Sujet Précédent Sujet Suivant

SOS!!! virus anykuy.com ds mon ordi...

mfouilla Messages postés 61 Statut Membre -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,
je suis depuis une semaine infecté par ce virus, anykuy.com
toutes les 2 minutes une fenêtre internet s'ouvre en me disant que je suis infecté (une grosse croix rouge pour faire bien peur..) et que je dois soit analyse mon pc soit annuler.
Bref cela reviens tout le temps et au bout d'un quart d'heure environ mon pc se bloque et je ne peut plus rien faire du tout, ca devient plus que pénible la!
j'ai Ccleaner, Bit defender 2009 (il ne me dit que je n'ai aucun virus...), je ne sais absolument plus quoi faire :,(

Ce serait vraiment très très sympa si quelqu'un pouvait me donner quelques conseils car là je ne sais vraiment plus quoi faire.

merci d'avance à tous ^^
A voir également:

92 réponses

Précédent
Réponse 21 / 92
mfouilla Messages postés 61 Statut Membre 2
 
le nom exact du virus trojan est trjoan.generic1444578
0
Réponse 22 / 92
mfouilla Messages postés 61 Statut Membre 2
 
voici le rapport de combofix:

ComboFix 09-02-21.01 - killATfornia 2009-02-24 17:22:08.1 - NTFSx86
LancÚ depuis: c:\documents and settings\killATfornia\Bureau\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
AV: Kaspersky Anti-Virus Personal *On-access scanning disabled* (Outdated)
* Un nouveau point de restauration a ÚtÚ crÚÚ
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\documents and settings\All Users\Application Data\WinAntiVirus Pro 2006
c:\documents and settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer
c:\documents and settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Conditions générales.url
c:\documents and settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Confidentialité.url
c:\documents and settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Désinstaller.lnk
c:\documents and settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Website.url
c:\documents and settings\killATfornia\Application Data\inst.exe
c:\documents and settings\killATfornia\Application Data\Seekmo
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\1.sdf
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\2883915.sdf
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\3251993.sdf
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\3388922.sdf
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\3404705.sdf
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\3756263.sdf
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\3893245.sdf
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\442905.sdf
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\593887.sdf
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\domains.txt
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000025650
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000027927
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000032977
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000037208
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000037257
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000052839
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\1000063737
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\10807
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\17040
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\233027
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\243256
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\27414
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\279517
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\304155
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\3321
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\34123
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\35047
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\378860
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\427075
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\52335
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\58804
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64364
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64451
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\64517
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\66836
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\67220
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\738022
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\746718
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753300
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753335
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753374
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753377
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753437
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753438
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\753446
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\79972
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\81830
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\83282
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\90009
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\93116
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\93845
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\TooltipXML\98677
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\dynamic\ustat\37c7.dat
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\btntrans.idx
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\btntrans1.dat
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\buttondir.txt
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\components.cdf
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\cursors.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_1000.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_2000.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_3000.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_bar.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_bbar1.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_logos.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_buttons_other.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\d_icons_weather.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\default.cdf
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_511745-514279.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_categorize.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_comparison.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_explorer-Mails.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_explorer-people.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_favorites.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Games.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Hide.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_hotbarcom.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Hotmail.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_hsskin.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_Mails.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_new.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_premium.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_searchfor.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_searchgo.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_weather.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\Default_yellowpages.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\email-def-511724-548964.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\email-def-511724-9595.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\email-t1-bg.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\icons2.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\ie_games_icon.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\ie_video.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords.idx
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\keywords1.dat
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\layout.cdf
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\linkpathlegal.txt
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\progress.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\s_icons_buttons.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\sales_buttons.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\seekmo.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\seekmo_ie_menu.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\t2_bg.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\theweb.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\top7.cdf
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\Top7_theweb.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\1\tsd_bg.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\btntrans.idx
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\btntrans1.dat
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\buttondir.txt
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\components.cdf
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\cursors.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_1000.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_2000.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_3000.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_bar.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_bbar1.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_logos.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_buttons_other.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\d_icons_weather.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\default.cdf
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_511745-514279.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_categorize.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_comparison.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_explorer-Mails.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_explorer-people.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_favorites.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Games.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Hide.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_hotbarcom.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Hotmail.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_hsskin.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_Mails.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_new.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_premium.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_searchfor.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_searchgo.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_weather.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\Default_yellowpages.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\email-def-511724-548964.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\email-def-511724-9595.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\email-t1-bg.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\icons2.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\ie_games_icon.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\ie_video.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\keywords.idx
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\keywords1.dat
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\layout.cdf
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\linkpathlegal.txt
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\progress.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\s_icons_buttons.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\sales_buttons.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\seekmo.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\seekmo_ie_menu.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\t2_bg.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\theweb.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\top7.cdf
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\Top7_theweb.mnu
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\2\tsd_bg.res
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans.xip
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\BtnTrans1.xip
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\buttondir.xip
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\cursors.xip
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_1000.xip
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_2000.xip
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_3000.xip
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bar.xip
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_bbar1.xip
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_logos.xip
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_buttons_other.xip
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\d_icons_weather.xip
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\default.xip
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\email-t1-bg.xip
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\icons2.xip
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_games_icon.xip
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\ie_video.xip
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords.xip
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\keywords1.xip
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\layout.xip
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\linkpathlegal.xip
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\progress.xip
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\s_icons_buttons.xip
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\sales_buttons.xip
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.txt
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\samplegroups2.xip
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo.xip
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\seekmo_ie_menu.xip
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\t2_bg.xip
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\top7.xip
c:\documents and settings\killATfornia\Application Data\Seekmo\v3.0\Seekmo\static\DownLoad\tsd_bg.xip
c:\documents and settings\killATfornia\Application Data\ShoppingReport
c:\documents and settings\killATfornia\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\killATfornia\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\killATfornia\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\killATfornia\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\killATfornia\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\killATfornia\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\killATfornia\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\documents and settings\killATfornia\Application Data\WinAntiVirus Pro 2006
c:\documents and settings\killATfornia\Application Data\WinAntiVirus Pro 2006\PGE.dat
c:\program files\seekmo
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Uninst.exe
c:\program files\winantivirus pro 2006
c:\program files\winantivirus pro 2006\avkernel.dll
c:\program files\winantivirus pro 2006\bdcore.dll
c:\program files\winantivirus pro 2006\libfn.dll
c:\program files\winantivirus pro 2006\sqlite3.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\av.cpl
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\init32.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\stera.log
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

[color=blue]Une copie infectÚe de c:\windows\system32\userinit.exe a ÚtÚ trouvÚe et dÚsinfectÚe
opie restaurÚe Ó partir de - c:\qoobox\Quarantine\C\WINDOWS\system32\userinit.exe.vir/COLOR

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_FOPN
-------\Legacy_FWSVC
-------\Legacy_VSPF
-------\Legacy_VSPF_HK
-------\Service_Boonty Games
-------\Service_FOPN
-------\Service_FWSvc
-------\Service_vspf
-------\Service_vspf_hk

((((((((((((((((((((((((((((( Fichiers créés du 2009-01-24 au 2009-02-24 ))))))))))))))))))))))))))))))))))))
.

2009-02-24 13:02 . 2009-02-24 13:02 <REP> d-------- c:\documents and settings\killATfornia\Application Data\Malwarebytes
2009-02-24 13:01 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-24 13:00 . 2009-02-24 13:01 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-24 13:00 . 2009-02-24 13:00 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-24 13:00 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-23 21:39 . 2009-02-23 23:15 <REP> d-------- c:\program files\Navilog1
2009-02-23 18:53 . 2009-02-23 18:53 <REP> d-------- C:\rsit
2009-02-19 09:38 . 2009-02-19 09:38 850 --a------ c:\windows\system32\ProductTweaks.xml
2009-02-18 18:47 . 2009-02-24 16:18 486 --a------ c:\windows\system32\BDUpdateV1.xml
2009-02-18 18:34 . 2009-02-18 18:34 385 --a------ c:\windows\system32\user_gensett.xml
2009-02-18 18:30 . 2009-02-18 18:30 <REP> d-------- c:\documents and settings\killATfornia\Application Data\BitDefender
2009-02-18 18:28 . 2009-02-18 18:28 <REP> d-------- c:\program files\BitDefender
2009-02-18 18:28 . 2009-02-18 18:33 <REP> d-------- c:\documents and settings\All Users\Application Data\BitDefender
2009-02-18 18:26 . 2009-02-18 18:29 <REP> d-------- c:\program files\Fichiers communs\BitDefender
2009-02-17 16:30 . 2009-02-17 16:30 0 --a------ c:\windows\iPlayer.INI
2009-02-01 18:42 . 2001-08-17 22:02 8,576 --a------ c:\windows\system32\drivers\hidgame.sys
2009-02-01 18:42 . 2001-08-17 22:02 8,576 --a--c--- c:\windows\system32\dllcache\hidgame.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 16:27 81,984 -c--a-w c:\windows\system32\bdod.bin
2009-02-23 17:56 --------- d-----w c:\program files\Trend Micro
2009-02-17 15:48 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-17 15:48 --------- d-----w c:\program files\Common Files
2009-02-17 15:39 --------- d-----w c:\program files\Vimicro
2009-02-17 15:36 --------- d-----w c:\program files\InterActual
2009-02-17 15:24 --------- d-----w c:\program files\Free Easy Burner
2009-01-19 21:29 --------- d-----w c:\program files\Java
2009-01-19 21:07 --------- d-----w c:\program files\Fichiers communs\Ahead
2009-01-01 15:55 --------- d-----w c:\documents and settings\All Users\Application Data\TomTom
2009-01-01 15:54 --------- d-----w c:\program files\TomTom HOME 2
2009-01-01 15:54 --------- d-----w c:\documents and settings\killATfornia\Application Data\TomTom
2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-07 11:18 410,976 ----a-w c:\windows\system32\deploytk.dll
2007-09-30 10:37 47,360 -c--a-w c:\documents and settings\killATfornia\Application Data\pcouffin.sys
2008-12-16 16:52 61,440 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
2005-04-12 07:58 150,966 -csha-w c:\windows\Resources\Themes\DameK UltraBlue\irunin.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-15 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2007-05-10 598920]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"K!IR.exe"="c:\program files\K!TV\K!IR.exe" [2004-09-29 110592]
"ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codecbaladeurmp3\StormSet.exe" [2005-03-24 94770]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-12-01 36864]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"au"="c:\program files\Dealio\DealioAU.exe" [2008-05-26 595296]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-01-09 741376]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2008-10-17 69632]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\Logiciel Bluetooth\BTTray.exe [2003-12-01 499779]
Supervision de Photo Loader.lnk - c:\program files\CASIO\Photo Loader\Plauto.exe [2005-12-26 217088]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"vidc.vp31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/u?????

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Ringz Studio\\Storm Codecbaladeurmp3\\mplayerc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
R3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
R3 TTDVBLCD;TechnoTrend DVB PCI budget Driver;c:\windows\system32\DRIVERS\ttdvblcd.sys [2004-03-23 66640]
S1 Klmc;Klmc;c:\windows\system32\drivers\klmc.sys [2004-06-17 9939]
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [2003-11-14 197908]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [2003-11-14 10405]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\WF88TUNE.sys [2003-11-14 34422]
S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - Apple Mobile Device
*Deregistered* - Arp1394
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - bdfm
*Deregistered* - bdfsfltr
*Deregistered* - bdftdif
*Deregistered* - BDSelfPr
*Deregistered* - Beep
*Deregistered* - Browser
*Deregistered* - BthServ
*Deregistered* - BTKRNL
*Deregistered* - BTSERIAL
*Deregistered* - BTSLBCSP
*Deregistered* - btwdins
*Deregistered* - C-DillaCdaC11BA
*Deregistered* - CdaC15BA
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ElbyCDIO
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HTTP
*Deregistered* - HTTPFilter
*Deregistered* - ImapiService
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - kavsvc
*Deregistered* - Klif
*Deregistered* - Klmc
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LexBceS
*Deregistered* - LightScribeService
*Deregistered* - LIVESRV
*Deregistered* - LmHosts
*Deregistered* - MDM
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - ScFBPNT2
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - serenum
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - UserAccess
*Deregistered* - VgaSave
*Deregistered* - viaagp
*Deregistered* - VolSnap
*Deregistered* - VSSERV
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WmiApSrv
*Deregistered* - WpdUsb
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contenu du dossier 'Tâches planifiées'

2008-12-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-Workflow - k:\install\workflow.exe
HKLM-Run-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe

.
------- Examen supplémentaire -------
.
IE: Compare Prices with &Dealio - c:\documents and settings\killATfornia\Application Data\Dealio\kb127\res\DealioSearch.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Envoyer à &Bluetooth - c:\program files\Logiciel Bluetooth\btsendto_ie_ctx.htm
IE: {{DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\killATfornia\Application Data\Mozilla\Firefox\Profiles\csvr51lv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\progra~1\MOZILL~1\plugins\np_gp.dll
FF - plugin: c:\program files\baladeurmp3\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\baladeurmp3\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Ringz Studio\Storm Codecbaladeurmp3\Plugins\nppl3260.dll
FF - plugin: c:\program files\Ringz Studio\Storm Codecbaladeurmp3\Plugins\npqtplugin.dll
FF - plugin: c:\program files\Ringz Studio\Storm Codecbaladeurmp3\Plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-24 18:03:12
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1078081533-1592454029-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3810E414-B7E2-1D36-928D-5E06B67FA30C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iadglcklefelaomfeg"=hex:6b,61,67,70,6e,66,67,70,63,61,6d,70,66,62,61,66,64,63,
6a,68,6f,6b,00,00
"hajnoajfmacokgai"=hex:6b,61,67,70,6e,66,67,70,63,61,6d,70,66,62,61,66,64,63,
6a,68,6f,6b,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"C040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2009\vsserv.exe
c:\windows\system32\LexBceS.exe
c:\windows\system32\Lexpps.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Logiciel Bluetooth\bin\btwdins.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\UAService.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Heure de fin: 2009-02-24 18:14:55 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-02-24 17:14:43

Avant-CF: 10 697 916 416 octets libres
Après-CF: 10,613,043,200 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

553 --- E O F --- 2009-02-15 14:33:43
0
Réponse 23 / 92
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Menu Démarrer > Exécuter > Tape combofix /u et valide.

● Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

/!\ Déconnecte-toi et ferme toutes applications en cours /!\

● Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
● Double-clique sur le raccourci d'Ad-remover située sur ton Bureau.
● Au menu principal, choisis l'option "A".
● Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Note :

"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, firewall...) d'où l'alerte émise par ces antivirus.
0
Réponse 24 / 92
mfouilla Messages postés 61 Statut Membre 2
 
voici le rapport :

------- LOGFILE OF AD-REMOVER 1.1.1.4 | ONLY XP/VISTA -------

Updated by C_XX on 22/02/2009 at 21:00

Start at: 18:54:22 | Mar 24/02/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 3 (version 5.1.2600)
Computer Name: UNICORNI-D990D2
Current User: killATfornia - Administrator
Drive(s):
- C:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 44

+-----------------| Boonty/Boonty Games Elements Found:

.
HKLM\Software\Boonty
.
C:\Program Files\Boonty
C:\Program Files\Boonty\Components
C:\Program Files\BoontyGames
C:\Program Files\BoontyGames\Components
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\BOONTY Shared\Service
C:\Documents and Settings\All Users\Application Data\BOONTY
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses

+-----------------| Eorezo Elements Found:

HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\EoRezo
HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\Documents and Settings\killATfornia\Application Data\EoRezo
C:\Documents and Settings\killATfornia\Application Data\EoRezo\db
C:\Documents and Settings\killATfornia\Application Data\EoRezo\eoDesktop
C:\Documents and Settings\killATfornia\Application Data\EoRezo\eoStats
C:\Documents and Settings\killATfornia\Application Data\EoRezo\EoWeather
C:\Documents and Settings\killATfornia\Application Data\EoRezo\EoWeather\images
C:\Documents and Settings\killATfornia\Application Data\EoRezo\EoWeather\images_classic
C:\Documents and Settings\killATfornia\Application Data\EoRezo\EoWeather\images_station_meteo

+-----------------| Infected Poker Softwares Elements Found:

.

+-----------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Found:

.
.

+-----------------| It's TV Elements Found:

.

+-----------------| Sweetim Elements Found:

.

+-----------------| Other Adwares Found:

.
.

+-----------------| Added Scan:

---- Mozilla FireFox Version 3.0.5 ----

ProfilePath: csvr51lv.default
.
Prefs.js: Browser.Search.DefaultEngineName: "Google"
Prefs.js: Browser.Search.SelectedEngine: "Google"
Prefs.js: Browser.Search.DefaultUrl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
.
.
.
.
.

---- Internet Explorer Version 7.0.5730.13 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_USERS\S-1-5-21-1078081533-1592454029-725345543-1003\..\Internet Explorer\Main]

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

[~4045 Bytes] - "C:\Ad-Report-Scan-24.02.2009.log"
-

End at: 19:05:17 | 24/02/2009
.
+-----------------| E.O.F - 84 Lines
.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 92
mfouilla Messages postés 61 Statut Membre 2
 
je n'ai plus le virus anykuy qui apparaît désormais (plus de croix rouge pour me faire peur!)

par contre mon ordinateur rame 2 fois plus qu'avant (temps très long au démarage) et se bloque toujours au bout d'1/h - 20min...
0
Réponse 26 / 92
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
/!\ Déconnecte-toi et ferme toutes applications en cours /!\

● Double-clique sur AD-Remover pour le lancer : au menu principal, choisis l'option B.

● Coche "A" à l'écran de sélection :
http://sd-1.archive-host.com/membres/up/16506160323759868/Capturer-ADR.JPG

● Puis choisis S, le programme va travailler.

● Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report.log)

/!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide /!\
0
Réponse 27 / 92
mfouilla Messages postés 61 Statut Membre 2
 
VOILA LE RAPPORT : (encore merci pour cette aide si precieuse ^^ )

------- LOGFILE OF AD-REMOVER 1.1.1.4 | ONLY XP/VISTA -------

Updated by C_XX on 22/02/2009 at 21:00

*** LIMITED TO ***

Boonty/BoontyGames
Eorezo
Infected Poker Softwares
FunWebProduct/MyWay/MyWebSearch
It's TV
Sweetim
Other Adwares

******************

Start at: 19:06:14 | Jeu 26/02/2009 | Boot mode: Normal Boot
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 3 (version 5.1.2600)
Computer Name: UNICORNI-D990D2
Current User: killATfornia - Administrator
Drive(s):
- C:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 45

(!) ---- IE start pages/Tabs reset

+--------------------| Boonty/Boonty Games Elements Deleted :

.
HKLM\Software\Boonty
.
C:\Program Files\Boonty
C:\Program Files\BoontyGames
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Documents and Settings\All Users\Application Data\BOONTY

+-----------------| Eorezo Elements Deleted :

HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\EoRezo
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\Documents and Settings\killATfornia\Application Data\EoRezo

+-----------------| Infected Poker Softwares Elements Deleted :

.

+-----------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

.
.

+-----------------| It's TV Elements Deleted :

.

+-----------------| Sweetim Elements Deleted :

.

+-----------------| Other Adwares Deleted:

.
.

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.

+-----------------| Added Scan :

---- Mozilla FireFox Version 3.0.5 ----

ProfilePath: csvr51lv.default
.
Prefs.js: Browser.Search.DefaultEngineName: "Google"
Prefs.js: Browser.Search.SelectedEngine: "Google"
Prefs.js: Browser.Search.DefaultUrl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
.
.
.
.
.

---- Internet Explorer Version 7.0.5730.13 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_USERS\S-1-5-21-1078081533-1592454029-725345543-1003\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://fr.msn.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

[~3761 Bytes] - "C:\Ad-Report-Clean-26.02.2009.log"
[~4177 Bytes] - "C:\Ad-Report-Scan-24.02.2009.log"
-
C:\Program Files\Ad-remover\TOOLS\BACKUP\26.02.2009 - Prefs.js

End at: 19:17:06 | 26/02/2009
.
+-----------------| E.O.F - 88 Lines
.
0
Réponse 28 / 92
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Désinstalle AD-Remover.

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
0
Réponse 29 / 92
mfouilla Messages postés 61 Statut Membre 2
 
Cela ne fonctionne pas
voila ce qui est écrit quand je lance le progamme :

line-1:
error: Subscript used with non-array variable
0
Réponse 30 / 92
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
--> Télécharge OTViewIt sur ton Bureau.
--> Ferme toutes les fenêtres et applications.
--> Double-clique sur l'icône d'OTviewIT pour le lancer.
--> Clique sur le bouton Run Scan et laisse le programme travailler sans l'interrompre.
--> Il va produire deux rapports, l'un nommé OTViewIt.txt, et un autre nommé Extras qui sera sauvegardé sur ton Bureau. Merci de me poster les deux rapports dans ta prochaine réponse.
0
Réponse 31 / 92
mfouilla Messages postés 61 Statut Membre 2
 
voici le rapport d'otview it

OTViewIt logfile created on: 26/02/2009 20:31:33 - Run 4
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\killATfornia\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

255,48 Mb Total Physical Memory | 117,15 Mb Available Physical Memory | 45,85% Memory free
615,89 Mb Paging File | 306,81 Mb Available in Paging File | 49,82% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27,95 Gb Total Space | 12,18 Gb Free Space | 43,59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UNICORNI-D990D2
Current User Name: killATfornia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

[color=orange]========== Processes ==========[/color]

[2008/12/15 15:27:12 | 00,425,984 | ---- | M] (BitDefender SRL) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
[2008/12/17 15:51:26 | 01,581,056 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
[2000/12/01 17:27:36 | 00,287,744 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LexBceS.exe
[2000/12/01 17:24:52 | 00,169,984 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\Lexpps.exe
[2002/08/20 09:29:26 | 00,040,960 | ---- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe
[2008/04/14 03:34:20 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/03/28 22:37:20 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
[2008/12/07 12:18:04 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2009/01/09 12:51:44 | 00,741,376 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
[2007/07/15 10:55:54 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2003/08/14 12:19:00 | 00,135,168 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\Logiciel Bluetooth\bin\btwdins.exe
[2008/12/09 11:12:30 | 00,234,856 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\HOMERunner.exe
[2006/01/30 16:31:03 | 00,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
[2008/12/07 12:18:04 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2003/12/01 14:28:00 | 00,499,779 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\Logiciel Bluetooth\BTTray.exe
[2004/12/02 10:40:48 | 00,217,088 | ---- | M] (CASIO COMPUTER CO.,LTD.) -- C:\Program Files\CASIO\Photo Loader\Plauto.exe
[2005/06/20 23:10:30 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
[2008/10/30 17:34:24 | 00,413,696 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
[2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
[2005/07/08 14:37:46 | 00,126,976 | ---- | M] () -- C:\WINDOWS\system32\UAService.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2009/02/23 20:49:55 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\killATfornia\Bureau\otviewit.exe
[2008/04/14 03:34:15 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2008/04/14 03:34:15 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe

[color=orange]========== (O23) Win32 Services ==========[/color]

[2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2008/07/17 12:06:56 | 00,118,784 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3 [On_Demand | Stopped])
[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2003/08/14 12:19:00 | 00,135,168 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\Logiciel Bluetooth\bin\btwdins.exe -- (btwdins [Auto | Running])
[2006/01/30 16:31:03 | 00,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA [Auto | Running])
[2008/08/29 09:01:22 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper [On_Demand | Stopped])
[2007/01/26 10:51:39 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
File not found -- -- (iPod Service [On_Demand | Stopped])
[2008/12/07 12:18:04 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2004/06/17 17:37:13 | 00,548,970 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe -- (kavsvc [Auto | Running])
[2000/12/01 17:27:36 | 00,287,744 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LexBceS.exe -- (LexBceS [Auto | Running])
[2005/06/20 23:10:30 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2008/12/15 15:27:12 | 00,425,984 | ---- | M] (BitDefender SRL) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV [Auto | Running])
[2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2003/07/28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2002/12/24 10:01:22 | 00,065,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
[2005/07/08 14:37:46 | 00,126,976 | ---- | M] () -- C:\WINDOWS\system32\UAService.exe -- (UserAccess [Auto | Running])
[2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2008/12/17 15:51:26 | 01,581,056 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV [Auto | Running])
[2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/11/03 09:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

[color=orange]========== Driver Services ==========[/color]

[2008/04/14 02:54:29 | 00,041,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7 [System | Running])
[2002/08/22 22:29:00 | 00,023,936 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.BAK -- (ASPI32 [Auto | Stopped])
[2004/08/04 01:38:44 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2008/09/18 11:09:12 | 00,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm [On_Demand | Running])
[2008/12/10 19:42:46 | 00,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr [On_Demand | Running])
[2008/11/17 16:45:42 | 00,136,200 | ---- | M] (BitDefender LLC) -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif [System | Running])
[2008/02/26 16:12:40 | 00,008,448 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr [On_Demand | Running])
[2008/04/13 19:46:33 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthenum.sys -- (BthEnum [On_Demand | Stopped])
[2008/04/13 19:46:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthmodem.sys -- (BTHMODEM [On_Demand | Stopped])
[2008/04/13 19:51:34 | 00,101,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys -- (BthPan [On_Demand | Stopped])
[2008/06/14 18:33:37 | 00,272,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
[2008/04/13 19:46:29 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthusb.sys -- (BTHUSB [On_Demand | Stopped])
[2003/08/14 11:33:00 | 01,257,418 | ---- | M] (WIDCOMM, Inc.) -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL [Boot | Running])
[2003/08/14 11:37:00 | 00,022,183 | ---- | M] () -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL [Auto | Running])
[2003/08/14 11:36:00 | 00,222,876 | ---- | M] (WIDCOMM, Inc.) -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP [Auto | Running])
[2006/01/30 16:30:53 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS -- (CdaC15BA [Auto | Running])
[2005/04/21 12:40:36 | 00,010,624 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO [Auto | Running])
[2005/04/12 09:41:20 | 00,004,608 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay [On_Demand | Running])
[2001/08/17 21:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Running])
[2008/04/13 19:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum [On_Demand | Running])
[2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2001/08/17 22:02:32 | 00,008,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame [On_Demand | Stopped])
[2004/06/17 17:40:14 | 00,135,952 | ---- | M] (Kaspersky Labs) -- C:\WINDOWS\system32\drivers\klif.sys -- (Klif [System | Running])
[2004/06/17 17:40:17 | 00,009,939 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klmc.sys -- (Klmc [System | Running])
[2004/03/15 03:03:18 | 00,104,448 | R--- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\M2500.sys -- (M2500 [On_Demand | Stopped])
[2004/11/22 16:36:34 | 00,019,345 | ---- | M] (Motive, Inc.) -- c:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5 [On_Demand | Stopped])
[2004/11/22 16:36:40 | 00,018,003 | ---- | M] (Motive, Inc.) -- c:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5 [On_Demand | Stopped])
[2003/10/22 17:54:18 | 00,017,162 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\Pcandis5.sys -- (PCANDIS5 [On_Demand | Stopped])
[2007/09/29 16:36:43 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])
[2008/09/02 13:32:06 | 00,013,056 | ---- | M] () -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos [On_Demand | Stopped])
[2001/08/24 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2008/04/13 19:46:32 | 00,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])
[1999/05/21 00:00:00 | 00,015,488 | ---- | M] () -- C:\WINDOWS\system32\drivers\ScFBPNT2.sys -- (ScFBPNT2 [Auto | Running])
[2007/11/13 11:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2001/08/17 20:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
[2007/07/10 07:00:42 | 00,036,736 | ---- | M] () -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos [On_Demand | Stopped])
[2004/03/23 13:34:28 | 00,066,640 | R--- | M] (TechnoTrend AG) -- C:\WINDOWS\system32\drivers\ttdvblcd.sys -- (TTDVBLCD [On_Demand | Stopped])
[2002/07/24 03:30:00 | 00,032,128 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1 [Boot | Running])
[2003/09/01 10:52:08 | 00,104,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])
[2003/11/14 05:30:00 | 00,197,908 | R--- | M] (Copyright @2000-2006 Leadtek Research Inc.) -- C:\WINDOWS\system32\drivers\wf88vcap.sys -- (WF23880 [Auto | Running])
[2003/11/14 05:30:00 | 00,010,405 | R--- | M] (Copyright @2000-2006 Leadtek Research Inc.) -- C:\WINDOWS\system32\drivers\WF88XBAR.sys -- (WF88XBAR [Auto | Running])
[2003/11/14 05:30:00 | 00,034,422 | R--- | M] (Copyright @2000-2006 Leadtek Research Inc.) -- C:\WINDOWS\system32\drivers\wf88tune.sys -- (WFTUNE [Auto | Running])

[color=orange]========== (R ) Internet Explorer ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=https://www.msn.com/fr-fr

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[color=orange]========== (O1) Hosts File ==========[/color]

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

[color=orange]========== (O2) BHO's ==========[/color]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{6A87B991-A31F-4130-AE72-6D0C294BF082} (HKLM) -- C:\Program Files\Dealio\kb127\Dealio.dll (Vendio Services, Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

[color=orange]========== (O3) Toolbars ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{381FFDE8-2394-4f90-B10D-FC6124A40F8C}" (HKLM) -- C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}" (HKLM) -- C:\Program Files\Dealio\kb127\Dealio.dll (Vendio Services, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}" (HKLM) -- C:\Program Files\Dealio\kb127\Dealio.dll (Vendio Services, Inc.)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[color=orange]========== (O4) Run Keys ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"au"=C:\Program Files\Dealio\DealioAU.exe (Vendio Services, Inc.)
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" (BitDefender S.R.L.)
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" (BitDefender)
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
"ezShieldProtector for Px"=C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
"K!IR.exe"=C:\Program Files\K!TV\K!IR.exe (K!)
"PrinTray"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe (Lexmark)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codecbaladeurmp3\StormSet.exe" /S /opti ()
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" /AUTO (Piriform Ltd)
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" (TomTom)

[color=orange]========== (O4) Startup Folders ==========[/color]

[2003/12/01 14:28:00 | 00,499,779 | ---- | M] (WIDCOMM, Inc.) -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk = C:\Program Files\Logiciel Bluetooth\BTTray.exe
[2004/12/02 10:40:48 | 00,217,088 | ---- | M] (CASIO COMPUTER CO.,LTD.) -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Supervision de Photo Loader.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe

[color=orange]========== (O6 & O7) Current Version Policies ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegedit"=0
"disableregistrytools"=0

[color=orange]========== (O8) IE Context Menu Extensions ==========[/color]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Compare Prices with &Dealio: C:\Documents and Settings\killATfornia\Application Data\Dealio\kb127\res\DealioSearch.html [2008/04/16 17:11:48 | 00,000,670 | ---- | M] ()
E&xporter vers Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)
Envoyer à &Bluetooth: C:\Program Files\Logiciel Bluetooth\btsendto_ie_ctx.htm [2003/05/29 12:53:00 | 00,001,320 | ---- | M] ()

[color=orange]========== (O9) IE Extensions ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Console Java (Sun) -- %ProgramFiles%\Java\jre6\bin\npjpi160_10.dll [2008/12/07 12:18:06 | 00,132,504 | ---- | M] (Sun Microsystems, Inc.)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: Ajout Direct -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007/10/26 17:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: &Ajout Direct dans Windows Live Writer -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007/10/26 17:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Recherche -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Button: @btrez.dll,-4015 -- %ProgramFiles%\Logiciel Bluetooth\btsendto_ie.htm [2003/05/29 12:53:00 | 00,002,681 | ---- | M] ()
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Menu: @btrez.dll,-4017 -- %ProgramFiles%\Logiciel Bluetooth\btsendto_ie.htm [2003/05/29 12:53:00 | 00,002,681 | ---- | M] ()
{DE60714F-AC17-427e-861A-FD60CBDF119A}: Button: Ò×Ȥ¹ºÎï -- File not found
{DE60714F-AC17-427e-861A-FD60CBDF119A}: Menu: Ò×Ȥ¹ºÎï -- File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{E908B145-C847-4e85-B315-07E2E70DECF8}: Button: Dealio -- %ProgramFiles%\Dealio\kb127\Dealio.dll [2008/05/26 18:50:36 | 03,170,144 | ---- | M] (Vendio Services, Inc.)
{E908B145-C847-4e85-B315-07E2E70DECF8}: Menu: Dealio -- %ProgramFiles%\Dealio\kb127\Dealio.dll [2008/05/26 18:50:36 | 03,170,144 | ---- | M] (Vendio Services, Inc.)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 03:34:13 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 03:34:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [Ajout Direct] -> [2007/10/26 17:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation)
CmdMapping\\{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Recherche] -> [2007/04/19 13:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{E908B145-C847-4e85-B315-07E2E70DECF8} [HKLM] -> %ProgramFiles%\Dealio\kb127\Dealio.dll [Dealio] -> [2008/05/26 18:50:36 | 03,170,144 | ---- | M] (Vendio Services, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 03:34:13 | 01,695,232 | ---- | M] (Microsoft Corporation)

[color=orange]========== (O12) Internet Explorer Plugins ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

[color=orange]========== (O13) Default Prefixes ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[color=orange]========== (O15) Trusted Sites ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[color=orange]========== (O16) DPF ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{14B87622-7E19-4EA8-93B3-97215F77A6BC}: http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab -- MessengerStatsClient Class
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab -- Shockwave ActiveX Control
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab -- Windows Genuine Advantage Validation Tool
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: https://onedrive.live.com/ -- MSN Photo Upload Tool
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab -- Java Plug-in 1.6.0_10
{B8BE5E93-A60C-4D26-A2DC-220313175592}: http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab -- ZoneIntro Class
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab -- Java Plug-in 1.6.0_10
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -- Reg Error: Key does not exist or could not be opened.
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

[color=orange]========== (O17) DNS Name Servers ==========[/color]

{146E0DCB-3767-4576-8007-F8293C0FC87A} (Servers: | Description: )
{45A018E3-4057-43C6-B285-536213689D10} (Servers: | Description: Carte réseau 1394)
{4FF0645F-FF2B-4E41-8710-5DE3C9A3D6B8} (Servers: | Description: Hauppauge WinTV NOVA Adapter)
{8EB11A88-5888-400C-87D5-E0AEC19434D3} (Servers: | Description: Carte Fast Ethernet compatible VIA)
{C1F70079-61F4-4195-9437-452D13155A4C} (Servers: | Description: 802.11g PCI Wireless Network Adapter)
{E8402A63-EF31-42C5-BF9E-020122CA95CC} (Servers: | Description: )

[color=orange]========== Safeboot Options ==========[/color]

"AlternateShell"=cmd.exe

[color=orange]========== CDRom AutoRun Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

[color=orange]========== Autorun Files on Drives ==========[/color]

AUTOEXEC.BAT []
[2005/04/11 09:30:59 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

[color=orange]========== Files/Folders - Created Within 30 Days ==========[/color]

[4 C:\WINDOWS\*.tmp files]
File not found -- C:\Documents and Settings\killATfornia\Mes documents\Mlle Nicolas
[2009/02/24 18:43:01 | 00,000,000 | ---D | C] -- C:\Program Files\Ad-remover
[2009/02/24 18:40:46 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/02/24 18:40:42 | 00,786,687 | ---- | C] () -- C:\Documents and Settings\killATfornia\Bureau\AD-R.exe
[2009/02/24 18:26:20 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/02/24 17:19:06 | 00,000,212 | ---- | C] () -- C:\Boot.bak
[2009/02/24 17:18:47 | 00,263,488 | ---- | C] () -- C:\cmldr
[2009/02/24 17:18:20 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/02/24 17:11:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/02/24 13:02:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\killATfornia\Application Data\Malwarebytes
[2009/02/24 13:01:24 | 00,000,739 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/02/24 13:01:06 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/24 13:00:49 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/24 13:00:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/02/24 13:00:32 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/02/24 12:59:58 | 02,876,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\killATfornia\Bureau\mbam-setup.exe
[2009/02/23 23:16:29 | 01,662,588 | ---- | C] () -- C:\Documents and Settings\killATfornia\Bureau\SmitfraudFix.exe
[2009/02/23 21:39:47 | 00,000,000 | ---D | C] -- C:\Program Files\Navilog1
[2009/02/23 21:39:12 | 00,576,940 | ---- | C] (IL-MAFIOSO ) -- C:\Documents and Settings\killATfornia\Bureau\Navilog1.exe
[2009/02/23 20:49:54 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\killATfornia\Bureau\otviewit.exe
[2009/02/23 18:53:52 | 00,000,000 | ---D | C] -- C:\rsit
[2009/02/23 18:52:55 | 00,781,851 | ---- | C] () -- C:\Documents and Settings\killATfornia\Bureau\RSIT.exe
[2009/02/19 09:38:58 | 00,000,850 | ---- | C] () -- C:\WINDOWS\System32\ProductTweaks.xml
[2009/02/18 18:47:07 | 00,000,486 | ---- | C] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2009/02/18 18:34:30 | 00,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2009/02/18 18:30:18 | 00,001,928 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\BitDefender Antivirus 2009.lnk
[2009/02/18 18:30:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\killATfornia\Application Data\BitDefender
[2009/02/18 18:28:41 | 00,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2009/02/18 18:28:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009/02/18 18:26:02 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\BitDefender
[2009/02/17 16:43:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Kaspersky Anti-Virus Personal Updates
[2009/02/17 16:30:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/02/17 15:53:52 | 00,000,757 | ---- | C] () -- C:\Documents and Settings\killATfornia\Bureau\Raccourci vers Programmes.lnk
[2009/02/07 12:33:49 | 00,000,645 | ---- | C] () -- C:\Documents and Settings\killATfornia\Mes documents\Mes dossiers de partage.lnk
[2009/02/01 19:35:44 | 00,427,574 | ---- | C] () -- C:\Documents and Settings\killATfornia\Mes documents\carte truqée msn.bmp
[2009/02/01 18:42:13 | 00,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidgame.sys
[2009/02/01 18:42:13 | 00,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidgame.sys
[2009/02/01 14:06:15 | 01,083,582 | ---- | C] () -- C:\Documents and Settings\killATfornia\Mes documents\carte truqée.bmp
[2009/01/30 18:28:42 | 01,727,758 | ---- | C] () -- C:\Documents and Settings\killATfornia\Mes documents\carte d'identité nath'.bmp

[color=orange]========== Files - Modified Within 30 Days ==========[/color]

[20 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
File not found -- C:\Documents and Settings\killATfornia\Mes documents\Mlle Nicolas
[2009/02/26 20:31:59 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2009/02/26 20:22:15 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/02/26 20:19:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/02/26 20:19:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/02/26 20:08:23 | 00,000,486 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2009/02/26 19:48:41 | 00,781,851 | ---- | M] () -- C:\Documents and Settings\killATfornia\Bureau\RSIT.exe
[2009/02/25 12:39:25 | 03,242,034 | -H-- | M] () -- C:\Documents and Settings\killATfornia\Local Settings\Application Data\IconCache.db
[2009/02/24 18:40:44 | 00,786,687 | ---- | M] () -- C:\Documents and Settings\killATfornia\Bureau\AD-R.exe
[2009/02/24 18:04:02 | 00,000,262 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/02/24 18:02:31 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/02/24 17:19:06 | 00,000,282 | RHS- | M] () -- C:\boot.ini
[2009/02/24 13:01:24 | 00,000,739 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/02/24 13:00:00 | 02,876,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\killATfornia\Bureau\mbam-setup.exe
[2009/02/23 23:17:11 | 01,662,588 | ---- | M] () -- C:\Documents and Settings\killATfornia\Bureau\SmitfraudFix.exe
[2009/02/23 21:39:13 | 00,576,940 | ---- | M] (IL-MAFIOSO ) -- C:\Documents and Settings\killATfornia\Bureau\Navilog1.exe
[2009/02/23 20:49:55 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\killATfornia\Bureau\otviewit.exe
[2009/02/22 19:35:54 | 00,000,645 | ---- | M] () -- C:\Documents and Settings\killATfornia\Mes documents\Mes dossiers de partage.lnk
[2009/02/21 14:24:41 | 00,000,212 | ---- | M] () -- C:\Boot.bak
[2009/02/21 14:24:40 | 00,001,546 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/02/19 09:38:58 | 00,000,850 | ---- | M] () -- C:\WINDOWS\System32\ProductTweaks.xml
[2009/02/18 18:34:30 | 00,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2009/02/18 18:30:18 | 00,001,928 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\BitDefender Antivirus 2009.lnk
[2009/02/17 16:50:35 | 00,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/02/17 16:30:20 | 00,000,000 | ---- | M] () -- C:\WINDOWS\iPlayer.INI
[2009/02/17 15:53:52 | 00,000,757 | ---- | M] () -- C:\Documents and Settings\killATfornia\Bureau\Raccourci vers Programmes.lnk
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/04 00:21:12 | 21,244,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/02 20:46:52 | 00,485,376 | -HS- | M] () -- C:\Documents and Settings\killATfornia\Mes documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\killATfornia\Mes documents\Thumbs.db:encryptable
[2009/02/01 19:35:44 | 00,427,574 | ---- | M] () -- C:\Documents and Settings\killATfornia\Mes documents\carte truqée msn.bmp
[2009/02/01 15:13:12 | 00,447,772 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2009/02/01 15:13:12 | 00,383,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/02/01 15:13:12 | 00,064,492 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2009/02/01 15:13:12 | 00,053,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/02/01 15:13:08 | 00,959,660 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/02/01 14:06:16 | 01,083,582 | ---- | M] () -- C:\Documents and Settings\killATfornia\Mes documents\carte truqée.bmp
[2009/01/30 18:29:47 | 01,727,758 | ---- | M] () -- C:\Documents and Settings\killATfornia\Mes documents\carte d'identité nath'.bmp
< End of report >

voici le rapport d'extras.txt

OTViewIt Extras logfile created on: 26/02/2009 20:31:33 - Run 4
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\killATfornia\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

255,48 Mb Total Physical Memory | 117,15 Mb Available Physical Memory | 45,85% Memory free
615,89 Mb Paging File | 306,81 Mb Available in Paging File | 49,82% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27,95 Gb Total Space | 12,18 Gb Free Space | 43,59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UNICORNI-D990D2
Current User Name: killATfornia
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

[color=orange]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] --

[color=orange]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=1
"FirewallOverride"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[color=orange]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 03:34:21 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 10:34:04 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 03:34:21 | 00,142,848 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/04/14 03:34:01 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
[2007/04/18 18:57:24 | 00,095,744 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player
[2005/03/22 13:40:19 | 04,370,432 | ---- | M] (Gabest) -- C:\Program Files\Ringz Studio\Storm Codecbaladeurmp3\mplayerc.exe:*:Disabled:Media Player Classic
[2009/02/06 18:34:08 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 10:34:04 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[color=orange]========== (O10) Winsock2 Catalogs ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [Espace de noms Bluetooth] -- C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)

[color=orange]========== (O18) Protocol Handlers ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2005/09/20 11:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2000/04/19 17:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2007/03/14 12:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])
[2007/05/10 12:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])
[2007/10/23 11:14:52 | 00,858,136 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler])

[color=orange]========== (O18) Protocol Filters ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 12:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

[color=orange]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{044146E4-A924-458A-9948-4B9C7C7D9321}"=LightScribe 1.4.31.1
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}"=QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java(TM) 6 Update 10
"{2758691A-2CDE-4942-A4AC-0E8F61FE2067}"=USB Video Device Driver
"{2A0E8EB8-85C9-461A-B0C1-0DB7C21FA89A}"=SonicStage Simple Burner 1.0
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3A2AF807-9F9F-43C9-A24A-17B617238B74}"=OpenOffice.org Installer 1.0
"{3BC66D71-032A-4F90-A838-302DA40102FF}"=USB 2.0 Image
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}"=Google Earth
"{3DFF4274-EBB0-4356-9692-972965018954}"=Windows Live Writer
"{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}"=Vimicro USB PC Camera 301x
"{44734179-8A79-4DEE-BB08-73037F065543}"=Apple Mobile Device Support
"{544FB392-069D-4BA5-9DC7-FFD47230AEE5}"=Photohands 1.0F
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}"=iTunes
"{5942839B-DA20-45D4-809C-D4FE5A45387E}"=BitDefender Antivirus 2009
"{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}"=MP3 Player Utilities 1.47
"{6105648C-0C3C-481D-8C11-1F4952D6FB53}"=Dealio Toolbar 3.4
"{62F33B80-6244-4A70-A233-0DA13B640364}"=OpenMG Secure Module 3.2
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{70B45586-B51E-4947-A258-A895596C5CED}"=Photo Loader 2.3F
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}"=VC_MergeModuleToMSI
"{9011040C-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{9026040C-6000-11D3-8CFE-0150048383C9}"=Microsoft Office XP Web Components
"{9112040C-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{A70FA218-6598-4AC9-813D-63597C5DD068}"=Galerie de photos Windows Live
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}"=ubi.com
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Assistant de connexion Windows Live
"{BADF6744-3787-48F6-B8C9-4C4995401D65}"=Windows Live Messenger
"{C514C594-23AA-4F13-A070-DB8BDB27594F}"=Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU]
"{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}"=Windows Live installer
"{FE90E9E7-A158-4687-8853-DF677A939A61}"=Bluetooth Software
"CanoCraft CS-P 3.7"=Canon CanoCraft CS-P 3.7
"CCleaner"=CCleaner (remove only)
"CdaC13Ba"=SafeCast Shared Components
"CloneDVD2"=CloneDVD2
"DameK UltraBluever. 1.7"=DameK UltraBlue
"Free Easy Burner_is1"=Free Easy Burner V 1.2.43
"Free Mp3 Wma Converter_is1"=Free Mp3 Wma Converter V 1.7.3
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"K!TV"=K!TV
"Lightslayer"=Lightslayer
"Macromedia Shockwave Player"=Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Power MP3 WMA Converter 1.14"=Power MP3 WMA Converter 1.14
"RealAlt_is1"=Real Alternative 1.35
"RM-X® Easy Compress_is1"=RM-X Easy Compress V1.1
"Storm Codec 5"=Storm Codec
"TomTom HOME"=TomTom HOME 2.5.2.60
"UxTheme Multipatcher Fr"=UxTheme Multipatcher Fr
"VD Codec Pack"=VD Codec Pack 1.6
"VLC media player"=VideoLAN VLC media player 0.8.6b
"WIC"=Windows Imaging Component
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Lecteur Windows Media 11
"Windows XP Service"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion"=Yahoo! Toolbar avec bloqueur de fenêtres pop-up
"Yahoo! Toolbar"=Yahoo! Toolbar
"YInstHelper"=Yahoo! Install Manager

[color=orange]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 25/02/2009 08:56:48 | Computer Name = UNICORNI-D990D2 | Source = Application Error | ID = 1000
Description = Application défaillante k!ir.exe, version 2.0.0.0, module défaillant
k!ir.exe, version 2.0.0.0, adresse de défaillance 0x000014d1.

Error - 25/02/2009 08:58:10 | Computer Name = UNICORNI-D990D2 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 26/02/2009 05:36:59 | Computer Name = UNICORNI-D990D2 | Source = Application Error | ID = 1000
Description = Application défaillante k!ir.exe, version 2.0.0.0, module défaillant
k!ir.exe, version 2.0.0.0, adresse de défaillance 0x000014d1.

Error - 26/02/2009 05:37:55 | Computer Name = UNICORNI-D990D2 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 26/02/2009 06:11:29 | Computer Name = UNICORNI-D990D2 | Source = Application Error | ID = 1000
Description = Application défaillante k!ir.exe, version 2.0.0.0, module défaillant
k!ir.exe, version 2.0.0.0, adresse de défaillance 0x000014d1.

Error - 26/02/2009 06:12:26 | Computer Name = UNICORNI-D990D2 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 26/02/2009 13:51:36 | Computer Name = UNICORNI-D990D2 | Source = Application Error | ID = 1000
Description = Application défaillante k!ir.exe, version 2.0.0.0, module défaillant
k!ir.exe, version 2.0.0.0, adresse de défaillance 0x000014d1.

Error - 26/02/2009 13:53:41 | Computer Name = UNICORNI-D990D2 | Source = WmiAdapter | ID = 4099
Description = Échec de l'ouverture de services.

Error - 26/02/2009 14:38:21 | Computer Name = UNICORNI-D990D2 | Source = Application Error | ID = 1000
Description = Application défaillante k!ir.exe, version 2.0.0.0, module défaillant
k!ir.exe, version 2.0.0.0, adresse de défaillance 0x000014d1.

Error - 26/02/2009 15:19:47 | Computer Name = UNICORNI-D990D2 | Source = Application Error | ID = 1000
Description = Application défaillante k!ir.exe, version 2.0.0.0, module défaillant
k!ir.exe, version 2.0.0.0, adresse de défaillance 0x000014d1.

[ System Events ]
Error - 17/02/2009 11:43:27 | Computer Name = UNICORNI-D990D2 | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : FOPN vspf vspf_hk

Error - 17/02/2009 11:53:14 | Computer Name = UNICORNI-D990D2 | Source = Service Control Manager | ID = 7000
Description = Le service ASPI32 n'a pas pu démarrer en raison de l'erreur : %%2

Error - 17/02/2009 11:53:14 | Computer Name = UNICORNI-D990D2 | Source = Service Control Manager | ID = 7000
Description = Le service Firewall service n'a pas pu démarrer en raison de l'erreur :
%%2

Error - 17/02/2009 11:53:14 | Computer Name = UNICORNI-D990D2 | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : FOPN vspf vspf_hk

Error - 17/02/2009 14:28:51 | Computer Name = UNICORNI-D990D2 | Source = Service Control Manager | ID = 7000
Description = Le service ASPI32 n'a pas pu démarrer en raison de l'erreur : %%2

Error - 17/02/2009 14:28:51 | Computer Name = UNICORNI-D990D2 | Source = Service Control Manager | ID = 7000
Description = Le service Firewall service n'a pas pu démarrer en raison de l'erreur :
%%2

Error - 17/02/2009 14:28:51 | Computer Name = UNICORNI-D990D2 | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : FOPN vspf vspf_hk

Error - 18/02/2009 13:14:15 | Computer Name = UNICORNI-D990D2 | Source = Service Control Manager | ID = 7000
Description = Le service ASPI32 n'a pas pu démarrer en raison de l'erreur : %%2

Error - 18/02/2009 13:14:15 | Computer Name = UNICORNI-D990D2 | Source = Service Control Manager | ID = 7000
Description = Le service Firewall service n'a pas pu démarrer en raison de l'erreur :
%%2

Error - 18/02/2009 13:14:15 | Computer Name = UNICORNI-D990D2 | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : FOPN vspf vspf_hk

< End of report >
0
Réponse 32 / 92
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Désinstalle Java 6 Update 10.

---> Mets à jour Java.

---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
0
Réponse 33 / 92
mfouilla Messages postés 61 Statut Membre 2
 
voici le rapport: (aucun virus de trouvé mais ca bug toujours...)

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1798
Windows 5.1.2600 Service Pack 3

26/02/2009 21:58:37
mbam-log-2009-02-26 (21-58-37).txt

Type de recherche: Examen rapide
Eléments examinés: 59784
Temps écoulé: 7 minute(s), 44 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 34 / 92
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
"(aucun virus de trouvé mais ca bug toujours...)"

---> C'est-à-dire ?
0
Réponse 35 / 92
mfouilla Messages postés 61 Statut Membre 2
 
c'est à dire que mon ordi bloque toujours au bout d'une vingtaine de minutes, en fait ce qui est étrange c'est que j'ai deux disques dur dans mon ordi ( le C: et le E:) et que depuis l'apparition de tous ces problèmes, le disque dur E: a complètement disparu...

ensuite quand j'ai dit "aucun virus de trouvé" c'est que lors de la dernière analyse avec MBAM aucun fichier contaminé n'a été trouvé, alors qu'il y a deux jours il y en avait quand même 27...

Comment continuer??
0
Réponse 36 / 92
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Fais analyser ce fichier : c:\windows\system32\userinit.exe

---> Sur VirusTotal et poste le lien de l'analyse :
https://www.virustotal.com/gui/
0
Réponse 37 / 92
mfouilla Messages postés 61 Statut Membre 2
 
analisis/cbce419a078837a9e51fd087bc7fba41
0
Réponse 38 / 92
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Le lien n'est pas bon.
0
Réponse 39 / 92
mfouilla Messages postés 61 Statut Membre 2
 
pardon, celui ci marchera je pense

http://www.virustotal.com/fr/reanalisis.html?170010787c37915fc6dab3ae46b80ce1
0
Réponse 40 / 92
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Télécharge SDFix (créé par AndyManchesta) sur ton Bureau.
- Double-clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
- Redémarre ton ordinateur en mode sans échec.

---> Pour redémarrer en mode sans échec :
- Redémarre ton PC.
- Au démarrage, tapote sur F8 (F5 sur certains PC) juste après l'affichage du BIOS et juste avant le chargement de Windows.
- Dans le menu d'options avancées, choisis Mode sans échec.
- Choisis ta session.

---> Déroule la liste des instructions ci-dessous :
- Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double-clique sur RunThis.bat pour lancer le script.
- Appuie sur Y pour commencer le processus de nettoyage.
- Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
- Appuie sur une touche pour redémarrer le PC.
- Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
- Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
- Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
- Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
- Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse.
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses