Aidez-moi

[aaaa298]

Bonjour,

J'ai semble-t-il un virus qui m'empêche d'aller où je veux sur internet, notamment dans les recherches google où quand je clique sur un site je suis redirigé vers des publicités, ... à partir d'un lien main.exoclick.fr. Est-ce que quelqu'un pourrait m'aider parce que n'ai pas trouvé de solution à ce problème.

Cordialement.

Thomas

[pear]

Bonjour,

 

Téléchargezrandom's system information tool (RSIT) par random/random et sauvegardez-le sur le Bureau.

 

Double-cliquez sur RSIT.exe afin de lancer RSIT.

* Cliquez Continue à l'écran Disclaimer.

* Si l'outil HIjackThis (version à jour) n'est pas présent ou détecté sur l'ordinateur, RSIT le télécharge et vous acceptez la licence.

* L'analyse terminée, deux fichiers texte s'ouvriront.:

Poster le contenu de log.txt (qui sera affiché)

ainsi que de info.txt (qui sera réduit dans la Barre des Tâches).

* Si ces deux rapports n'apparaissent pas, vous les trouverez dans le dossier C:\rsit

[aaaa298]

Merci de la réponse. Voici le fichier log

 

Logfile of random's system information tool 1.05 (written by random/random)

Run by Thomas at 2009-02-28 13:40:03

Microsoft® Windows Vista™ Édition Familiale Basique

System drive C: has 3 GB (4%) free of 71 GB

Total RAM: 1014 MB (11% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:40:11, on 28/02/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16809)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Program Files\TechCity Solutions\AOLSAV\AOLAgent.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\AOL\1173121951\ee\aolsoftware.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Real\RealPlayer\realplay.exe

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

C:\program files\common files\aol\1173121951\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe

C:\Program Files\Registry Mechanic\regmech.exe

c:\program files\common files\aol\1173121951\ee\aolsoftware.exe

C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE

C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\Users\Thomas\Desktop\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\Thomas.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...O&pf=laptop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"

O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1173121951\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H

O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll

O13 - Gopher Prefix:

O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/s...te/certdgi1.cab

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...018/flashax.cab

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClient Control) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://jackpotcity.microgaming.com/jackpotcity/FlashAX2.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{400AEE4E-CF37-4742-8A32-189A2CCEDA67}: NameServer = 85.255.112.39,85.255.112.40

O17 - HKLM\System\CCS\Services\Tcpip\..\{B39FB90C-D309-4978-84B3-A0178CC63A1F}: NameServer = 85.255.112.39,85.255.112.40

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

O17 - HKLM\System\CS1\Services\Tcpip\..\{400AEE4E-CF37-4742-8A32-189A2CCEDA67}: NameServer = 85.255.112.39,85.255.112.40

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40

O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe

O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\Windows\wanmpsvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 11503 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\AppleSoftwareUpdate.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}]

VMN Toolbar

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2006-12-18 501384]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-03-05 2436160]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ADECBED6-0366-4377-A739-E69DFBA04663}]

Catcher Class - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll [2007-12-05 94208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-03-05 2436160]

{4982D40A-C53B-4615-B15B-B5B5E98D167C} - AOL Toolbar - C:\Program Files\AOL Toolbar\toolbar.dll [2004-03-22 385024]

{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - []

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-04-13 1006264]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-15 815104]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2006-11-06 98304]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2006-11-06 106496]

"Persistence"=C:\Windows\system32\igfxpers.exe [2006-11-06 81920]

"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2006-12-02 167936]

"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-11-06 159744]

"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2006-12-04 46704]

"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2006-10-18 317152]

"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2006-10-18 472800]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0\bin\jusched.exe [2006-12-18 77824]

"AOLSAV"=C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe [2004-04-26 75776]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-10-25 282624]

"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2007-06-21 70952]

"HostManager"=C:\Program Files\Common Files\AOL\1173121951\ee\AOLSoftware.exe [2006-11-14 50736]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-10-30 256576]

"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-18 81000]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]

"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2007-03-05 26112]

"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]

"ORAHSSSessionManager"=C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe [2007-12-12 107248]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-07 44128]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"RegistryMechanic"=C:\Program Files\Registry Mechanic\RMTray.exe [2008-07-03 812952]

"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2008-12-04 2356088]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableLUA"=0

"ValidateAdminCodeSignatures"=1

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"FilterAdministratorToken"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e800f08c-0eaa-11dc-983b-00038a000015}]

shell\AutoRun\command - F:\iky.bat

shell\explore\command - F:\iky.bat

shell\open\command - F:\iky.bat

 

 

======File associations======

 

.js - edit -

.js - open -

.txt - open -

 

======List of files/folders created in the last 1 months======

 

2009-02-28 13:26:08 ----D---- C:\rsit

2009-02-24 20:53:13 ----D---- C:\RECYCLER

2009-02-24 20:21:42 ----D---- C:\Users\Thomas\AppData\Roaming\XMIND

2009-02-24 20:18:56 ----D---- C:\Program Files\XMIND 2008

2009-02-24 19:48:45 ----D---- C:\Program Files\FreeMind

2009-02-11 14:11:40 ----A---- C:\Windows\system32\msfeeds.dll

2009-02-11 14:11:38 ----A---- C:\Windows\system32\mshtml.dll

2009-02-11 14:11:33 ----A---- C:\Windows\system32\ieframe.dll

2009-02-11 14:11:31 ----A---- C:\Windows\system32\urlmon.dll

2009-02-11 14:11:29 ----A---- C:\Windows\system32\wininet.dll

2009-02-11 14:11:28 ----A---- C:\Windows\system32\mshtmled.dll

2009-02-11 14:11:27 ----A---- C:\Windows\system32\mstime.dll

2009-02-11 14:11:27 ----A---- C:\Windows\system32\ieapfltr.dll

2009-02-11 14:11:27 ----A---- C:\Windows\system32\advpack.dll

2009-02-11 14:11:26 ----A---- C:\Windows\system32\ieui.dll

2009-02-11 14:11:26 ----A---- C:\Windows\system32\iernonce.dll

2009-02-11 14:11:26 ----A---- C:\Windows\system32\ie4uinit.exe

2009-02-11 14:11:26 ----A---- C:\Windows\system32\dxtrans.dll

2009-02-11 14:11:25 ----A---- C:\Windows\system32\iesetup.dll

2009-02-11 14:11:25 ----A---- C:\Windows\system32\iertutil.dll

2009-02-11 14:11:24 ----A---- C:\Windows\system32\jsproxy.dll

2009-02-11 14:11:24 ----A---- C:\Windows\system32\ieUnatt.exe

2009-02-11 14:11:24 ----A---- C:\Windows\system32\icardie.dll

2009-02-11 14:11:24 ----A---- C:\Windows\system32\dxtmsft.dll

2009-02-11 14:11:23 ----A---- C:\Windows\system32\pngfilt.dll

 

======List of files/folders modified in the last 1 months======

 

2009-02-28 13:37:15 ----D---- C:\Windows\Temp

2009-02-28 13:37:04 ----D---- C:\Windows\Prefetch

2009-02-28 11:23:29 ----D---- C:\Windows\system32\drivers

2009-02-28 11:20:59 ----AD---- C:\ProgramData\TEMP

2009-02-27 15:04:11 ----D---- C:\Windows\System32

2009-02-27 15:04:10 ----D---- C:\Windows\inf

2009-02-27 15:04:10 ----A---- C:\Windows\system32\PerfStringBackup.INI

2009-02-27 15:03:30 ----A---- C:\Windows\win.ini

2009-02-27 15:03:20 ----SHD---- C:\Windows\Installer

2009-02-27 15:00:22 ----D---- C:\Windows\twain_32

2009-02-27 08:17:17 ----SHD---- C:\System Volume Information

2009-02-25 19:11:44 ----D---- C:\Users\Thomas\AppData\Roaming\Azureus

2009-02-25 13:06:25 ----A---- C:\Windows\NeroDigital.ini

2009-02-24 20:18:56 ----RD---- C:\Program Files

2009-02-22 20:50:08 ----D---- C:\Program Files\Paint Shop Pro 5

2009-02-18 12:14:03 ----D---- C:\Windows

2009-02-15 10:54:29 ----D---- C:\Windows\system32\catroot2

2009-02-12 03:21:49 ----D---- C:\Windows\winsxs

2009-02-12 03:17:20 ----D---- C:\Windows\system32\migration

2009-02-12 03:17:20 ----D---- C:\Program Files\Internet Explorer

2009-02-12 03:17:19 ----D---- C:\Windows\AppPatch

2009-02-12 03:04:46 ----D---- C:\Windows\system32\catroot

2009-02-12 03:04:35 ----D---- C:\ProgramData\Microsoft Help

2009-02-12 03:03:15 ----D---- C:\Program Files\Windows Mail

2009-02-04 00:21:12 ----A---- C:\Windows\system32\mrt.exe

2009-01-30 14:17:12 ----D---- C:\Users\Thomas\AppData\Roaming\Image Zone Express

2009-01-29 17:43:44 ----D---- C:\Program Files\OrangeHSS

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-11-18 23152]

R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-11-18 110160]

R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-11-18 50864]

R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]

R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]

R1 NEOFLTR_600_13487;Juniper Networks TDI Filter Driver (NEOFLTR_600_13487); \??\C:\Windows\system32\Drivers\NEOFLTR_600_13487.SYS [2008-08-14 64160]

R2 ASCTRM;ASCTRM; C:\Windows\system32\drivers\ASCTRM.sys [2007-03-05 8552]

R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-11-18 20560]

R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-11-18 51792]

R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]

R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]

R3 BCM43XX;Pilote pour carte réseau Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 534016]

R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-11-15 14208]

R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]

R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]

R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]

R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]

R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2006-11-02 145920]

R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]

R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-10-18 206848]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 1473024]

R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-09-26 50176]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-15 179256]

R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]

R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]

R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2007-11-15 11264]

S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 534016]

S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2006-11-02 131584]

S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2006-11-02 16384]

S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2006-11-02 36864]

S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]

S3 E100B;Pilote de carte Intel ® PRO; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]

S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]

S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 1473024]

S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]

S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]

S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]

S3 NETw3v32;Pilote de carte réseau Intel® PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-09 1786880]

S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2006-11-28 28224]

S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2006-11-28 27072]

S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service; C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-18 18752]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-18 155160]

R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-12-11 65536]

R2 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2006-12-04 58984]

R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2006-11-02 22016]

R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]

R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]

R2 WANMiniportService;WAN Miniport (ATW) Service; C:\Windows\wanmpsvc.exe [2003-08-27 65536]

R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-18 254040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-18 352920]

R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2006-11-02 22016]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]

S2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2006-10-23 46640]

S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []

S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-06-26 126976]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-05 138168]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-26 2999664]

S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]

S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 73728]

 

-----------------EOF-----------------

 

 

 

 

 

 

Et le fichier info

 

 

info.txt logfile of random's system information tool 1.05 2009-02-28 13:26:35

 

======Uninstall list======

 

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL

-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL

-->C:\Windows\UNNeroShowTime.exe /UNINSTALL

-->C:\Windows\UNNeroVision.exe /UNINSTALL

-->C:\Windows\UNRecode.exe /UNINSTALL

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}

32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}

ABBYY FineReader 9.0 Professional Edition-->MsiExec.exe /I{F9000000-0001-0000-0000-074957833700}

Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe

Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e225e\Setup.exe

Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}

Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete

Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 8.1.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}

Adobe Setup-->MsiExec.exe /I{2274624C-5B38-41AD-AD27-CEC0924EB628}

Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}

Adobe Setup-->MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}

Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log

Adobe Stock Photos CS3-->C:\Program Files\Common Files\Adobe\Installers\cbb2ea61da9c780bd7e47a5230a9ed7\Setup.exe

Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}

AOL - Assistant de désinstallation-->C:\Program Files\Common Files\AOL\uninstaller.exe

AOL Auto-diagnostic-->C:\Program Files\TechCity Solutions\AOLSAV\uninstall.exe

AOL Toolbar-->"C:\Program Files\AOL Toolbar\UNWISE.EXE" /u "C:\Program Files\AOL Toolbar\INSTALL.LOG"

Apple Software Update-->MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

ASL_HS_Installer32-->MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}

avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup

Azureus-->C:\Program Files\Azureus\Uninstall.exe

Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"

CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"

Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\HUFSetup.EXE -U -Icv30A5za.inf

CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall

dBpoweramp FLAC Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat

dBpoweramp Music Converter-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat

Ecran de veille AOL Photos-->C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe

Free PDF to Word Doc Converter v1.1-->"C:\Program Files\Free PDF to Word Doc Converter\unins000.exe"

FreeMind-->"C:\Program Files\FreeMind\unins000.exe"

FTP Expert 3-->"C:\Program Files\Visicom Media\FTP Expert 3\uninst-ftp.exe"

GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"

Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"

HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30A5\HXFSETUP.EXE -U -Icpv30A5z.inf

Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}

Hewlett-Packard Asset Agent-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}

HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{21E62565-8639-457C-B64C-A3FF0A8B4D80}\setup.exe -runfromtemp -l0x0409

HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly

HP Customer Participation Program 8.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat

HP DVD Play 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall

HP Easy Setup - Core-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9

HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly

HP Help and Support-->MsiExec.exe /I{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}

HP Imaging Device Functions 8.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP OCR Software 8.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat

HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}

HP Photosmart.All-In-One Driver Software 8.0 .A-->C:\Program Files\Hewlett-Packard\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot

HP Quick Launch Buttons 6.10 C1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x40c uninst

HP Solution Center 8.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}

HP User Guide 0039-->MsiExec.exe /I{15DD1D3C-8386-47D4-91A4-2D25FAFE1255}

HP Wireless Assistant-->MsiExec.exe /I{355FADAF-55C4-4E08-88D4-A86C4CA6930C}

IE PassView-->C:\Windows\zipinst.exe /uninst "C:\Program Files\IE PassView\uninst1~.nsu"

Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall

IPA/SAM Phonetics Fonts-->C:\Windows\unins000.exe

iTunes-->MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}

Java SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}

Juniper Networks Secure Application Manager-->C:\Program Files\Juniper Networks\Secure Application Manager\UninstallSAM.exe

Juniper Networks Setup Client Activex Control-->C:\Windows\Downloaded Program Files\JuniperSetupClientCtrlUninstaller.exe

L&H TTS3000 Français-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\LHTTSFRF.inf, Uninstall

Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe

LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U

Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" mmUninstall

Magic ISO Maker v5.4 (build 0251)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG

Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}

Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}

Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}

Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}

Microsoft Office Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL

Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}

Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}

Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}

Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}

Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}

Microsoft Reader Text-to-Speech pour le français-->MsiExec.exe /X{6F1547AA-8DA7-4FAC-BA11-BE1659E7086E}

Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x40c

Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}

Moyea FLV Downloader version 1.15.0.15-->"C:\Program Files\Moyea\FLV Downloader\unins000.exe"

Moyea FLV Player version 1.5.2.7-->"C:\Program Files\Moyea\FLV Player\unins000.exe"

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MySmtp 3.0 (remove only)-->"C:\Program Files\Groupe Eurower\MySmtp 3.0\uninstall.exe"

MySQL Connector/ODBC 3.51-->MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723}

Nero 7-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301036}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

Orange - Logiciels Internet-->C:\Program Files\OrangeHSS\installation\core\Installgui.exe -u

Paint Shop Pro 5.01 CD-->C:\PROGRA~1\PAINTS~1\UNWISE.EXE C:\PROGRA~1\PAINTS~1\INSTALL.LOG

QuickTime-->MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}

RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0

RealSpeak Solo pour la voix francaise Virginie-->MsiExec.exe /I{58B0F3ED-6FAE-486C-9AB9-1C06514097B4}

Registry Mechanic 8.0-->"C:\Program Files\Registry Mechanic\unins000.exe" /Log

Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}

Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}

Roxio Creator EasyArchive-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}

Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}

Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}

RTC Client API v1.2-->MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}

Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}

Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}

Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}

Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}

Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}

Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}

Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}

Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}

Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}

Shop for HP Supplies-->C:\Program Files\Hewlett-Packard\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat

Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}

Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498}

Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}

Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {80E46078-C1C5-4AE8-8744-3EAFC812E118}

Update for Office 2007 (KB946691)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

Update for Outlook 2007 Junk Email Filter (k

[pear]

Téléchargez Malwarebytes' Anti-Malware (MBAM)

[branchez tous les supports amovibles avant de faire ce scan (clé usb/disque dur externe etc)

Si vous utilisez Spybot

Pour désactiver TeaTimer qui ne set à rien et peut faire échouer une désinfection:!

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

* Double cliquez sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation.

Enregistrez le sur le bureau .

Fermer toutes les fenêtres et programmes

Suivez les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet)

N'apportez aucune modification aux réglages par défaut et, en fin d'installation,

Vérifiez que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées

MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse.

cliquer sur OK pour fermer la boîte de dialogue..

* Dans l'onglet "mise à jour", cliquez sur le bouton Recherche de mise à jour:

Si le pare-feu demande l'autorisation à MBAM de se connecter, acceptez.

* Une fois la mise à jour terminée, allez dans l'onglet Recherche.

* Sélectionnez "Exécuter un examen complet"

* Cliquez sur "Rechercher"

* .L' analyse prendra un certain temps, soyez patient !

* A la fin , un message affichera :

L'examen s'est terminé normalement.

 

*Si MBAM n'a rien trouvé, il le dira aussi.

Cliquez sur "Ok" pour poursuivre.

*Fermez les navigateurs.

Cliquez sur Afficher les résultats .

 

*Sélectionnez tout et cliquez sur Supprimer la sélection ,

MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

puis ouvrir le Bloc-notes et y copier le rapport d'analyse qui peut être retrouvé sous l'onglet Rapports/logs.

* Copiez-collez ce rapport dans la prochaine réponse.

[aaaa298]

Malwarebytes' Anti-Malware 1.34

Version de la base de données: 1749

Windows 6.0.6000

 

28/02/2009 19:00:26

mbam-log-2009-02-28 (19-00-26).txt

 

Type de recherche: Examen complet (C:\|D:\|E:\|)

Eléments examinés: 208537

Temps écoulé: 1 hour(s), 56 minute(s), 9 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 1

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 9

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 5

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{400aee4e-cf37-4742-8a32-189a2cceda67}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b39fb90c-d309-4978-84b3-a0178cc63a1f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{400aee4e-cf37-4742-8a32-189a2cceda67}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b39fb90c-d309-4978-84b3-a0178cc63a1f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{400aee4e-cf37-4742-8a32-189a2cceda67}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{b39fb90c-d309-4978-84b3-a0178cc63a1f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Program Files\Navilog1\Backupnavi\nsinet.exe (Dialer) -> Quarantined and deleted successfully.

C:\autorun.inf (Trojan.Agent) -> Quarantined and deleted successfully.

C:\RECYCLER\S-9-0-90-100017647-100023983-100031253-8289.com (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Windows\System32\gaopdxpwxsabko.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Windows\System32\drivers\gaopdxrpalubge.sys (Trojan.Agent) -> Quarantined and deleted successfully.

[pear]

Bonjour,

 

Télécharger sur le bureauOTMoveIt3 by OldTimer .

Double-clic sur OTMoveIt3.exe pour le lancer.

Sous Vista,Clic droit sur le fichier ->Choisir Exécuter en tant qu' Administrateur

Vérifier que Unregister Dll's and Ocx's soit coché.

* Copiez /Collez les lignes ci dessous):

 

:Processes

explorer.exe

 

 

:Files

F:\iky.bat

 

:Reg

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e800f08c-0eaa-11dc-983b-00038a000015}]

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

Revenez dans OTMoveIt3,

Clic droit sur la fenêtre "Paste Instructions for Items to be Moved" sous la barre jaune et choisir Coller(Paste).

* Click le bouton rouge Moveit!

* Fermez OTMoveIt3

Votre Pc va redémarrer.

Rendez vous dans le dossier C:\_OTMoveIt\MovedFiles ,

ouvrez le dernier fichier .log

Copiez/collez en le contenu dans votre prochaine réponse

 

 

 

 

 

 

Désactiver l'antivirus actuel et faire un scan en ligne avec l'un de ces 3 logiciels

NOTE: Le scan en ligne sera à faire avec Internet Explorer.

 

1) Kaspersky

b]Sous Vista,il faut désactiver l'UAC, et cliquer droit sur Internet Explorer / Exécuter en tant qu'administrateur et coller l'URL de Kaspersky[/b]

http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

Vider la corbeille.

* Cliquer sur Accept

* Une barre jaune va demander d'accepter l'installation de Kavwebscan_Unicode.cab, installer l'Active X.

* cliquer une nouvelle fois sur "Accept"

* Les bases de mises à jour vont s'installer, patienter un moment

* Cliquer sur Next.

* Cliquer sur My Computer, le scan se met en route;

attendre la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

A la fin du scan, si des objets infectés sont découverts, cliquer sur Save report as... Choisirr bureau et nommer le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisir "fichiers texte" enregistrer le rapport.

Copier/coller l'entièreté du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

Coller ce rapport dans la réponse sur le forum.

Aide en cas de problème

Cybersécurité

[aaaa298]

Merci de ton aide: ça a été un peu long mais voici les rapports.

 

Le rapport log

 

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

File/Folder F:\iky.bat not found.

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e800f08c-0eaa-11dc-983b-00038a000015}\\ deleted successfully.

========== COMMANDS ==========

File delete failed. C:\Users\Thomas\AppData\Local\Temp\~DF307B.tmp scheduled to be deleted on reboot.

File delete failed. C:\Users\Thomas\AppData\Local\Temp\~DFE238.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.

File delete failed. C:\Windows\temp\TMP00000092E218D96CF2738E89 scheduled to be deleted on reboot.

Windows Temp folder emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03012009_123431

 

Files moved on Reboot...

C:\Users\Thomas\AppData\Local\Temp\~DF307B.tmp moved successfully.

C:\Users\Thomas\AppData\Local\Temp\~DFE238.tmp moved successfully.

File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

File C:\Windows\temp\TMP00000092E218D96CF2738E89 not found!

 

 

 

 

Et le rapport Kaspersky

 

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7 REPORT

Sunday, March 1, 2009

Operating System: Microsoft Windows Vista Home Basic Edition, 32-bit (build 6000)

Kaspersky Online Scanner 7 version: 7.0.25.0

Program database last update: Sunday, March 01, 2009 12:44:05

Records in database: 1858838

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

C:\

D:\

E:\

F:\

 

Scan statistics:

Files scanned: 148848

Threat name: 38

Infected objects: 68

Suspicious objects: 1

Duration of the scan: 04:05:13

 

 

File name / Threat name / Threats count

C:\Lop SD\Backup-Lop\vmntoolbar\vmntoolbar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.j 1

C:\Lop SD\Backup-Lop\vmntoolbar\vmntoolbar_151.zip Infected: not-a-virus:AdWare.Win32.MegaSearch.j 1

C:\Lop SD\osVer.exe Infected: Backdoor.Win32.Small.gov 1

C:\Program Files\Navilog1\Backupnavi\hjreuzee.exe Infected: Trojan.Win32.Obfuscated.aqn 1

C:\Program Files\Visicom Media\FTP Expert 3\vmntoolbar\vmntoolbarsetup.exe Infected: not-a-virus:AdWare.Win32.BHO.w 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\0056323E-000001A3.eml Infected: Worm.Win32.Downloader.wh 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\02C8094D-00000139.eml Infected: Worm.Win32.AutoRun.ons 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\03531A4D-000001C7.eml Infected: Worm.Win32.AutoRun.rwo 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\07345E86-000001C2.eml Infected: Worm.Win32.AutoRun.rsu 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\0D7268AF-000001AA.eml Infected: Trojan-Downloader.Win32.Agent.algj 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\12267EB6-000001BE.eml Infected: Trojan-Downloader.Win32.Small.afzf 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\140C35E7-000001B7.eml Infected: Trojan.Win32.Pakes.lin 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\17A562E2-000001BF.eml Infected: Worm.Win32.AutoRun.rsu 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\1B8F2328-000001A4.eml Infected: Worm.Win32.Downloader.wh 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\1D316158-000001AE.eml Infected: Trojan-Downloader.Win32.Agent.algj 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\1DAD22F1-000001D2.eml Infected: Trojan-Dropper.Win32.Agent.zdl 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\1E343235-0000018D.eml Infected: Worm.Win32.AutoRun.qsf 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\1F2524F5-000001D4.eml Suspicious: Password-protected-EXE 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\255870D8-000001C8.eml Infected: Trojan-Dropper.Win32.Pakes.e 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\2A974C9C-000000B5.eml Infected: Worm.Win32.Socks.agw 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\2B47696B-000001A5.eml Infected: Trojan-Downloader.Win32.Agent.algj 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\2BC042F1-00000175.eml Infected: Worm.Win32.AutoRun.qma 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\2DC75768-000001A2.eml Infected: Worm.Win32.Downloader.wh 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\325879CC-000001C6.eml Infected: Worm.Win32.Agent.jp 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\373765E4-00000198.eml Infected: Worm.Win32.AutoRun.qzg 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\374A60DB-0000019B.eml Infected: Trojan.Win32.Agent.ajcd 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\375520E5-00000106.eml Infected: Trojan-Downloader.Win32.Agent.afqa 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\3797435E-00000196.eml Infected: Worm.Win32.AutoRun.qzg 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\3EE66FC3-0000019C.eml Infected: Trojan.Win32.Agent.ajcd 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\3F764A30-00000197.eml Infected: Worm.Win32.AutoRun.qzc 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\44C37EA3-000001D6.eml Infected: Worm.Win32.AutoRun.scj 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\472F2651-000001B2.eml Infected: Worm.Win32.Agent.jd 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\4911687B-00000199.eml Infected: Trojan-Downloader.Win32.Agent.akmo 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\4B250E36-000001A0.eml Infected: Trojan-Downloader.Win32.Agent.albb 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\4CE954BB-000001AD.eml Infected: Trojan-Downloader.Win32.Agent.algj 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\50934C71-0000010C.eml Infected: Backdoor.Win32.Hijack.e 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\51E6721A-000001B6.eml Infected: Trojan.Win32.Pakes.lin 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\53C5252A-000001CC.eml Infected: Trojan-Dropper.Win32.Agent.zdw 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\554C21ED-00000195.eml Infected: Trojan.Win32.Pakes.lem 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\55A53AC2-000001BD.eml Infected: Trojan-Downloader.Win32.Banload.xlm 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\578F6768-0000019A.eml Infected: Trojan-Downloader.Win32.Agent.akmx 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\5B4F404C-00000085.eml Infected: Trojan-Spy.Win32.Zbot.cod 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\5B691323-000001BC.eml Infected: Trojan.Win32.Agent.akxw 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\5FF36E43-000001BA.eml Infected: Worm.Win32.AutoRun.rkt 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\673307F5-000001A6.eml Infected: Trojan-Downloader.Win32.Agent.algj 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\6B7B4E1C-000001A1.eml Infected: Worm.Win32.Downloader.wh 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\726C11DD-000001C9.eml Infected: Worm.Win32.AutoRun.rys 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\72D75D55-000001A8.eml Infected: Trojan-Downloader.Win32.Agent.algj 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\73DA58B0-000000BF.eml Infected: Trojan-Spy.Win32.Zbot.dqu 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\75FE2814-0000010D.eml Infected: Backdoor.Win32.Hijack.e 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\7C036826-000001A7.eml Infected: Trojan-Downloader.Win32.Agent.algj 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\06D9713E-00000512.eml Infected: Trojan.Win32.Pakes.lin 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\162A0BC3-000004CA.eml Infected: Trojan.Win32.Pakes.lem 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\197926E4-00000572.eml Infected: Worm.Win32.AutoRun.scj 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\2A3A2A85-000004BC.eml Infected: Worm.Win32.AutoRun.qsf 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\2B6A020C-00000549.eml Infected: Worm.Win32.Agent.jp 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\34A77BB6-000004EB.eml Infected: Trojan-Downloader.Win32.Agent.akmo 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\35080E27-000004E8.eml Infected: Trojan-Downloader.Win32.Agent.akmx 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\3694664F-0000054D.eml Infected: Worm.Win32.AutoRun.rwo 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\375019DA-000004DA.eml Infected: Worm.Win32.AutoRun.qzc 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\3CE52463-000004FF.eml Infected: Trojan-Downloader.Win32.Agent.algj 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\7A0A0BA6-00000501.eml Infected: Trojan-Downloader.Win32.Agent.algj 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Webmaster\50C268C1-00000A4F.eml Infected: Worm.Win32.Downloader.wh 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Webmaster\5520236C-00000A77.eml Infected: Trojan.Win32.Agent.akxw 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Webmaster\5D4E305B-00000A58.eml Infected: Worm.Win32.Agent.ja 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Webmaster\5D6B525B-00000A56.eml Infected: Trojan-Downloader.Win32.Agent.algj 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Webmaster\68347928-00000A76.eml Infected: Trojan.Win32.Agent.akxw 1

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Webmaster\795550B1-00000A52.eml Infected: Worm.Win32.Downloader.wh 1

D:\RECYCLER\S-9-0-90-100017647-100023983-100031253-8289.com Infected: Worm.Win32.AutoRun.abbs 1

 

The selected area was scanned.

[pear]

Télécharger sur le bureauOTMoveIt3 by OldTimer .

Double-clic sur OTMoveIt3.exe pour le lancer.

Sous Vista,Clic droit sur le fichier ->Choisir Exécuter en tant qu' Administrateur

Vérifier que Unregister Dll's and Ocx's soit coché.

* Copiez /Collez les lignes ci dessous):

 

:Processes

explorer.exe

vmntoolbarsetup.exe

 

:Files

C:\Program Files\Visicom Media\FTP Expert 3\vmntoolbar

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\0056323E-000001A3.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\02C8094D-00000139.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\03531A4D-000001C7.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\07345E86-000001C2.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\0D7268AF-000001AA.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\12267EB6-000001BE.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\140C35E7-000001B7.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\17A562E2-000001BF.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\1B8F2328-000001A4.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\1D316158-000001AE.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\1DAD22F1-000001D2.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\1E343235-0000018D.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\1F2524F5-000001D4.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\255870D8-000001C8.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\2A974C9C-000000B5.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\2B47696B-000001A5.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\2BC042F1-00000175.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\2DC75768-000001A2.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\325879CC-000001C6.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\373765E4-00000198.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\374A60DB-0000019B.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\375520E5-00000106.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\3797435E-00000196.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\3EE66FC3-0000019C.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\3F764A30-00000197.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\44C37EA3-000001D6.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\472F2651-000001B2.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\4911687B-00000199.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\4B250E36-000001A0.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\4CE954BB-000001AD.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\50934C71-0000010C.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\51E6721A-000001B6.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\53C5252A-000001CC.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\554C21ED-00000195.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\55A53AC2-000001BD.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\578F6768-0000019A.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\5B4F404C-00000085.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\5B691323-000001BC.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\5FF36E43-000001BA.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\673307F5-000001A6.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\6B7B4E1C-000001A1.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\726C11DD-000001C9.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\72D75D55-000001A8.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\73DA58B0-000000BF.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\75FE2814-0000010D.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\7C036826-000001A7.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\06D9713E-00000512.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\162A0BC3-000004CA.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\197926E4-00000572.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\2A3A2A85-000004BC.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\2B6A020C-00000549.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\34A77BB6-000004EB.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\35080E27-000004E8.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\3694664F-0000054D.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\375019DA-000004DA.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\3CE52463-000004FF.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\7A0A0BA6-00000501.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Webmaster\50C268C1-00000A4F.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Webmaster\5520236C-00000A77.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Webmaster\5D4E305B-00000A58.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Webmaster\5D6B525B-00000A56.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Webmaster\68347928-00000A76.eml

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Webmaster\795550B1-00000A52.eml

 

 

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

Revenez dans OTMoveIt3,

Clic droit sur la fenêtre "Paste Instructions for Items to be Moved" sous la barre jaune et choisir Coller(Paste).

* Click le bouton rouge Moveit!

* Fermez OTMoveIt3

Votre Pc va redémarrer.

Rendez vous dans le dossier C:\_OTMoveIt\MovedFiles ,

ouvrez le dernier fichier .log

Copiez/collez en le contenu dans votre prochaine réponse

 

 

Il ne vous servirait à rien de garder les logiciels utilisés pour la désinfection.

Constamment remis à jour , ils seraient obsolètes sous 10 jours.

Pour enlever les programmes utilisés pendant la procédure.

Télécharger ToolsCleaner2 de A.Rothstein

* Enregistrer ToolsCleaner2.exe sur le Bureau.

Sous Vista,Clic-droit > Exécuter en tant que Administrateur

* Double-cliquer dessus, puis cliquer sur Recherche --> Le programme va chercher les utilitaires installés

------> Il se peut que la fenêtre devienne blanche pendant le scan, c'est normal !

L'outil supprimera sans que vous ayez à intervenir.

 

* Copier-coller le contenu du rapport qui apparait dans la fenêtre blanche.

Modifié le 1 mars 2009 par pear

[aaaa298]

========== PROCESSES ==========

Process explorer.exe killed successfully.

Unable to kill process: vmntoolbarsetup.exe

========== FILES ==========

C:\Program Files\Visicom Media\FTP Expert 3\vmntoolbar moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\0056323E-000001A3.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\02C8094D-00000139.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\03531A4D-000001C7.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\07345E86-000001C2.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\0D7268AF-000001AA.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\12267EB6-000001BE.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\140C35E7-000001B7.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\17A562E2-000001BF.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\1B8F2328-000001A4.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\1D316158-000001AE.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\1DAD22F1-000001D2.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\1E343235-0000018D.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\1F2524F5-000001D4.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\255870D8-000001C8.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\2A974C9C-000000B5.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\2B47696B-000001A5.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\2BC042F1-00000175.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\2DC75768-000001A2.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\325879CC-000001C6.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\373765E4-00000198.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\374A60DB-0000019B.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\375520E5-00000106.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\3797435E-00000196.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\3EE66FC3-0000019C.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\3F764A30-00000197.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\44C37EA3-000001D6.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\472F2651-000001B2.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\4911687B-00000199.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\4B250E36-000001A0.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\4CE954BB-000001AD.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\50934C71-0000010C.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\51E6721A-000001B6.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\53C5252A-000001CC.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\554C21ED-00000195.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\55A53AC2-000001BD.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\578F6768-0000019A.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\5B4F404C-00000085.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\5B691323-000001BC.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\5FF36E43-000001BA.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\673307F5-000001A6.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\6B7B4E1C-000001A1.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\726C11DD-000001C9.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\72D75D55-000001A8.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\73DA58B0-000000BF.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\75FE2814-0000010D.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Ebook\7C036826-000001A7.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\06D9713E-00000512.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\162A0BC3-000004CA.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\197926E4-00000572.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\2A3A2A85-000004BC.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\2B6A020C-00000549.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\34A77BB6-000004EB.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\35080E27-000004E8.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\3694664F-0000054D.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\375019DA-000004DA.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\3CE52463-000004FF.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Référencement\7A0A0BA6-00000501.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Webmaster\50C268C1-00000A4F.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Webmaster\5520236C-00000A77.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Webmaster\5D4E305B-00000A58.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Webmaster\5D6B525B-00000A56.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Webmaster\68347928-00000A76.eml moved successfully.

C:\Users\Thomas\AppData\Local\Microsoft\Windows Mail\Local Folders\Webmaster\795550B1-00000A52.eml moved successfully.

========== COMMANDS ==========

File delete failed. C:\Users\Thomas\AppData\Local\Temp\Google Toolbar\gtb2B65.tmp.exe scheduled to be deleted on reboot.

File delete failed. C:\Users\Thomas\AppData\Local\Temp\~DF1CD.tmp scheduled to be deleted on reboot.

File delete failed. C:\Users\Thomas\AppData\Local\Temp\~DFC830.tmp scheduled to be deleted on reboot.

File delete failed. C:\Users\Thomas\AppData\Local\Temp\~DFC839.tmp scheduled to be deleted on reboot.

File delete failed. C:\Users\Thomas\AppData\Local\Temp\~DFE19A.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.

File delete failed. C:\Windows\temp\GoogleToolbarInstaller2.log scheduled to be deleted on reboot.

File delete failed. C:\Windows\temp\TMP0000000CDDE28477CDC2A938 scheduled to be deleted on reboot.

Windows Temp folder emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03012009_184535

 

Files moved on Reboot...

File C:\Users\Thomas\AppData\Local\Temp\Google Toolbar\gtb2B65.tmp.exe not found!

C:\Users\Thomas\AppData\Local\Temp\~DF1CD.tmp moved successfully.

File C:\Users\Thomas\AppData\Local\Temp\~DFC830.tmp not found!

File C:\Users\Thomas\AppData\Local\Temp\~DFC839.tmp not found!

C:\Users\Thomas\AppData\Local\Temp\~DFE19A.tmp moved successfully.

File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

C:\Windows\temp\GoogleToolbarInstaller2.log moved successfully.

File C:\Windows\temp\TMP0000000CDDE28477CDC2A938 not found!

[pear]

Est ce que ça va mieux ?