Sujet Précédent Sujet Suivant

Antivirus désactivé !

Fermé
Fusiored Messages postés 145 Date d'inscription dimanche 30 décembre 2007 Statut Membre Dernière intervention 13 février 2020 - 31 déc. 2008 à 13:47
pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 - 3 janv. 2009 à 16:57
Bonjour,

Hier, j'ai remarqué que je ne pouvais plus utiliser Internet et j'ai vu qu'une Icône dans ma barre d'outils clignotait. C'était mon "filtre ip", il m'indiquait :


Rang______________Source_______________Destination__________Protocol_____ Action

Malware exploits_____192.168.1.**:*****_______85.255.112.**:**____UDP________ Blocked
_____//_________________//____________________ //______________//____________//
_____//_________________//____________________//______________//____________//
_____//____________192.168.1....petit changement___là aussi_________//____________//
etc...


Si je bloc ces adresses, je ne peux plus accéder à Internet et à chaque fois que j'ouvrais mon navigateur, "Malware exploits" essayait de se connecter avec une 20ène de tentatives environ. ( Là j'ai désactivé le filtre pour pouvoir poster ce message ) :(

Je sait qu'il y en a un car mon anti-virus ( McAfee VirusScan Entreprise - AntiSpyware Entreprise ) est désactivé. Impossible de le réactiver.

J'ai fait un grand nettoyage avec McAfee, Spybot-SD, MalwareBytes, CCleaner, et ToolsCleaner 2 en Mode Sans Echec.

Rien à faire, il est toujours incrusté dans l'ordi. Je ne sais pas quoi faire maintenant.

Si vous êtes assez fort pour résoudre se problème, je vous pris de bien vouloir m'aider. Je vous en serai très reconnaissant. Ne sachant pas la durée de la résolution de ce problème, je suppose que vous ne serez pas là ce soir et moi non-plus d'ailleurs donc on reprendra ça un autre jour.
A voir également:

32 réponses

  • 1
  • 2
Réponse 1 / 32
pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 2 502
31 déc. 2008 à 14:03
Télécharge le fichier d'installation d'HijackThis.

Enregistre HJTInstall.exe sur ton bureau.

Double-clique sur HJTInstall.exe pour lancer le programme

Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis

Accepte la licence en cliquant sur le bouton "I Accept"

Choisis l'option "Do a system scan and save a log file"

Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

Colle le rapport que tu viens de copier sur ce forum

Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement

Tutoriaux (ne fixe rien pour le moment !!)

1
Réponse 2 / 32
Fusiored Messages postés 145 Date d'inscription dimanche 30 décembre 2007 Statut Membre Dernière intervention 13 février 2020 45
1 janv. 2009 à 14:34
Merci pour ta réponse !
Bonne Année !


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:02:27, on 01/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Messenger\wlcsdk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\DjyDjy560\Mes documents\Mes vidéos\Téléchargements RealPlayer\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w3/pr [...] NPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} - http://sib1.od2.com/common/musicma [...] Plugin.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://helpx.adobe.com/shockwave/shockwave-end-of-life-faq.html [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{304BF9BC-8D7C-447D-A871-482713E731EC}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs: ,wbsys.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: Service McAfee Framework (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee User Manager (mcusrmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe (file missing)
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--
End of file - 10968 bytes
0
Réponse 3 / 32
Fusiored Messages postés 145 Date d'inscription dimanche 30 décembre 2007 Statut Membre Dernière intervention 13 février 2020 45
1 janv. 2009 à 15:08
Je fais quoi maintenant ?
0
Réponse 4 / 32
pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 2 502
1 janv. 2009 à 16:12
fait ceci ensuite poste le rapport en fonction du rapport je te dirais quoi faire.


Télécharge GenProc sur ton bureau
Dézippe le dossier, double-clique sur GenProc.bat
En final, poste le contenu du rapport qui s'affiche.
Comment utiliser GenProc
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 32
Fusiored Messages postés 145 Date d'inscription dimanche 30 décembre 2007 Statut Membre Dernière intervention 13 février 2020 45
1 janv. 2009 à 17:48
Marrant le pop-up à la fin ! ^^

Voici le
Rapport GenProc 2.320 [1] - 01/01/2009 - Windows XP

Faut-il que je fasse tout ça ?

Il est impératif de désactiver le résident TeaTimer de Spybot pendant l'ensemble des manipulations qui vont suivre. Aide Tea-Timer : http://ww11.genproc.com/spybot/spybot.html

Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".
Par la suite, laisse-le avec ses réglages par défaut. C'est tout.


# Etape 1/ Télécharge :

- Lop S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2 (Eric 71 & Angeldark) sur ton Bureau.

- Toolbar-S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 (Team IDN) sur ton Bureau.

- ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe (sUBs) sur ton Bureau.
Désactive ton antivirus, ton pare-feu et ferme tes programmes en cours. Lance combofix.exe et accepte les termes en cliquant sur OUI. Patiente. Au message "ComboFix a détecté que la 'console de récupération Windows' n'existe pas sur ce PC", clique sur oui puis sur OK, puis patiente. Valide le CLUF Microsoft. Au message "La console de récupération a été installée avec succès", clique impérativement sur NON pour quitter le programme (ferme également le rapport CF-RC.txt qui s'est ouvert)

- MSNFix http://sosvirus.changelog.fr/MSNFix.zip (!aur3n7) et décompresse-le sur le Bureau.


Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; pour retrouver le rapport, clique sur le raccourci "GenProc" sur ton bureau. Choisis ta session courante *** DjyDjy560 ***


# Etape 2/

Lance Toolbar-S&D situé sur le Bureau.
Tape sur "2" puis valide en appuyant sur "Entrée". Ne ferme pas la fenêtre lors de la suppression.

# Etape 3/

Lance le fichier MSNFix.bat qui se trouve dans le dossier MSNfix, sur le bureau.
- Exécute l'option R.
- Si l'infection est détectée, exécute l'option N.
- Sauvegarde ce rapport sur ton bureau.


# Etape 4/

Double-clique sur Lop S&D pour lancer l'installation, séléctionne la langue souhaitée, puis choisis l'Option 2 - Suppression - et patiente jusqu'à ce qu'il ait terminé.

# Etape 5/

Double clique sur combofix.exe et suis les instructions. Attention de ne pas utiliser ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne au risque de figer l'ordinateur.

# Etape 6/

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 7/

Redémarre normalement et poste, dans la même réponse :

- Le contenu du rapport situé dans C:\Combofix.txt;
- Le contenu du rapport MSNfix situé sur le Bureau ;
- Le contenu du rapport C:\TB.txt ;
- Le contenu du rapport C:\lopR.txt ;
- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;

Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.
0
Réponse 6 / 32
pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 2 502
1 janv. 2009 à 18:36
Effectivement tu suit tout cela à la lettre tout ce qui est écrit en postant chaque rapport avant de faire le nettoyage de quoi que ce soit. Merci.
0
Réponse 7 / 32
Fusiored Messages postés 145 Date d'inscription dimanche 30 décembre 2007 Statut Membre Dernière intervention 13 février 2020 45
1 janv. 2009 à 20:13
Combofix m'a demandé d'installer la console de récupération mais m'a dit qu'il n'a pas trouvé le lien de téléchargement. En même temps, il a trouvé un ROOTKIT et a donc redémarré l'ordinateur.
J'ai remarqué que l'antivirus fonctionne mais peut-être y a-t-il d'autres infection dans l'ordi ?

J'attends tes instructions pour la suite ( si jamais il fallait qu'on fasse quelque chose pour la récup.)





ComboFix 08-12-31.01 - DjyDjy560 2009-01-01 19:22:55.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1023.584 [GMT 1:00]
Lancé depuis: c:\documents and settings\DjyDjy560\Bureau\ComboFix.exe

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\DjyDjy560\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
c:\documents and settings\Eric\Application Data\Hotbar_Icons
c:\documents and settings\Eric\Application Data\Hotbar_Icons\3bSoftware_icon_1.ico
c:\documents and settings\Eric\Application Data\Hotbar_Icons\Registryrepair.ico
c:\documents and settings\Eric\Application Data\Hotbar_Icons\wallpapere1.ico
c:\documents and settings\Matthias\Application Data\Hotbar_Icons
c:\documents and settings\Matthias\Application Data\Hotbar_Icons\3bSoftware_icon_1.ico
c:\documents and settings\Matthias\Application Data\Hotbar_Icons\Registryrepair.ico
c:\documents and settings\Matthias\Application Data\Hotbar_Icons\wallpapere1.ico
c:\documents and settings\Matthias\Local Settings\Application Data\dipes_navfx.dat
c:\program files\Mozilla Firefox\components\iamfamous.dll
c:\windows\system32\Cache
c:\windows\system32\drivers\msqpdxqqaoyltp.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\ehhkj.ini
c:\windows\system32\ehhkj.ini2
c:\windows\system32\msqpdxtxubatom.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSQPDXSERV.SYS
-------\Legacy_BOONTY_GAMES
-------\Legacy_DOMAINSERVICE
-------\Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés du 2008-12-01 au 2009-01-01 ))))))))))))))))))))))))))))))))))))
.

2009-01-01 15:25 . 2009-01-01 16:46 53,248 --a------ c:\windows\fados.exe
2009-01-01 14:40 . 2009-01-01 14:40 <REP> d-------- c:\program files\Fichiers communs\Atlence
2009-01-01 14:40 . 2009-01-01 14:40 <REP> d-------- c:\program files\Atlence
2009-01-01 13:08 . 2009-01-01 13:09 <REP> d-------- C:\Rooter$
2008-12-30 17:34 . 2008-12-30 17:34 <REP> d-------- c:\program files\DVD Rip Factory Pro
2008-12-30 17:22 . 2008-12-30 17:22 0 --a------ c:\windows\pcfriend.INI
2008-12-30 17:18 . 2008-12-30 17:22 <REP> d-------- c:\program files\PCFriendly
2008-12-30 17:18 . 1996-10-15 18:01 298,496 --a------ c:\windows\uninst.exe
2008-12-30 17:18 . 1999-09-27 17:15 78,848 --a------ c:\windows\system32\INLOADER.DLL
2008-12-28 15:00 . 2008-12-28 15:00 <REP> d-------- c:\program files\SC4 Region Maker
2008-12-23 08:45 . 2009-01-01 12:36 <REP> d-------- c:\documents and settings\Sonia\Tracing
2008-12-22 18:26 . 2008-12-22 18:26 <REP> d-------- c:\documents and settings\Matthias\Application Data\OpenOffice.org
2008-12-22 16:36 . 2008-12-24 14:17 10 --a------ c:\windows\popcinfo.dat
2008-12-22 15:46 . 2008-12-22 15:46 <REP> d-------- c:\program files\PopCap Games
2008-12-22 15:45 . 2008-12-22 15:57 <REP> d-------- c:\program files\Zuma Deluxe
2008-12-21 21:59 . 2009-01-01 17:32 <REP> d-------- c:\documents and settings\DjyDjy560\Tracing
2008-12-21 14:55 . 2009-01-01 02:07 <REP> d-------- c:\documents and settings\Eric\Tracing
2008-12-21 13:13 . 2009-01-01 15:47 <REP> d-------- c:\documents and settings\Matthias\Tracing
2008-12-21 13:04 . 2008-12-21 13:04 <REP> d-------- c:\program files\Microsoft Silverlight
2008-12-21 12:57 . 2008-12-21 12:57 <REP> d-------- c:\program files\Windows Live SkyDrive
2008-12-21 12:57 . 2008-12-21 12:57 <REP> d-------- c:\program files\Microsoft
2008-12-21 12:48 . 2008-12-21 12:48 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2008-12-12 07:53 . 2008-12-12 07:53 <REP> d-------- c:\documents and settings\Eric\Application Data\OpenOffice.org
2008-12-12 00:29 . 2008-12-18 23:55 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-12 00:29 . 2008-12-12 00:29 1,409 --a------ c:\windows\QTFont.for
2008-12-10 13:07 . 2008-12-10 13:45 <REP> d-------- c:\program files\Monte Cristo
2008-12-06 18:43 . 2008-12-31 23:06 <REP> d-------- c:\windows\OvtCam
2008-12-06 18:43 . 2003-10-15 17:52 307,200 -ra------ c:\windows\vidcap32.exe
2008-12-06 18:43 . 2003-10-15 17:52 200,704 -ra------ c:\windows\sel3110.exe
2008-12-06 18:43 . 2003-10-15 17:52 174,530 -ra------ c:\windows\system32\drivers\ov519vid.sys
2008-12-06 18:43 . 2003-10-15 17:52 135,168 -ra------ c:\windows\ov519cap.exe
2008-12-06 18:43 . 2003-10-15 17:52 61,440 -ra------ c:\windows\ov519dib.dll
2008-12-06 18:43 . 2003-10-15 17:52 40,960 -ra------ c:\windows\system32\ov519ext.dll
2008-12-06 18:43 . 2003-10-15 17:52 40,960 -ra------ c:\windows\CleanDev.exe
2008-12-06 18:43 . 2003-10-15 17:52 32,528 -ra------ c:\windows\amcap.exe
2008-12-06 18:43 . 2003-10-15 17:52 25,211 -ra------ c:\windows\system32\drivers\ov519cmd.sys
2008-12-06 18:43 . 2003-10-15 17:52 25,099 -ra------ c:\windows\system32\ov519ext.ax
2008-12-06 18:43 . 2003-10-15 17:52 16,426 -ra------ c:\windows\system32\ov519usd.dll
2008-12-06 18:29 . 2008-12-06 18:29 <REP> d-------- C:\Temp
2008-12-06 17:57 . 2008-12-06 17:57 <REP> d-------- c:\program files\SEUCDaS
2008-12-06 13:57 . 2008-12-06 13:57 <REP> d-------- c:\program files\Firefly Studios
2008-12-05 03:56 . 2008-12-05 03:56 <REP> d-------- c:\documents and settings\Eric\Application Data\Sonic
2008-12-05 03:56 . 2008-12-05 03:56 <REP> d-------- c:\documents and settings\Eric\Application Data\Leadertech
2008-12-05 00:11 . 2008-12-05 00:11 308,584 --a------ c:\windows\WLXPGSS.SCR
2008-12-03 23:01 . 2008-12-23 13:20 151 --a------ c:\windows\cdplayer.ini
2008-12-02 22:37 . 2008-12-02 22:37 49,480 --a------ c:\windows\system32\sirenacm.dll
2008-12-01 22:48 . 2008-12-01 22:48 <REP> d-------- c:\documents and settings\Eric\Application Data\Windows Search

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-01 18:13 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-01 18:07 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-01 17:52 --------- d-----w c:\program files\PeerGuardian2
2009-01-01 12:03 --------- d-----w c:\program files\Cossacks - Back To War
2008-12-31 12:22 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-30 16:57 --------- d-----w c:\documents and settings\DjyDjy560\Application Data\uTorrent
2008-12-30 16:26 --------- d-----w c:\program files\Alcohol Soft
2008-12-22 20:18 --------- d-----w c:\program files\Messenger Plus! Live
2008-12-22 10:54 --------- d-----w c:\documents and settings\DjyDjy560\Application Data\Spore
2008-12-21 12:04 --------- d-----w c:\program files\Windows Live
2008-12-15 06:00 --------- d-----w c:\documents and settings\Eric\Application Data\plus dent junk
2008-12-15 05:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-14 16:39 --------- d-----w c:\program files\Gothic III
2008-12-03 21:09 --------- d-----w c:\program files\eMule
2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-11-30 16:59 --------- d-----w c:\documents and settings\All Users\Application Data\Screaming Bee
2008-11-30 16:58 --------- d-----w c:\documents and settings\DjyDjy560\Application Data\Screaming Bee
2008-11-30 16:55 --------- d-----w c:\program files\Screaming Bee
2008-11-30 16:55 --------- d-----w c:\program files\Fichiers communs\Screaming Bee
2008-11-30 12:06 --------- d-----w c:\program files\adslTV
2008-11-30 11:50 --------- d-----w c:\documents and settings\Eric\Application Data\vlc
2008-11-30 11:49 --------- d-----w c:\documents and settings\Eric\Application Data\DMV Technologies
2008-11-30 11:48 --------- d-----w c:\program files\DMV
2008-11-29 16:30 --------- d-----w c:\program files\Fichiers communs\xing shared
2008-11-29 16:30 --------- d-----w c:\program files\Fichiers communs\Real
2008-11-28 17:33 --------- d-s---w c:\program files\Xfire
2008-11-28 17:33 --------- d-----w c:\documents and settings\DjyDjy560\Application Data\Xfire
2008-11-28 16:46 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-25 07:06 --------- d-----w c:\documents and settings\Sonia\Application Data\plus dent junk
2008-11-23 13:13 --------- d-----w c:\program files\Google
2008-11-23 13:01 271,360 ----a-w c:\windows\system32\drivers\atksgt.sys
2008-11-23 13:01 18,048 ----a-w c:\windows\system32\drivers\lirsgt.sys
2008-11-23 08:13 --------- d-----w c:\program files\DAP
2008-11-22 17:22 --------- d-----w c:\documents and settings\Matthias\Application Data\plus dent junk
2008-11-22 17:20 --------- d-----w c:\program files\plus dent junk
2008-11-22 15:49 --------- d-----w c:\documents and settings\All Users\Application Data\Fallout3
2008-11-22 15:48 --------- d-----w c:\program files\Bethesda Softworks
2008-11-22 15:46 --------- d-----w c:\program files\MSBuild
2008-11-22 15:43 --------- d-----w c:\program files\Reference Assemblies
2008-11-21 18:03 --------- d-----w c:\program files\Microsoft Plus! Digital Media Edition
2008-11-21 17:16 --------- d-----w c:\program files\ma-config.com
2008-11-21 17:16 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2008-11-21 16:57 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-20 08:01 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-15 08:30 --------- d-----w c:\documents and settings\Sonia\Application Data\OpenOffice.org
2008-11-15 07:18 --------- d-----w c:\documents and settings\Sonia\Application Data\Windows Search
2008-11-14 22:45 --------- d-----w c:\program files\MarkAny
2008-11-14 21:22 --------- d-----w c:\program files\BitTorrent Fastest Tool
2008-11-14 20:08 --------- d-----w c:\program files\microsoft frontpage
2008-11-14 19:59 --------- d-----w c:\documents and settings\DjyDjy560\Application Data\OpenOffice.org
2008-11-14 19:56 --------- d-----w c:\program files\OpenOffice.org 3
2008-11-12 06:47 --------- d-----w c:\program files\MSXML 4.0
2008-11-11 16:39 --------- d-----w c:\documents and settings\DjyDjy560\Application Data\plus dent junk
2008-11-10 13:47 --------- d-----w c:\program files\GameSpy Arcade
2008-11-05 08:08 --------- d-----w c:\documents and settings\Matthias\Application Data\Windows Search
2008-11-03 10:47 --------- d-----w c:\documents and settings\DjyDjy560\Application Data\Windows Search
2008-11-02 14:59 --------- d-----w c:\documents and settings\Eric\Application Data\Notepad++
2008-07-09 06:09 151 ----a-w c:\documents and settings\Eric\check.bat
2008-11-22 19:40 251,392 ----a-w c:\program files\opera\program\plugins\dapop.dll
2008-09-29 06:07 22,576 ----a-w c:\program files\mozilla firefox\components\Scriptff.dll
2008-04-13 20:53 23 --sha-w c:\windows\system32\bccdbbaee5_z.dll
2008-09-20 18:32 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092020080921\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"= "c:\program files\DAEMON Tools Toolbar\DTToolbar.dll" [2008-08-08 691656]

[HKEY_CLASSES_ROOT\clsid\{32099aac-c132-4136-9e9a-4e364a424e17}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-10-23 1336560]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2008-11-22 3122688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"NvMediaCenter"="NvMCTray.dll" [2008-09-17 c:\windows\system32\nvmctray.dll]

c:\documents and settings\Sonia\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]

c:\documents and settings\DjyDjy560\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]

c:\documents and settings\Eric\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-05-03 23:05 210168 c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= ,wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"SENTINEL"= snti386.dll
"vidc.dvsd"= pdvcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Contrôleur de calendrier Ulead.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Contrôleur de calendrier Ulead.lnk
backup=c:\windows\pss\Contrôleur de calendrier Ulead.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^OFFICE One Notes v6.5.lnk]
backup=c:\windows\pss\OFFICE One Notes v6.5.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^DjyDjy560^Menu Démarrer^Programmes^Démarrage^BitTorrent Acceleration Patch.lnk]
backup=c:\windows\pss\BitTorrent Acceleration Patch.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^DjyDjy560^Menu Démarrer^Programmes^Démarrage^BoontyBox 01net.lnk]
backup=c:\windows\pss\BoontyBox 01net.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^DjyDjy560^Menu Démarrer^Programmes^Démarrage^OFFICE One 6.5.lnk]
backup=c:\windows\pss\OFFICE One 6.5.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^DjyDjy560^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
backup=c:\windows\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Eric^Menu Démarrer^Programmes^Démarrage^OFFICE One 6.5.lnk]
path=c:\documents and settings\Eric\Menu Démarrer\Programmes\Démarrage\OFFICE One 6.5.lnk
backup=c:\windows\pss\OFFICE One 6.5.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Sonia^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
path=c:\documents and settings\Sonia\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
backup=c:\windows\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Sonia^Menu Démarrer^Programmes^Démarrage^TransBar.lnk]
path=c:\documents and settings\Sonia\Menu Démarrer\Programmes\Démarrage\TransBar.lnk
backup=c:\windows\pss\TransBar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Sonia^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]
path=c:\documents and settings\Sonia\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
backup=c:\windows\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Sonia^Menu Démarrer^Programmes^Démarrage^Y'z Shadow.lnk]
path=c:\documents and settings\Sonia\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
backup=c:\windows\pss\Y'z Shadow.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotbarOE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotbarSA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedBitVideoAccelerator

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DetectorApp]
--a------ 2005-10-20 13:15 102400 c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-11-22 20:40 3122688 c:\program files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OoPDFSettingsv6.exe]
--a------ 2003-11-20 10:38 460800 c:\program files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-14 23:43 286720 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\remoteoption]
--a------ 2008-11-19 21:08 538624 c:\docume~1\Sonia\APPLIC~1\PLUSDE~1\Start Face.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
--a------ 2008-09-17 12:36 484880 c:\program files\Samsung\EmoDio\SMSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-11-29 17:29 185872 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
--a------ 2007-09-26 18:05 734264 c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-09-17 23:55 1657376 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"InCDsrv"=2 (0x2)
"AVEService"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AntiVirMailService"=2 (0x2)
"NWCWorkstation"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"Boonty Games"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sierra\\Homeworld2\\Bin\\Release\\Homeworld2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\VirtualDJ\\virtualdj_trial.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Fichiers communs\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Cossacks - Back To War\\DMCR.EXE"=
"c:\\Program Files\\Neuf\\Kit\\9conf.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\GameSpy Arcade\\fpupdate.exe"=
"c:\\Program Files\\GameSpy Arcade\\RptCrash.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\w40k.exe"=
"c:\\Programmes\\Activision\\Rome - Total War\\RomeTW.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\DMV\\MaxTV4\\maxtv.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R2 McAfeeEngineService;McAfee Engine Service;"c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe" [2008-09-29 19456]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-10-12 67904]
R2 sentemul;sentemul;\??\c:\windows\system32\drivers\sentemul.sys [2008-02-25 11812]
S3 idrmkl;idrmkl;\??\c:\docume~1\Matthias\LOCALS~1\Temp\idrmkl.sys []
S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-11-17 195752]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-10-12 64432]
S3 PMUSB2G;PassMark® Software USB 2.0 Loopback plug;c:\windows\system32\Drivers\PMUSB.sys [2008-04-01 18944]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2006-09-26 21920]
S3 UsbSagCom;Mobile Device Full USB Driver;c:\windows\system32\DRIVERS\UsbSagCom.sys [2007-06-29 51712]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2d55c21-7103-11dc-8ae4-00038a000015}]
\Shell\AutoRun\command - J:\Autorun.exe
.
Contenu du dossier 'Tâches planifiées'

2009-01-01 c:\windows\Tasks\A431145C91928F3C.job
- c:\docume~1\eric\applic~1\plusde~1\browse manager math.exe []

2009-01-01 c:\windows\Tasks\A8699B2791420C47.job
- c:\docume~1\sonia\applic~1\plusde~1\browse manager math.exe [2008-11-19 21:08]

2009-01-01 c:\windows\Tasks\AB37B53E91E83486.job
- c:\docume~1\matthias\applic~1\plusde~1\browse manager math.exe [2008-11-22 18:22]
.
- - - - ORPHELINS SUPPRIMES - - - -

ShellIconOverlayIdentifiers-{9D1F87E7-4D72-41AB-9D57-D101A08F20E5} - (no file)
Notify-AtiExtEvent - (no file)
MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
MSConfigStartUp-Dog Cool Send Play - c:\documents and settings\All Users\Application Data\Road Inter Dog Cool\Amen Bleh.exe
MSConfigStartUp-PC Connection Agent - c:\program files\Microsoft ActiveSync\wcescomm.exe
MSConfigStartUp-IncrediMail - c:\program files\IncrediMail\bin\IncMail.exe
MSConfigStartUp-kokiqsk - c:\documents and settings\matthias\local settings\application data\kokiqsk.exe
MSConfigStartUp-RocketDock - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-UberIcon - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
MSConfigStartUp-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
MSConfigStartUp-Uniblue SpeedUpMyPC - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://home.neuf.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
TCP: {304BF9BC-8D7C-447D-A871-482713E731EC} = 208.67.220.220,208.67.222.222

O16 -: Microsoft XML Parser for Java - c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\DjyDjy560\Application Data\Mozilla\Firefox\Profiles\thurqdxq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\DjyDjy560\Application Data\Mozilla\Firefox\Profiles\thurqdxq.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll

[color=red]ATTENTION: FIREFOX POLICES IS IN FORCE [/color]
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-01 19:31:41
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-2776753736-919526408-3057377715-1005
@Allowed: (Read) (Everyone)
@Allowed: (Read) (Users)
@Allowed: (Read) (PowerUsers)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (S-1-5-21-2776753736-919526408-3057377715-1005)
"*"=dword:00000004

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-2776753736-919526408-3057377715-1005
@Allowed: (Read) (Everyone)
@Allowed: (Read) (Users)
@Allowed: (Read) (PowerUsers)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (S-1-5-21-2776753736-919526408-3057377715-1005)
"*"=dword:00000004

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL*â*NULL*¬  r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004

[HKEY_USERS\S-1-5-21-2776753736-919526408-3057377715-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\EA GAMES\L*NULL*e*NULL*s*NULL* *NULL*S*NULL*i*NULL*m*NULL*s*NULL*"! *NULL*2*NULL* *NULL*A*NULL*n*NULL*i*NULL*m*NULL*a*NULL*u*NULL*x*NULL* *NULL*&*NULL* *NULL*C*NULL*i*NULL*e*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,ec,04,00,00,01,00,00,00,08,00,00,00,92,00,\
00,00,00,00,00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,\
00,d7,04,00,00,e8,38,f5,81,20,00,41,53,53,49,53,54,7e,31,2e,4c,4e,4b,00,00,\
48,00,03,00,04,00,ef,be,e8,38,f5,81,17,39,10,69,14,00,00,00,41,00,73,00,73,\
00,69,00,73,00,74,00,61,00,6e,00,63,00,65,00,20,00,74,00,65,00,63,00,68,00,\
6e,00,69,00,71,00,75,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,\
00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,92,00,00,00,01,00,\
00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,00,2d,04,00,\
00,e8,38,f5,81,20,00,49,4e,53,43,52,49,7e,31,2e,4c,4e,4b,00,00,48,00,03,00,\
04,00,ef,be,e8,38,f5,81,17,39,10,69,14,00,00,00,49,00,6e,00,73,00,63,00,72,\
00,69,00,70,00,74,00,69,00,6f,00,6e,00,20,00,65,00,6e,00,20,00,6c,00,69,00,\
67,00,6e,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,94,00,00,00,02,00,00,00,86,00,\
00,00,41,75,67,4d,02,00,00,00,01,00,00,00,74,00,32,00,c4,07,00,00,e8,38,f5,\
81,20,00,4c,45,53,53,49,4d,7e,33,2e,4c,4e,4b,00,00,4a,00,03,00,04,00,ef,be,\
e8,38,f5,81,17,39,10,69,14,00,00,00,4c,00,65,00,73,00,20,00,53,00,69,00,6d,\
00,73,00,20,00,32,00,20,00,20,00,42,00,6f,00,69,00,74,00,40,00,4c,00,6f,00,\
6f,00,6b,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,\
00,00,00,1c,00,00,00,00,00,00,00,00,00,9c,00,00,00,03,00,00,00,8e,00,00,00,\
41,75,67,4d,02,00,00,00,01,00,00,00,7c,00,32,00,a9,07,00,00,e8,38,f5,81,20,\
00,4c,45,53,53,49,4d,7e,31,2e,4c,4e,4b,00,00,52,00,03,00,04,00,ef,be,e8,38,\
f5,81,17,39,10,69,14,00,00,00,4c,00,65,00,73,00,20,00,53,00,69,00,6d,00,73,\
00,22,21,20,00,32,00,20,00,41,00,6e,00,69,00,6d,00,61,00,75,00,78,00,20,00,\
26,00,20,00,43,00,69,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,\
00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,c0,00,00,00,04,00,\
00,00,b2,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,a0,00,32,00,76,07,00,\
00,e8,38,f5,81,20,00,4c,45,53,53,49,4d,7e,32,2e,4c,4e,4b,00,00,76,00,03,00,\
04,00,ef,be,e8,38,f5,81,17,39,10,69,14,00,00,00,4c,00,65,00,73,00,20,00,53,\
00,69,00,6d,00,73,00,22,21,20,00,32,00,20,00,41,00,6e,00,69,00,6d,00,61,00,\
75,00,78,00,20,00,26,00,20,00,43,00,69,00,65,00,20,00,2d,00,20,00,44,00,e9,\
00,73,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,6f,00,\
6e,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,\
00,1c,00,00,00,00,00,00,00,00,00,7a,00,00,00,05,00,00,00,6c,00,00,00,41,75,\
67,4d,02,00,00,00,01,00,00,00,5a,00,32,00,e1,03,00,00,e8,38,f5,81,20,00,4c,\
69,73,65,7a,4d,6f,69,2e,6c,6e,6b,00,00,30,00,03,00,04,00,ef,be,e8,38,f5,81,\
17,39,10,69,14,00,00,00,4c,00,69,00,73,00,65,00,7a,00,4d,00,6f,00,69,00,2e,\
00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,\
00,00,00,00,00,00,00,00,a4,00,00,00,06,00,00,00,96,00,00,00,41,75,67,4d,02,\
00,00,00,01,00,00,00,84,00,32,00,38,00,00,00,e8,38,f5,81,20,00,4d,49,53,45,\
4a,4f,7e,31,2e,55,52,4c,00,00,5a,00,03,00,04,00,ef,be,e8,38,f5,81,17,39,10,\
69,14,00,00,00,4d,00,69,00,73,00,65,00,20,00,e0,00,20,00,6a,00,6f,00,75,00,\
72,00,20,00,28,00,73,00,69,00,74,00,65,00,20,00,65,00,6e,00,20,00,61,00,6e,\
00,67,00,6c,00,61,00,69,00,73,00,29,00,2e,00,75,00,72,00,6c,00,00,00,1c,00,\
0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,ae,00,00,\
00,07,00,00,00,a0,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,8e,00,32,00,\
2c,05,00,00,e8,38,f6,81,20,00,57,57,57,54,48,45,7e,31,2e,4c,4e,4b,00,00,64,\
00,03,00,04,00,ef,be,e8,38,f6,81,17,39,10,69,14,00,00,00,77,00,77,00,77,00,\
2e,00,74,00,68,00,65,00,73,00,69,00,6d,00,73,00,32,00,2e,00,63,00,6f,00,6d,\
00,20,00,28,00,73,00,69,00,74,00,65,00,20,00,65,00,6e,00,20,00,61,00,6e,00,\
67,00,6c,00,61,00,69,00,73,00,29,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,\
00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00

[HKEY_USERS\S-1-5-21-2776753736-919526408-3057377715-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\EA GAMES\L*NULL*e*NULL*s*NULL* *NULL*S*NULL*i*NULL*m*NULL*s*NULL*"! *NULL*2*NULL* *NULL*I*NULL*K*NULL*E*NULL*A*NULL*®*NULL* *NULL*H*NULL*o*NULL*m*NULL*e*NULL* *NULL*D*NULL*e*NULL*s*NULL*i*NULL*g*NULL*n*NULL* *NULL*K*NULL*i*NULL*t*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,44,04,00,00,01,00,00,00,07,00,00,00,92,00,\
00,00,00,00,00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,\
00,32,05,00,00,e8,38,a1,8e,20,00,41,53,53,49,53,54,7e,31,2e,4c,4e,4b,00,00,\
48,00,03,00,04,00,ef,be,e8,38,a1,8e,17,39,10,69,14,00,00,00,41,00,73,00,73,\
00,69,00,73,00,74,00,61,00,6e,00,63,00,65,00,20,00,74,00,65,00,63,00,68,00,\
6e,00,69,00,71,00,75,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,\
00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,92,00,00,00,01,00,\
00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,00,7a,00,00,\
00,e8,38,a1,8e,20,00,49,4e,53,43,52,49,7e,31,2e,55,52,4c,00,00,48,00,03,00,\
04,00,ef,be,e8,38,a1,8e,17,39,10,69,14,00,00,00,49,00,6e,00,73,00,63,00,72,\
00,69,00,70,00,74,00,69,00,6f,00,6e,00,20,00,65,00,6e,00,20,00,6c,00,69,00,\
67,00,6e,00,65,00,2e,00,75,00,72,00,6c,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,96,00,00,00,02,00,00,00,88,00,\
00,00,41,75,67,4d,02,00,00,00,01,00,00,00,76,00,32,00,0e,08,00,00,e8,38,a1,\
8e,20,00,4c,45,53,53,49,4d,7e,33,2e,4c,4e,4b,00,00,4c,00,03,00,04,00,ef,be,\
e8,38,a1,8e,17,39,10,69,14,00,00,00,4c,00,65,00,73,00,20,00,53,00,69,00,6d,\
00,73,00,22,21,20,00,32,00,20,00,20,00,42,00,6f,00,69,00,74,00,40,00,4c,00,\
6f,00,6f,00,6b,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,ac,00,00,00,03,00,00,00,9e,00,\
00,00,41,75,67,4d,02,00,00,00,01,00,00,00,8c,00,32,00,1a,08,00,00,e8,38,a1,\
8e,20,00,4c,45,53,53,49,4d,7e,31,2e,4c,4e,4b,00,00,62,00,03,00,04,00,ef,be,\
e8,38,a1,8e,17,39,10,69,14,00,00,00,4c,00,65,00,73,00,20,00,53,00,69,00,6d,\
00,73,00,22,21,20,00,32,00,20,00,49,00,4b,00,45,00,41,00,ae,00,20,00,48,00,\
6f,00,6d,00,65,00,20,00,44,00,65,00,73,00,69,00,67,00,6e,00,20,00,4b,00,69,\
00,74,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,\
00,00,1c,00,00,00,00,00,00,00,00,00,d0,00,00,00,04,00,00,00,c2,00,00,00,41,\
75,67,4d,02,00,00,00,01,00,00,00,b0,00,32,00,ce,07,00,00,e8,38,a1,8e,20,00,\
4c,45,53,53,49,4d,7e,32,2e,4c,4e,4b,00,00,86,00,03,00,04,00,ef,be,e8,38,a1,\
8e,17,39,10,69,14,00,00,00,4c,00,65,00,73,00,20,00,53,00,69,00,6d,00,73,00,\
22,21,20,00,32,00,20,00,49,00,4b,00,45,00,41,00,ae,00,20,00,48,00,6f,00,6d,\
00,65,00,20,00,44,00,65,00,73,00,69,00,67,00,6e,00,20,00,4b,00,69,00,74,00,\
20,00,2d,00,20,00,44,00,e9,00,73,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,\
00,61,00,74,00,69,00,6f,00,6e,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,\
00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,7a,00,00,00,05,\
00,00,00,6c,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5a,00,32,00,09,04,\
00,00,e8,38,a1,8e,20,00,4c,69,73,65,7a,4d,6f,69,2e,6c,6e,6b,00,00,30,00,03,\
00,04,00,ef,be,e8,38,a1,8e,17,39,10,69,14,00,00,00,4c,00,69,00,73,00,65,00,\
7a,00,4d,00,6f,00,69,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,\
00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,88,00,00,00,06,00,00,00,\
7a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,68,00,32,00,30,00,00,00,e8,\
38,a1,8e,20,00,57,57,57,4c,45,53,7e,31,2e,55,52,4c,00,00,3e,00,03,00,04,00,\
ef,be,e8,38,a1,8e,17,39,10,69,14,00,00,00,77,00,77,00,77,00,2e,00,6c,00,65,\
00,73,00,73,00,69,00,6d,00,73,00,32,00,2e,00,66,00,72,00,2e,00,75,00,72,00,\
6c,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,\
00,00,00

[HKEY_USERS\S-1-5-21-2776753736-919526408-3057377715-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\EA GAMES\L*NULL*e*NULL*s*NULL* *NULL*S*NULL*i*NULL*m*NULL*s*NULL*"! *NULL*2*NULL* *NULL*J*NULL*o*NULL*u*NULL*r*NULL* *NULL*d*NULL*e*NULL* *NULL*f*NULL*ê*NULL*t*NULL*e*NULL* *NULL*!*NULL* *NULL*K*NULL*i*NULL*t*NULL* *NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,e0,04,00,00,01,00,00,00,08,00,00,00,92,00,\
00,00,00,00,00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,\
00,60,05,00,00,e8,38,72,98,20,00,41,53,53,49,53,54,7e,31,2e,4c,4e,4b,00,00,\
48,00,03,00,04,00,ef,be,e8,38,72,98,ea,38,61,80,14,00,00,00,41,00,73,00,73,\
00,69,00,73,00,74,00,61,00,6e,00,63,00,65,00,20,00,74,00,65,00,63,00,68,00,\
6e,00,69,00,71,00,75,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,\
00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,92,00,00,00,01,00,\
00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,00,57,04,00,\
00,e8,38,72,98,20,00,49,4e,53,43,52,49,7e,31,2e,4c,4e,4b,00,00,48,00,03,00,\
04,00,ef,be,e8,38,72,98,ea,38,61,80,14,00,00,00,49,00,6e,00,73,00,63,00,72,\
00,69,00,70,00,74,00,69,00,6f,00,6e,00,20,00,65,00,6e,00,20,00,6c,00,69,00,\
67,00,6e,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,96,00,00,00,02,00,00,00,88,00,\
00,00,41,75,67,4d,02,00,00,00,01,00,00,00,76,00,32,00,fc,07,00,00,e8,38,72,\
98,20,00,4c,45,53,53,49,4d,7e,33,2e,4c,4e,4b,00,00,4c,00,03,00,04,00,ef,be,\
e8,38,72,98,ea,38,61,80,14,00,00,00,4c,00,65,00,73,00,20,00,53,00,69,00,6d,\
00,73,00,22,21,20,00,32,00,20,00,20,00,42,00,6f,00,69,00,74,00,40,00,4c,00,\
6f,00,6f,00,6b,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,a8,00,00,00,03,00,00,00,9a,00,\
00,00,41,75,67,4d,02,00,00,00,01,00,00,00,88,00,32,00,eb,07,00,00,e8,38,72,\
98,20,00,4c,45,53,53,49,4d,7e,31,2e,4c,4e,4b,00,00,5e,00,03,00,04,00,ef,be,\
e8,38,72,98,ea,38,61,80,14,00,00,00,4c,00,65,00,73,00,20,00,53,00,69,00,6d,\
00,73,00,22,21,20,00,32,00,20,00,4a,00,6f,00,75,00,72,00,20,00,64,00,65,00,\
20,00,66,00,ea,00,74,00,65,00,20,00,21,00,20,00,4b,00,69,00,74,00,a0,00,2e,\
00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,\
00,00,00,00,00,00,00,00,cc,00,00,00,04,00,00,00,be,00,00,00,41,75,67,4d,02,\
00,00,00,01,00,00,00,ac,00,32,00,b8,07,00,00,e8,38,72,98,20,00,4c,45,53,53,\
49,4d,7e,32,2e,4c,4e,4b,00,00,82,00,03,00,04,00,ef,be,e8,38,72,98,ea,38,61,\
80,14,00,00,00,4c,00,65,00,73,00,20,00,53,00,69,00,6d,00,73,00,22,21,20,00,\
32,00,20,00,4a,00,6f,00,75,00,72,00,20,00,64,00,65,00,20,00,66,00,ea,00,74,\
00,65,00,20,00,21,00,20,00,4b,00,69,00,74,00,a0,00,20,00,2d,00,20,00,44,00,\
e9,00,73,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,6f,\
00,6e,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,\
00,00,1c,00,00,00,00,00,00,00,00,00,7a,00,00,00,05,00,00,00,6c,00,00,00,41,\
75,67,4d,02,00,00,00,01,00,00,00,5a,00,32,00,ff,03,00,00,e8,38,72,98,20,00,\
4c,69,73,65,7a,4d,6f,69,2e,6c,6e,6b,00,00,30,00,03,00,04,00,ef,be,e8,38,72,\
98,ea,38,61,80,14,00,00,00,4c,00,69,00,73,00,65,00,7a,00,4d,00,6f,00,69,00,\
2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,\
00,00,00,00,00,00,00,00,00,a4,00,00,00,06,00,00,00,96,00,00,00,41,75,67,4d,\
02,00,00,00,01,00,00,00,84,00,32,00,38,00,00,00,e8,38,72,98,20,00,4d,49,53,\
45,4a,4f,7e,31,2e,55,52,4c,00,00,5a,00,03,00,04,00,ef,be,e8,38,72,98,ea,38,\
61,80,14,00,00,00,4d,00,69,00,73,00,65,00,20,00,e0,00,20,00,6a,00,6f,00,75,\
00,72,00,20,00,28,00,73,00,69,00,74,00,65,00,20,00,65,00,6e,00,20,00,61,00,\
6e,00,67,00,6c,00,61,00,69,00,73,00,29,00,2e,00,75,00,72,00,6c,00,00,00,1c,\
00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,88,00,\
00,00,07,00,00,00,7a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,68,00,32,\
00,30,05,00,00,e8,38,72,98,20,00,57,57,57,4c,45,53,7e,31,2e,4c,4e,4b,00,00,\
3e,00,03,00,04,00,ef,be,e8,38,72,98,ea,38,61,80,14,00,00,00,77,00,77,00,77,\
00,2e,00,6c,00,65,00,73,00,73,00,69,00,6d,00,73,00,32,00,2e,00,66,00,72,00,\
2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,\
00,00,00,00,00,00,00,00,00

[HKEY_USERS\S-1-5-21-2776753736-919526408-3057377715-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\EA GAMES\L*NULL*e*NULL*s*NULL* *NULL*S*NULL*i*NULL*m*NULL*s*NULL*"! *NULL*2*NULL* *NULL*K*NULL*i*NULL*t*NULL* *NULL*G*NULL*l*NULL*a*NULL*m*NULL*o*NULL*u*NULL*r*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,e4,04,00,00,01,00,00,00,08,00,00,00,92,00,\
00,00,00,00,00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,\
00,c9,04,00,00,e8,38,89,81,20,00,41,53,53,49,53,54,7e,31,2e,4c,4e,4b,00,00,\
48,00,03,00,04,00,ef,be,e8,38,89,81,f1,38,3d,7d,14,00,00,00,41,00,73,00,73,\
00,69,00,73,00,74,00,61,00,6e,00,63,00,65,00,20,00,74,00,65,00,63,00,68,00,\
6e,00,69,00,71,00,75,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,\
00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,92,00,00,00,01,00,\
00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,00,1f,04,00,\
00,e8,38,89,81,20,00,49,4e,53,43,52,49,7e,31,2e,4c,4e,4b,00,00,48,00,03,00,\
04,00,ef,be,e8,38,89,81,f1,38,3d,7d,14,00,00,00,49,00,6e,00,73,00,63,00,72,\
00,69,00,70,00,74,00,69,00,6f,00,6e,00,20,00,65,00,6e,00,20,00,6c,00,69,00,\
67,00,6e,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,94,00,00,00,02,00,00,00,86,00,\
00,00,41,75,67,4d,02,00,00,00,01,00,00,00,74,00,32,00,b2,07,00,00,e8,38,89,\
81,20,00,4c,45,53,53,49,4d,7e,33,2e,4c,4e,4b,00,00,4a,00,03,00,04,00,ef,be,\
e8,38,89,81,f1,38,3d,7d,14,00,00,00,4c,00,65,00,73,00,20,00,53,00,69,00,6d,\
00,73,00,20,00,32,00,20,00,20,00,42,00,6f,00,69,00,74,00,40,00,4c,00,6f,00,\
6f,00,6b,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,\
00,00,00,1c,00,00,00,00,00,00,00,00,00,98,00,00,00,03,00,00,00,8a,00,00,00,\
41,75,67,4d,02,00,00,00,01,00,00,00,78,00,32,00,93,07,00,00,e8,38,89,81,20,\
00,4c,45,53,53,49,4d,7e,31,2e,4c,4e,4b,00,00,4e,00,03,00,04,00,ef,be,e8,38,\
89,81,f1,38,3d,7d,14,00,00,00,4c,00,65,00,73,00,20,00,53,00,69,00,6d,00,73,\
00,22,21,20,00,32,00,20,00,4b,00,69,00,74,00,20,00,47,00,6c,00,61,00,6d,00,\
6f,00,75,00,72,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,bc,00,00,00,04,00,00,00,ae,00,\
00,00,41,75,67,4d,02,00,00,00,01,00,00,00,9c,00,32,00,60,07,00,00,e8,38,89,\
81,20,00,4c,45,53,53,49,4d,7e,32,2e,4c,4e,4b,00,00,72,00,03,00,04,00,ef,be,\
e8,38,89,81,f1,38,3d,7d,14,00,00,00,4c,00,65,00,73,00,20,00,53,00,69,00,6d,\
00,73,00,22,21,20,00,32,00,20,00,4b,00,69,00,74,00,20,00,47,00,6c,00,61,00,\
6d,00,6f,00,75,00,72,00,20,00,2d,00,20,00,44,00,e9,00,73,00,69,00,6e,00,73,\
00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,2e,00,6c,00,6e,00,\
6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,\
00,00,00,7a,00,00,00,05,00,00,00,6c,00,00,00,41,75,67,4d,02,00,00,00,01,00,\
00,00,5a,00,32,00,d7,03,00,00,e8,38,89,81,20,00,4c,69,73,65,7a,4d,6f,69,2e,\
6c,6e,6b,00,00,30,00,03,00,04,00,ef,be,e8,38,89,81,f1,38,3d,7d,14,00,00,00,\
4c,00,69,00,73,00,65,00,7a,00,4d,00,6f,00,69,00,2e,00,6c,00,6e,00,6b,00,00,\
00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,\
a4,00,00,00,06,00,00,00,96,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,84,\
00,32,00,38,00,00,00,e8,38,89,81,20,00,4d,49,53,45,4a,4f,7e,31,2e,55,52,4c,\
00,00,5a,00,03,00,04,00,ef,be,e8,38,89,81,f1,38,3d,7d,14,00,00,00,4d,00,69,\
00,73,00,65,00,20,00,e0,00,20,00,6a,00,6f,00,75,00,72,00,20,00,28,00,73,00,\
69,00,74,00,65,00,20,00,65,00,6e,00,20,00,61,00,6e,00,67,00,6c,00,61,00,69,\
00,73,00,29,00,2e,00,75,00,72,00,6c,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,\
00,00,00,00,1c,00,00,00,00,00,00,00,00,00,ae,00,00,00,07,00,00,00,a0,00,00,\
00,41,75,67,4d,02,00,00,00,01,00,00,00,8e,00,32,00,28,05,00,00,e8,38,89,81,\
20,00,57,57,57,54,48,45,7e,31,2e,4c,4e,4b,00,00,64,00,03,00,04,00,ef,be,e8,\
38,89,81,f1,38,3d,7d,14,00,00,00,77,00,77,00,77,00,2e,00,74,00,68,00,65,00,\
73,00,69,00,6d,00,73,00,32,00,2e,00,63,00,6f,00,6d,00,20,00,28,00,73,00,69,\
00,74,00,65,00,20,00,65,00,6e,00,20,00,61,00,6e,00,67,00,6c,00,61,00,69,00,\
73,00,29,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,\
00,00,00,1c,00,00,00,00,00,00,00,00,00

[HKEY_USERS\S-1-5-21-2776753736-919526408-3057377715-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\EA GAMES\L*NULL*e*NULL*s*NULL* *NULL*S*NULL*i*NULL*m*NULL*s*NULL*"! *NULL*2*NULL* *NULL*A*NULL*u*NULL* *NULL*f*NULL*i*NULL*l*NULL* *NULL*d*NULL*e*NULL*s*NULL* *NULL*s*NULL*a*NULL*i*NULL*s*NULL*o*NULL*n*NULL*s*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,02,05,00,00,01,00,00,00,08,00,00,00,92,00,\
00,00,00,00,00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,\
00,59,05,00,00,e8,38,57,82,20,00,41,53,53,49,53,54,7e,31,2e,4c,4e,4b,00,00,\
48,00,03,00,04,00,ef,be,e8,38,57,82,17,39,10,69,14,00,00,00,41,00,73,00,73,\
00,69,00,73,00,74,00,61,00,6e,00,63,00,65,00,20,00,74,00,65,00,63,00,68,00,\
6e,00,69,00,71,00,75,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,\
00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,92,00,00,00,01,00,\
00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,00,50,04,00,\
00,e8,38,57,82,20,00,49,4e,53,43,52,49,7e,31,2e,4c,4e,4b,00,00,48,00,03,00,\
04,00,ef,be,e8,38,57,82,17,39,10,69,14,00,00,00,49,00,6e,00,73,00,63,00,72,\
00,69,00,70,00,74,00,69,00,6f,00,6e,00,20,00,65,00,6e,00,20,00,6c,00,69,00,\
67,00,6e,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,96,00,00,00,02,00,00,00,88,00,\
00,00,41,75,67,4d,02,00,00,00,01,00,00,00,76,00,32,00,f3,07,00,00,e8,38,57,\
82,20,00,4c,45,53,53,49,4d,7e,33,2e,4c,4e,4b,00,00,4c,00,03,00,04,00,ef,be,\
e8,38,57,82,17,39,10,69,14,00,00,00,4c,00,65,00,73,00,20,00,53,00,69,00,6d,\
00,73,00,22,21,20,00,32,00,20,00,20,00,42,00,6f,00,69,00,74,00,40,00,4c,00,\
6f,00,6f,00,6b,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,a6,00,00,00,03,00,00,00,98,00,\
00,00,41,75,67,4d,02,00,00,00,01,00,00,00,86,00,32,00,e0,07,00,00,e8,38,57,\
82,20,00,4c,45,53,53,49,4d,7e,31,2e,4c,4e,4b,00,00,5c,00,03,00,04,00,ef,be,\
e8,38,57,82,17,39,10,69,14,00,00,00,4c,00,65,00,73,00,a0,00,53,00,69,00,6d,\
00,73,00,22,21,a0,00,32,00,20,00,41,00,75,00,a0,00,66,00,69,00,6c,00,a0,00,\
64,00,65,00,73,00,a0,00,73,00,61,00,69,00,73,00,6f,00,6e,00,73,00,2e,00,6c,\
00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,\
00,00,00,00,00,00,ca,00,00,00,04,00,00,00,bc,00,00,00,41,75,67,4d,02,00,00,\
00,01,00,00,00,aa,00,32,00,ad,07,00,00,e8,38,57,82,20,00,4c,45,53,53,49,4d,\
7e,32,2e,4c,4e,4b,00,00,80,00,03,00,04,00,ef,be,e8,38,57,82,17,39,10,69,14,\
00,00,00,4c,00,65,00,73,00,a0,00,53,00,69,00,6d,00,73,00,22,21,a0,00,32,00,\
20,00,41,00,75,00,a0,00,66,00,69,00,6c,00,a0,00,64,00,65,00,73,00,a0,00,73,\
00,61,00,69,00,73,00,6f,00,6e,00,73,00,20,00,2d,00,20,00,44,00,e9,00,73,00,\
69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,6f,00,6e,00,2e,\
00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,\
00,00,00,00,00,00,00,00,7a,00,00,00,05,00,00,00,6c,00,00,00,41,75,67,4d,02,\
00,00,00,01,00,00,00,5a,00,32,00,fa,03,00,00,e8,38,57,82,20,00,4c,69,73,65,\
7a,4d,6f,69,2e,6c,6e,6b,00,00,30,00,03,00,04,00,ef,be,e8,38,57,82,17,39,10,\
69,14,00,00,00,4c,00,69,00,73,00,65,00,7a,00,4d,00,6f,00,69,00,2e,00,6c,00,\
6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,\
00,00,00,00,00,a4,00,00,00,06,00,00,00,96,00,00,00,41,75,67,4d,02,00,00,00,\
01,00,00,00,84,00,32,00,38,00,00,00,e8,38,57,82,20,00,4d,49,53,45,4a,4f,7e,\
31,2e,55,52,4c,00,00,5a,00,03,00,04,00,ef,be,e8,38,57,82,17,39,10,69,14,00,\
00,00,4d,00,69,00,73,00,65,00,20,00,e0,00,20,00,6a,00,6f,00,75,00,72,00,20,\
00,28,00,73,00,69,00,74,00,65,00,20,00,65,00,6e,00,20,00,61,00,6e,00,67,00,\
6c,00,61,00,69,00,73,00,29,00,2e,00,75,00,72,00,6c,00,00,00,1c,00,0e,00,00,\
00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,ae,00,00,00,07,00,\
00,00,a0,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,8e,00,32,00,36,05,00,\
00,e8,38,57,82,20,00,57,57,57,54,48,45,7e,31,2e,4c,4e,4b,00,00,64,00,03,00,\
04,00,ef,be,e8,38,57,82,17,39,10,69,14,00,00,00,77,00,77,00,77,00,2e,00,74,\
00,68,00,65,00,73,00,69,00,6d,00,73,00,32,00,2e,00,63,00,6f,00,6d,00,20,00,\
28,00,73,00,69,00,74,00,65,00,20,00,65,00,6e,00,20,00,61,00,6e,00,67,00,6c,\
00,61,00,69,00,73,00,29,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,\
0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00

[HKEY_USERS\S-1-5-21-2776753736-919526408-3057377715-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\N*NULL*e*NULL*e*NULL*d*NULL* *NULL*f*NULL*o*NULL*r*NULL* *NULL*S*NULL*p*NULL*e*NULL*e*NULL*d*NULL*"! *NULL*C*NULL*a*NULL*r*NULL*b*NULL*o*NULL*n*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,46,05,00,00,01,00,00,00,09,00,00,00,92,00,\
00,00,00,00,00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,\
00,f3,04,00,00,68,38,c4,98,20,00,41,53,53,49,53,54,7e,31,2e,4c,4e,4b,00,00,\
48,00,03,00,04,00,ef,be,68,38,c4,98,9b,39,82,8e,14,00,00,00,41,00,73,00,73,\
00,69,00,73,00,74,00,61,00,6e,00,63,00,65,00,20,00,74,00,65,00,63,00,68,00,\
6e,00,69,00,71,00,75,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,\
00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,92,00,00,00,01,00,\
00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,00,41,04,00,\
00,68,38,c4,98,20,00,49,4e,53,43,52,49,7e,31,2e,4c,4e,4b,00,00,48,00,03,00,\
04,00,ef,be,68,38,c4,98,9b,39,82,8e,14,00,00,00,49,00,6e,00,73,00,63,00,72,\
00,69,00,70,00,74,00,69,00,6f,00,6e,00,20,00,65,00,6e,00,20,00,6c,00,69,00,\
67,00,6e,00,65,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,7a,00,00,00,02,00,00,00,6c,00,\
00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5a,00,32,00,f5,03,00,00,68,38,c4,\
98,20,00,4c,69,73,65,7a,4d,6f,69,2e,6c,6e,6b,00,00,30,00,03,00,04,00,ef,be,\
68,38,c4,98,9b,39,82,8e,14,00,00,00,4c,00,69,00,73,00,65,00,7a,00,4d,00,6f,\
00,69,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,\
00,00,1c,00,00,00,00,00,00,00,00,00,96,00,00,00,03,00,00,00,88,00,00,00,41,\
75,67,4d,02,00,00,00,01,00,00,00,76,00,32,00,d3,03,00,00,68,38,c4,98,20,00,\
4d,49,43,52,4f,53,7e,31,2e,4c,4e,4b,00,00,4c,00,03,00,04,00,ef,be,68,38,c4,\
98,9b,39,82,8e,14,00,00,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,\
74,00,20,00,44,00,69,00,72,00,65,00,63,00,74,00,58,00,20,00,45,00,55,00,4c,\
00,41,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,\
00,00,1c,00,00,00,00,00,00,00,00,00,a4,00,00,00,04,00,00,00,96,00,00,00,41,\
75,67,4d,02,00,00,00,01,00,00,00,84,00,32,00,45,00,00,00,68,38,c4,98,20,00,\
4d,49,53,45,4a,4f,7e,31,2e,55,52,4c,00,00,5a,00,03,00,04,00,ef,be,68,38,c4,\
98,9b,39,82,8e,14,00,00,00,4d,00,69,00,73,00,65,00,20,00,e0,00,20,00,6a,00,\
6f,00,75,00,72,00,20,00,28,00,73,00,69,00,74,00,65,00,20,00,65,00,6e,00,20,\
00,61,00,6e,00,67,00,6c,00,61,00,69,00,73,00,29,00,2e,00,75,00,72,00,6c,00,\
00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,\
00,96,00,00,00,05,00,00,00,88,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,\
76,00,32,00,67,07,00,00,68,38,c4,98,20,00,4e,45,45,44,46,4f,7e,31,2e,4c,4e,\
4b,00,00,4c,00,03,00,04,00,ef,be,68,38,c4,98,9b,39,82,8e,14,00,00,00,4e,00,\
65,00,65,00,64,00,20,00,66,00,6f,00,72,00,20,00,53,00,70,00,65,00,65,00,64,\
00,22,21,20,00,43,00,61,00,72,00,62,00,6f,00,6e,00,2e,00,6c,00,6e,00,6b,00,\
00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,\
00,ba,00,00,00,06,00,00,00,ac,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,\
9a,00,32,00,8e,07,00,00,68,38,c4,98,20,00,4e,45,45,44,46,4f,7e,32,2e,4c,4e,\
4b,00,00,70,00,03,00,04,00,ef,be,68,38,c4,98,9b,39,82,8e,14,00,00,00,4e,00,\
65,00,65,00,64,00,20,00,66,00,6f,00,72,00,20,00,53,00,70,00,65,00,65,00,64,\
00,22,21,20,00,43,00,61,00,72,00,62,00,6f,00,6e,00,20,00,2d,00,20,00,44,00,\
e9,00,73,00,69,00,6e,00,73,00,74,00,61,00,6c,00,6c,00,61,00,74,00,69,00,6f,\
00,6e,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,\
00,00,1c,00,00,00,00,00,00,00,00,00,a8,00,00,00,07,00,00,00,9a,00,00,00,41,\
75,67,4d,02,00,00,00,01,00,00,00,88,00,32,00,3f,07,00,00,68,38,c4,98,20,00,\
4e,45,45,44,46,4f,7e,33,2e,4c,4e,4b,00,00,5e,00,03,00,04,00,ef,be,68,38,c4,\
98,9b,39,82,8e,14,00,00,00,4e,00,65,00,65,00,64,00,20,00,66,00,6f,00,72,00,\
20,00,53,00,70,00,65,00,65,00,64,00,22,21,20,00,43,00,61,00,72,00,62,00,6f,\
00,6e,00,20,00,53,00,61,00,66,00,65,00,6d,00,6f,00,64,00,65,00,2e,00,6c,00,\
6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,\
00,00,00,00,00,6a,00,00,00,08,00,00,00,5c,00,00,00,41,75,67,4d,02,00,00,00,\
01,00,00,00,4a,00,32,00,6a,04,00,00,68,38,c4,98,20,00,57,65,62,2e,6c,6e,6b,\
00,26,00,03,00,04,00,ef,be,68,38,c4,98,9b,39,82,8e,14,00,00,00,57,00,65,00,\
62,00,2e,00,6c,00,6e,00,6b,00,00,00,16,00,0e,00,00,00,0a,00,ef,be,00,00,00,\
00,16,00,00,00,00,00,00,00,00,00

[HKEY_USERS\S-1-5-21-2776753736-919526408-3057377715-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\S*NULL*i*NULL*m*NULL*C*NULL*i*NULL*t*NULL*y*NULL*"! *NULL*S*NULL*o*NULL*c*NULL*i*NULL*e*NULL*t*NULL*i*NULL*e*NULL*s*NULL*]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,c2,02,00,00,01,00,00,00,05,00,00,00,8c,00,\
00,00,00,00,00,00,7e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6c,00,32,\
00,45,00,00,00,51,38,9c,8b,20,00,43,48,45,43,4b,46,7e,31,2e,55,52,4c,00,00,\
42,00,03,00,04,00,ef,be,51,38,9c,8b,9b,39,82,8e,14,00,00,00,43,00,68,00,65,\
00,63,00,6b,00,20,00,66,00,6f,00,72,00,20,00,75,00,70,00,64,00,61,00,74,00,\
65,00,73,00,2e,00,75,00,72,00,6c,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,\
00,00,00,1c,00,00,00,00,00,00,00,00,00,98,00,00,00,01,00,00,00,8a,00,00,00,\
41,75,67,4d,02,00,00,00,01,00,00,00,78,00,32,00,84,00,00,00,51,38,9c,8b,20,\
00,45,4c,45,43,54,52,7e,31,2e,55,52,4c,00,00,4e,00,03,00,04,00,ef,be,51,38,\
9c,8b,9b,39,82,8e,14,00,00,00,45,00,6c,00,65,00,63,00,74,00,72,00,6f,00,6e,\
00,69,00,63,00,20,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,61,00,74,00,\
69,00,6f,00,6e,00,2e,00,75,00,72,00,6c,00,00,00,1c,00,0e,00,00,00,0a,00,ef,\
be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,78,00,00,00,02,00,00,00,6a,00,\
00,00,41,75,67,4d,02,00,00,00,01,00,00,00,58,00,32,00,80,03,00,00,ae,38,02,\
7b,20,00,52,45,41,44,4d,45,7e,31,2e,4c,4e,4b,00,00,2e,00,03,00,04,00,ef,be,\
51,38,9c,8b,9b,39,83,8e,14,00,00,00,52,00,65,00,61,00,64,00,20,00,4d,00,65,\
00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,\
1c,00,00,00,00,00,00,00,00,00,8e,00,00,00,03,00,00,00,80,00,00,00,41,75,67,\
4d,02,00,00,00,01,00,00,00,6e,00,32,00,80,07,00,00,ae,38,02,7b,20,00,53,49,\
4d,43,49,54,7e,31,2e,4c,4e,4b,00,00,44,00,03,00,04,00,ef,be,51,38,9c,8b,9b,\
39,83,8e,14,00,00,00,53,00,69,00,6d,00,43,00,69,00,74,00,79,00,22,21,20,00,\
53,00,6f,00,63,00,69,00,65,00,74,00,69,00,65,00,73,00,2e,00,6c,00,6e,00,6b,\
00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,\
00,00,8c,00,00,00,04,00,00,00,7e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,\
00,6c,00,32,00,5f,04,00,00,ae,38,02,7b,20,00,54,45,43,48,4e,49,7e,31,2e,4c,\
4e,4b,00,00,42,00,03,00,04,00,ef,be,51,38,9c,8b,9b,39,83,8e,14,00,00,00,54,\
00,65,00,63,00,68,00,6e,00,69,00,63,00,61,00,6c,00,20,00,53,00,75,00,70,00,\
70,00,6f,00,72,00,74,00,2e,00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,\
00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00

[HKEY_USERS\S-1-5-21-2776753736-919526408-3057377715-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\S*NULL*P*NULL*O*NULL*R*NULL*E*NULL*"!]
@Security="Inherited"
"Order"=hex:08,00,00,00,02,00,00,00,00,02,00,00,01,00,00,00,04,00,00,00,78,00,\
00,00,00,00,00,00,6a,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,58,00,32,\
00,46,08,00,00,3c,39,a3,9a,20,00,41,49,44,45,45,41,7e,31,2e,4c,4e,4b,00,00,\
2e,00,03,00,04,
0
Réponse 8 / 32
pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 2 502
1 janv. 2009 à 21:45
tu s fait ceux avant combofix?
0
Réponse 9 / 32
Fusiored Messages postés 145 Date d'inscription dimanche 30 décembre 2007 Statut Membre Dernière intervention 13 février 2020 45
1 janv. 2009 à 21:53
jé suivi à la lettre comme cété indiqué, pourquoi ? ya un problème ?
Je tien à dire aussi que mon antivirus s'est activé après le redémarrage. C'est peut-être pour ça que tu es étonnée du résultat ?
0
Réponse 10 / 32
pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 2 502
1 janv. 2009 à 22:21
reposte moi un rapport hijackthis. Merci.
0
Réponse 11 / 32
Fusiored Messages postés 145 Date d'inscription dimanche 30 décembre 2007 Statut Membre Dernière intervention 13 février 2020 45
1 janv. 2009 à 22:28
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:27:55, on 01/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\DjyDjy560\Mes documents\Mes vidéos\Téléchargements RealPlayer\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{304BF9BC-8D7C-447D-A871-482713E731EC}: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs: ,wbsys.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: Service McAfee Framework (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee User Manager (mcusrmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe (file missing)
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
0
Réponse 12 / 32
pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 2 502
1 janv. 2009 à 23:15
si hijackthis est encore ouvert, tu sélectionne les lignes ci dessous, puis :

Tu cliques en bas sur le bouton FIX CHECKED et valides .



2- Redémarres l'ordi .
( important pour que certaines modifs faites avec hijakthis soient prises en compte )

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

0
Réponse 13 / 32
Fusiored Messages postés 145 Date d'inscription dimanche 30 décembre 2007 Statut Membre Dernière intervention 13 février 2020 45
1 janv. 2009 à 23:24
ok c'est fait et après ?
0
Réponse 14 / 32
pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 2 502
1 janv. 2009 à 23:31
normalement c'est bon. tu ne devrait plus avoir de problème.


Fait quand même cette dernière chose.

Telecharge malwarebytes

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log


Tutoriaux
0
Réponse 15 / 32
Fusiored Messages postés 145 Date d'inscription dimanche 30 décembre 2007 Statut Membre Dernière intervention 13 février 2020 45
1 janv. 2009 à 23:38
ok ça marche. Évidemment, ça risque d'être long donc je te poste ça demain. Je te remercie.
0
Réponse 16 / 32
Fusiored Messages postés 145 Date d'inscription dimanche 30 décembre 2007 Statut Membre Dernière intervention 13 février 2020 45
2 janv. 2009 à 10:16
Bonjour ! Voici le rapport
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1590
Windows 5.1.2600 Service Pack 3

02/01/2009 10:13:44
mbam-log-2009-01-02 (10-13-44).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 428841
Temps écoulé: 3 hour(s), 17 minute(s), 15 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fa16fe06-b462-470e-9653-79c54b1871ff} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ed203331-9c33-49d8-8714-d24a366a04ec} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\WINDOWS\system32\msqpdxtxubatom.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5E6EF39B-7396-4AF0-A380-E64622072272}\RP0\A0000002.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5E6EF39B-7396-4AF0-A380-E64622072272}\RP0\A0000030.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jhnnhedbih.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
0
Réponse 17 / 32
pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 2 502
2 janv. 2009 à 12:08
reposte un dernier hijackthis.
0
Réponse 18 / 32
Fusiored Messages postés 145 Date d'inscription dimanche 30 décembre 2007 Statut Membre Dernière intervention 13 février 2020 45
2 janv. 2009 à 13:48
Voilà

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:34:03, on 02/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Documents and Settings\DjyDjy560\Mes documents\Mes vidéos\Téléchargements RealPlayer\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKUS\S-1-5-21-2776753736-919526408-3057377715-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Eric')
O4 - HKUS\S-1-5-21-2776753736-919526408-3057377715-1006\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO (User 'Eric')
O4 - HKUS\S-1-5-21-2776753736-919526408-3057377715-1006\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP (User 'Eric')
O4 - HKUS\S-1-5-21-2776753736-919526408-3057377715-1006\..\Run: [mmikmou] "c:\documents and settings\eric\local settings\application data\mmikmou.exe" mmikmou (User 'Eric')
O4 - HKUS\S-1-5-21-2776753736-919526408-3057377715-1007\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Sonia')
O4 - S-1-5-21-2776753736-919526408-3057377715-1006 Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Eric')
O4 - S-1-5-21-2776753736-919526408-3057377715-1006 User Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Eric')
O4 - S-1-5-21-2776753736-919526408-3057377715-1007 Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Sonia')
O4 - S-1-5-21-2776753736-919526408-3057377715-1007 User Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Sonia')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{304BF9BC-8D7C-447D-A871-482713E731EC}: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs: ,wbsys.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: Service McAfee Framework (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee User Manager (mcusrmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe (file missing)
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
0
Réponse 19 / 32
Fusiored Messages postés 145 Date d'inscription dimanche 30 décembre 2007 Statut Membre Dernière intervention 13 février 2020 45
2 janv. 2009 à 15:52
Alors c'est ok ? Y a plus rien ?
0
Réponse 20 / 32
pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 2 502
2 janv. 2009 à 18:06
non y a ça qui est revenur, tu connais?

O4 - HKUS\S-1-5-21-2776753736-919526408-3057377715-1006\..\Run: [mmikmou] "c:\documents and settings\eric\local settings\application data\mmikmou.exe" mmikmou (User 'Eric')

0

Discussions similaires

Google Chrome "  Échec de l'analyse antivirus "
jmpower -
Coco71 -

15 réponses
Acces à snapchat temporairement désactivé
Anto_1234 -
M2 -

87 réponses