virus iexplore.exe aidez moi please

kingneo

7 Décembre 2008 18:22:15

salut voila j'ai un antivirus kasperski 7 sur windows vista qui me donne une alert il detecte une application dangereuse c:/program files/internet explorer/iexplore.exe

jai essayer de le supprimé mais il ne veut pas ce supprimer en plus jai deux autre fichier dans le meme dossier: hmmapi.dll et iedw de la meme date et qui ne ce suprime pas

ce que jai essayer c'est de les supprimé en etant en mode sans echec ca na pas marcher

voila j'aimerai bien que qu'elqun m'aide mais juste une remarque pour ce qui auront la gentillesse de m'aider je suis un amateur question programmation est tout donc merci de bien vouloir etre le plus simple possible

merci

Autres pages sur : virus iexplore exe aidez please

| Etre averti des réponses
| Alerter

Répondre à kingneo

Egwene

8 Décembre 2008 15:21:07

Bonjour,

Je vais t'aider à résoudre ton problème. Merci de suivre à la lettre mes instructions et de ne pas prendre d'initiatives personnelles. Si tu as la moindre question, je suis à ton écoute.

Merci de prendre en compte que je suis bénévole et que j'ai une vie privée : je passe au moins une fois par jour.

Si tu penses avoir été oublié, envoie-moi un MP pour me le signaler.

1) Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

Lance l'installation du programme en exécutant le fichier téléchargé.

Double-clique maintenant sur le raccourci de Toolbar-S&D.

Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.

Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.

Poste le rapport généré. (C:\TB.txt)

2) Télécharge Gmer.

Dézippe-le dans un dossier dédié ou sur ton Bureau.

Déconnecte toi d'Internet puis ferme tous les programmes.

Double-clique sur Gmer.exe.
Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

Clique sur l'onglet Rootkit.

A droite, coche tout.

Clique maintenant sur Scan.

Lorsque le scan est terminé, clique sur Copy.

Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.

Le rapport doit alors apparaître.

Enregistre le fichier sur ton Bureau et upload-le sur mediafire.

Uploader un fichier sur mediafire :

Rends-toi sur ce lien : http://www.mediafire.com/

Clique en haut sur "Upload files To Media fire". Choisis ensuite "I want to upload without an account"

Une fenêtre de ton explorateur windows va s'ouvrir. Navigue jusqu'au rapport que je te demande d'uploader, sélectionne-le puis clique sur "ouvrir".

Clique ensuite sur "Upload".

A droite de l'écran, choisis : "upload to a new folder". Laisse le nom par défaut ( = la date )

Valide et laisse l'upload se faire.

Clique sur "Vieuw uploaded file" et copie-moi l'url ( = le lien ) du nouvel onglet ou de la nouvelle fenêtre qui va s'ouvrir dans ton prochain message. Ainsi, je pourrais télécharger le rapport demandé.

3) Télécharge DDS de sUBs et sauvegarde-le sur ton bureau.

Désactive tout script bloquant, tel q'un antivirus, un logiciel comme ad-block, noscript etc.

Double-clique sur dds.scr pour lancer l'outil. Ne double clique qu'une seule fois dessus, sois patient !

Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .

Clique Oui à la prochaine invite Optional Scan.

Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt, garde l'autre sous la main si jamais je te le demande. Copie/colle le rapport sur le forum. N'uploade des fichiers sur mediafire que si j'en fais la demande explicite.

| Alerter

Répondre à Egwene

kingneo

8 Décembre 2008 18:42:12

SALUT J'ai bien recu le message je vais essayer de faire ca
encore merci

| Alerter

Répondre à kingneo

kingneo

8 Décembre 2008 18:50:27

VOILA LE RAPPORT DU TOOLBARSD

-----------\\ ToolBar S&D 1.2.6 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz )
BIOS : Default System BIOS
USER : User ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Internet Security 7.0.0.125 (Activated)
Firewall : Kaspersky Internet Security 7.0.0.125 (Activated)
C:\ (Local Disk) - NTFS - Total:100 Go (Free:55 Go)
D:\ (Local Disk) - NTFS - Total:11 Go (Free:2 Go)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
Option : [1] ( 08/12/2008|19:46 )

[ UAC => 1 ]

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca..."
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca..."
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - 08/12/2008|19:47 - Option : [1]

-----------\\ Fin du rapport a 19:47:56,60

| Alerter

Répondre à kingneo

Egwene

8 Décembre 2008 18:54:49

J'attends la suite

| Alerter

Répondre à Egwene

kingneo

8 Décembre 2008 19:56:50

voila l'url
http://www.mediafire.com/?sharekey=044f06fcccb6175191b2...

| Alerter

Répondre à kingneo

kingneo

8 Décembre 2008 20:04:22

rapport dds

DDS (Version 1.0) - NTFSx86
Run by User at 20:59:11,30 on 08/12/2008
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.1013.195 [GMT 1:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\User\AppData\Local\Temp\~tmpb.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Users\User\Desktop\gmer.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=HP&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=HP&pf=laptop
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Cognac] c:\users\user\appdata\local\temp\~tmpb.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 7.0\avp.exe"
IE: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 7.0\SCIEPlgn.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1.0\r3hook.dll,c:\progra~1\kasper~1\kasper~1.0\adialhk.dll

============= SERVICES / DRIVERS ===============

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2007-4-4 20760]

=============== Created Last 30 ================

2008-12-08 19:54 250 a------- c:\windows\gmer.ini
2008-12-08 19:45 <DIR> --d----- C:\ToolBar SD
2008-12-07 19:42 <DIR> a-d----- c:\programdata\TEMP
2008-12-07 19:39 77,312 a------- c:\windows\system32\ztvunace26.dll
2008-12-07 19:39 162,304 a------- c:\windows\system32\ztvunrar36.dll
2008-12-07 19:39 153,088 a------- c:\windows\system32\UNRAR3.dll
2008-12-07 19:39 75,264 a------- c:\windows\system32\unacev2.dll
2008-12-07 19:39 69,632 a------- c:\windows\system32\ztvcabinet.dll
2008-12-07 17:54 1,524,736 a------- c:\windows\system32\wucltux.dll
2008-12-07 17:53 83,456 a------- c:\windows\system32\wudriver.dll
2008-12-07 17:53 162,064 a------- c:\windows\system32\wuwebv.dll
2008-12-07 17:53 31,232 a------- c:\windows\system32\wuapp.exe
2008-12-06 19:40 <DIR> --d----- c:\program files\LimeWire
2008-11-26 18:28 712,192 a------- c:\windows\system32\WindowsCodecs.dll
2008-11-26 18:28 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2008-11-26 18:28 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2008-11-26 18:28 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2008-11-26 18:27 160,768 a------- c:\windows\system32\PortableDeviceTypes.dll
2008-11-26 18:27 95,232 a------- c:\windows\system32\PortableDeviceClassExtension.dll
2008-11-26 18:27 1,645,568 a------- c:\windows\system32\connect.dll
2008-11-11 20:42 1,194,496 a------- c:\windows\system32\msxml3.dll
2008-11-11 20:42 2,048 a------- c:\windows\system32\msxml3r.dll
2008-11-11 20:42 211,456 a------- c:\windows\system32\drivers\mrxsmb10.sys
2008-11-11 20:39 1,341,440 a------- c:\windows\system32\msxml6.dll
2008-11-11 20:39 2,048 a------- c:\windows\system32\msxml6r.dll

==================== Find3M ====================

2008-12-08 19:58 6,603,552 a--sh--- c:\windows\system32\drivers\fidbox.dat
2008-12-08 15:41 89,672 a--sh--- c:\windows\system32\drivers\fidbox.idx
2008-10-31 13:04 112,144 a------- c:\windows\system32\drivers\kl1.sys
2008-10-31 13:03 96,976 a------- c:\windows\system32\drivers\klin.dat
2008-10-31 13:03 87,855 a------- c:\windows\system32\drivers\klick.dat
2008-10-30 21:06 86,016 a------- c:\windows\inf\infstrng.dat
2008-10-30 21:06 86,016 a------- c:\windows\inf\infstor.dat
2008-10-30 21:06 51,200 a------- c:\windows\inf\infpub.dat
2008-10-30 20:39 690,832 a------- c:\windows\system32\perfh00C.dat
2008-10-30 20:39 117,572 a------- c:\windows\system32\perfc00C.dat
2008-10-11 01:24 268,800 a------- c:\windows\system32\es.dll
2008-10-11 01:22 4,493,312 a------- c:\windows\system32\NlsData0414.dll
2008-10-11 01:22 1,963,520 a------- c:\windows\system32\NlsData000f.dll
2008-10-11 01:22 4,493,312 a------- c:\windows\system32\NlsData0416.dll
2008-10-11 01:22 797,696 a------- c:\windows\system32\NaturalLanguage6.dll
2008-10-11 01:22 4,493,312 a------- c:\windows\system32\NlsData0816.dll
2008-10-11 01:22 1,963,520 a------- c:\windows\system32\NlsData081a.dll
2008-10-11 01:22 6,917,120 a------- c:\windows\system32\NlsLexicons0c1a.dll
2008-10-11 01:22 1,963,520 a------- c:\windows\system32\NlsData0c1a.dll
2008-10-08 15:20 665,600 a------- c:\windows\inf\drvindex.dat
2008-10-08 15:12 174 a--sh--- c:\program files\desktop.ini
2008-10-05 22:19 61,440 a------- c:\windows\system32\winipsec.dll
2008-10-05 22:19 28,672 a------- c:\windows\system32\FwRemoteSvr.dll
2008-10-05 22:19 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2008-10-05 22:19 272,896 a------- c:\windows\system32\polstore.dll
2008-10-05 22:18 28,160 a------- c:\windows\system32\Apphlpdm.dll
2008-10-05 22:18 2,560 a------- c:\windows\apppatch\AcRes.dll
2008-10-05 22:18 2,144,256 a------- c:\windows\apppatch\AcGenral.dll
2008-10-05 22:18 537,600 a------- c:\windows\apppatch\AcLayers.dll
2008-10-05 22:18 449,536 a------- c:\windows\apppatch\AcSpecfc.dll
2008-10-05 22:18 4,247,552 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-10-05 22:18 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-10-05 22:18 1,686,528 a------- c:\windows\system32\gameux.dll
2008-10-05 22:17 704,000 a------- c:\windows\system32\PhotoScreensaver.scr
2008-10-05 22:17 24,064 a------- c:\windows\system32\wtsapi32.dll
2008-10-05 22:17 2,923,520 a------- c:\windows\explorer.exe
2008-10-05 22:17 542,720 a------- c:\windows\system32\sysmain.dll
2008-10-05 22:17 47,104 a------- c:\windows\system32\wlanapi.dll
2008-10-05 22:17 502,784 a------- c:\windows\system32\wlansvc.dll
2008-10-05 22:17 299,008 a------- c:\windows\system32\wlansec.dll
2008-10-05 22:17 289,280 a------- c:\windows\system32\wlanmsm.dll
2008-10-05 22:17 67,584 a------- c:\windows\system32\wlanhlp.dll
2008-10-05 22:16 194,560 a------- c:\windows\system32\WebClnt.dll
2008-10-05 22:12 2,048 a------- c:\windows\system32\tzres.dll
2008-10-05 22:11 303,616 a------- c:\windows\system32\wmpeffects.dll
2008-10-05 22:10 8,147,968 a------- c:\windows\system32\wmploc.DLL
2008-10-05 22:10 7,680 a------- c:\windows\system32\spwmp.dll
2008-10-05 22:10 4,096 a------- c:\windows\system32\dxmasf.dll
2008-10-05 22:10 356,864 a------- c:\windows\system32\MediaMetadataHandler.dll
2008-10-05 22:08 167,424 a------- c:\windows\system32\tcpipcfg.dll
2008-10-05 22:08 24,064 a------- c:\windows\system32\netcfg.exe
2008-10-05 22:08 22,016 a------- c:\windows\system32\netiougc.exe
2008-10-05 22:03 1,585,664 a------- c:\windows\system32\setupapi.dll
2008-10-05 22:03 371,712 a------- c:\windows\system32\srcore.dll
2008-10-05 22:03 313,856 a------- c:\windows\system32\rstrui.exe
2008-10-05 22:03 40,960 a------- c:\windows\system32\srclient.dll
2008-10-05 22:03 613,888 a------- c:\windows\system32\wpd_ci.dll
2008-10-05 22:03 16,384 a------- c:\windows\system32\srdelayed.exe
2008-10-05 22:01 9,728 a------- c:\windows\system32\LAPRXY.DLL
2008-10-05 22:01 223,232 a------- c:\windows\system32\WMASF.DLL
2008-10-05 22:01 2,048 a------- c:\windows\system32\asferror.dll
2008-10-05 22:00 296,448 a------- c:\windows\system32\gdi32.dll
2008-10-05 22:00 14,848 a------- c:\windows\system32\wshrm.dll
2008-10-05 21:59 11,776 a------- c:\windows\system32\sbunattend.exe
2008-10-05 21:59 83,968 a------- c:\windows\system32\dnsrslvr.dll
2008-10-05 21:59 24,576 a------- c:\windows\system32\dnscacheugc.exe
2008-10-05 21:58 788,992 a------- c:\windows\system32\rpcrt4.dll
2008-10-05 21:58 737,792 a------- c:\windows\system32\inetcomm.dll
2008-10-05 21:58 84,480 a------- c:\windows\system32\INETRES.dll
2008-10-02 04:49 826,368 a------- c:\windows\system32\wininet.dll
2008-10-02 04:49 56,320 a------- c:\windows\system32\iesetup.dll
2008-10-02 04:49 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-10-02 04:48 26,624 a------- c:\windows\system32\ieUnatt.exe
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-18 05:35 3,470,904 a------- c:\windows\system32\ntoskrnl.exe
2008-09-18 05:35 3,505,208 a------- c:\windows\system32\ntkrnlpa.exe
2008-09-18 03:03 2,027,520 a------- c:\windows\system32\win32k.sys
2007-11-21 13:29 340,236 a------- c:\windows\inf\perflib\040c\perfi.dat
2007-11-21 13:29 340,236 a------- c:\windows\inf\perflib\040c\perfh.dat
2007-11-21 13:29 37,390 a------- c:\windows\inf\perflib\040c\perfd.dat
2007-11-21 13:29 37,390 a------- c:\windows\inf\perflib\040c\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-08-16 15:01 22 a--sh--- c:\windows\sminst\HPCD.sys

============= FINISH: 21:00:13,39 ===============

| Alerter

Répondre à kingneo

kingneo

8 Décembre 2008 20:05:10

voila c'est tout

| Alerter

Répondre à kingneo

Egwene

8 Décembre 2008 22:26:02

Re,

1) Télécharge OTMoveIt3 (OldTimer). Sauvegarde-le sur ton Bureau.
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

:processes
explorer.exe
~tmpb.exe

:files
C:\Users\User\AppData\Local\Temp\~tmpb.exe

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

Double clique sur OTMoveIt3.exe afin de le lancer.
Colle (ou Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
Clique maintenant sur le bouton MoveIt![/#f] puis ferme OTMoveIt3.

[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]

Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

2) Télécharge [#f0000e]random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

Veille bien à me poster l'intégralité des rapports, vérifie qu'ils soient complets une fois que tu les as postés.

| Alerter

Répondre à Egwene

kingneo

10 Décembre 2008 18:41:10

salut
voila quand je clik sur otmove mon antivirus me le siganle comme un objet malicieux donc je n'est pas autorisé la telechargement
je voulais te demandé est ce que cé vraiment sur sinon questceque je fait
je l'autorise
merci

| Alerter

Répondre à kingneo

Egwene

10 Décembre 2008 22:24:50

Re,

Bah si je te demande de le télécharger, c'est qu'il est sûr...

Désactive ton antivirus avant de le télécharger et pendant son utilisation.

| Alerter

Répondre à Egwene

kingneo

11 Décembre 2008 11:48:45

voila le rapport otmove

========== PROCESSES ==========
Process explorer.exe killed successfully.
Unable to kill process: ~tmpb.exe
========== FILES ==========
C:\Users\User\AppData\Local\Temp\~tmpb.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\User\AppData\Local\Temp\ehmsas.txt scheduled to be deleted on reboot.
File delete failed. C:\Users\User\AppData\Local\Temp\etilqs_Kjce3EdjIMWZw5tbsytt scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\{4d36e96d-e325-11ce-bfc1-08002be10318}0000\INWPS2.ini scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\{4d36e96d-e325-11ce-bfc1-08002be10318}0000\IPathViS.INI scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\{4d36e96c-e325-11ce-bfc1-08002be10318}0001\IPathViS.INI scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\{4d36e96c-e325-11ce-bfc1-08002be10318}0001\IPVENHER.INI scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\{4d36e96c-e325-11ce-bfc1-08002be10318}0001\ISACS.INI scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\{4d36e96c-e325-11ce-bfc1-08002be10318}0001\LEOHERA.INI scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\SETUP47B74C22261\InstApp.ini scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\SETUP47B74C1516C\InstApp.ini scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\SETUP47B74B582D1\InstApp.ini scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\MYDEFAULT\SMAUDIO.INI scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\IntelIMSM\IMSMins.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~8d3c2d988.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~8d3c3047e.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~8f3381a46.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~8f3386c5e.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~8f9a8d1ec.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~8f9a8f69e.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~dacc8a3e.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~daccc320.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~de5a41ba.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~de5a68d1.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~e3e4799c.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\cch~e3e4a508.htp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\coinlog.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\conexant.cer scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\DIFXAPI.DLL scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\DMIEA8C.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ehprivjob.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ehprivjob1.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\IDSinst.LOG scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\IntelTVWizard.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\JET6F26.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\JET70EA.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\JET8094.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\JET8D50.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\JET904D.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\JETB8C3.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20080718-123202-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20080718-123213-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20080720-200017-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20080720-200029-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20080721-202900-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20080721-202914-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20080722-120916-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20080722-120927-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20080816-141125-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20080816-142008-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20080929-161713-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20080929-161723-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081002-192204-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081002-192222-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081011-024334-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081011-024409-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081013-172815-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081013-172917-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081014-231842-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081014-231908-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081017-230101-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081017-230116-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081019-130002-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081019-130020-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081019-170927-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081019-170944-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081019-181308-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081019-181326-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081019-203918-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081019-203943-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081027-092739-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081027-092755-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081028-201158-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081028-201839-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081030-204705-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081030-205145-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081031-211635-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081031-211749-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081101-033130-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081101-033147-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081105-160516-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081105-160547-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081107-140214-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081107-140234-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081107-210406-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081107-210426-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081111-203137-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081111-203444-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081112-194455-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081112-194527-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081114-200235-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081114-200256-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081115-122505-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081115-122522-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081116-113825-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081116-113932-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081116-191949-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081116-192008-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081116-213404-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081116-213422-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081122-170449-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081122-170523-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081126-182945-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081126-183026-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081206-192453-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081206-192537-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081207-180421-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081207-181142-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081207-185138-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081207-185216-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081207-194026-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081207-194048-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081208-183422-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081208-183455-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081208-202041-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081208-202744-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081210-194343-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\lpksetup-20081210-194513-0.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\MpSigStub.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\NerD1B1.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\Norton_SPALOG_10_13_2008_304014.txt scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\Norton_SPALOG_10_5_2008_1502305.txt scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\RTWaveTempINI.ini scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\SETUP.LOG scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\SNDSetup8.0.2.6.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\SNDunin.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\SND_MSI_I_8.0.2.6.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\SND_MSI_U_8.0.2.6_8.0.0.129.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\SRTSP_MSI_I_10.2.2.6.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\SRTSP_MSI_U_(1)10.2.0.57.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\SRTSP_Setup_10.2.2.6.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\srtUnin.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\SYMEVENT.LOG scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\TempINI.ini scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\TMP0000000104872B34254BB20A scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\TMP00000002EDF58F7FBB6FA233 scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\TMP00000046B4634C2F80AD55F8 scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\TMP00000049EC1ACB7675E36982 scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\TMP0000005280944FE3194E3696 scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\WER38EC.tmp.version.txt scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\WER3AC1.tmp.appcompat.txt scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\WER4FD7.tmp.hdmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\WinSAT_DX.etl scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\WinSAT_KernelLog.etl scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\WinSAT_StorageAsmt.etl scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\wlumsp.log scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\edxas9va.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\edxas9va.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\edxas9va.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\edxas9va.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\edxas9va.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12112008_123952

| Alerter

Répondre à kingneo

kingneo

11 Décembre 2008 11:52:18

rapport log.txt
Logfile of random's system information tool 1.04 (written by random/random)
Run by User at 2008-12-11 12:49:53
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 57 GB (56%) free of 103 GB
Total RAM: 1013 MB (20% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:26, on 11/12/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\User\Desktop\RSIT.exe
C:\Program Files\trend micro\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Cognac] C:\Users\User\AppData\Local\Temp\~tmpb.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7613 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2007-07-30 1086816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2007-07-30 1086816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2007-08-28 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2007-08-28 154136]
"Persistence"=C:\Windows\system32\igfxpers.exe [2007-08-28 137752]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-10-10 212992]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-09-30 181544]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-27 202032]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-09-13 222504]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-11-21 1006264]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"HP Health Check Scheduler"=[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-10-03 480560]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2007-06-28 218376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2007-10-01 1783136]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"Cognac"=C:\Users\User\AppData\Local\Temp\~tmpb.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2007-08-20 200704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2007-06-28 206088]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6610dbfa-56f7-11dd-99d1-001b38f5ba29}]
shell\AutoRun\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
shell\open\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

======List of files/folders created in the last 1 months======

2008-12-11 12:49:54 ----D---- C:\Program Files\trend micro
2008-12-11 12:49:53 ----D---- C:\rsit
2008-12-11 12:39:52 ----D---- C:\_OTMoveIt
2008-12-11 12:18:21 ----A---- C:\Windows\system32\tzres.dll
2008-12-10 19:48:12 ----A---- C:\Windows\system32\gdi32.dll
2008-12-10 19:44:43 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-10 19:44:43 ----A---- C:\Windows\system32\mf.dll
2008-12-10 19:44:42 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-10 19:44:41 ----A---- C:\Windows\system32\rrinstaller.exe
2008-12-10 19:44:41 ----A---- C:\Windows\system32\logagent.exe
2008-12-10 19:44:40 ----A---- C:\Windows\system32\mfps.dll
2008-12-10 19:44:40 ----A---- C:\Windows\system32\mfpmp.exe
2008-12-10 19:44:40 ----A---- C:\Windows\system32\mferror.dll
2008-12-10 19:44:25 ----A---- C:\Windows\system32\shell32.dll
2008-12-10 19:43:47 ----A---- C:\Windows\explorer.exe
2008-12-10 19:43:33 ----A---- C:\Windows\system32\mshtml.dll
2008-12-10 19:43:28 ----A---- C:\Windows\system32\urlmon.dll
2008-12-10 19:43:27 ----A---- C:\Windows\system32\ieframe.dll
2008-12-10 19:43:21 ----A---- C:\Windows\system32\wininet.dll
2008-12-10 19:43:20 ----A---- C:\Windows\system32\mstime.dll
2008-12-10 19:43:20 ----A---- C:\Windows\system32\mshtmled.dll
2008-12-10 19:43:19 ----A---- C:\Windows\system32\ieui.dll
2008-12-10 19:43:19 ----A---- C:\Windows\system32\iernonce.dll
2008-12-10 19:43:19 ----A---- C:\Windows\system32\ieapfltr.dll
2008-12-10 19:43:19 ----A---- C:\Windows\system32\ie4uinit.exe
2008-12-10 19:43:19 ----A---- C:\Windows\system32\dxtrans.dll
2008-12-10 19:43:19 ----A---- C:\Windows\system32\advpack.dll
2008-12-10 19:43:18 ----A---- C:\Windows\system32\iesetup.dll
2008-12-10 19:43:18 ----A---- C:\Windows\system32\iertutil.dll
2008-12-10 19:43:16 ----A---- C:\Windows\system32\ieUnatt.exe
2008-12-10 19:43:16 ----A---- C:\Windows\system32\icardie.dll
2008-12-10 19:43:16 ----A---- C:\Windows\system32\dxtmsft.dll
2008-12-10 19:43:15 ----A---- C:\Windows\system32\pngfilt.dll
2008-12-10 19:43:15 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-08 19:54:11 ----A---- C:\Windows\gmer.ini
2008-12-08 19:54:00 ----A---- C:\Windows\gmer_uninstall.cmd
2008-12-08 19:54:00 ----A---- C:\Windows\gmer.dll
2008-12-08 19:53:59 ----A---- C:\Windows\gmer.exe
2008-12-08 19:46:36 ----A---- C:\TB.txt
2008-12-08 19:45:29 ----D---- C:\ToolBar SD
2008-12-07 19:42:00 ----AD---- C:\ProgramData\TEMP
2008-12-07 19:39:59 ----A---- C:\Windows\system32\ztvunace26.dll
2008-12-07 19:39:58 ----A---- C:\Windows\system32\ztvunrar36.dll
2008-12-07 19:39:58 ----A---- C:\Windows\system32\ztvcabinet.dll
2008-12-07 19:39:58 ----A---- C:\Windows\system32\UNRAR3.dll
2008-12-07 19:39:58 ----A---- C:\Windows\system32\unacev2.dll
2008-12-07 19:35:30 ----D---- C:\Users\User\AppData\Roaming\Mozilla
2008-12-07 19:35:11 ----D---- C:\Program Files\Mozilla Firefox
2008-12-07 17:54:32 ----A---- C:\Windows\system32\wups2.dll
2008-12-07 17:54:32 ----A---- C:\Windows\system32\wuauclt.exe
2008-12-07 17:54:31 ----A---- C:\Windows\system32\wucltux.dll
2008-12-07 17:54:30 ----A---- C:\Windows\system32\wuaueng.dll
2008-12-07 17:53:59 ----A---- C:\Windows\system32\wups.dll
2008-12-07 17:53:59 ----A---- C:\Windows\system32\wudriver.dll
2008-12-07 17:53:59 ----A---- C:\Windows\system32\wuapi.dll
2008-12-07 17:53:44 ----A---- C:\Windows\system32\wuwebv.dll
2008-12-07 17:53:44 ----A---- C:\Windows\system32\wuapp.exe
2008-12-06 19:40:01 ----D---- C:\Program Files\LimeWire
2008-11-26 18:28:42 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-26 18:28:42 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-26 18:28:41 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-26 18:28:00 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-26 18:27:59 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2008-11-26 18:27:59 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2008-11-26 18:27:02 ----A---- C:\Windows\system32\connect.dll

======List of files/folders modified in the last 1 months======

2008-12-11 12:49:57 ----D---- C:\Windows\Temp
2008-12-11 12:49:54 ----RD---- C:\Program Files
2008-12-11 12:45:08 ----D---- C:\ProgramData\Kaspersky Lab
2008-12-11 12:43:47 ----D---- C:\Windows\winsxs
2008-12-11 12:43:41 ----D---- C:\Windows\system32\catroot
2008-12-11 12:43:39 ----D---- C:\Windows\system32\catroot2
2008-12-11 12:43:34 ----ASH---- C:\Program Files\desktop.ini
2008-12-11 12:41:09 ----D---- C:\Windows\system32\fr-FR
2008-12-11 12:41:09 ----D---- C:\Windows\System32
2008-12-11 12:41:09 ----D---- C:\Program Files\Windows Mail
2008-12-11 12:41:08 ----D---- C:\Windows\system32\migration
2008-12-11 12:41:08 ----D---- C:\Windows
2008-12-11 12:41:08 ----D---- C:\Program Files\Internet Explorer
2008-12-11 12:41:07 ----D---- C:\Windows\AppPatch
2008-12-11 12:21:18 ----SHD---- C:\System Volume Information
2008-12-10 21:15:52 ----D---- C:\Users\User\AppData\Roaming\LimeWire
2008-12-08 21:36:53 ----D---- C:\Windows\system32\Tasks
2008-12-08 19:54:00 ----D---- C:\Windows\system32\drivers
2008-12-08 19:52:05 ----HD---- C:\ProgramData
2008-12-07 18:58:28 ----D---- C:\Windows\rescache
2008-12-07 18:22:37 ----A---- C:\Windows\ntbtlog.txt
2008-11-20 11:04:53 ----SHD---- C:\Windows\Installer
2008-11-20 11:03:22 ----D---- C:\Windows\Logs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-10-31 112144]
R1 KLIF;KLIF; C:\Windows\system32\DRIVERS\klif.sys [2008-10-28 127768]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 20760]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\Windows\system32\DRIVERS\mdc8021x.sys [2008-07-18 15781]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-09-29 156672]
R3 BCM43XX;Pilote pour carte réseau Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-08 1044472]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-10-05 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-02-27 201728]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-20 1790976]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-04-23 50176]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2007-11-21 132864]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-10-05 11264]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-08 1044472]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys [2008-12-08 85969]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-10-11 176640]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-08-20 1790976]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVP;Kaspersky Internet Security 7.0; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe [2007-06-28 218376]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-05-05 165416]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

| Alerter

Répondre à kingneo

kingneo

11 Décembre 2008 11:53:29

rapport info.txt
info.txt logfile of random's system information tool 1.04 2008-12-11 12:50:31

======Uninstall list======

-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Bricks of Egypt\Uninstall.exe"
-->"C:\Program Files\HP Games\Chicken Invaders 3 - Revenge of the Yolk\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Defender of the Crown - Heroes Live Forever\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe"
-->"C:\Program Files\HP Games\Gem Shop\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Magic Academy\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Ocean Express\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Puzzle Express\Uninstall.exe"
-->"C:\Program Files\HP Games\Shooting Stars Pool\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Sudoku Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AOL Toolbar 5.0-->"C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -ILEOHERza.INF
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
EA Link-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F5577101-33CC-4711-8235-3A95BCD49DB0} /l1036
ESU for Microsoft Vista-->MsiExec.exe /I{AD3FDC40-BCF4-476D-A2D6-C4B154DD9DF5}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -I*.INF
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP DVD Play 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /I{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}
HP Quick Launch Buttons 6.30 E2-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x040c uninst
HP Total Care Advisor-->MsiExec.exe /X{b02df929-29a7-4fd2-9a70-81a644b635f7}
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
HP User Guides 0093-->MsiExec.exe /I{D7358B07-4F10-4014-9869-7999578BE8ED}
HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
Intel(R) TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Kaspersky Internet Security 7.0-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0-->MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
Les Sims™ Histoires de vie-->MsiExec.exe /I{2284D904-C138-4B58-93EC-5C362AB5130A}
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{3B160861-7250-451E-B5EE-8B92BF30A710}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSCU for Microsoft Vista-->MsiExec.exe /I{E87F5651-CE15-493F-AE99-3B670E25A54E}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{250E9609-E830-43EB-B379-DAB7546A2422}\muveesetup.exe -removeonly -runfromtemp
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Nero 7 Premium-->MsiExec.exe /I{70AB1576-7883-2313-C650-7A71270B1036}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x040c -removeonly
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
QuickPlay SlingPlayer 0.4.4-->"C:\Program Files\HP\QuickPlay\unins000.exe"
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}\setup.exe -runfromtemp -l0x040c -removeonly
Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
Update for Office 2007 (KB934528)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u

======Security center information======

AV: Kaspersky Internet Security (disabled)
FW: Kaspersky Internet Security (disabled)
AS: Windows Defender
AS: Kaspersky Internet Security (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PLATFORM"=MCD
"PCBRAND"=HP
"OnlineServices"=Online Services
"USERPART"=E:

-----------------EOF-----------------

| Alerter

Répondre à kingneo

Egwene

11 Décembre 2008 18:10:20

Re,

1) Relance HijackThis (clique droit -> lancer en tant qu'adminstrateur sous Vista), clique sur "do a system scan only", coche ces lignes ( si présentes ) :

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKCU\..\Run: [Cognac] C:\Users\User\AppData\Local\Temp\~tmpb.exe

Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
Puis Fix Checked ! N.B : Il est très important de fermer toutes les applications en cours et de se déconnecter d'internet pour fixer avec hijackthis au risque d'interférer avec les résultats de la manip'.

2)

Télécharge UsbFix (de Chiquitine29) sur ton Bureau.

Lance l'installation avec les paramètres par défaut.

Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.

Double-clique sur le raccourci UsbFix sur ton Bureau.

Choisis l'option Nettoyage.

Le PC va redémarrer.

Après redémarrage, poste le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

3) Poste un nouveau rapport RSIT.

| Alerter

Répondre à Egwene

kingneo

11 Décembre 2008 18:41:24

slt
le HijackThis cest le rsit.exe je suppose ?
de toute facon je clique bouton droit sur rsit.exe je met executé en tant que administrateur
une fenètre windows apparét en disant autorisé le programme ou nou je met oui
la la fenetre rsit ou il ya continue ou exit apparait je met continu mais c'est un autre rapport qui apparait
je ne trouve pas "do a system scan only",

| Alerter

Répondre à kingneo

Egwene

11 Décembre 2008 18:55:00

Re,

Non ce n'est pas RSIT, mes excuses

Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

Double clique sur HJTInstall.exe pour lancer l'installation.

Clique sur Install.

Ca devrait aller mieux

| Alerter

Répondre à Egwene

Tom's guide dans le monde