CiD

Merci de tes conseil
Voici les fichiers

Logfile of random's system information tool 1.04 (written by random/random)
Run by François at 2008-11-11 14:18:47
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 228 MB (0%) free of 76 GB
Total RAM: 767 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:19:22, on 11/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\eMule\emule.exe
C:\Documents and Settings\François\Bureau\RSIT.exe
C:\Program Files\trend micro\François.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par NC NUMERICABLE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {6ED59772-F4EB-4FDE-BBB3-E939952686BF} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {8A2854DA-C709-4BE4-84D1-86D7760D27AA} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Setuproad] C:\DOCUME~1\FRANOI~1\APPLIC~1\PROGRA~1\Site Once.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: Interface Chat Voila - http://chat9.x-echo.com/version3/Applet/vchatsign.cab
O16 - DPF: PackageHtmlCab - http://acces.blonde.com/package/op/PackageHtmlCab.CAB
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} - http://acces.blonde.com/package/op/PackageHtmlCab.CAB
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {380C4261-4FC3-40D0-ADF8-0240A5857CE6} (Aurigma Image Uploader 2.5) - http://www.photoweb.fr/order/telechargement-photoweb.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/271a0d491889261ae806/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://go.securelive.com/speed/WebInstall.dll
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.carnot-live.com/live/AxisCamControl.cab
O16 - DPF: {A1A961DA-2BA6-4032-859E-01AC35357163} - http://www.one2one.com/static/class/one2one.cab
O16 - DPF: {A5173EA8-1337-4BAB-A67E-198C9919D9CC} - http://213.11.100.127/websetup/websetup2.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C771B05E-E725-4516-97A5-4CE5EB163CFB} - http://www.cyberamat.com
O16 - DPF: {CD259AEC-23E6-4E64-8138-7E28D56666D7} (SQFViewer10X Element) - https://natuerlich.de/
O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} - http://dialup.carpediem.fr/CABS/cd/1,0,3,8/fr/AccesMembre.cab
O20 - AppInit_DLLs: ogsryt.dll
O20 - Winlogon Notify: pmnoOEur - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O24 - Desktop Component 0: (no name) - http://www.purefm.be/rtbf_2000/objects/sac/0/1/6/1/9/0161939_sac/pic313.jpg?1090588196
O24 - Desktop Component 1: (no name) - http://www.tignes.net//resizer.php?filename=T018/F0001/b0184fb7/38d33ee3/a3d20a4d/d40e1bcec81e946a24ca187ccd112673&mime=image/jpeg&geometry=180x180

Bonjour Destrio5,

Avant toute chose, merci pour le temps que tu passes, c'est très précieux !

J'ai exécute toutes les manip que tu m'as demandé. Tout est OK : je te laisse les différents rapports par la suite.

Je n'ai juste pas pu désinstaller" Need2Find bar" (le module spécifié est introuvable).

Merci encore pour ton aide.



-------------- UsbFix V2.413.2 ---------------

* User : Fran‡ois - BOB
* Outils mis a jours le 29/11/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 16:52:33 le 30/11/2008
* Windows Xp - Internet Explorer 6.0.2900.5512


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\System32\alg.exe
C:\DOCUME~1\FRANOI~1\LOCALS~1\Temp\2.tmp\b2e.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

E: - Lecteur fixe

F: - Lecteur amovible


+- Contenu de l'autorun : E:\autorun.inf

[autorun]
OPEN=setupSNK.exe
ICON=\SMRTNTKY\fcw.ico
ACTION=Assistant Réseau sans fil

--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe


+- Listing des fichiers présents :

[24/01/2003 10:27][--a------] C:\AUTOEXEC.BAT
[03/08/2004 22:38][-rahs----] C:\NTDETECT.COM
[24/05/2001 11:59][--a------] C:\UNWISE.EXE
[18/11/2008 20:02][---hs----] C:\boot.ini
[20/05/2005 10:49][--a------] C:\Capturix Language Problems.txt
[20/05/2005 10:49][--a------] C:\lopR.txt
[20/05/2005 10:49][--a------] C:\UsbFix.txt
[24/01/2003 10:27][--a------] C:\CONFIG.SYS
[24/01/2003 10:27][--a------] C:\hiberfil.sys
[24/01/2003 10:27][--a------] C:\IO.SYS
[24/01/2003 10:27][--a------] C:\MSDOS.SYS
[24/01/2003 10:27][--a------] C:\pagefile.sys

--------------- [ Lecteur E ] ----------------

E: - Lecteur fixe


+- Listing des fichiers présents :

[13/04/2008 19:34][--a------] E:\setupSNK.exe
[18/11/2008 20:09][--a------] E:\AUTORUN.INF

--------------- [ Lecteur F ] ----------------

F: - Lecteur amovible


+- Listing des fichiers présents :


--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Start Page Restore"="https://www.msn.com/fr-fr/?wl=true"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
WebCamRT.exe=
BitTorrent DNA="C:\Program Files\DNA\btdna.exe"
Setuproad=C:\DOCUME~1\FRANOI~1\APPLIC~1\PROGRA~1\Site Once.exe
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
NBKeyScan="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
IgfxTray=C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds=C:\WINDOWS\system32\hkcmd.exe
Persistence=C:\WINDOWS\system32\igfxpers.exe
HDAudDeck=C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
NeroFilterCheck=C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50201540-9401-11dc-8daa-0050fc545477}\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - [18/11/2008 20:09][--a------] E:\autorun.inf

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[24/01/2003 10:27][--a------] C:\AUTOEXEC.BAT
[03/08/2004 22:38][-rahs----] C:\NTDETECT.COM
[24/05/2001 11:59][--a------] C:\UNWISE.EXE
[18/11/2008 20:02][---hs----] C:\boot.ini
[13/04/2008 19:34][--a------] E:\setupSNK.exe

--------------- ! Fin du rapport ! ----------------

-------------------------------------------------------------------------------------------------------------------------------------------------------------

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\DOCUME~1\FRANOI~1\APPLIC~1\program hope sign moved successfully.
C:\DOCUME~1\STPHAN~1\APPLIC~1\program hope sign moved successfully.
C:\Program Files\program hope sign moved successfully.
File/Folder C:\WINDOWS\system32\VDfgOXyb.ini not found.
File/Folder C:\WINDOWS\system32\VDfgOXyb.ini2 not found.
File/Folder C:\WINDOWS\system32\byXOgfDV.dll not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnoOEur\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLS deleted successfully.
Registry value KEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Setuproad not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\FRANOI~1\LOCALS~1\Temp\etilqs_zBukZwjlxo9ay9Fkb6O9 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_574.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7d0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\François\Local Settings\Application Data\Mozilla\Firefox\Profiles\df4881d1.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\François\Local Settings\Application Data\Mozilla\Firefox\Profiles\df4881d1.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\François\Local Settings\Application Data\Mozilla\Firefox\Profiles\df4881d1.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\François\Local Settings\Application Data\Mozilla\Firefox\Profiles\df4881d1.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\François\Local Settings\Application Data\Mozilla\Firefox\Profiles\df4881d1.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11302008_165732

Files moved on Reboot...
File C:\DOCUME~1\FRANOI~1\LOCALS~1\Temp\etilqs_zBukZwjlxo9ay9Fkb6O9 not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_574.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_7d0.dat not found!
C:\Documents and Settings\François\Local Settings\Application Data\Mozilla\Firefox\Profiles\df4881d1.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\François\Local Settings\Application Data\Mozilla\Firefox\Profiles\df4881d1.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\François\Local Settings\Application Data\Mozilla\Firefox\Profiles\df4881d1.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\François\Local Settings\Application Data\Mozilla\Firefox\Profiles\df4881d1.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\François\Local Settings\Application Data\Mozilla\Firefox\Profiles\df4881d1.default\urlclassifier3.sqlite moved successfully.


-------------------------------------------------------------------------------------------------------------------------------------------------------------


F --------- Logfile of AD-Remover 1.0.5.4 by C_XX ---------

# OPTION: Scan

START at: 17:06:42 | 30/11/2008
ON: Microsoft Windows XP [version 5.1.2600] ( Windows XP )
Internet Explorer: [6.0.2900.5512]
EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
USER: Fran‡ois ( Current user is an administrator )
PC: BOB
BOOT MODE: Normal
DRIVE(S): A:\
-
Systemdrive: C:\ (NTFS)

--------- [ RUNNING PROCESSES ] ---------

\SystemRoot\System32\smss.exe
\??\C:\WINDOWS\system32\csrss.exe
\??\C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe

---------------------------- [~> 34]


+---------------------------------------------------------------------------+
+------------------------------- SERVICES FOUND ..
+---------------------------------------------------------------------------+


+---------------------------------------------------------------------------+
+------------------------------- REGISTRY ELEMENTS FOUND ..
+---------------------------------------------------------------------------+

"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"

+---------------------------------------------------------------------------+
+------------------------------- FILES\FOLDERS FOUND ..
+---------------------------------------------------------------------------+

[19/03/2008 13:51|d--------] C:\Program Files\EoRezo
[19/03/2008 13:51|d--------] C:\Documents and Settings\Fran‡ois\Application Data\EoRezo

+---------------------------------------------------------------------------+
+------------------------------- ADDED SCAN ..
+---------------------------------------------------------------------------+



+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

...\df4881d1.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.4 ~~~~

Start Page : "https://www.lequipe.fr/|http://services.aol.fr/webmail/neuf/|http://www.facebook.com/people/Francois_Duribreux/838257452|https://www.creditmutuel.fr/cmne/fr/authentification.html|https://www.sfr.fr/offres-numericable.html|https://stubru.be/hotshot|https://www.nova.fr/|http://musique.fnac.com/s1285/Pop-Rock/Rock-Independant|http://www.lafraise.com/contest.php?op=lafraise_shop&lang=fr|http://sheponyouonline.blogspot.com/|http://mail3.voila.fr/webmail/fr_FR/inbox.html"

+----------+


+---------------------------------------------------------------------------+

+--[HKEY_CURRENT_USER\...\Run]

WebCamRT.exe REG_SZ
BitTorrent DNA REG_SZ "C:\Program Files\DNA\btdna.exe"
Setuproad REG_SZ C:\DOCUME~1\FRANOI~1\APPLIC~1\PROGRA~1\Site Once.exe
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

+--[HKEY_LOCAL_MACHINE\...\Run]

NBKeyScan REG_SZ "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe
Persistence REG_SZ C:\WINDOWS\system32\igfxpers.exe
HDAudDeck REG_SZ C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
NeroFilterCheck REG_SZ C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"

+--[HKEY_USERS\.DEFAULT\...\Run]

CTFMON.EXE REG_SZ C:\WINDOWS\System32\CTFMON.EXE
ALUAlert REG_SZ C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
PcSync REG_SZ C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

+--[HKEY_CURRENT_USER\...\Internet Explorer\MAIN]

Start Page : hxxp://www.msn.com/?wl=true
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+--[HKEY_LOCAL_MACHINE\...\Internet Explorer\MAIN]

Start Page : hxxp://fr.msn.com/

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 116 lines ]
+---------------------------------------------------------------------------+

[ END at: 17:07:00 | 30/11/2008 ] - [ Time elapsed: 17.6 seconds ]


J'attends de tes nouvelles

Bon dimanche

François

Salut destrio,
j'ai un soucis avec le scan sur kapersky.
En lançant le scan sur le poste de travail, il se bloque à 10% de son analyse sur C:\Documents and settings\................\Outlook express\Boite de réception.
J'utilise pas outlook express pourtant...
Ça te dit quelque chose ?
D'avance merci
Gouraii

Voila le rapport
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-12-14 23:20:23
PROTECTIONS: 1
MALWARE: 21
SUSPECTS: 5
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1296 [VPS 081214-0] 4.8.1296 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00029258 application/altnet HackTools No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\altnetdm
00041446 application/myway HackTools No 0 Yes No hkey_classes_root\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76}
00041446 application/myway HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\François\Cookies\françois@247realmedia[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\François\Cookies\françois@fastclick[1].txt
00147814 Cookie/AspinallsOnlineCasino TrackingCookie No 0 Yes No C:\Lop SD\Backup-Lop\DOCUME~1\FRANOI~1\Cookies\françois@pacificpoker[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\François\Cookies\françois@xiti[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\François\Cookies\françois@serving-sys[3].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\François\Cookies\françois@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\François\Cookies\françois@bs.serving-sys[2].txt
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Stéphanie\Cookies\stéphanie@888[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\François\Cookies\françois@weborama[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Lop SD\Backup-Lop\DOCUME~1\FRANOI~1\Cookies\françois@advertising[1].txt
00169752 application/need2find HackTools No 0 Yes No HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}
00169752 application/need2find HackTools No 0 Yes No hkey_local_machine\software\need2find
00169752 application/need2find HackTools No 0 Yes No hkey_current_user\software\need2find
00169752 application/need2find HackTools No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\uninstall\need2findbar uninstall
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\François\Cookies\françois@bluestreak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\François\Cookies\françois@bluestreak[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\François\Cookies\françois@adrevolver[2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Lop SD\Backup-Lop\DOCUME~1\FRANOI~1\Cookies\françois@adultfriendfinder[2].txt
00205445 dialer.cxd Dialers No 0 Yes No c:\program files\temp_update
00226494 dialer.dxp Dialers No 0 Yes No HKEY_CLASSES_ROOT\TypeLib\{C881E6FC-C673-4FDD-AEF8-B36DFB10E401}
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\François\Cookies\françois@ads.addynamix[1].txt
00366244 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{40EE4C03-576E-452F-8924-4337D7E85407}\RP991\A0107363.exe
00583968 Adware/SaveNow Adware No 0 Yes No C:\Program Files\BSINSTALL.exe
04239011 Generic Trojan Virus/Trojan No 0 Yes No C:\RECYCLER\S-1-5-21-1257724701-2681699156-3766971089-1005\Dc2.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location c{
;===================================================================================================================================================================================
No C:\Lop SD\catchme.exe c{
No C:\Mes téléchargements\avast cleaner.exe c{
No C:\Program Files\eMule\Incoming\Stories From The Safe House - Hugh Coltman.zip[ Titan - Poker.exe] c{
No C:\RECYCLER\S-1-5-21-1257724701-2681699156-3766971089-1005\Dc13.exe c{
No C:\RECYCLER\S-1-5-21-1257724701-2681699156-3766971089-1005\Dc2.exe[32788R22FWJFW\catchme.cfexe] c{
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description c{
;===================================================================================================================================================================================
;===================================================================================================================================================================================