Navipromo version 3.5.8 commencé le 16/06/2008 à 11:00:19,64

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Claude"

Mise à jour le 06.06.2008 à 18h00 par IL-MAFIOSO

Microsoft Windows Vista 6.0.6001
Internet Explorer : 7.0.6001.18000
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\Windows" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\ProgramData" ***


*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "c:\users\claude\appdata\roaming\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "C:\Users\Claude\AppData\Local\virtualstore\Program Files" ***


*** Recherche dossiers dans "C:\Users\Claude\AppData\Roaming" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\Windows\system32" *

* Recherche dans "C:\Users\Claude\AppData\Local\Microsoft" *

* Recherche dans "C:\Users\Claude\AppData\Local\virtualstore\windows\system32" *

* Recherche dans "C:\Users\Claude\AppData\Local" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\Windows\system32" :


* Dans "C:\Users\Claude\AppData\Local\Microsoft" :


* Dans "C:\Users\Claude\AppData\Local\virtualstore\windows\system32" :


* Dans "C:\Users\Claude\AppData\Local" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 16/06/2008 à 11:21:46,28 ***
excuse moi d'avoir tardé à t'envoyer l'analyse

encore merci

clocloaline
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 35
Utilisateur anonyme
 
Re ,

Merci bien :)

______________________________________________________________________


Désactive l'UAC (contrôle des comptes utilisateurs) car il peut gener l'execution du programme.

Démarrer --> Panneau de Configuration --> Comptes d'utilisateurs et protection des utilisateurs --> Comptes d'utilisateurs --> Activer ou désactiver le contrôle des comptes d'utilisateurs > désactive-le.

/!\ Pense à le remettre aprés la désinfection /!\


Tutorial : http://www.laboratoire-microsoft.org/tips-23933-desactiver-uac-vista.html

______________________________________________________________________


→ Télécharge TrendMicro™ HijackThis™


'
Place le dans ' C:\programmes\ ' Une fois cela fait , merci de renommer l'icône ( clique droit > renommer )' Hijackthis.exe 'situé dans le dossier dans C:\ , en 'HJT.exe' <<<<<<<<< Important !!! <<<<<<<

Le chemin d'accés du programme doit être ressemblant à celui-ci : C:\Programme\Trend Micro\Hijackthis\HJT.exe


Ne pas renommer l'icône du raccourci sur le bureau bien entendu ...


/!\ Ferme toute les fenêtres encore ouvertes , et déconnecte toi du web /!\


Clique droit sur l'icône -> '' Executer en tant qu'administrateur '' , et choisi l'option '' do a system scan and save a logfile '' et poste moi le rapport ( qui apparait sur le bloc-note )


(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Tuto si tu n'y arrive pas : http://pageperso.aol.fr/balltrap34/demohijack.htm



A+++
0
clocloaline Messages postés 27 Date d'inscription   Statut Membre Dernière intervention  
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:43:54, on 16/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\vVX1000.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {38811855-5A81-4696-A02B-A30A034F8F69} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {d8b5db10-efaf-8c3b-3314-f88aad09d4d9} - {9d4d90da-a88f-4133-b3c8-fafe01bd5b8d} - C:\Windows\system32\nxqrlxhq.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C3C9D2F2-821D-4897-85E9-E6125D45FBCD} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.leaderphoto.com/uploaders/aurigma_4_6/ImageUploader4.cab
O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} - https://secure.photobox.com/assets/aurigma/ImageUploader4.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://orange.securitoo.com/ols/fscax.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {CC91FA5E-C35A-3D25-2E72-B66B8EB1DA2A} - http://download.antispywareexpert.com/ASE_Setup_Free_fr.exe
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.girafoto.fr/uploaders/aurigma_4_7/ImageUploader4.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
0
Réponse 6 / 35
clocloaline Messages postés 27 Date d'inscription   Statut Membre Dernière intervention  
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:43:54, on 16/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\vVX1000.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {38811855-5A81-4696-A02B-A30A034F8F69} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {d8b5db10-efaf-8c3b-3314-f88aad09d4d9} - {9d4d90da-a88f-4133-b3c8-fafe01bd5b8d} - C:\Windows\system32\nxqrlxhq.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C3C9D2F2-821D-4897-85E9-E6125D45FBCD} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.leaderphoto.com/uploaders/aurigma_4_6/ImageUploader4.cab
O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} - https://secure.photobox.com/assets/aurigma/ImageUploader4.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://orange.securitoo.com/ols/fscax.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {CC91FA5E-C35A-3D25-2E72-B66B8EB1DA2A} - http://download.antispywareexpert.com/ASE_Setup_Free_fr.exe
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.girafoto.fr/uploaders/aurigma_4_7/ImageUploader4.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
0
Réponse 7 / 35
Utilisateur anonyme
 
Retour ,

Petite infection Vundo :)





Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

→ Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton Bureau.

→ A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.

→ Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

→ Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

→ MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :

→ Dans l'onglet analyse, vérifie que "Exécuter un examen complet" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.

→ MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.

→ A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

→ Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine. ►► FAIT LE

→ MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

→ Ferme MBAM en cliquant sur Quitter.

Poste le rapport dans ta réponse


Tutorial : https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm






A+++
0
clocloaline Messages postés 27 Date d'inscription   Statut Membre Dernière intervention  
 
j'ai fait l'analyse avec malwarebytes voici le résultat.

Pour ce soir ce sera tout.

bonne nuit

clocloaline

Malwarebytes' Anti-Malware 1.17
Version de la base de données: 861

21:28:22 16/06/2008
mbam-log-6-16-2008 (21-28-22).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 201137
Temps écoulé: 1 hour(s), 30 minute(s), 28 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 8 / 35
Utilisateur anonyme
 
Re ,

/!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\


1)Télécharge OTMoveIt2 ( de Old Timer )

2)Une fois téléchargé double-clique sur OTMoveIt2.exe pour le lancer.

Assure toi que la case Unregister Dll's and Ocx's soit bien cochée

3)puis copie les lignes en gras qui se trouvent en dessous :

C:\Windows\system32\nxqrlxhq.dll


et colle-les dans le cadre de gauche de OTMoveIt : "Paste List Of Files/Folders to Move."
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
clique sur Exit pour fermer.
4) Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.


(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

5) Il te sera peut-être demander de redémarrer le pc pour achever la suppression -> Accepte ( si il ne fait pas automatiquement , fait-le toi même )

/!\ Note : Au démarrage ton bureau RISQUE de ne plus apparaître , dans ce cas fait --> CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau.

******************************************

→ Télécharge sur ton bureau DSS (ex Comboscan) de Deckard:

(choisis enregistrer, puis Bureau comme emplacement)

Ferme toutes les applications en cours.

→ Double-clic sur DSS.exe pour lancer l'outil.

→ Une fenêtre s'ouvre, invitant à fermer toutes les applications, clique sur OK.

→ A la fin de l'analyse, une fenêtre s'ouvre, clique sur OK.

Le rapport main.txt va s'afficher, copie le dans ta prochaine réponse.
Si un rapport complémentaire a été créé, poste le aussi dans ta réponse.


(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )


A+
0
Réponse 9 / 35
clocloaline Messages postés 27 Date d'inscription   Statut Membre Dernière intervention  
 
j'ai telechargé OTmovelt2 mais quand j'ai appuyé sur exit il a disparu.
je l'ai refait et dans la page de droite il y d'écrit : file/folder c: windows\system32\nxq not foud.
Ensuite j'ai essayé de trouver DSS et de le télécharger.
J'ai trouver une liaison mais cela me dit : page not found.
As tu une solution ?

Clocloaline
0
Réponse 10 / 35
Utilisateur anonyme
 
Re , 

j'ai telechargé OTmovelt2 mais quand j'ai appuyé sur exit il a disparu.

Normal . Exit = sortir. 
file/folder c: windows\system32\nxq not foud.


C'est ceci qu'il faut copier/coller :


C:\Windows\system32\nxqrlxhq.dll


*******************

Quand à DSS , chez moi ça marche ..... =/


A++
0
Réponse 11 / 35
clocloaline Messages postés 27 Date d'inscription   Statut Membre Dernière intervention  
 
rapport de DSS

Depuis un moment après avoir fait OTmovelt2 je n'ai plus de fenêtre de pub. J'espère que cela va durer.

à +

Deckard's System Scanner v20071014.68
Run by Claude on 2008-06-17 15:06:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
9: 2008-06-12 16:06:55 UTC - RP179 - Installé WinZip 11.1
8: 2008-06-12 16:02:22 UTC - RP178 - Supprimé WinZip 11.1
7: 2008-06-12 10:20:28 UTC - RP177 - Point de contrôle planifié
6: 2008-06-11 16:54:09 UTC - RP176 - Installed Java(TM) 6 Update 5
5: 2008-06-10 15:29:42 UTC - RP175 - Point de contrôle planifié


-- First Restore Point --
1: 2008-06-03 16:50:38 UTC - RP171 - Installation du package de pilote logiciel : Symantec Service réseau


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Claude.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:09:03, on 17/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\vVX1000.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Claude\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Claude.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {38811855-5A81-4696-A02B-A30A034F8F69} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {d8b5db10-efaf-8c3b-3314-f88aad09d4d9} - {9d4d90da-a88f-4133-b3c8-fafe01bd5b8d} - C:\Windows\system32\nxqrlxhq.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C3C9D2F2-821D-4897-85E9-E6125D45FBCD} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.leaderphoto.com/uploaders/aurigma_4_6/ImageUploader4.cab
O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} - https://secure.photobox.com/assets/aurigma/ImageUploader4.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://orange.securitoo.com/ols/fscax.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {CC91FA5E-C35A-3D25-2E72-B66B8EB1DA2A} - http://download.antispywareexpert.com/ASE_Setup_Free_fr.exe
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.girafoto.fr/uploaders/aurigma_4_7/ImageUploader4.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
0
Réponse 12 / 35
clocloaline Messages postés 27 Date d'inscription   Statut Membre Dernière intervention  
 
voici un autre rapport

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Édition Familiale Premium (build 6001) SP 1.0
Architecture: X86; Language: French

CPU 0: Genuine Intel(R) CPU 2140 @ 1.60GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 2046.83 MiB / 1295.27 MiB
Pagefile Memory (total/avail): 4334.94 MiB / 3147.56 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1883.5 MiB

C: is Fixed (NTFS) - 111.69 GiB total, 81.3 GiB free.
D: is Fixed (NTFS) - 111.43 GiB total, 111.34 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3250820AS ATA Device - 232.88 GiB - 3 partitions
\PARTITION0 - Unknown - 9.76 GiB
\PARTITION1 (bootable) - MS-DOS V4 Huge - 111.69 GiB - C:
\PARTITION2 - Système de fichiers installable - 111.43 GiB - D:

\\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE1 - HP Photosmart C4280 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton Internet Security v15.5.0.23 (Symantec Corporation)
AV: Norton Internet Security v15.5.0.23 (Symantec Corporation)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) [COLOR=RED]Disabled/COLOR [COLOR=RED]Outdated/COLOR
AS: Norton Internet Security v15.5.0.23 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Claude\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PC-DE-CLAUDE
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Claude
LOCALAPPDATA=C:\Users\Claude\AppData\Local
LOGONSERVER=\\PC-DE-CLAUDE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f02
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Claude\AppData\Local\Temp
TMP=C:\Users\Claude\AppData\Local\Temp
USERDOMAIN=PC-de-Claude
USERNAME=Claude
USERPROFILE=C:\Users\Claude
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Claude


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acer Arcade Live Main Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall
Acer DV Magician --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6EFFB76-4A07-11DA-9D78-000129760D75}\setup.exe" -uninstall
Acer DVDivine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall
Acer eDataSecurity Management --> C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly
Acer ePerformance Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}\setup.exe" -l0x40c -removeonly
Acer HomeMedia --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\Setup.exe" -uninstall
Acer HomeMedia Connect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}\Setup.exe" -uninstall
Acer ScreenSaver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer SlideShow DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41581EF5-45A7-11DA-9D78-000129760D75}\Setup.exe" -uninstall
Acer Tour --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x40c -removeonly
Acer VideoMagician --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe® Photoshop® Album Edition Découverte 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft Camera Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD708DF0-9F04-4CB3-821A-85804A833B4D}\setup.exe" -l0x40c -uninst
Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Canon Camera TWAIN Driver 6.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{275E6655-7CB0-4B9E-A89D-2EE640B37899}
Canon Camera Window for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}
Canon Internet Library for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6A0DBAA6-4FEC-41B7-858E-99EF59B9173C}
Canon PhotoRecord --> C:\Windows\IsUn040c.exe -f"C:\Program Files\Canon\ZoomBrowser EX\Program\..\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\ZoomBrowser EX\Program\..\PhotoRecord\Program\uninstdll.dll"
Canon RAW Image Task for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D076E06B-F74B-454F-A56E-7510D7B6C9F0}
Canon RemoteCapture Task for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{822586CA-0B15-428C-859A-64B3728F28E7}
Canon Utilities File Viewer Utility 1.3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}
Canon Utilities PhotoStitch 3.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F11A403B-0DE9-4953-B790-7A2F014FBB2B}
Canon Utilities RemoteCapture 2.7 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}
Canon Utilities ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
ClickImpôts first step 2008 2008.3.020 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6C31597-6AA5-416B-A447-A4A9E59F21B5}\Setup.exe" -l0x40c
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
EBP Comptes Bancaires 2008 --> "C:\Program Files\EBP\Comptes Bancaires\unins000.exe"
ecran-de-veille.ORG Carnaval des Lanternes --> C:\Windows\system32\un_carnavallanternescreensaver.exe
eSobi v2 --> C:\Program Files\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x040c
Galerie de photos Windows Live --> MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Users\Claude\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J5RTHLV3\HijackThis.exe" /uninstall
HP Customer Participation Program 8.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart All-In-One Software 8.0 --> C:\Program Files\HP\Digital Imaging\{8641C1CB-03B3-41d4-8DEC-79826A4B5C0E}\setup\hpzscr01.exe -datfile hposcr13.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Solution Center 8.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft LifeCam --> MsiExec.exe /X{968D41C3-25BB-4632-A6DF-2E1C8F0143A4}
Microsoft Office Excel MUI (French) 2007 --> MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1) --> msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office OneNote MUI (French) 2007 --> MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007 --> MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007 --> MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007 --> MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007 --> MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007 --> MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Navilog1 3.5.8 --> "C:\Program Files\Navilog1\unins000.exe"
Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton AntiVirus Help --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security --> MsiExec.exe /I{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}
Norton Internet Security --> MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Setup.exe" /X
Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
OpenOffice.org 2.4 --> MsiExec.exe /I{1E0FF527-971B-4BBF-83D1-987E8DEE437D}
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
SAMSUNG CDMA Modem Driver Set --> C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Shop for HP Supplies --> C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec Real Time Storage Protection Component --> MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Win Généalogic 2005 --> C:\PROGRA~1\WINGNA~1\UNWISE.EXE C:\PROGRA~1\WINGNA~1\INSTALL.LOG
Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}


-- Application Event Log -------------------------------------------------------

Event Record #/Type15224 / Success
Event Submitted/Written: 06/17/2008 03:03:05 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type15221 / Success
Event Submitted/Written: 06/17/2008 03:03:01 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type15216 / Success
Event Submitted/Written: 06/17/2008 03:02:56 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
Le service de gestion des licences du logiciel a démarré.

Event Record #/Type15177 / Warning
Event Submitted/Written: 06/17/2008 03:01:03 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-2433064309-709054877-4000824809-1000_Classes:
Process 1008 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2433064309-709054877-4000824809-1000_CLASSES
Process 1524 (\Device\HarddiskVolume2\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-2433064309-709054877-4000824809-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache

Event Record #/Type15176 / Warning
Event Submitted/Written: 06/17/2008 03:01:02 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
3 user registry handles leaked from \Registry\User\S-1-5-21-2433064309-709054877-4000824809-1000:
Process 1008 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2433064309-709054877-4000824809-1000
Process 1524 (\Device\HarddiskVolume2\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-2433064309-709054877-4000824809-1000\Software
Process 1524 (\Device\HarddiskVolume2\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-2433064309-709054877-4000824809-1000\Software\Policies



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type42112 / Error
Event Submitted/Written: 06/17/2008 03:03:06 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
Planificateur LiveUpdate automatique%%2147500053

Event Record #/Type42046 / Error
Event Submitted/Written: 06/17/2008 03:02:41 PM
Event ID/Source: 15016 / HTTP
Event Description:
\Device\Http\ReqQueueKerberos

Event Record #/Type41927 / Error
Event Submitted/Written: 06/17/2008 09:36:23 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
Planificateur LiveUpdate automatique%%2147500053

Event Record #/Type41861 / Error
Event Submitted/Written: 06/17/2008 09:36:02 AM
Event ID/Source: 15016 / HTTP
Event Description:
\Device\Http\ReqQueueKerberos

Event Record #/Type41809 / Error
Event Submitted/Written: 06/16/2008 09:44:24 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
Planificateur LiveUpdate automatique%%2147500053



-- End of Deckard's System Scanner: finished at 2008-06-17 15:12:18 ------------
0
Réponse 13 / 35
Utilisateur anonyme
 
Je voudrais le rapport D'OtmoveIt STP.

*********************************

D'ailleurs relance OtmoveIt , et copie/colle ces lignes :


C:\Program Files\Java\jre1.6.0_05
C:\Program Files\Navilog1
C:\Users\All Users\Malwarebytes
C:\Program Files\Malwarebytes' Anti-Malware
C:\Windows\system32\ncbqjerg.dll
C:\Program Files\EoRezo
C:\Windows\system32\nxqrlxhq.dll
C:\Users\Claude\AppData\Roaming\Malwarebytes
C:\Users\Claude\AppData\Roaming\EoRezo
C:\Windows\system32\un_carnavallanternescreensaver.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d4d90da-a88f-4133-b3c8-fafe01bd5b8d}



-> MoveIt !

Poste le rapport.

a++
0
Réponse 14 / 35
clocloaline Messages postés 27 Date d'inscription   Statut Membre Dernière intervention  
 
rapport de OTmovelt après l'avoir relancé.

toujours pas eu d'autres fenetres de pub

à +


Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\SystemV scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Indian scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Etc scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Australia scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Atlantic scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Antarctica scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\America\North_Dakota scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Kentucky scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Indiana scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Argentina scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\America scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\servicetag scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\security scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\management scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\images\cursors scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\images scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\im scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\i386 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\fonts scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\ext scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\deploy scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\cmm scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\applet scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\bin\client scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\bin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Navilog1\Safebackup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Navilog1\Report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Navilog1\Backupnavi scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Navilog1 scheduled to be moved on reboot.
Folder move failed. C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware scheduled to be moved on reboot.
Folder move failed. C:\Users\All Users\Malwarebytes scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Malwarebytes' Anti-Malware\Languages scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Malwarebytes' Anti-Malware scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\system32\ncbqjerg.dll
C:\Windows\system32\ncbqjerg.dll NOT unregistered.
C:\Windows\system32\ncbqjerg.dll moved successfully.
Folder move failed. C:\Program Files\EoRezo\EoAdv\tmp scheduled to be moved on reboot.
Folder move failed. C:\Program Files\EoRezo\EoAdv scheduled to be moved on reboot.
Folder move failed. C:\Program Files\EoRezo scheduled to be moved on reboot.
File/Folder C:\Windows\system32\nxqrlxhq.dll not found.
C:\Users\Claude\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine moved successfully.
C:\Users\Claude\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs moved successfully.
C:\Users\Claude\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware moved successfully.
C:\Users\Claude\AppData\Roaming\Malwarebytes moved successfully.
C:\Users\Claude\AppData\Roaming\EoRezo\eoDesktop moved successfully.
C:\Users\Claude\AppData\Roaming\EoRezo\db moved successfully.
C:\Users\Claude\AppData\Roaming\EoRezo moved successfully.
File move failed. C:\Windows\system32\un_carnavallanternescreensaver.exe scheduled to be moved on reboot.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d4d90da-a88f-4133-b3c8-fafe01bd5b8d} >
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d4d90da-a88f-4133-b3c8-fafe01bd5b8d} \\ not found.
File/Folder not found.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06172008_182059

Files moved on Reboot...
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\SystemV scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Indian scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Etc scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Australia scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Atlantic scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Antarctica scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\America\North_Dakota scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Kentucky scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Indiana scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Argentina scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\America\North_Dakota scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Kentucky scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Indiana scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Argentina scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\America scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\SystemV scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Indian scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Etc scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Australia scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Atlantic scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Antarctica scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\America\North_Dakota scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Kentucky scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Indiana scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Argentina scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\America scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\servicetag scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\security scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\management scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\images\cursors scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\images\cursors scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\images scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\im scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\i386 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\fonts scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\ext scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\deploy scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\cmm scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\applet scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\SystemV scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Indian scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Etc scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Australia scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Atlantic scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Antarctica scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\America\North_Dakota scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Kentucky scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Indiana scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Argentina scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\America scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\servicetag scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\security scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\management scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\images\cursors scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\images scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\im scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\i386 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\fonts scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\ext scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\deploy scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\cmm scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\applet scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\bin\client scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\bin\client scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\bin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\SystemV scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Indian scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Etc scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Australia scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Atlantic scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Antarctica scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\America\North_Dakota scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Kentucky scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Indiana scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Argentina scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\America scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\zi scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\servicetag scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\security scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\management scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\images\cursors scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\images scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\im scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\i386 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\fonts scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\ext scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\deploy scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\cmm scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib\applet scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\lib scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\bin\client scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05\bin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Java\jre1.6.0_05 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Navilog1\Safebackup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Navilog1\Report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Navilog1\Backupnavi scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Navilog1\Safebackup scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Navilog1\Report scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Navilog1\Backupnavi scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Navilog1 scheduled to be moved on reboot.
Folder move failed. C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware scheduled to be moved on reboot.
Folder move failed. C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware scheduled to be moved on reboot.
Folder move failed. C:\Users\All Users\Malwarebytes scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Malwarebytes' Anti-Malware\Languages scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Malwarebytes' Anti-Malware\Languages scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Malwarebytes' Anti-Malware scheduled to be moved on reboot.
Folder move failed. C:\Program Files\EoRezo\EoAdv\tmp scheduled to be moved on reboot.
Folder move failed. C:\Program Files\EoRezo\EoAdv\tmp scheduled to be moved on reboot.
Folder move failed. C:\Program Files\EoRezo\EoAdv scheduled to be moved on reboot.
Folder move failed. C:\Program Files\EoRezo\EoAdv\tmp scheduled to be moved on reboot.
Folder move failed. C:\Program Files\EoRezo\EoAdv scheduled to be moved on reboot.
Folder move failed. C:\Program Files\EoRezo scheduled to be moved on reboot.
File move failed. C:\Windows\system32\un_carnavallanternescreensaver.exe scheduled to be moved on reboot.
0
Réponse 15 / 35
Utilisateur anonyme
 
Re ,

Oula il à un coup de mou OtmoveIT.


Télécharge The Avenger par Swandog46 sur ton Bureau:

Fait un clique droit sur ' Avenger.zip ' > extraire tout ( toujours sur le bureau )

Copie tout le texte en gras ci-dessous (CTRL+C) :


Begin copying here:

Folders to delete:
C:\Program Files\Java\jre1.6.0_05
C:\Program Files\Navilog1
C:\Users\All Users\Malwarebytes
C:\Program Files\Malwarebytes' Anti-Malware
C:\Program Files\EoRezo
C:\Users\Claude\AppData\Roaming\Malwarebytes
C:\Users\Claude\AppData\Roaming\EoRezo

Files to delete:
C:\Windows\system32\un_carnavallanternescreensaver.exe

Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d4d90da-a88f-4133-b3c8-fafe01bd5b8d}


→ Maintenant, lance The Avenger en cliquant sur son icône du bureau.

Un message en anglais va te demander de confirmer , répond ' OK '
Dans le cadre qui apparait sous 'input script there ' Colle le texte copié précédemment ( CTRL +V )
Vérifie que les cases ' Scan for rootkit ' & 'Automatically disable any rootkits found ' soient cochées.
Clique sur ' Execute '

...........The Avenger va automatiquement faire ce qui suit:

→ Redémarrage du pc .....
→ Pendant le re-démarrage, il apparaitra brièvement une fenêtre de commande de windows noire sur ton bureau -> NORMAL.
→ Après le re-démarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
→ Copie-en le contenu et poste le moi.


(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )


A+
0
Réponse 16 / 35
clocloaline Messages postés 27 Date d'inscription   Statut Membre Dernière intervention  
 
bonjour Cyrildu 17

voici le rapport de avenger



Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "C:\Program Files\Java\jre1.6.0_05" deleted successfully.
Folder "C:\Program Files\Navilog1" deleted successfully.

Error: could not open folder "C:\Users\All Users\Malwarebytes"
Deletion of folder "C:\Users\All Users\Malwarebytes" failed!
Status: 0xc0000715

Folder "C:\Program Files\Malwarebytes' Anti-Malware" deleted successfully.
Folder "C:\Program Files\EoRezo" deleted successfully.

Error: folder "C:\Users\Claude\AppData\Roaming\Malwarebytes" not found!
Deletion of folder "C:\Users\Claude\AppData\Roaming\Malwarebytes" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: folder "C:\Users\Claude\AppData\Roaming\EoRezo" not found!
Deletion of folder "C:\Users\Claude\AppData\Roaming\EoRezo" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Windows\system32\un_carnavallanternescreensaver.exe" deleted successfully.
Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d4d90da-a88f-4133-b3c8-fafe01bd5b8d}" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
0
Réponse 17 / 35
Utilisateur anonyme
 
Re ,

Il y a des résistants.

Désinstalle Malware byte's par '' ajout et suppression de programme '' .

Reposte un DSS par la suite.

A+
0
Réponse 18 / 35
clocloaline Messages postés 27 Date d'inscription   Statut Membre Dernière intervention  
 
cyril

qu'est ce un DSS ?
0
Réponse 19 / 35
Utilisateur anonyme
 
Re ,

ce rapport que tu m'a posté ;))

Refais-en un nouveau.

a++
0
Réponse 20 / 35
clocloaline Messages postés 27 Date d'inscription   Statut Membre Dernière intervention  
 
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************
voici le nouveau rapport

je n'ai toujours pas eu de nouvelles fenêtres de pub

clocloaline


Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.
0

Discussions similaires

Ouvrir un fichier .pub sans Publisher
baissaoui -
baissaoui -

0 réponse
Ouvrir document Publisher sans Publisher
Curtis Hayes -
Curtis Hayes -

7 réponses
lire un fichier .pub
xycoco -
Valou -

38 réponses
Lire, afficher, exécuter un fichier *.pub sans Publisher
jeannoellaurenti -
informatique_fujitsu -

1 réponse