help svp virus mabraze
Hors ligneZazdebaz Le 19/05/2009 à 18:06 Profil de Zazdebaz Configuration de Zazdebaz

bonjour a vous tous je suis infecté par le virus mabraze qui m'affiche une fenetre il es l'heure de travaillé pouvez me guidé pour l'enlever svp merci d'avance
Hors ligneMister_masque Le 19/05/2009 à 18:08 Profil de Mister_masque Configuration de Mister_masque

Bonjour,

# 1 - Recherche de l'infection



Télécharge Random's System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.

  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique sur Continue à l'écran Disclaimer en laissant les valeurs par défaut
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.


--> Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les deux rapports sont également sauvegardés dans le dossier: C:\rsit\

Rapport attendu:

  • Rapport log.txt
  • Rapport extra.txt



@+

--
Hors ligneZazdebaz Le 19/05/2009 à 18:12 Profil de Zazdebaz Configuration de Zazdebaz

voila le log.txt


Logfile of random's system information tool 1.06 (written by random/random)
Run by Guillaume at 2009-05-19 18:09:45
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 9 GB (17%) free of 57 GB
Total RAM: 503 MB (11% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:10:09, on 19/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\plkhost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Guillaume\Mes documents\Mes fichiers reçus\Another-ScripT_V.1.2.0\AnotherScripT.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Guillaume\Bureau\RSIT.exe
C:\Program Files\trend micro\Guillaume.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://moteur.chat-land.org/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Travaillez plus.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Au travail !Arrêtez de surfer!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\antinul.vbe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Key Drv] plkhost.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe"  /autorun
O4 - HKLM\..\RunServices: [Key Drv] plkhost.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\msagent" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'SERVICE RÉSEAU')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} (LiveUpdate Crescendo) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A98D136-9551-4EC9-9986-5054041AFCAC}: NameServer = 80.10.246.2,80.10.246.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{74D593CC-E022-4A08-83DD-EEB1F35BA7BA}: NameServer = 80.10.246.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF2CF521-5E59-4448-A3DB-8D7519B793A9}: NameServer = 80.10.246.2,80.10.246.129
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service Google Update (gupdate1c9b519ac90bc8a) (gupdate1c9b519ac90bc8a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8421 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
AOLSearchHook Class - C:\Program Files\AIM Search\AOLSearch.dll [2008-10-21 111400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-24 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-04 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-24 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2009-03-07 429816]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-24 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"FixCamera"=C:\WINDOWS\FixCamera.exe [2007-07-11 20480]
"tsnp2std"=C:\WINDOWS\tsnp2std.exe [2007-05-10 270336]
"snp2std"=C:\WINDOWS\vsnp2std.exe [2007-09-28 344064]
"LogitechCommunicationsManager"=C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [2007-03-06 488984]
""= []
"Key Drv"=C:\WINDOWS\system32\plkhost.exe [2006-05-17 1224704]
"Google Quick Search Box"=C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-04-24 68592]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-04 39408]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-06-06 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2001-10-26 3584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SynchronousMachineGroupPolicy"=0
"SynchronousUserGroupPolicy"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=219
"NoStrCmpLogical"=1
"NoResolveTrack"=0
"NoResolveSearch"=0
"NoRun"=0
"NoFind"=0
"NoSMMyPictures"=0
"NoStartMenuMFUprogramsList"=0
"NoUserNameInStartMenu"=0
"NoStartMenuMorePrograms"=0
"MaxRecentDocs"=15
"NoInstrumentation"=0
"MemCheckBoxInRunDlg"=1
"NoSMBalloonTip"=0
"DisallowCpl"=1
"NoFolderOptions"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoSimpleStartMenu"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\BSmaxScripT[7.0]\mirc.exe"="C:\BSmaxScripT[7.0]\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Documents and Settings\Guillaume\Bureau\utorrent-1.8.2.upx.exe"="C:\Documents and Settings\Guillaume\Bureau\utorrent-1.8.2.upx.exe:*:Enabled:µTorrent"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\Documents and Settings\Guillaume\Mes documents\Mes fichiers reçus\Another-ScripT_V.1.2.0\AnotherScripT.exe"="C:\Documents and Settings\Guillaume\Mes documents\Mes fichiers reçus\Another-ScripT_V.1.2.0\AnotherScripT.exe:*:Enabled:mIRC"
"C:\Program Files\aMSN\bin\wish.exe"="C:\Program Files\aMSN\bin\wish.exe:*:Enabled:Wish Application"
"C:\Program Files\Couscous Script version1.0\CousCous Script.exe"="C:\Program Files\Couscous Script version1.0\CousCous Script.exe:*:Enabled:mIRC"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe"="C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\WINDOWS\system32\otmspr.exe"="C:\WINDOWS\system32\otmspr.exe:*:Enabled:PRDRV"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Documents and Settings\Guillaume\Local Settings\Application Data\Chat Republic Games\Superstar Racing\ChatRepublicPlayer.exe"="C:\Documents and Settings\Guillaume\Local Settings\Application Data\Chat Republic Games\Superstar Racing\ChatRepublicPlayer.exe:*:Enabled:Chat Republic Games Player"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8ba9b30-40e1-11de-bab3-0014a5056869}]
shell\AutoRun\command - wscript.exe antinul.vbe
shell\open\command - wscript.exe antinul.vbe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce5f75af-43bc-11de-bac5-0014a5056869}]
shell\AutoRun\command - wscript.exe antinul.vbe
shell\open\command - wscript.exe antinul.vbe


======File associations======

.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-05-19 18:09:50 ----D---- C:\Program Files\trend micro
2009-05-19 18:09:45 ----D---- C:\rsit
2009-05-18 18:51:23 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-05-18 18:51:23 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-18 18:26:40 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-05-16 16:08:13 ----D---- C:\Program Files\Atomic RAR Password Recovery
2009-05-12 04:57:04 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-05-12 03:43:06 ----HDC---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-12 03:42:58 ----D---- C:\Program Files\Lavasoft
2009-04-30 13:17:54 ----D---- C:\Documents and Settings\All Users\Application Data\Chat Republic Games
2009-04-26 21:09:52 ----D---- C:\Program Files\TVAnts
2009-04-24 21:01:08 ----D---- C:\Documents and Settings\Guillaume\Application Data\Malwarebytes
2009-04-24 21:00:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-24 21:00:56 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-24 18:53:07 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-04-24 03:02:15 ----A---- C:\WINDOWS\system32\SelfDel.bat
2009-04-23 21:46:55 ----D---- C:\Program Files\Babylon
2009-04-23 14:49:46 ----D---- C:\Program Files\Monster Trucks Nitro
2009-04-23 14:49:35 ----A---- C:\WINDOWS\system32\wpcap.dll
2009-04-23 14:49:35 ----A---- C:\WINDOWS\system32\packet.dll
2009-04-23 14:49:34 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-22 22:33:31 ----A---- C:\WINDOWS\system32\otmspr.exe

======List of files/folders modified in the last 1 months======

2009-05-19 18:09:50 ----D---- C:\Program Files
2009-05-19 18:09:46 ----D---- C:\WINDOWS\Prefetch
2009-05-19 17:09:40 ----D---- C:\Program Files\Mozilla Firefox
2009-05-19 13:02:30 ----SD---- C:\WINDOWS\Tasks
2009-05-19 12:47:14 ----D---- C:\Documents and Settings\Guillaume\Application Data\uTorrent
2009-05-19 08:54:22 ----SHD---- C:\Config.Msi
2009-05-19 08:54:21 ----SHD---- C:\WINDOWS\Installer
2009-05-19 08:54:09 ----D---- C:\Program Files\Google
2009-05-19 08:35:13 ----D---- C:\WINDOWS\system32\drivers
2009-05-19 08:35:13 ----D---- C:\WINDOWS
2009-05-19 03:03:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-18 18:26:40 ----D---- C:\WINDOWS\system32
2009-05-18 17:06:04 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-17 20:35:18 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-05-16 00:36:07 ----D---- C:\WINDOWS\Temp
2009-05-16 00:36:07 ----D---- C:\Program Files\Windows Live Safety Center
2009-05-16 00:36:06 ----HD---- C:\WINDOWS\inf
2009-05-12 19:38:23 ----D---- C:\Documents and Settings\Guillaume\Application Data\OpenOffice.org2
2009-05-12 04:33:55 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-05-12 03:42:51 ----D---- C:\WINDOWS\WinSxS
2009-05-05 20:24:14 ----D---- C:\Program Files\eMule
2009-05-05 16:25:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-01 00:41:40 ----A---- C:\WINDOWS\NeroDigital.ini
2009-04-28 20:58:55 ----D---- C:\Program Files\Microsoft Office
2009-04-24 19:17:25 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-04-24 19:13:44 ----D---- C:\Program Files\Fichiers communs
2009-04-24 18:53:50 ----D---- C:\Documents and Settings\Guillaume\Application Data\Google
2009-04-24 18:35:23 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-24 18:17:02 ----A---- C:\WINDOWS\system32\becfebedfddb_d.dll
2009-04-23 18:54:51 ----A---- C:\Documents and Settings\Guillaume\Application Data\QuickZip45.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-19 40320]
R3 BCM43XX;Pilote de la carte réseau local sans fil Wireless de Dell; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-06-06 1168860]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 30080]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20608]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-03-06 1669664]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-03-06 2261792]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-03-06 41376]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\drivers\npf.sys [2009-04-23 42512]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2007-03-06 491168]
S3 RT2500USB;RT2500 USB Wireless LAN Driver; C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2004-08-13 140544]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-09-05 12212864]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 gupdate1c9b519ac90bc8a;Service Google Update (gupdate1c9b519ac90bc8a); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-04 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-04 183280]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-05-12 953168]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe [2007-03-06 105248]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe [2008-05-12 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-19 14336]

-----------------EOF-----------------




voila le info.txt



info.txt logfile of random's system information tool 1.06 2009-05-19 18:10:11

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.1.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A71000000002}
Adobe Shockwave Player 11.5-->C:\WINDOWS\system32\Adobe\uninstaller.exe
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIM Search-->C:\Program Files\AIM Search\uninstaller.exe AIM Search
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Atomic RAR Password Recovery 1.20-->"C:\Program Files\Atomic RAR Password Recovery\unins000.exe"
AutoCAD 2006 - Français-->MsiExec.exe /I{5783F2D7-4001-040C-0002-0060B0CE6BBA}
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
BSmax ScripT 7.0-->"C:\BSmaxScripT[7.0]\uninstall.exe"
Canon LASER SHOT LBP-1120-->C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3UNIK.EXE
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
C-Major Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x40c -remove -removeonly
Correctif Windows XP - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Correctif Windows XP - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Correctif Windows XP - KB885894-->C:\WINDOWS\$NtUninstallKB885894$\spuninst\spuninst.exe
dBpoweramp m4a Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
dBpoweramp Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
DibaNet 7.03-->MsiExec.exe /X{1B86E355-807B-419D-9022-6BCE80AF482D}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Updater (AOL LLC)-->C:\Program Files\Fichiers communs\Software Update Utility\uninstall.exe
EasyCleaner-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9  -removeonly
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Freezer+ 1.5-->"C:\Program Files\Freezer+\unins000.exe"
GIMP 2.4.6-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Intel(R) Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Labtec WebCam-->MsiExec.exe /X{995BF1A7-30E5-49E5-A0E4-AD3213D9E330}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
LTI -->C:\Program Files\InstallShield Installation Information\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}\setup.exe -runfromtemp -l0x040c -removeonly -u
Macromedia Shockwave Player-->MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB886903)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIRC-->"C:\Documents and Settings\Guillaume\Mes documents\Mes fichiers reçus\Another-ScripT_V.1.2.0\AnotherScripT.exe" -uninstall
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Mise à jour de sécurité pour Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.16)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
Nero Suite-->C:\Program Files\Fichiers communs\Ahead\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
OpenOffice.org 2.4-->MsiExec.exe /I{1E0FF527-971B-4BBF-83D1-987E8DEE437D}
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
Programme de gestion Camera de Labtec®-->"C:\Program Files\Fichiers communs\Labtec\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Quick Zip 4.60.019-->"C:\Program Files\QuickZip4\unins000.exe"
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RegSupreme Pro-->"C:\Program Files\RegSupreme Pro\unins000.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Veoh Web Player Beta-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"
VideoLAN VLC media player 0.8.6h-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB888656-->"C:\WINDOWS\$NtUninstallKB888656$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

======Hosts File======

127.0.0.1     localhost
127.0.0.1     update.microsoft.com
127.0.0.1     download.microsoft.com
127.0.0.1     downloads.microsoft.com
127.0.0.1     windowsupdate.microsoft.com
127.0.0.1     www.windowsupdate.microsoft.com
127.0.0.1     support.microsoft.com
127.0.0.1     www.symantec.com
127.0.0.1     liveupdate.symantecliveupdate.com
127.0.0.1     liveupdate.symantec.com

Securitycenter WMI appears to be broken

======System event log======

Computer Name: PORTABLE
Event Code: 35
Message: Le service de temps synchronise maintenant l'heure système avec la
source de temps time.windows.com (ntp.m|0x1|192.168.1.12:123->207.46.232.182:123).

Record Number: 5
Source Name: W32Time
Time Written: 20090417191541.000000+120
Event Type: Informations
User:

Computer Name: PORTABLE
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{5A98D136-9551-4EC9-9986-5054041AFCAC} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.

Record Number: 4
Source Name: Tcpip
Time Written: 20090417191524.000000+120
Event Type: Informations
User:

Computer Name: PORTABLE
Event Code: 14204
Message: Le service ‘WMPNetworkSvc’ a démarré.

Record Number: 3
Source Name: WMPNetworkSvc
Time Written: 20090417191519.000000+120
Event Type: Informations
User:

Computer Name: PORTABLE
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.

Record Number: 2
Source Name: EventLog
Time Written: 20090417191514.000000+120
Event Type: Informations
User:

Computer Name: PORTABLE
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Uniprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20090417191514.000000+120
Event Type: Informations
User:

=====Application event log=====

Computer Name: PORTABLE
Event Code: 301
Message: msnmsgr (1664) \\.\C:\Documents and Settings\Guillaume\Local Settings\Application Data\Microsoft\Messenger\zazdebaz@hotmail.fr\SharingMetadata\Working\database_F490_E7C6_90E7_8D84\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\C:\Documents and Settings\Guillaume\Local Settings\Application Data\Microsoft\Messenger\zazdebaz@hotmail.fr\SharingMetadata\Working\database_F490_E7C6_90E7_8D84\fsr0012E.log.

Record Number: 5
Source Name: ESENT
Time Written: 20081102204618.000000+060
Event Type: Informations
User:

Computer Name: PORTABLE
Event Code: 300
Message: msnmsgr (1664) \\.\C:\Documents and Settings\Guillaume\Local Settings\Application Data\Microsoft\Messenger\zazdebaz@hotmail.fr\SharingMetadata\Working\database_F490_E7C6_90E7_8D84\dfsr.db: Le moteur de base de données initialise la procédure de récupération.

Record Number: 4
Source Name: ESENT
Time Written: 20081102204618.000000+060
Event Type: Informations
User:

Computer Name: PORTABLE
Event Code: 102
Message: msnmsgr (1664) \\.\C:\Documents and Settings\Guillaume\Local Settings\Application Data\Microsoft\Messenger\zazdebaz@hotmail.fr\SharingMetadata\Working\database_F490_E7C6_90E7_8D84\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).

Record Number: 3
Source Name: ESENT
Time Written: 20081102204618.000000+060
Event Type: Informations
User:

Computer Name: PORTABLE
Event Code: 100
Message: msnmsgr (1664) Le moteur de base de données 5.01.2600.2780 est démarré.

Record Number: 2
Source Name: ESENT
Time Written: 20081102204618.000000+060
Event Type: Informations
User:

Computer Name: PORTABLE
Event Code: 12001
Message:
Record Number: 1
Source Name: usnjsvc
Time Written: 20081102204617.000000+060
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Fichiers communs\Autodesk Shared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"TEMP"=%USERPROFILE%\Local Settings\Temp
"TMP"=%USERPROFILE%\Local Settings\Temp
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------
Hors ligneMister_masque Le 19/05/2009 à 18:24 Profil de Mister_masque Configuration de Mister_masque

L'antivirus est en option ?
Tu as un Windows cracké, je ne te désinfecterais qu'une seul fois

Désinstalle :

  • Spybot
  • Ad-Aware



CTRL + ALT + SUPPR
Onglet Processus

Clique droit sur wscript.exe > Terminer le processus.

# 1 - Suppression de l'infection

Télécharge OTMoveIt3.exe (de Old_Timer) sur ton Bureau.
Double-clique sur OTMoveIt3.exe pour le lancer.
Assures toi que la case "Unregister Dll's and Ocx's" soit bien cochée.
Copiez / collez les lignes suivantes (en vert) dans la fenêtre de gauche de OTMoveIt nommé "Paste List of Files/Folders to be moved" (zone fléché sur la capture :)



Copie colle :


:files
C:\WINDOWS\system32\plkhost.exe
C:\WINDOWS\system32\antinul.vbe

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Key Drv"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8ba9b30-40e1-11de-bab3-0014a5056869}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce5f75af-43bc-11de-bac5-0014a5056869}]

:commands
[EmptyTemp]


Clique sur MoveIt! pour lancer la suppression.
Si OTMoveIt propose de redémarrer votre PC, acceptez.
Lorsque un résultat apparaît dans le cadre Results, cliquez sur Exit.

Afficher le rapport  de OTMoveIt situé sur C:\_OTMoveIt\MovedFiles.




# 2 - Infection par disque amovible

Télécharger UsbFix de Chiquitine29

  • Lances l'installation en laissant les choix par défaut.
  • Branches tous tes supports externes sans les ouvrir (Clé USB, disque dur externe, etc...).
  • Exécutes UsbFix sur ton Bureau, choisit l'option 1



-> Postes le rapport UsbFix (C:\UsbFix.txt)



Après on a pas finit ... Etape Mise à jour / Installation Antivirus.
@+

--
Hors ligneZazdebaz Le 19/05/2009 à 18:31 Profil de Zazdebaz Configuration de Zazdebaz

alors g fait la 1ere etape mais je ne possede pas la clé USB infecté que doit je faire?
Hors ligneMister_masque Le 19/05/2009 à 18:41 Profil de Mister_masque Configuration de Mister_masque

Envoie le rapport pour OtmoveIt.
Pour USBFix fait le quand même, fait l'étape 3 maintenant, et quand tu auras la clef également.

@+
--
Hors ligneZazdebaz Le 19/05/2009 à 18:42 Profil de Zazdebaz Configuration de Zazdebaz

voila le rapport otmoveit
========== FILES ==========
C:\WINDOWS\system32\plkhost.exe moved successfully.
File move failed. C:\WINDOWS\system32\antinul.vbe scheduled to be moved on reboot.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Key Drv deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8ba9b30-40e1-11de-bab3-0014a5056869}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce5f75af-43bc-11de-bac5-0014a5056869}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\hsperfdata_Guillaume\1900 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\etilqs_apTTIIt6kKacSKx4ilOv scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Guillaume\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\Guillaume\Application Data\Sun\Java\Deployment\cache\6.0\58\1e00207a-2f507816 scheduled to be deleted on reboot.
Java cache emptied.
File delete failed. C:\Documents and Settings\Guillaume\Local Settings\Application Data\Mozilla\Firefox\Profiles\e3zr3elp.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Guillaume\Local Settings\Application Data\Mozilla\Firefox\Profiles\e3zr3elp.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Guillaume\Local Settings\Application Data\Mozilla\Firefox\Profiles\e3zr3elp.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Guillaume\Local Settings\Application Data\Mozilla\Firefox\Profiles\e3zr3elp.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Guillaume\Local Settings\Application Data\Mozilla\Firefox\Profiles\e3zr3elp.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Guillaume\Local Settings\Application Data\Mozilla\Firefox\Profiles\e3zr3elp.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05192009_183016

Files moved on Reboot...
File move failed. C:\WINDOWS\system32\antinul.vbe scheduled to be moved on reboot.
File C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\hsperfdata_Guillaume\1900 not found!
File C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\etilqs_apTTIIt6kKacSKx4ilOv not found!
C:\Documents and Settings\Guillaume\Application Data\Sun\Java\Deployment\cache\6.0\58\1e00207a-2f507816 moved successfully.
C:\Documents and Settings\Guillaume\Local Settings\Application Data\Mozilla\Firefox\Profiles\e3zr3elp.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Guillaume\Local Settings\Application Data\Mozilla\Firefox\Profiles\e3zr3elp.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Guillaume\Local Settings\Application Data\Mozilla\Firefox\Profiles\e3zr3elp.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Guillaume\Local Settings\Application Data\Mozilla\Firefox\Profiles\e3zr3elp.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Guillaume\Local Settings\Application Data\Mozilla\Firefox\Profiles\e3zr3elp.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Guillaume\Local Settings\Application Data\Mozilla\Firefox\Profiles\e3zr3elp.default\XUL.mfl moved successfully.




je complete avec usbfix



############################## [ UsbFix V3.021 # Scan ]

# User : Guillaume (Administrateurs) # PORTABLE
# Update on 16/05/09 by Chiquitine29, C_XX & Chimay8
# WebSite : http://pagesperso-orange.fr/NosTools/usbfix.html
# Start at: 18:45:54 | 19/05/2009

#         Intel(R) Pentium(R) M processor 1.60GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Enabled

# C:\ # Disque fixe local # 55,88 Go (10,14 Go free) # NTFS
# D:\ # Disque CD-ROM

############################## [ Processus actifs ]

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Guillaume\Mes documents\Mes fichiers reçus\Another-ScripT_V.1.2.0\AnotherScripT.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## [  Registre # Startup ]

HKCU_Main:  "Search Page"="http://www.google.fr"
HKCU_Main:  "Start Page"="Travaillez plus.com"
HKCU_Main:  "Window Title"="Au travail !Arrˆtez de surfer!"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\wscript.exe C:\\WINDOWS\\system32\\antinul.vbe"
HKLM_logon: "DefaultUserName"="Guillaume"
HKLM_logon: "AltDefaultUserName"="Guillaume"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run:    FixCamera=C:\WINDOWS\FixCamera.exe
HKLM_Run:    tsnp2std=C:\WINDOWS\tsnp2std.exe
HKLM_Run:    snp2std=C:\WINDOWS\vsnp2std.exe
HKLM_Run:    LogitechCommunicationsManager="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
HKLM_Run:    Google Quick Search Box="C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe"  /autorun
HKLM_Run:    Key Drv=plkhost.exe
HKLM_Run:    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\AutorunsDisabled=
HKLM_Rserv:  Key Drv=plkhost.exe
HKCU_Run:    swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe  
HKCU_Run:    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AutorunsDisabled=  

################## [ Fichiers # Dossiers infectieux ]

Found ! C:\WINDOWS\system32\antinul.vbe  
Found ! C:\WINDOWS\system32\Autoruns.exe  
Found ! C:\WINDOWS\system32\SelfDel.bat  

################## [ Registre # Clés Run infectieuses ]

Found ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe    
Found ! HKCU\SOFTWARE\...\CurrentVersion\Policies\System\\ "DisableRegistryTools"  
# -> ( Value = 0x1 | Good = 0x0 Bad = 0x1 )  

################## [ Registre # Mountpoints2 ]


################## [ ! Fin du rapport # UsbFix V3.021 ! ]
Hors ligneMister_masque Le 19/05/2009 à 18:53 Profil de Mister_masque Configuration de Mister_masque

Va en Mode sans echec.

Relance USBFIx => Option 2


Antivir est un antivirus gratuit et performant :

Test: Avast-Antivir8-AVG8


Télécharge Antivir et installe le.
Met le à jours en cliquant sur "Start a update" puis clique sur "Scan system now" pour faire un scan de ta machine.
Si tu reçoit des messages d'alerte, parce que Antivir a trouvé des objets : Clique sur "Move to quarantine".
Quand le scan est fini clique sur Report et envoie moi le rapport.

Reposte un rapport HijackThis (un nouveau).

@+
--
Hors ligneZazdebaz Le 19/05/2009 à 19:10 Profil de Zazdebaz Configuration de Zazdebaz

le hijackthis je le relance avec rsit?
Hors ligneMister_masque Le 19/05/2009 à 19:12 Profil de Mister_masque Configuration de Mister_masque

- Télécharger HijackThis de Merijn sur ton bureau.
- Clique sur Install pour exécuter HijackThis
Si tu es sous Vista : Clique droit >> Exécuter en tant qu'administrateur
- Double-clic sur HijackThis
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sous forme de Bloc-Note

Aide: N'hésite pas à consulter l'aide : Aide HJT si tu n'y arrives pas.

N'oublie pas le rapport Option 2 et Antivir.
Poste tout d'un coup.
Merci.
--
Vous avez résolu votre problème avec VIC ? Faites-le savoir sur les réseaux sociaux !
Vulgarisation-informatique.com
Cours en informatique & tutoriels