Pc infecté
kei
-
kei -
kei -
Tout d'abbord bonjour. J'aimerais savoir si une ames charitable pouvais me venir en aide car après avoir fait le tour d'un grand nombre de fofo je n'ai su trouvé de solution à mon problem qui est le suivant;
au départ je n'arrivais pas à entrer dans le gestionnaire des tâches et à modifier le registre. J'ai donc télécharger Vilma pour entrer dans regedit sans passer par l'éxecuté Windows. Seulment, j'ai remarqué que les valeurs de DisableRegistryTools et DisableTaskMgr changent automatiquement toute les 9 seconde en 1 (au lieu de 0), et ce changement m'empèche donc d'intaller quel logiciel qu'il soit , ayant justement désinstaller mon AV je n'ai pas eu le temps d'en télécharger un autre, je me retrouve donc avec Ad-Aware pour seule scanner qui ne persoit pas la source du problème.
Je vous remercie d'avance pour vôtre précieuse aide.
au départ je n'arrivais pas à entrer dans le gestionnaire des tâches et à modifier le registre. J'ai donc télécharger Vilma pour entrer dans regedit sans passer par l'éxecuté Windows. Seulment, j'ai remarqué que les valeurs de DisableRegistryTools et DisableTaskMgr changent automatiquement toute les 9 seconde en 1 (au lieu de 0), et ce changement m'empèche donc d'intaller quel logiciel qu'il soit , ayant justement désinstaller mon AV je n'ai pas eu le temps d'en télécharger un autre, je me retrouve donc avec Ad-Aware pour seule scanner qui ne persoit pas la source du problème.
Je vous remercie d'avance pour vôtre précieuse aide.
A voir également:
- Pc infecté
- Reinitialiser pc - Guide
- Pc lent - Guide
- Test performance pc - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Forcer demarrage pc - Guide
13 réponses
bonjour, tu dis ne plus pouvoir télécharger les outils de sécurité et de nettoyage sur ton pc , as tu un secon pc sur lequel tu pourrais télécharger et transférer sur l'autre par le biai d'une clé
tu es sous quoi xp vista ?? je vais essaier de te mettre un outil en ligne de téléchargement avec la procédure mais il me faut savoir sous quoi tu tournes
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
tu va essaier de télécharger combofix que j'ai renommé en jacombo tu le laisse comme cela tu le met sur le bureau et tu suis les explications si tu n'arrives pas à le télécharger on essaira avec un autre outil
Télécharge jacombo (combofix renomé) :http://sd-1.archive-host.com/membres/up/89820622056365782/jaCombo.exe
-> Double clique sur jacombo
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix (jacombo):
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares, (activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil).
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- suis les instructions et accepte ce qu'il te demande sois patient cela peut prendre près de 20 minutes
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
Télécharge jacombo (combofix renomé) :http://sd-1.archive-host.com/membres/up/89820622056365782/jaCombo.exe
-> Double clique sur jacombo
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix (jacombo):
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares, (activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil).
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- suis les instructions et accepte ce qu'il te demande sois patient cela peut prendre près de 20 minutes
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
voilà le rapport
ComboFix 09-04-19.05 - kei 19/04/2009 18:21.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.630 [GMT 2:00]
Lancé depuis: c:\documents and settings\kei\Bureau\jaCombo.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
FW: Kaspersky Internet Security *disabled*
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\kei\Application Data\.#
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DAC970NT
-------\Service_dac970nt
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-19 au 2009-04-19 ))))))))))))))))))))))))))))))))))))
.
2009-04-17 10:26 . 2009-04-17 10:26 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-17 07:54 . 2009-04-17 07:54 4788 ----a-w c:\windows\system32\PerfStringBackup.TMP
2009-04-16 23:32 . 2009-04-17 01:02 1374 ----a-w c:\windows\imsins.BAK
2009-04-16 23:29 . 2009-04-16 23:29 120480 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-16 23:28 . 2009-04-16 23:31 -------- d-----w c:\windows\system32\XPSViewer
2009-04-16 23:26 . 2006-06-29 11:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-04-16 23:03 . 2009-04-16 23:12 -------- d-----w c:\documents and settings\kei\Local Settings\Application Data\Deployment
2009-04-15 16:44 . 2009-04-15 16:44 -------- d-----w c:\documents and settings\kei\Local Settings\Application Data\F4
2009-04-15 15:55 . 2009-04-15 16:08 -------- d-----w c:\documents and settings\kei\Application Data\F4
2009-04-15 14:23 . 2009-04-15 14:10 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-15 14:21 . 2009-04-15 14:21 -------- d-----w c:\documents and settings\LocalService\Bureau
2009-04-15 14:11 . 2009-04-15 14:10 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-15 14:08 . 2009-04-15 14:08 -------- dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-15 14:06 . 2009-04-15 14:09 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-14 16:25 . 2009-04-15 15:55 413696 ----a-w c:\windows\system32\wrap_oal.dll
2009-04-14 16:25 . 2009-04-15 15:55 110592 ----a-w c:\windows\system32\OpenAL32.dll
2009-04-02 12:12 . 2009-04-02 12:12 -------- d-----w c:\documents and settings\All Users\Application Data\2DBoy
2009-03-30 20:52 . 2009-03-31 11:11 -------- d-----w c:\windows\system32\drivers\UMDF
2009-03-30 20:30 . 2004-12-10 19:29 401 ----a-w c:\windows\system32\lame_acm.xml
2009-03-30 20:30 . 2002-12-03 20:13 1048576 ----a-w c:\windows\system32\lameACM.acm
2009-03-30 20:21 . 2009-03-30 20:21 65 ----a-w c:\windows\FISHUI.INI
2009-03-30 19:57 . 2005-05-03 07:33 299008 ----a-w c:\windows\system32\LAME_MP3.dll
2009-03-30 19:56 . 2009-03-30 20:30 65024 ----a-w c:\windows\IFinst26.exe
2009-03-29 11:51 . 2009-04-19 16:20 -------- d-----w c:\documents and settings\kei\Application Data\MxBoost
2009-03-25 13:03 . 2009-03-25 13:03 -------- d-----w c:\documents and settings\kei\Games
2009-03-25 11:33 . 2009-03-25 11:33 754 ----a-w c:\windows\WORDPAD.INI
2009-03-24 18:18 . 2008-10-23 16:42 290816 ----a-w c:\windows\vncutil.exe
2009-03-24 18:18 . 2009-03-12 14:34 39424 ----a-w c:\windows\system32\RtkCoInstXP.dll
2009-03-24 18:18 . 2008-06-24 13:46 104992 ----a-w c:\windows\RtkAudioService.exe
2009-03-24 18:18 . 2006-01-04 14:41 1389056 ----a-w c:\windows\system32\drivers\Monfilt.sys
2009-03-24 18:18 . 2008-08-05 19:10 1684736 ----a-w c:\windows\system32\drivers\Ambfilt.sys
2009-03-22 12:51 . 2009-04-14 16:09 -------- d-----w c:\documents and settings\All Users\Application Data\Chat Republic Games
2009-03-22 01:24 . 2009-03-22 01:24 -------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 16:31 . 2009-04-15 14:53 4398 ----a-w C:\aaw7boot.log
2009-04-19 15:55 . 2009-03-14 10:09 -------- d-----w c:\program files\Flock
2009-04-18 12:43 . 2009-04-18 12:43 -------- d-----w c:\program files\Vilma
2009-04-18 12:23 . 2008-12-14 23:14 -------- d-----w c:\program files\TuneUp Utilities 2007
2009-04-17 22:10 . 2008-12-17 14:09 -------- d-----w c:\documents and settings\kei\Application Data\BitTorrent
2009-04-17 21:19 . 2009-01-24 19:38 -------- d-----w c:\program files\RomStation
2009-04-17 10:26 . 2009-04-17 10:26 -------- d-----w c:\program files\iTunes
2009-04-17 10:26 . 2009-04-17 10:26 -------- d-----w c:\program files\iPod
2009-04-17 10:26 . 2008-12-14 20:02 -------- d-----w c:\program files\Fichiers communs\Apple
2009-04-17 07:54 . 2001-08-28 12:00 86572 ----a-w c:\windows\system32\perfc00C.dat
2009-04-17 07:54 . 2001-08-28 12:00 512162 ----a-w c:\windows\system32\perfh00C.dat
2009-04-17 00:52 . 2008-12-14 19:18 24008 ----a-w c:\documents and settings\kei\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-16 23:29 . 2009-02-21 05:08 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-16 23:28 . 2009-04-16 23:28 -------- d-----w c:\program files\MSBuild
2009-04-16 23:28 . 2009-04-16 23:28 -------- d-----w c:\program files\Reference Assemblies
2009-04-15 16:44 . 2009-04-15 15:55 -------- d-----w c:\program files\Exalight
2009-04-15 14:06 . 2009-04-15 14:06 -------- d-----w c:\program files\Lavasoft
2009-04-14 16:25 . 2009-04-14 16:25 -------- d-----w c:\program files\OpenAL
2009-04-14 16:09 . 2009-01-22 23:20 -------- d-----w c:\program files\Crayon Physics Deluxe Demo
2009-04-11 21:41 . 2009-04-02 12:08 -------- d-----w c:\program files\Crayon Physics Deluxe
2009-04-06 09:11 . 2009-03-30 20:30 -------- d-----w c:\program files\XviD
2009-04-02 12:16 . 2009-01-22 23:20 -------- d-----w c:\documents and settings\kei\Application Data\Crayon Physics Deluxe
2009-04-02 12:11 . 2009-04-02 12:11 -------- d-----w c:\program files\WorldOfGoo
2009-04-01 11:08 . 2009-04-01 11:08 -------- d-----w c:\program files\Fichiers communs\xing shared
2009-04-01 11:08 . 2009-01-31 21:27 -------- d-----w c:\program files\Fichiers communs\Real
2009-04-01 11:07 . 2009-01-03 21:48 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-01 11:07 . 2009-01-03 21:48 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-31 17:00 . 2009-03-31 17:00 -------- d-----w c:\program files\Microsoft Games
2009-03-31 16:55 . 2009-03-29 11:50 -------- d-----w c:\program files\Maxthon2
2009-03-30 20:54 . 2009-03-30 20:54 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-30 20:48 . 2008-12-14 18:51 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-30 20:48 . 2009-03-30 19:55 -------- d-----w c:\documents and settings\kei\Application Data\DataCast
2009-03-30 20:30 . 2009-03-30 20:30 -------- d-----w c:\program files\Lame MP3 Codec
2009-03-30 20:23 . 2009-03-29 21:07 -------- d-----w c:\program files\AquariaDemo
2009-03-30 19:55 . 2009-03-30 19:55 -------- d-----w c:\program files\Samsung
2009-03-29 11:58 . 2008-12-14 19:28 -------- d-----w c:\program files\Opera
2009-03-29 11:50 . 2009-03-29 11:29 -------- d-----w c:\program files\Maxthon
2009-03-28 17:04 . 2009-01-13 15:37 -------- d-----w c:\program files\Fichiers communs\Adobe
2009-03-28 16:08 . 2009-01-15 18:53 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-03-25 16:29 . 2009-02-12 19:34 -------- d-----w c:\program files\ma-config.com
2009-03-25 16:29 . 2009-02-12 19:34 -------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-03-24 18:18 . 2008-12-14 18:52 -------- d-----w c:\program files\Realtek
2009-03-22 18:03 . 2009-03-22 18:03 -------- d-----w c:\program files\Fichiers communs\Adobe AIR
2009-03-20 19:33 . 2009-03-07 22:50 -------- d-----w c:\program files\Duke Nukem - Manhattan Project (DEMO)
2009-03-19 14:32 . 2005-02-02 00:21 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 13:17 . 2009-03-19 13:17 -------- d-----w c:\program files\ConvertHelper
2009-03-16 06:49 . 2009-03-16 06:49 -------- d-----w c:\program files\Adobe Media Player
2009-03-15 16:23 . 2009-03-15 16:23 -------- d-----w c:\documents and settings\kei\Application Data\Malwarebytes
2009-03-15 16:23 . 2009-03-15 16:23 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-15 16:23 . 2009-03-15 16:23 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-14 15:09 . 2009-03-14 15:07 -------- d-----w c:\program files\Duke Nukem - Manhattan Project
2009-03-14 10:09 . 2009-03-14 10:09 -------- d-----w c:\documents and settings\kei\Application Data\Flock
2009-03-14 10:07 . 2009-03-14 10:07 -------- d-----w c:\documents and settings\kei\Application Data\OpenCandy
2009-03-14 10:07 . 2009-03-14 10:07 -------- d-----w c:\program files\VDOWNLOADER
2009-03-13 17:02 . 2008-12-17 21:59 -------- d-----w c:\program files\Ubisoft
2009-03-13 15:48 . 2009-03-13 15:48 -------- d-----w c:\documents and settings\kei\Application Data\Ace
2009-03-12 18:06 . 2009-03-12 18:06 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-12 16:25 . 2008-12-14 18:52 5051904 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2009-03-12 16:21 . 2008-12-14 18:52 17531392 ----a-w c:\windows\RTHDCPL.EXE
2009-03-11 20:23 . 2009-03-11 20:23 -------- d-----w c:\documents and settings\kei\Application Data\Unity
2009-03-11 20:11 . 2009-03-11 20:11 -------- d-----w c:\program files\Unity
2009-03-10 13:32 . 2008-12-14 18:52 2168320 ----a-w c:\windows\MicCal.exe
2009-03-09 12:55 . 2009-03-09 12:55 -------- d-----w c:\program files\Fichiers communs\Common Share
2009-03-09 12:55 . 2009-03-09 12:55 -------- d-----w c:\program files\OJOsoft
2009-03-06 14:20 . 2008-04-13 17:33 286720 ----a-w c:\windows\system32\pdh.dll
2009-03-05 13:14 . 2008-12-14 22:37 -------- d-----w c:\program files\CCleaner
2009-03-03 22:11 . 2009-01-16 15:12 -------- d-----w c:\program files\DivX
2009-03-03 00:13 . 2008-04-13 17:33 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 10:14 . 2008-12-14 18:52 57344 ----a-w c:\windows\ALCMTR.EXE
2009-03-01 19:24 . 2009-01-14 17:12 -------- d-----w c:\program files\eMule
2009-03-01 19:23 . 2009-01-15 14:45 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-03-01 19:23 . 2009-01-15 14:45 -------- d-----w c:\program files\DAEMON Tools Lite
2009-03-01 19:23 . 2008-12-17 14:09 -------- d-----w c:\program files\BitTorrent
2009-03-01 19:22 . 2008-12-14 20:03 -------- d-----w c:\program files\Apple Software Update
2009-03-01 18:42 . 2009-02-01 12:38 -------- d-----w c:\program files\QuickTime
2009-03-01 14:19 . 2009-03-01 14:19 -------- d-----w c:\documents and settings\kei\Application Data\SYSTEMAX Software Development
2009-03-01 14:19 . 2009-03-01 14:19 -------- d-----w c:\documents and settings\All Users\Application Data\SYSTEMAX Software Development
2009-02-28 19:15 . 2009-02-28 19:15 -------- d-----w c:\documents and settings\kei\Application Data\id Software
2009-02-28 18:55 . 2009-02-28 18:20 22328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-28 18:55 . 2009-02-28 18:20 22328 ----a-w c:\documents and settings\kei\Application Data\PnkBstrK.sys
2009-02-28 18:55 . 2009-02-28 18:20 107832 ----a-w c:\windows\system32\PnkBstrB.exe
2009-02-28 18:55 . 2009-02-28 18:20 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-02-28 18:55 . 2009-02-28 18:20 2246144 ----a-w c:\windows\system32\pbsvc.exe
2009-02-28 18:20 . 2009-02-28 18:20 -------- d-----w c:\documents and settings\All Users\Application Data\id Software
2009-02-28 11:04 . 2008-12-16 12:17 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-23 02:46 . 2009-02-23 02:43 -------- d-----w c:\program files\Replay Media Catcher
2009-02-23 02:45 . 2009-02-23 02:45 237568 ----a-w c:\windows\system32\rmc_rtspdl.dll
2009-02-23 02:45 . 2009-02-23 02:45 156672 ----a-w c:\windows\system32\rmc_fixasf.exe
2009-02-23 02:44 . 2009-02-23 02:44 323584 ----a-w c:\windows\system32\AUDIOGENIE2.DLL
2009-02-23 02:43 . 2009-02-23 02:43 8390360 ----a-w c:\program files\FLV PlayerRCATSetup.exe
2009-02-23 02:42 . 2009-02-23 02:42 -------- d-----w c:\program files\FLV Player
2009-02-23 02:40 . 2009-02-21 04:55 -------- d-----w c:\program files\Fichiers communs\Justdo
2009-02-21 05:20 . 2009-02-21 05:08 -------- d-----w c:\program files\DAP
2009-02-21 05:19 . 2009-02-21 04:48 -------- d-----w c:\program files\Save Flash
2009-02-21 05:19 . 2009-02-04 22:59 -------- d-----w c:\program files\Free FLV Converter
2009-02-21 05:18 . 2009-02-21 05:08 -------- d-----w c:\documents and settings\All Users\Application Data\SpeedBit
2009-02-21 05:17 . 2009-02-21 05:15 -------- d-----w c:\documents and settings\kei\Application Data\GeoVid
2009-02-21 05:15 . 2009-02-21 05:15 -------- d-----w c:\program files\Fichiers communs\GeoVid
2009-02-21 04:55 . 2009-02-21 04:55 -------- d-----w c:\program files\Justdo Software
2009-02-21 04:53 . 2009-02-21 04:51 3502 ----a-w C:\Enlish.lng
2006-05-03 10:06 . 2009-04-04 02:17 163328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-04-04 02:17 31232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-04-04 02:17 216064 --sh--r c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2901912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 206232]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 245760]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 523632]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 1061216]
"AdobeCS4ServiceManager"="c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 119152]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 714104]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-04-01 267792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-19 593240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 416040]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-12 17531392]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 158224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\kei\Menu D‚marrer\Programmes\D‚marrage\
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w c:\program files\fichiers communs\logitech\bluetooth\LBTWLgn.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Ubisoft\\Demo\\Tom Clancy's H.A.W.X\\HAWX.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\PowerISO\\PWRISOVM.EXE"=
"c:\\Program Files\\Adobe\\Acrobat 9.0\\Acrobat\\Acrobat_sl.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Program Files\\RomStation\\RomStation.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\AAWTray.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-AwareAdmin.exe"=
"c:\\Program Files\\Exalight\\NetworkDiagnostic.exe"=
"c:\\Program Files\\Exalight\\Exalight.exe"=
"c:\\Documents and Settings\\kei\\Local Settings\\Application Data\\F4\\ClientUpdater\\ClientUpdater.exe"=
"c:\\Program Files\\Search Settings\\SearchSettings.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Maxthon2\\Maxthon.exe"=
"c:\\WINDOWS\\regedit.exe"=
"c:\\Program Files\\Adobe\\Acrobat 9.0\\Acrobat\\Acrotray.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\AAWService.exe"=
"c:\\WINDOWS\\TEMP\\winugmqg.exe"=
"c:\\WINDOWS\\TEMP\\yxfuwu.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
R3 ovt530;Webcam Deluxe;c:\windows\system32\Drivers\ov530vid.sys [2005-03-15 161792]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [2007-04-23 10752]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-15 64160]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]
S2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-15 1021264]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [2007-06-07 18944]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - DAC970NT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19a51fc4-f506-11dd-8935-00138fe98bd6}]
\Shell\aUtoplay\cOmMaNd - H:\yosl.pif
\Shell\AutoRun\command - H:\yosl.pif
\Shell\eXPLoRe\coMmAnd - H:\yosl.pif
\Shell\OPen\coMmand - H:\yosl.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{735b4b69-cc85-11dd-a1bf-00138fe98bd6}]
\Shell\AutoRun\command - F:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86ed6871-cac1-11dd-a1bb-00138fe98bd6}]
\shelL\AutoplaY\commaND - G:\yqldn.pif
\shelL\AutoRun\command - G:\yqldn.pif
\shelL\eXPlore\ComMand - G:\yqldn.pif
\shelL\opEn\commaND - G:\yqldn.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86ed6873-cac1-11dd-a1bb-00138fe98bd6}]
\Shell\Autoplay\commanD - H:\qsrsy.pif
\Shell\AutoRun\command - H:\qsrsy.pif
\Shell\EXPLOre\cOMmAND - H:\qsrsy.pif
\Shell\open\CommaND - H:\qsrsy.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8f9085a-2225-11de-897b-00138fe98bd6}]
\shelL\AUtopLaY\CommAnd - I:\btdnq.exe
\shelL\AutoRun\command - I:\btdnq.exe
\shelL\explore\Command - I:\btdnq.exe
\shelL\opeN\command - I:\btdnq.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8f9085b-2225-11de-897b-00138fe98bd6}]
\Shell\AutoPlay\cOmmaNd - J:\asrwcp.exe
\Shell\AutoRun\command - J:\asrwcp.exe
\Shell\eXPlore\cOmmand - J:\asrwcp.exe
\Shell\OpeN\cOMmAnd - J:\asrwcp.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdd726a6-f2b6-11dd-8932-00138fe98bd6}]
\Shell\AutoPlay\cOmmaNd - H:\asrwcp.exe
\Shell\AutoRun\command - H:\asrwcp.exe
\Shell\eXPlore\cOmmand - H:\asrwcp.exe
\Shell\OpeN\cOMmAnd - H:\asrwcp.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f44b0512-05e1-11de-8950-00138fe98bd6}]
\sheLl\AUTOpLaY\CoMmAnd - H:\cvhtjh.cmd
\sheLl\AutoRun\command - H:\cvhtjh.cmd
\sheLl\ExpLoRE\CoMMaNd - H:\cvhtjh.cmd
\sheLl\oPEN\coMMaNd - H:\cvhtjh.cmd
.
Contenu du dossier 'Tâches planifiées'
2009-04-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 15:50]
2009-04-18 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 23:10]
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-{32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = *.local
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à Kaspersky Anti-Bannière - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Save Flash with Flash Catcher - c:\program files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm
IE: {{90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - res://c:\program files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm
DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - hxxp://bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
FF - ProfilePath - c:\documents and settings\kei\Application Data\Mozilla\Firefox\Profiles\[u]0/udxsci98.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\kei\Application Data\Mozilla\Firefox\Profiles\[u]0/udxsci98.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 18:32
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dac970nt]
"ImagePath"="\??\c:\windows\system32\drivers\ekjmko.sys"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(836)
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll
c:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\COMRes.dll
- - - - - - - > 'lsass.exe'(892)
c:\windows\system32\scecli.dll
- - - - - - - > 'explorer.exe'(1912)
c:\windows\system32\SHDOCVW.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\drivers\WTSrv.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\Temp\winugmqg.exe
c:\windows\Temp\yxfuwu.exe
.
**************************************************************************
.
Heure de fin: 2009-04-19 18:44 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-04-19 16:44
Avant-CF: 47 013 699 584 octets libres
Après-CF: 47 701 561 344 octets libres
392 --- E O F --- 2009-04-17 01:03
ComboFix 09-04-19.05 - kei 19/04/2009 18:21.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1023.630 [GMT 2:00]
Lancé depuis: c:\documents and settings\kei\Bureau\jaCombo.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated)
FW: Kaspersky Internet Security *disabled*
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\kei\Application Data\.#
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DAC970NT
-------\Service_dac970nt
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-19 au 2009-04-19 ))))))))))))))))))))))))))))))))))))
.
2009-04-17 10:26 . 2009-04-17 10:26 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-17 07:54 . 2009-04-17 07:54 4788 ----a-w c:\windows\system32\PerfStringBackup.TMP
2009-04-16 23:32 . 2009-04-17 01:02 1374 ----a-w c:\windows\imsins.BAK
2009-04-16 23:29 . 2009-04-16 23:29 120480 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-16 23:28 . 2009-04-16 23:31 -------- d-----w c:\windows\system32\XPSViewer
2009-04-16 23:26 . 2006-06-29 11:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-04-16 23:03 . 2009-04-16 23:12 -------- d-----w c:\documents and settings\kei\Local Settings\Application Data\Deployment
2009-04-15 16:44 . 2009-04-15 16:44 -------- d-----w c:\documents and settings\kei\Local Settings\Application Data\F4
2009-04-15 15:55 . 2009-04-15 16:08 -------- d-----w c:\documents and settings\kei\Application Data\F4
2009-04-15 14:23 . 2009-04-15 14:10 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-15 14:21 . 2009-04-15 14:21 -------- d-----w c:\documents and settings\LocalService\Bureau
2009-04-15 14:11 . 2009-04-15 14:10 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-15 14:08 . 2009-04-15 14:08 -------- dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-15 14:06 . 2009-04-15 14:09 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-14 16:25 . 2009-04-15 15:55 413696 ----a-w c:\windows\system32\wrap_oal.dll
2009-04-14 16:25 . 2009-04-15 15:55 110592 ----a-w c:\windows\system32\OpenAL32.dll
2009-04-02 12:12 . 2009-04-02 12:12 -------- d-----w c:\documents and settings\All Users\Application Data\2DBoy
2009-03-30 20:52 . 2009-03-31 11:11 -------- d-----w c:\windows\system32\drivers\UMDF
2009-03-30 20:30 . 2004-12-10 19:29 401 ----a-w c:\windows\system32\lame_acm.xml
2009-03-30 20:30 . 2002-12-03 20:13 1048576 ----a-w c:\windows\system32\lameACM.acm
2009-03-30 20:21 . 2009-03-30 20:21 65 ----a-w c:\windows\FISHUI.INI
2009-03-30 19:57 . 2005-05-03 07:33 299008 ----a-w c:\windows\system32\LAME_MP3.dll
2009-03-30 19:56 . 2009-03-30 20:30 65024 ----a-w c:\windows\IFinst26.exe
2009-03-29 11:51 . 2009-04-19 16:20 -------- d-----w c:\documents and settings\kei\Application Data\MxBoost
2009-03-25 13:03 . 2009-03-25 13:03 -------- d-----w c:\documents and settings\kei\Games
2009-03-25 11:33 . 2009-03-25 11:33 754 ----a-w c:\windows\WORDPAD.INI
2009-03-24 18:18 . 2008-10-23 16:42 290816 ----a-w c:\windows\vncutil.exe
2009-03-24 18:18 . 2009-03-12 14:34 39424 ----a-w c:\windows\system32\RtkCoInstXP.dll
2009-03-24 18:18 . 2008-06-24 13:46 104992 ----a-w c:\windows\RtkAudioService.exe
2009-03-24 18:18 . 2006-01-04 14:41 1389056 ----a-w c:\windows\system32\drivers\Monfilt.sys
2009-03-24 18:18 . 2008-08-05 19:10 1684736 ----a-w c:\windows\system32\drivers\Ambfilt.sys
2009-03-22 12:51 . 2009-04-14 16:09 -------- d-----w c:\documents and settings\All Users\Application Data\Chat Republic Games
2009-03-22 01:24 . 2009-03-22 01:24 -------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 16:31 . 2009-04-15 14:53 4398 ----a-w C:\aaw7boot.log
2009-04-19 15:55 . 2009-03-14 10:09 -------- d-----w c:\program files\Flock
2009-04-18 12:43 . 2009-04-18 12:43 -------- d-----w c:\program files\Vilma
2009-04-18 12:23 . 2008-12-14 23:14 -------- d-----w c:\program files\TuneUp Utilities 2007
2009-04-17 22:10 . 2008-12-17 14:09 -------- d-----w c:\documents and settings\kei\Application Data\BitTorrent
2009-04-17 21:19 . 2009-01-24 19:38 -------- d-----w c:\program files\RomStation
2009-04-17 10:26 . 2009-04-17 10:26 -------- d-----w c:\program files\iTunes
2009-04-17 10:26 . 2009-04-17 10:26 -------- d-----w c:\program files\iPod
2009-04-17 10:26 . 2008-12-14 20:02 -------- d-----w c:\program files\Fichiers communs\Apple
2009-04-17 07:54 . 2001-08-28 12:00 86572 ----a-w c:\windows\system32\perfc00C.dat
2009-04-17 07:54 . 2001-08-28 12:00 512162 ----a-w c:\windows\system32\perfh00C.dat
2009-04-17 00:52 . 2008-12-14 19:18 24008 ----a-w c:\documents and settings\kei\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-16 23:29 . 2009-02-21 05:08 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-16 23:28 . 2009-04-16 23:28 -------- d-----w c:\program files\MSBuild
2009-04-16 23:28 . 2009-04-16 23:28 -------- d-----w c:\program files\Reference Assemblies
2009-04-15 16:44 . 2009-04-15 15:55 -------- d-----w c:\program files\Exalight
2009-04-15 14:06 . 2009-04-15 14:06 -------- d-----w c:\program files\Lavasoft
2009-04-14 16:25 . 2009-04-14 16:25 -------- d-----w c:\program files\OpenAL
2009-04-14 16:09 . 2009-01-22 23:20 -------- d-----w c:\program files\Crayon Physics Deluxe Demo
2009-04-11 21:41 . 2009-04-02 12:08 -------- d-----w c:\program files\Crayon Physics Deluxe
2009-04-06 09:11 . 2009-03-30 20:30 -------- d-----w c:\program files\XviD
2009-04-02 12:16 . 2009-01-22 23:20 -------- d-----w c:\documents and settings\kei\Application Data\Crayon Physics Deluxe
2009-04-02 12:11 . 2009-04-02 12:11 -------- d-----w c:\program files\WorldOfGoo
2009-04-01 11:08 . 2009-04-01 11:08 -------- d-----w c:\program files\Fichiers communs\xing shared
2009-04-01 11:08 . 2009-01-31 21:27 -------- d-----w c:\program files\Fichiers communs\Real
2009-04-01 11:07 . 2009-01-03 21:48 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-01 11:07 . 2009-01-03 21:48 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-03-31 17:00 . 2009-03-31 17:00 -------- d-----w c:\program files\Microsoft Games
2009-03-31 16:55 . 2009-03-29 11:50 -------- d-----w c:\program files\Maxthon2
2009-03-30 20:54 . 2009-03-30 20:54 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-30 20:48 . 2008-12-14 18:51 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-30 20:48 . 2009-03-30 19:55 -------- d-----w c:\documents and settings\kei\Application Data\DataCast
2009-03-30 20:30 . 2009-03-30 20:30 -------- d-----w c:\program files\Lame MP3 Codec
2009-03-30 20:23 . 2009-03-29 21:07 -------- d-----w c:\program files\AquariaDemo
2009-03-30 19:55 . 2009-03-30 19:55 -------- d-----w c:\program files\Samsung
2009-03-29 11:58 . 2008-12-14 19:28 -------- d-----w c:\program files\Opera
2009-03-29 11:50 . 2009-03-29 11:29 -------- d-----w c:\program files\Maxthon
2009-03-28 17:04 . 2009-01-13 15:37 -------- d-----w c:\program files\Fichiers communs\Adobe
2009-03-28 16:08 . 2009-01-15 18:53 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-03-25 16:29 . 2009-02-12 19:34 -------- d-----w c:\program files\ma-config.com
2009-03-25 16:29 . 2009-02-12 19:34 -------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-03-24 18:18 . 2008-12-14 18:52 -------- d-----w c:\program files\Realtek
2009-03-22 18:03 . 2009-03-22 18:03 -------- d-----w c:\program files\Fichiers communs\Adobe AIR
2009-03-20 19:33 . 2009-03-07 22:50 -------- d-----w c:\program files\Duke Nukem - Manhattan Project (DEMO)
2009-03-19 14:32 . 2005-02-02 00:21 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 13:17 . 2009-03-19 13:17 -------- d-----w c:\program files\ConvertHelper
2009-03-16 06:49 . 2009-03-16 06:49 -------- d-----w c:\program files\Adobe Media Player
2009-03-15 16:23 . 2009-03-15 16:23 -------- d-----w c:\documents and settings\kei\Application Data\Malwarebytes
2009-03-15 16:23 . 2009-03-15 16:23 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-15 16:23 . 2009-03-15 16:23 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-14 15:09 . 2009-03-14 15:07 -------- d-----w c:\program files\Duke Nukem - Manhattan Project
2009-03-14 10:09 . 2009-03-14 10:09 -------- d-----w c:\documents and settings\kei\Application Data\Flock
2009-03-14 10:07 . 2009-03-14 10:07 -------- d-----w c:\documents and settings\kei\Application Data\OpenCandy
2009-03-14 10:07 . 2009-03-14 10:07 -------- d-----w c:\program files\VDOWNLOADER
2009-03-13 17:02 . 2008-12-17 21:59 -------- d-----w c:\program files\Ubisoft
2009-03-13 15:48 . 2009-03-13 15:48 -------- d-----w c:\documents and settings\kei\Application Data\Ace
2009-03-12 18:06 . 2009-03-12 18:06 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-12 16:25 . 2008-12-14 18:52 5051904 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2009-03-12 16:21 . 2008-12-14 18:52 17531392 ----a-w c:\windows\RTHDCPL.EXE
2009-03-11 20:23 . 2009-03-11 20:23 -------- d-----w c:\documents and settings\kei\Application Data\Unity
2009-03-11 20:11 . 2009-03-11 20:11 -------- d-----w c:\program files\Unity
2009-03-10 13:32 . 2008-12-14 18:52 2168320 ----a-w c:\windows\MicCal.exe
2009-03-09 12:55 . 2009-03-09 12:55 -------- d-----w c:\program files\Fichiers communs\Common Share
2009-03-09 12:55 . 2009-03-09 12:55 -------- d-----w c:\program files\OJOsoft
2009-03-06 14:20 . 2008-04-13 17:33 286720 ----a-w c:\windows\system32\pdh.dll
2009-03-05 13:14 . 2008-12-14 22:37 -------- d-----w c:\program files\CCleaner
2009-03-03 22:11 . 2009-01-16 15:12 -------- d-----w c:\program files\DivX
2009-03-03 00:13 . 2008-04-13 17:33 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 10:14 . 2008-12-14 18:52 57344 ----a-w c:\windows\ALCMTR.EXE
2009-03-01 19:24 . 2009-01-14 17:12 -------- d-----w c:\program files\eMule
2009-03-01 19:23 . 2009-01-15 14:45 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-03-01 19:23 . 2009-01-15 14:45 -------- d-----w c:\program files\DAEMON Tools Lite
2009-03-01 19:23 . 2008-12-17 14:09 -------- d-----w c:\program files\BitTorrent
2009-03-01 19:22 . 2008-12-14 20:03 -------- d-----w c:\program files\Apple Software Update
2009-03-01 18:42 . 2009-02-01 12:38 -------- d-----w c:\program files\QuickTime
2009-03-01 14:19 . 2009-03-01 14:19 -------- d-----w c:\documents and settings\kei\Application Data\SYSTEMAX Software Development
2009-03-01 14:19 . 2009-03-01 14:19 -------- d-----w c:\documents and settings\All Users\Application Data\SYSTEMAX Software Development
2009-02-28 19:15 . 2009-02-28 19:15 -------- d-----w c:\documents and settings\kei\Application Data\id Software
2009-02-28 18:55 . 2009-02-28 18:20 22328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-28 18:55 . 2009-02-28 18:20 22328 ----a-w c:\documents and settings\kei\Application Data\PnkBstrK.sys
2009-02-28 18:55 . 2009-02-28 18:20 107832 ----a-w c:\windows\system32\PnkBstrB.exe
2009-02-28 18:55 . 2009-02-28 18:20 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-02-28 18:55 . 2009-02-28 18:20 2246144 ----a-w c:\windows\system32\pbsvc.exe
2009-02-28 18:20 . 2009-02-28 18:20 -------- d-----w c:\documents and settings\All Users\Application Data\id Software
2009-02-28 11:04 . 2008-12-16 12:17 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-23 02:46 . 2009-02-23 02:43 -------- d-----w c:\program files\Replay Media Catcher
2009-02-23 02:45 . 2009-02-23 02:45 237568 ----a-w c:\windows\system32\rmc_rtspdl.dll
2009-02-23 02:45 . 2009-02-23 02:45 156672 ----a-w c:\windows\system32\rmc_fixasf.exe
2009-02-23 02:44 . 2009-02-23 02:44 323584 ----a-w c:\windows\system32\AUDIOGENIE2.DLL
2009-02-23 02:43 . 2009-02-23 02:43 8390360 ----a-w c:\program files\FLV PlayerRCATSetup.exe
2009-02-23 02:42 . 2009-02-23 02:42 -------- d-----w c:\program files\FLV Player
2009-02-23 02:40 . 2009-02-21 04:55 -------- d-----w c:\program files\Fichiers communs\Justdo
2009-02-21 05:20 . 2009-02-21 05:08 -------- d-----w c:\program files\DAP
2009-02-21 05:19 . 2009-02-21 04:48 -------- d-----w c:\program files\Save Flash
2009-02-21 05:19 . 2009-02-04 22:59 -------- d-----w c:\program files\Free FLV Converter
2009-02-21 05:18 . 2009-02-21 05:08 -------- d-----w c:\documents and settings\All Users\Application Data\SpeedBit
2009-02-21 05:17 . 2009-02-21 05:15 -------- d-----w c:\documents and settings\kei\Application Data\GeoVid
2009-02-21 05:15 . 2009-02-21 05:15 -------- d-----w c:\program files\Fichiers communs\GeoVid
2009-02-21 04:55 . 2009-02-21 04:55 -------- d-----w c:\program files\Justdo Software
2009-02-21 04:53 . 2009-02-21 04:51 3502 ----a-w C:\Enlish.lng
2006-05-03 10:06 . 2009-04-04 02:17 163328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-04-04 02:17 31232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-04-04 02:17 216064 --sh--r c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2901912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-18 206232]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 245760]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 523632]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 1061216]
"AdobeCS4ServiceManager"="c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 119152]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 714104]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-04-01 267792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-19 593240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 416040]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-03-12 17531392]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 158224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
c:\documents and settings\kei\Menu D‚marrer\Programmes\D‚marrage\
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w c:\program files\fichiers communs\logitech\bluetooth\LBTWLgn.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Ubisoft\\Demo\\Tom Clancy's H.A.W.X\\HAWX.exe"=
"c:\\Program Files\\Fichiers communs\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe"=
"c:\\Program Files\\PowerISO\\PWRISOVM.EXE"=
"c:\\Program Files\\Adobe\\Acrobat 9.0\\Acrobat\\Acrobat_sl.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Program Files\\RomStation\\RomStation.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\AAWTray.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-AwareAdmin.exe"=
"c:\\Program Files\\Exalight\\NetworkDiagnostic.exe"=
"c:\\Program Files\\Exalight\\Exalight.exe"=
"c:\\Documents and Settings\\kei\\Local Settings\\Application Data\\F4\\ClientUpdater\\ClientUpdater.exe"=
"c:\\Program Files\\Search Settings\\SearchSettings.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Maxthon2\\Maxthon.exe"=
"c:\\WINDOWS\\regedit.exe"=
"c:\\Program Files\\Adobe\\Acrobat 9.0\\Acrobat\\Acrotray.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\AAWService.exe"=
"c:\\WINDOWS\\TEMP\\winugmqg.exe"=
"c:\\WINDOWS\\TEMP\\yxfuwu.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
R3 ovt530;Webcam Deluxe;c:\windows\system32\Drivers\ov530vid.sys [2005-03-15 161792]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [2007-04-23 10752]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-15 64160]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]
S2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-15 1021264]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [2007-06-07 18944]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - DAC970NT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19a51fc4-f506-11dd-8935-00138fe98bd6}]
\Shell\aUtoplay\cOmMaNd - H:\yosl.pif
\Shell\AutoRun\command - H:\yosl.pif
\Shell\eXPLoRe\coMmAnd - H:\yosl.pif
\Shell\OPen\coMmand - H:\yosl.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{735b4b69-cc85-11dd-a1bf-00138fe98bd6}]
\Shell\AutoRun\command - F:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86ed6871-cac1-11dd-a1bb-00138fe98bd6}]
\shelL\AutoplaY\commaND - G:\yqldn.pif
\shelL\AutoRun\command - G:\yqldn.pif
\shelL\eXPlore\ComMand - G:\yqldn.pif
\shelL\opEn\commaND - G:\yqldn.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86ed6873-cac1-11dd-a1bb-00138fe98bd6}]
\Shell\Autoplay\commanD - H:\qsrsy.pif
\Shell\AutoRun\command - H:\qsrsy.pif
\Shell\EXPLOre\cOMmAND - H:\qsrsy.pif
\Shell\open\CommaND - H:\qsrsy.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8f9085a-2225-11de-897b-00138fe98bd6}]
\shelL\AUtopLaY\CommAnd - I:\btdnq.exe
\shelL\AutoRun\command - I:\btdnq.exe
\shelL\explore\Command - I:\btdnq.exe
\shelL\opeN\command - I:\btdnq.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8f9085b-2225-11de-897b-00138fe98bd6}]
\Shell\AutoPlay\cOmmaNd - J:\asrwcp.exe
\Shell\AutoRun\command - J:\asrwcp.exe
\Shell\eXPlore\cOmmand - J:\asrwcp.exe
\Shell\OpeN\cOMmAnd - J:\asrwcp.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdd726a6-f2b6-11dd-8932-00138fe98bd6}]
\Shell\AutoPlay\cOmmaNd - H:\asrwcp.exe
\Shell\AutoRun\command - H:\asrwcp.exe
\Shell\eXPlore\cOmmand - H:\asrwcp.exe
\Shell\OpeN\cOMmAnd - H:\asrwcp.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f44b0512-05e1-11de-8950-00138fe98bd6}]
\sheLl\AUTOpLaY\CoMmAnd - H:\cvhtjh.cmd
\sheLl\AutoRun\command - H:\cvhtjh.cmd
\sheLl\ExpLoRE\CoMMaNd - H:\cvhtjh.cmd
\sheLl\oPEN\coMMaNd - H:\cvhtjh.cmd
.
Contenu du dossier 'Tâches planifiées'
2009-04-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 15:50]
2009-04-18 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 23:10]
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-{32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = *.local
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à Kaspersky Anti-Bannière - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Save Flash with Flash Catcher - c:\program files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm
IE: {{90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - res://c:\program files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm
DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - hxxp://bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
FF - ProfilePath - c:\documents and settings\kei\Application Data\Mozilla\Firefox\Profiles\[u]0/udxsci98.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\kei\Application Data\Mozilla\Firefox\Profiles\[u]0/udxsci98.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 18:32
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dac970nt]
"ImagePath"="\??\c:\windows\system32\drivers\ekjmko.sys"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(836)
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll
c:\program files\Fichiers communs\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\COMRes.dll
- - - - - - - > 'lsass.exe'(892)
c:\windows\system32\scecli.dll
- - - - - - - > 'explorer.exe'(1912)
c:\windows\system32\SHDOCVW.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\drivers\WTSrv.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\Temp\winugmqg.exe
c:\windows\Temp\yxfuwu.exe
.
**************************************************************************
.
Heure de fin: 2009-04-19 18:44 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-04-19 16:44
Avant-CF: 47 013 699 584 octets libres
Après-CF: 47 701 561 344 octets libres
392 --- E O F --- 2009-04-17 01:03
bon je vois que tu as réussi tu vas faire usbfix option 1 et puis 2 tu postes les rapport au fure et à mesure de leur création et puis tu essais de remettre un anti-virus si tu en veux un gratuit et performant tu le dis je te fil un lien pour
##################### Instal & recherche | ########################
# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Telecharge et install UsbFix de C_XX & Chiquitine29
tutoriel de Malekal_Morte si besoin, merci à lui : https://www.malekal.com/usbfix-supprimer-virus-usb/
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
# Double clic sur le raccourci UsbFix présent sur ton bureau .
# Choisi l option 1 ( Recherche )
# Laisse travailler l outil.
# Ensuite post le rapport UsbFix.txt qui apparaitra.
# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
##################### Suppression | ########################
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
# Double clic sur le raccourci UsbFix présent sur ton bureau
# choisi l option 2 ( Suppression )
# Ton bureau disparaitra et le pc redémarrera .
# Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.
# Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
##################### Désinstallation | ########################
# Double clic sur le raccourci UsbFix présent sur ton bureau
# Choisi l option 3 ( Désinstaller ) ....
##################### Instal & recherche | ########################
# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Telecharge et install UsbFix de C_XX & Chiquitine29
tutoriel de Malekal_Morte si besoin, merci à lui : https://www.malekal.com/usbfix-supprimer-virus-usb/
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
# Double clic sur le raccourci UsbFix présent sur ton bureau .
# Choisi l option 1 ( Recherche )
# Laisse travailler l outil.
# Ensuite post le rapport UsbFix.txt qui apparaitra.
# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
##################### Suppression | ########################
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
# Double clic sur le raccourci UsbFix présent sur ton bureau
# choisi l option 2 ( Suppression )
# Ton bureau disparaitra et le pc redémarrera .
# Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.
# Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
##################### Désinstallation | ########################
# Double clic sur le raccourci UsbFix présent sur ton bureau
# Choisi l option 3 ( Désinstaller ) ....
merci beaucoup voici le premier rapport en attendant le second:
############################## [ UsbFix V3.010 ]
# User : kei (Administrateurs) # HACKXSIGN
# Update on 19/04/09 by C_XX & Chiquitine29
# Start at: 19:04:11 | 19/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : Kaspersky Internet Security 8.0.0.506 [ (!) Disabled | (!) Outdated ]
# FW : Kaspersky Internet Security[ (!) Disabled ]8.0.0.506
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 149,04 Go (44,45 Go free) # NTFS
# D:\ # Disque fixe local # 465,76 Go (299,85 Go free) [Glory Box] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
# G:\ # Disque CD-ROM
# H:\ # Disque amovible # 1,89 Go (367,88 Mo free) # FAT
# I:\ # Disque amovible # 966,99 Mo (689,34 Mo free) [IPOD (FAB)] # FAT32
# J:\ # Disque amovible # 494,61 Mo (101,03 Mo free) [IPOD] # FAT32
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\TEMP\winugmqg.exe
C:\WINDOWS\TEMP\yxfuwu.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Flock\flock.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Registre # Startup ]
HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="https://www.google.com/?gws_rd=ssl"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="kei"
HKLM_logon: "AltDefaultUserName"="kei"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM_Run: PWRISOVM.EXE=C:\Program Files\PowerISO\PWRISOVM.EXE
HKLM_Run: fssui="C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
HKLM_Run: SearchSettings=C:\Program Files\Search Settings\SearchSettings.exe
HKLM_Run: AdobeCS4ServiceManager="C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
HKLM_Run: Adobe Acrobat Speed Launcher="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
HKLM_Run: Acrobat Assistant 8.0="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
HKLM_Run: RTHDCPL=RTHDCPL.EXE
HKLM_Run: TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
HKLM_Run: Kernel and Hardware Abstraction Layer=KHALMNPR.EXE
HKLM_Run: Ad-Watch=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
HKLM_Run: iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: RegistryMechanic=C:\Program Files\Registry Mechanic\RegMech.exe /H
HKCU_Run: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater=
################## [ Informations ]
# Contenu de l'autorun H:\autorun.inf
[AutoRun]
;IKsyDyPDxl hAtQUkrmWJrdyhboxPxghiFaROavfB
Shell\EXPLOre\cOMmAND= qsrsy.pif
;yoQqt
OPen = qsrsy.pif
;fqQLjjjiJQxj
shELL\open\DEfaulT=1
shell\opEN\CommaND =qsrsy.pif
sheLl\Autoplay\commanD=qsrsy.pif
;
# Contenu de l'autorun I:\autorun.inf
[AutoRun]
;XJdmBd XchLnymcIUx
;vjyPrWWufwOcebSiuWKjekpbhrl
shelL\opeN\DEfauLt=1
;FxtIXV
oPEn =btdnq.exe
;DgmNV
shell\OPen\command=btdnq.exe
;wPge
sHelL\explore\Command = btdnq.exe
;
sheLL\AUtopLaY\CommAnd=btdnq.exe
# Contenu de l'autorun J:\autorun.inf
[AutoRun]
;
;AKAMm AWnhjVHojlvuTY
OPeN =ocmuv.exe
;yjYc
shell\opeN\DEFAuLT=1
Shell\oPEn\CoMmanD=ocmuv.exe
;KdbW
shELL\eXploRE\command=ocmuv.exe
;TVhPn
SHell\AuTopLAy\Command = ocmuv.exe
# -> ( Value | Good = 0x0 Bad = 0x1 )
# HKCU\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)
################## [ Fichiers # Dossiers infectieux ]
H:\autorun.inf # -> fichier appelé : "H:\qsrsy.pif" ( présent ! )
Found ! H:\explorer.exe
Found ! H:\MS32DLL.dll.vbs
Found ! H:\autorun.inf
Found ! H:\host.exe
Found ! H:\start.exe
I:\autorun.inf # -> fichier appelé : "I:\btdnq.exe" ( présent ! )
Found ! I:\autorun.inf
J:\autorun.inf # -> fichier appelé : "J:\ocmuv.exe" ( présent ! )
Found ! J:\MS32DLL.dll.vbs
Found ! J:\autorun.inf
Found ! J:\host.exe
Found ! J:\ravmon.exe
Found ! J:\start.exe
K:\autorun.inf # -> fichier appelé : "K:\ asrwcp.exe" ( absent ! )
Found ! K:\autorun.inf
################## [ Registre # Clés Run infectieuses ]
# -> Not Found !
################## [ Registre # Mountpoints2 ]
HKCU\Software\Microsoft\....\MountPoints2\{19a51fc4-f506-11dd-8935-00138fe98bd6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{19a51fc4-f506-11dd-8935-00138fe98bd6}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{19a51fc4-f506-11dd-8935-00138fe98bd6}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{735b4b69-cc85-11dd-a1bf-00138fe98bd6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{86ed6871-cac1-11dd-a1bb-00138fe98bd6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{86ed6871-cac1-11dd-a1bb-00138fe98bd6}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{86ed6871-cac1-11dd-a1bb-00138fe98bd6}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{86ed6873-cac1-11dd-a1bb-00138fe98bd6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{86ed6873-cac1-11dd-a1bb-00138fe98bd6}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{86ed6873-cac1-11dd-a1bb-00138fe98bd6}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{959e4961-ef74-11dd-a1f3-00138fe98bd6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{b8f9085b-2225-11de-897b-00138fe98bd6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{b8f9085b-2225-11de-897b-00138fe98bd6}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{b8f9085b-2225-11de-897b-00138fe98bd6}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{bdd726a6-f2b6-11dd-8932-00138fe98bd6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{bdd726a6-f2b6-11dd-8932-00138fe98bd6}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{bdd726a6-f2b6-11dd-8932-00138fe98bd6}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{f44b0512-05e1-11de-8950-00138fe98bd6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{f44b0512-05e1-11de-8950-00138fe98bd6}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{f44b0512-05e1-11de-8950-00138fe98bd6}\Shell\open\Command
################## [ ! Fin du rapport # UsbFix V3.010 ! ]
############################## [ UsbFix V3.010 ]
# User : kei (Administrateurs) # HACKXSIGN
# Update on 19/04/09 by C_XX & Chiquitine29
# Start at: 19:04:11 | 19/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : Kaspersky Internet Security 8.0.0.506 [ (!) Disabled | (!) Outdated ]
# FW : Kaspersky Internet Security[ (!) Disabled ]8.0.0.506
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 149,04 Go (44,45 Go free) # NTFS
# D:\ # Disque fixe local # 465,76 Go (299,85 Go free) [Glory Box] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
# G:\ # Disque CD-ROM
# H:\ # Disque amovible # 1,89 Go (367,88 Mo free) # FAT
# I:\ # Disque amovible # 966,99 Mo (689,34 Mo free) [IPOD (FAB)] # FAT32
# J:\ # Disque amovible # 494,61 Mo (101,03 Mo free) [IPOD] # FAT32
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\TEMP\winugmqg.exe
C:\WINDOWS\TEMP\yxfuwu.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Flock\flock.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Registre # Startup ]
HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="https://www.google.com/?gws_rd=ssl"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="kei"
HKLM_logon: "AltDefaultUserName"="kei"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM_Run: PWRISOVM.EXE=C:\Program Files\PowerISO\PWRISOVM.EXE
HKLM_Run: fssui="C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
HKLM_Run: SearchSettings=C:\Program Files\Search Settings\SearchSettings.exe
HKLM_Run: AdobeCS4ServiceManager="C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
HKLM_Run: Adobe Acrobat Speed Launcher="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
HKLM_Run: Acrobat Assistant 8.0="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
HKLM_Run: RTHDCPL=RTHDCPL.EXE
HKLM_Run: TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
HKLM_Run: Kernel and Hardware Abstraction Layer=KHALMNPR.EXE
HKLM_Run: Ad-Watch=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
HKLM_Run: iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: RegistryMechanic=C:\Program Files\Registry Mechanic\RegMech.exe /H
HKCU_Run: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater=
################## [ Informations ]
# Contenu de l'autorun H:\autorun.inf
[AutoRun]
;IKsyDyPDxl hAtQUkrmWJrdyhboxPxghiFaROavfB
Shell\EXPLOre\cOMmAND= qsrsy.pif
;yoQqt
OPen = qsrsy.pif
;fqQLjjjiJQxj
shELL\open\DEfaulT=1
shell\opEN\CommaND =qsrsy.pif
sheLl\Autoplay\commanD=qsrsy.pif
;
# Contenu de l'autorun I:\autorun.inf
[AutoRun]
;XJdmBd XchLnymcIUx
;vjyPrWWufwOcebSiuWKjekpbhrl
shelL\opeN\DEfauLt=1
;FxtIXV
oPEn =btdnq.exe
;DgmNV
shell\OPen\command=btdnq.exe
;wPge
sHelL\explore\Command = btdnq.exe
;
sheLL\AUtopLaY\CommAnd=btdnq.exe
# Contenu de l'autorun J:\autorun.inf
[AutoRun]
;
;AKAMm AWnhjVHojlvuTY
OPeN =ocmuv.exe
;yjYc
shell\opeN\DEFAuLT=1
Shell\oPEn\CoMmanD=ocmuv.exe
;KdbW
shELL\eXploRE\command=ocmuv.exe
;TVhPn
SHell\AuTopLAy\Command = ocmuv.exe
# -> ( Value | Good = 0x0 Bad = 0x1 )
# HKCU\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)
################## [ Fichiers # Dossiers infectieux ]
H:\autorun.inf # -> fichier appelé : "H:\qsrsy.pif" ( présent ! )
Found ! H:\explorer.exe
Found ! H:\MS32DLL.dll.vbs
Found ! H:\autorun.inf
Found ! H:\host.exe
Found ! H:\start.exe
I:\autorun.inf # -> fichier appelé : "I:\btdnq.exe" ( présent ! )
Found ! I:\autorun.inf
J:\autorun.inf # -> fichier appelé : "J:\ocmuv.exe" ( présent ! )
Found ! J:\MS32DLL.dll.vbs
Found ! J:\autorun.inf
Found ! J:\host.exe
Found ! J:\ravmon.exe
Found ! J:\start.exe
K:\autorun.inf # -> fichier appelé : "K:\ asrwcp.exe" ( absent ! )
Found ! K:\autorun.inf
################## [ Registre # Clés Run infectieuses ]
# -> Not Found !
################## [ Registre # Mountpoints2 ]
HKCU\Software\Microsoft\....\MountPoints2\{19a51fc4-f506-11dd-8935-00138fe98bd6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{19a51fc4-f506-11dd-8935-00138fe98bd6}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{19a51fc4-f506-11dd-8935-00138fe98bd6}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{735b4b69-cc85-11dd-a1bf-00138fe98bd6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{86ed6871-cac1-11dd-a1bb-00138fe98bd6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{86ed6871-cac1-11dd-a1bb-00138fe98bd6}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{86ed6871-cac1-11dd-a1bb-00138fe98bd6}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{86ed6873-cac1-11dd-a1bb-00138fe98bd6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{86ed6873-cac1-11dd-a1bb-00138fe98bd6}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{86ed6873-cac1-11dd-a1bb-00138fe98bd6}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{959e4961-ef74-11dd-a1f3-00138fe98bd6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{b8f9085b-2225-11de-897b-00138fe98bd6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{b8f9085b-2225-11de-897b-00138fe98bd6}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{b8f9085b-2225-11de-897b-00138fe98bd6}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{bdd726a6-f2b6-11dd-8932-00138fe98bd6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{bdd726a6-f2b6-11dd-8932-00138fe98bd6}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{bdd726a6-f2b6-11dd-8932-00138fe98bd6}\Shell\open\Command
HKCU\Software\Microsoft\....\MountPoints2\{f44b0512-05e1-11de-8950-00138fe98bd6}\Shell\AutoRun\command
HKCU\Software\Microsoft\....\MountPoints2\{f44b0512-05e1-11de-8950-00138fe98bd6}\Shell\explore\Command
HKCU\Software\Microsoft\....\MountPoints2\{f44b0512-05e1-11de-8950-00138fe98bd6}\Shell\open\Command
################## [ ! Fin du rapport # UsbFix V3.010 ! ]
et voici le second rapport:
############################## [ UsbFix V3.010 ]
# User : kei (Administrateurs) # HACKXSIGN
# Update on 19/04/09 by C_XX & Chiquitine29
# Start at: 19:10:34 | 19/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : Kaspersky Internet Security 8.0.0.506 [ (!) Disabled | (!) Outdated ]
# FW : Kaspersky Internet Security[ (!) Disabled ]8.0.0.506
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 149,04 Go (44,44 Go free) # NTFS
# D:\ # Disque fixe local # 465,76 Go (299,85 Go free) [Glory Box] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
# H:\ # Disque amovible # 1,89 Go (367,88 Mo free) # FAT
# I:\ # Disque amovible # 966,99 Mo (689,34 Mo free) [IPOD (FAB)] # FAT32
# J:\ # Disque amovible # 494,61 Mo (101,03 Mo free) [IPOD] # FAT32
# K:\ # Disque amovible # 969,72 Mo (917,44 Mo free) # FAT
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
################## [ Fichiers # Dossiers infectieux ]
H:\autorun.inf # -> fichier appelé : "H:\qsrsy.pif" ( présent ! )
Deleted ! -> H:\qsrsy.pif
Deleted ! H:\explorer.exe
Deleted ! H:\MS32DLL.dll.vbs
(!) Not Deleted ! H:\autorun.inf
Deleted ! H:\host.exe
Deleted ! H:\start.exe
Deleted ! H:\qsrsy.pif
I:\autorun.inf # -> fichier appelé : "I:\btdnq.exe" ( présent ! )
Deleted ! -> I:\btdnq.exe
(!) Not Deleted ! I:\autorun.inf
J:\autorun.inf # -> fichier appelé : "J:\ocmuv.exe" ( présent ! )
Deleted ! -> J:\ocmuv.exe
Deleted ! J:\MS32DLL.dll.vbs
(!) Not Deleted ! J:\autorun.inf
Deleted ! J:\host.exe
Deleted ! J:\ravmon.exe
Deleted ! J:\start.exe
K:\autorun.inf # -> fichier appelé : "K:\ asrwcp.exe" ( absent ! )
(!) Not Deleted ! K:\autorun.inf
################## [ Registre # Clés Run infectieuses ]
# -> Not Found !
################## [ Registre # Startup ]
HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
HKCU_Main: "Window Title"=""
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"=""
HKLM_logon: "AltDefaultUserName"="kei"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM_Run: PWRISOVM.EXE=C:\Program Files\PowerISO\PWRISOVM.EXE
HKLM_Run: fssui="C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
HKLM_Run: SearchSettings=C:\Program Files\Search Settings\SearchSettings.exe
HKLM_Run: AdobeCS4ServiceManager="C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
HKLM_Run: Adobe Acrobat Speed Launcher="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
HKLM_Run: Acrobat Assistant 8.0="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
HKLM_Run: RTHDCPL=RTHDCPL.EXE
HKLM_Run: TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
HKLM_Run: Kernel and Hardware Abstraction Layer=KHALMNPR.EXE
HKLM_Run: Ad-Watch=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
HKLM_Run: iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: RegistryMechanic=C:\Program Files\Registry Mechanic\RegMech.exe /H
HKCU_Run: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater=
################## [ Registre # Mountpoints2 ]
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{19a51fc4-f506-11dd-8935-00138fe98bd6}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{19a51fc4-f506-11dd-8935-00138fe98bd6}\Shell\explore\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{19a51fc4-f506-11dd-8935-00138fe98bd6}\Shell\open\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{735b4b69-cc85-11dd-a1bf-00138fe98bd6}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{86ed6871-cac1-11dd-a1bb-00138fe98bd6}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{86ed6871-cac1-11dd-a1bb-00138fe98bd6}\Shell\explore\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{86ed6871-cac1-11dd-a1bb-00138fe98bd6}\Shell\open\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{bdd726a6-f2b6-11dd-8932-00138fe98bd6}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{bdd726a6-f2b6-11dd-8932-00138fe98bd6}\Shell\explore\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{bdd726a6-f2b6-11dd-8932-00138fe98bd6}\Shell\open\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{f44b0512-05e1-11de-8950-00138fe98bd6}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{f44b0512-05e1-11de-8950-00138fe98bd6}\Shell\explore\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{f44b0512-05e1-11de-8950-00138fe98bd6}\Shell\open\Command
################## [ Listing des fichiers présent ]
C:\AUTOEXEC.BAT
C:\NTDETECT.COM
C:\boot.ini
H:\qsrsy.pif
H:\AutoRun.inf
I:\btdnq.exe
I:\autorun.inf
J:\ocmuv.exe
J:\autorun.inf
K:\asrwcp.exe
K:\autorun.inf
################## [ Vaccination ]
# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
################## [ ! Fin du rapport # UsbFix V3.010 ! ]
############################## [ UsbFix V3.010 ]
# User : kei (Administrateurs) # HACKXSIGN
# Update on 19/04/09 by C_XX & Chiquitine29
# Start at: 19:10:34 | 19/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : Kaspersky Internet Security 8.0.0.506 [ (!) Disabled | (!) Outdated ]
# FW : Kaspersky Internet Security[ (!) Disabled ]8.0.0.506
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 149,04 Go (44,44 Go free) # NTFS
# D:\ # Disque fixe local # 465,76 Go (299,85 Go free) [Glory Box] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
# H:\ # Disque amovible # 1,89 Go (367,88 Mo free) # FAT
# I:\ # Disque amovible # 966,99 Mo (689,34 Mo free) [IPOD (FAB)] # FAT32
# J:\ # Disque amovible # 494,61 Mo (101,03 Mo free) [IPOD] # FAT32
# K:\ # Disque amovible # 969,72 Mo (917,44 Mo free) # FAT
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
################## [ Fichiers # Dossiers infectieux ]
H:\autorun.inf # -> fichier appelé : "H:\qsrsy.pif" ( présent ! )
Deleted ! -> H:\qsrsy.pif
Deleted ! H:\explorer.exe
Deleted ! H:\MS32DLL.dll.vbs
(!) Not Deleted ! H:\autorun.inf
Deleted ! H:\host.exe
Deleted ! H:\start.exe
Deleted ! H:\qsrsy.pif
I:\autorun.inf # -> fichier appelé : "I:\btdnq.exe" ( présent ! )
Deleted ! -> I:\btdnq.exe
(!) Not Deleted ! I:\autorun.inf
J:\autorun.inf # -> fichier appelé : "J:\ocmuv.exe" ( présent ! )
Deleted ! -> J:\ocmuv.exe
Deleted ! J:\MS32DLL.dll.vbs
(!) Not Deleted ! J:\autorun.inf
Deleted ! J:\host.exe
Deleted ! J:\ravmon.exe
Deleted ! J:\start.exe
K:\autorun.inf # -> fichier appelé : "K:\ asrwcp.exe" ( absent ! )
(!) Not Deleted ! K:\autorun.inf
################## [ Registre # Clés Run infectieuses ]
# -> Not Found !
################## [ Registre # Startup ]
HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
HKCU_Main: "Window Title"=""
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"=""
HKLM_logon: "AltDefaultUserName"="kei"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM_Run: PWRISOVM.EXE=C:\Program Files\PowerISO\PWRISOVM.EXE
HKLM_Run: fssui="C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
HKLM_Run: SearchSettings=C:\Program Files\Search Settings\SearchSettings.exe
HKLM_Run: AdobeCS4ServiceManager="C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
HKLM_Run: Adobe Acrobat Speed Launcher="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
HKLM_Run: Acrobat Assistant 8.0="C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
HKLM_Run: RTHDCPL=RTHDCPL.EXE
HKLM_Run: TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
HKLM_Run: Kernel and Hardware Abstraction Layer=KHALMNPR.EXE
HKLM_Run: Ad-Watch=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
HKLM_Run: iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: RegistryMechanic=C:\Program Files\Registry Mechanic\RegMech.exe /H
HKCU_Run: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater=
################## [ Registre # Mountpoints2 ]
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{19a51fc4-f506-11dd-8935-00138fe98bd6}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{19a51fc4-f506-11dd-8935-00138fe98bd6}\Shell\explore\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{19a51fc4-f506-11dd-8935-00138fe98bd6}\Shell\open\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{735b4b69-cc85-11dd-a1bf-00138fe98bd6}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{86ed6871-cac1-11dd-a1bb-00138fe98bd6}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{86ed6871-cac1-11dd-a1bb-00138fe98bd6}\Shell\explore\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{86ed6871-cac1-11dd-a1bb-00138fe98bd6}\Shell\open\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{bdd726a6-f2b6-11dd-8932-00138fe98bd6}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{bdd726a6-f2b6-11dd-8932-00138fe98bd6}\Shell\explore\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{bdd726a6-f2b6-11dd-8932-00138fe98bd6}\Shell\open\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{f44b0512-05e1-11de-8950-00138fe98bd6}\Shell\AutoRun\command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{f44b0512-05e1-11de-8950-00138fe98bd6}\Shell\explore\Command
Deleted ! HKCU\Software\Microsoft\....\MountPoints2\{f44b0512-05e1-11de-8950-00138fe98bd6}\Shell\open\Command
################## [ Listing des fichiers présent ]
C:\AUTOEXEC.BAT
C:\NTDETECT.COM
C:\boot.ini
H:\qsrsy.pif
H:\AutoRun.inf
I:\btdnq.exe
I:\autorun.inf
J:\ocmuv.exe
J:\autorun.inf
K:\asrwcp.exe
K:\autorun.inf
################## [ Vaccination ]
# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
################## [ ! Fin du rapport # UsbFix V3.010 ! ]
postes un rapport hijackthis
HijackThis est un outil développé par merijn, capable de détecter les composants ajoutés à votre navigateur, les programmes lancés au démarrage du système, etc. Le programme vous permet de consulter tous les éléments et éventuellement de les retirer de l'ordinateur. HijackThis est, par exemple, en mesure de forcer le changement de la page d'accueil. Cette fonction est particulièrement utile lorsque votre navigateur ne vous permet plus de modifier la page d'accueil car un site se l'est appropriée ! Le logiciel peut également enregistrer des paramètres par défaut et ignorer certains éléments définis.
télécharge Hijackthis : http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
.cliques sur download
.cliques sur download Hijackthis installer
.enregistres le sur le bureau
.Tu fermes tout les programmes ouverts y compris le navigateur. sauf ton anti-virus et pare-feux
.installes le , il va s'installer par défaut dans C:\Program Files\Trend Micro\HijackThis
.Cliques sur "Do a system scan and save the logfile"
.Cela va t'ouvrir un bloc note à la fin du scan.
.Copie son contenu et poste le dans ton prochain message. sinon le rapport est dans C:\Program Files\Trend Micro\HijackThis\ hijackthis "document texte"
si besion d'aide pour l'installation : https://www.malekal.com/tutoriel-hijackthis/
et si problème pour VISTA :https://blog.sosordi.net/category/articles
des expliquations en images pour l'utiliser : http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement
HijackThis est un outil développé par merijn, capable de détecter les composants ajoutés à votre navigateur, les programmes lancés au démarrage du système, etc. Le programme vous permet de consulter tous les éléments et éventuellement de les retirer de l'ordinateur. HijackThis est, par exemple, en mesure de forcer le changement de la page d'accueil. Cette fonction est particulièrement utile lorsque votre navigateur ne vous permet plus de modifier la page d'accueil car un site se l'est appropriée ! Le logiciel peut également enregistrer des paramètres par défaut et ignorer certains éléments définis.
télécharge Hijackthis : http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
.cliques sur download
.cliques sur download Hijackthis installer
.enregistres le sur le bureau
.Tu fermes tout les programmes ouverts y compris le navigateur. sauf ton anti-virus et pare-feux
.installes le , il va s'installer par défaut dans C:\Program Files\Trend Micro\HijackThis
.Cliques sur "Do a system scan and save the logfile"
.Cela va t'ouvrir un bloc note à la fin du scan.
.Copie son contenu et poste le dans ton prochain message. sinon le rapport est dans C:\Program Files\Trend Micro\HijackThis\ hijackthis "document texte"
si besion d'aide pour l'installation : https://www.malekal.com/tutoriel-hijackthis/
et si problème pour VISTA :https://blog.sosordi.net/category/articles
des expliquations en images pour l'utiliser : http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement
voilà le rapport Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:47, on 19/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\TEMP\winwbgydn.exe
C:\WINDOWS\TEMP\winhlnq.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Flock\flock.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Fichiers communs\Justdo\Jd2002.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - http://bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:47, on 19/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\TEMP\winwbgydn.exe
C:\WINDOWS\TEMP\winhlnq.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Flock\flock.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Fichiers communs\Justdo\Jd2002.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Fichiers communs\Justdo\IECatcher.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - http://bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE
bon il y a encore quelque truc tu vas fixer les lignes que je te donnes et puis tu passeras toolbarS&D option 1 et 2
1) Tu relances hijackthis comme expliqué pour Fixer les lignes
.Tu fermes tout les programmes ouverts y compris le navigateur. sauf ton anti-virus et pare-feux
.Lances HijackThis
.Cliques sur "Do a system scan only"
.Tu coches les lignes suivantes :
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
.Tu cliques sur "Fix Checked"
.Tu fermes HijackThis
des expliquations en images : http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
2) Télécharge ToolBar-S&D ( Merci à Eric_71, Angeldark, Sham_Rock et XmichouX )
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
Lances l'installation du programme en exécutant le fichier téléchargé.
Double-clique maintenant sur le raccourci de Toolbar-S&D.
Sélectionnes la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
Postes le rapport généré. (C:\TB.txt)
3) Suppression avec l'option 2
Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.
NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
Aide en images: https://sites.google.com/site/toolbarsd/aideenimages
1) Tu relances hijackthis comme expliqué pour Fixer les lignes
.Tu fermes tout les programmes ouverts y compris le navigateur. sauf ton anti-virus et pare-feux
.Lances HijackThis
.Cliques sur "Do a system scan only"
.Tu coches les lignes suivantes :
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
.Tu cliques sur "Fix Checked"
.Tu fermes HijackThis
des expliquations en images : http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
2) Télécharge ToolBar-S&D ( Merci à Eric_71, Angeldark, Sham_Rock et XmichouX )
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
Lances l'installation du programme en exécutant le fichier téléchargé.
Double-clique maintenant sur le raccourci de Toolbar-S&D.
Sélectionnes la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
Postes le rapport généré. (C:\TB.txt)
3) Suppression avec l'option 2
Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.
NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
Aide en images: https://sites.google.com/site/toolbarsd/aideenimages
voici le rapport (désolé pour l'attente):
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz )
BIOS : Default System BIOS
USER : kei ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Internet Security 8.0.0.506 (Not Activated)
Firewall : Kaspersky Internet Security 8.0.0.506 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:44 Go)
D:\ (Local Disk) - NTFS - Total:465 Go (Free:299 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
H:\ (USB) - FAT - Total:1936 Mo (Free:0 Go)
I:\ (USB) - FAT32 - Total:966 Mo (Free:0 Go)
J:\ (USB) - FAT32 - Total:494 Mo (Free:0 Go)
K:\ (USB) - FAT - Total:969 Mo (Free:0 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 19/04/2009|19:45 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\Dealio
C:\Program Files\Dealio\kb127
C:\Program Files\DAEMON Tools Toolbar
C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
C:\Program Files\DAEMON Tools Toolbar\Resources
C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\about.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\AboutWindow.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\AddRadioStation.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\as.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\as.png
C:\Program Files\DAEMON Tools Toolbar\Resources\astro.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\az.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\b1.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\b1.png
C:\Program Files\DAEMON Tools Toolbar\Resources\BurnImage.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\buy.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\cond000.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond001.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond003.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond004.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond005.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond006.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond007.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond008.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond009.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond010.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond011.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond019.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond020.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond021.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond022.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond023.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond024.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond025.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond026.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond037.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond038.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond039.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond040.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond041.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond046.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond048.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond050.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond051.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond052.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond053.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond054.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond055.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond056.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond057.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond058.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond059.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond060.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond061.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond062.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond063.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond064.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond065.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond066.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond067.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond068.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond069.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond075.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond076.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond077.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond078.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond079.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond080.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond084.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond085.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond086.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond087.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond088.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond089.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond090.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond091.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond092.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond093.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond094.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond095.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond108.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond109.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond110.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond111.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond112.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond113.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond120.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond121.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond122.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond126.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond127.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond128.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond129.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond130.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond131.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond132.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond133.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond134.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond135.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond136.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond137.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond138.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond140.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond141.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond142.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond143.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond148.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond149.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond152.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond154.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond155.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond156.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond157.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\Config.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\d.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\d2.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\daemon.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\ds.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dsearch.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dt.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\DTPro.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Dwnl.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\emulation.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\features.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\GameCentrix.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\gd.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\genre.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\globe.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\GrabImage.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\hb.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\hb.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\help.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\ip.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\lang.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\lingvo.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\m.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\mail.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_disable.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_disable.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioConfig.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioStation.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRSCur.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuTr.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\next.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\next_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\next_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\next_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\none.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\none_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\noW.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\op.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\play.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\play.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\play_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\play_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\play_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\pragma.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\prev.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prev_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prev_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prev_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prod.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Radio.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBg.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBg.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBgMask.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioE.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioG.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioL.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLDotMask.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLeft.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLeftMask.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLM.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioN.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioR.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioR.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioRM.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioRU.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioW.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Rss.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Rss1.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\rssClose.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\rssL.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\rssOpen.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\size.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\size_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\skins.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\spt.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\stop.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\stop.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\stop_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\stop_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\stop_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\style.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\SupportRequest.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\time.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\TitleIcon.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\toolbar.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\trans.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_disable.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\u.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\vol.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_back.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wb.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m42.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m43.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wi.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi0.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi1.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi10.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi11.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi12.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi13.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi2.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi3.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi4.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi5.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi6.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi7.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi8.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi9.ico
C:\DOCUME~1\kei\APPLIC~1\Search Settings
C:\DOCUME~1\kei\APPLIC~1\Search Settings\kb127
C:\DOCUME~1\kei\APPLIC~1\Search Settings\kb127\res
C:\DOCUME~1\kei\APPLIC~1\Search Settings\kb127\temp
C:\DOCUME~1\kei\APPLIC~1\Search Settings\kb127\temp\ws-14350.log
C:\DOCUME~1\kei\APPLIC~1\Search Settings\kb127\temp\ws-14351.log
C:\DOCUME~1\kei\APPLIC~1\Search Settings\kb127\temp\ws-14352.log
C:\DOCUME~1\kei\APPLIC~1\Search Settings\kb127\temp\ws-14353.log
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb127\res
C:\Program Files\Search Settings\kb127\SearchSettings.dll
C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
C:\Program Files\Search Settings\kb127\temp
-----------\\ Extensions
(kei) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(kei) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\kei\Application Data\BitTorrent\Macromedia.Flash.PRO.8.with.keygen.torrent
C:\DOCUME~1\kei\Application Data\BitTorrent\Mirrors.Edge.Crackfix-RELOADED.torrent
C:\DOCUME~1\kei\Local Settings\Application Data\Opera\Opera\profile\images\http%3A%2F%2Fwww.crack.ms%2Fcracks%2Ffavicon.ico
C:\DOCUME~1\kei\Local Settings\Application Data\Opera\Opera\profile\images\http%3A%2F%2Fwww.keygen.ms%2Ffavicon.ico
C:\DOCUME~1\kei\Local Settings\Application Data\Opera\Opera\profile\images\www.crack.ms.idx
C:\DOCUME~1\kei\Local Settings\Application Data\Opera\Opera\profile\images\www.keygen.ms.idx
C:\DOCUME~1\kei\Mes documents\Downloads\Mirrors.Edge.Crackfix-RELOADED
C:\DOCUME~1\kei\Mes documents\Downloads\Illustrator_Cs3\Illustrator CS3 fr crack.exe
C:\DOCUME~1\kei\Mes documents\Downloads\Mirrors.Edge.Crackfix-RELOADED\rld-mefx.rar
C:\DOCUME~1\kei\Mes documents\Downloads\Mirrors.Edge.Crackfix-RELOADED\~BitTorrentPartFile_C5472B.dat
C:\DOCUME~1\kei\Mes documents\Downloads\SnowPatrol-AHundredMillionSuns[2008][CD+SkidVid_XviD+Cov]\02 Snow Patrol - Crack The Shutters.mp3
1 - "C:\ToolBar SD\TB_1.txt" - 19/04/2009|19:48 - Option : [1]
-----------\\ Fin du rapport a 19:48:32,14
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz )
BIOS : Default System BIOS
USER : kei ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Internet Security 8.0.0.506 (Not Activated)
Firewall : Kaspersky Internet Security 8.0.0.506 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:44 Go)
D:\ (Local Disk) - NTFS - Total:465 Go (Free:299 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
H:\ (USB) - FAT - Total:1936 Mo (Free:0 Go)
I:\ (USB) - FAT32 - Total:966 Mo (Free:0 Go)
J:\ (USB) - FAT32 - Total:494 Mo (Free:0 Go)
K:\ (USB) - FAT - Total:969 Mo (Free:0 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 19/04/2009|19:45 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\Dealio
C:\Program Files\Dealio\kb127
C:\Program Files\DAEMON Tools Toolbar
C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
C:\Program Files\DAEMON Tools Toolbar\Resources
C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\about.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\AboutWindow.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\AddRadioStation.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\as.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\as.png
C:\Program Files\DAEMON Tools Toolbar\Resources\astro.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\az.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\b1.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\b1.png
C:\Program Files\DAEMON Tools Toolbar\Resources\BurnImage.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\buy.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\cond000.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond001.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond003.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond004.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond005.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond006.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond007.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond008.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond009.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond010.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond011.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond019.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond020.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond021.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond022.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond023.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond024.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond025.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond026.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond037.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond038.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond039.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond040.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond041.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond046.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond048.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond050.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond051.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond052.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond053.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond054.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond055.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond056.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond057.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond058.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond059.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond060.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond061.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond062.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond063.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond064.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond065.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond066.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond067.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond068.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond069.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond075.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond076.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond077.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond078.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond079.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond080.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond084.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond085.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond086.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond087.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond088.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond089.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond090.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond091.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond092.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond093.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond094.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond095.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond108.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond109.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond110.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond111.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond112.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond113.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond120.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond121.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond122.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond126.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond127.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond128.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond129.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond130.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond131.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond132.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond133.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond134.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond135.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond136.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond137.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond138.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond140.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond141.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond142.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond143.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond148.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond149.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond152.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond154.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond155.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond156.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond157.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\Config.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\d.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\d2.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\daemon.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\ds.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dsearch.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dt.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\DTPro.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Dwnl.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\emulation.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\features.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\GameCentrix.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\gd.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\genre.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\globe.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\GrabImage.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\hb.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\hb.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\help.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\ip.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\lang.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\lingvo.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\m.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\mail.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_disable.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_disable.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioConfig.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioStation.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRSCur.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuTr.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\next.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\next_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\next_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\next_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\none.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\none_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\noW.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\op.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\play.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\play.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\play_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\play_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\play_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\pragma.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\prev.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prev_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prev_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prev_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prod.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Radio.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBg.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBg.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBgMask.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioE.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioG.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioL.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLDotMask.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLeft.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLeftMask.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLM.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioN.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioR.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioR.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioRM.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioRU.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioW.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Rss.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Rss1.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\rssClose.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\rssL.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\rssOpen.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\size.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\size_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\skins.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\spt.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\stop.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\stop.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\stop_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\stop_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\stop_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\style.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\SupportRequest.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\time.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\TitleIcon.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\toolbar.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\trans.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_disable.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\u.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\vol.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_back.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wb.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m42.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m43.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wi.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi0.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi1.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi10.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi11.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi12.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi13.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi2.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi3.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi4.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi5.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi6.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi7.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi8.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi9.ico
C:\DOCUME~1\kei\APPLIC~1\Search Settings
C:\DOCUME~1\kei\APPLIC~1\Search Settings\kb127
C:\DOCUME~1\kei\APPLIC~1\Search Settings\kb127\res
C:\DOCUME~1\kei\APPLIC~1\Search Settings\kb127\temp
C:\DOCUME~1\kei\APPLIC~1\Search Settings\kb127\temp\ws-14350.log
C:\DOCUME~1\kei\APPLIC~1\Search Settings\kb127\temp\ws-14351.log
C:\DOCUME~1\kei\APPLIC~1\Search Settings\kb127\temp\ws-14352.log
C:\DOCUME~1\kei\APPLIC~1\Search Settings\kb127\temp\ws-14353.log
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb127\res
C:\Program Files\Search Settings\kb127\SearchSettings.dll
C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
C:\Program Files\Search Settings\kb127\temp
-----------\\ Extensions
(kei) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(kei) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\kei\Application Data\BitTorrent\Macromedia.Flash.PRO.8.with.keygen.torrent
C:\DOCUME~1\kei\Application Data\BitTorrent\Mirrors.Edge.Crackfix-RELOADED.torrent
C:\DOCUME~1\kei\Local Settings\Application Data\Opera\Opera\profile\images\http%3A%2F%2Fwww.crack.ms%2Fcracks%2Ffavicon.ico
C:\DOCUME~1\kei\Local Settings\Application Data\Opera\Opera\profile\images\http%3A%2F%2Fwww.keygen.ms%2Ffavicon.ico
C:\DOCUME~1\kei\Local Settings\Application Data\Opera\Opera\profile\images\www.crack.ms.idx
C:\DOCUME~1\kei\Local Settings\Application Data\Opera\Opera\profile\images\www.keygen.ms.idx
C:\DOCUME~1\kei\Mes documents\Downloads\Mirrors.Edge.Crackfix-RELOADED
C:\DOCUME~1\kei\Mes documents\Downloads\Illustrator_Cs3\Illustrator CS3 fr crack.exe
C:\DOCUME~1\kei\Mes documents\Downloads\Mirrors.Edge.Crackfix-RELOADED\rld-mefx.rar
C:\DOCUME~1\kei\Mes documents\Downloads\Mirrors.Edge.Crackfix-RELOADED\~BitTorrentPartFile_C5472B.dat
C:\DOCUME~1\kei\Mes documents\Downloads\SnowPatrol-AHundredMillionSuns[2008][CD+SkidVid_XviD+Cov]\02 Snow Patrol - Crack The Shutters.mp3
1 - "C:\ToolBar SD\TB_1.txt" - 19/04/2009|19:48 - Option : [1]
-----------\\ Fin du rapport a 19:48:32,14
et voici le rapport de suppression:
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz )
BIOS : Default System BIOS
USER : kei ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Internet Security 8.0.0.506 (Not Activated)
Firewall : Kaspersky Internet Security 8.0.0.506 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:44 Go)
D:\ (Local Disk) - NTFS - Total:465 Go (Free:299 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
H:\ (USB) - FAT - Total:1936 Mo (Free:0 Go)
I:\ (USB) - FAT32 - Total:966 Mo (Free:0 Go)
J:\ (USB) - FAT32 - Total:494 Mo (Free:0 Go)
K:\ (USB) - FAT - Total:969 Mo (Free:0 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 19/04/2009|19:50 )
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\Dealio\kb127
Supprime! - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
Supprime! - C:\Program Files\DAEMON Tools Toolbar\Resources
Supprime! - C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
Supprime! - C:\DOCUME~1\kei\APPLIC~1\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\Program Files\Dealio
Supprime! - C:\Program Files\DAEMON Tools Toolbar
Supprime! - C:\DOCUME~1\kei\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(kei) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(kei) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\kei\Application Data\BitTorrent\Macromedia.Flash.PRO.8.with.keygen.torrent
C:\DOCUME~1\kei\Application Data\BitTorrent\Mirrors.Edge.Crackfix-RELOADED.torrent
C:\DOCUME~1\kei\Local Settings\Application Data\Opera\Opera\profile\images\http%3A%2F%2Fwww.crack.ms%2Fcracks%2Ffavicon.ico
C:\DOCUME~1\kei\Local Settings\Application Data\Opera\Opera\profile\images\http%3A%2F%2Fwww.keygen.ms%2Ffavicon.ico
C:\DOCUME~1\kei\Local Settings\Application Data\Opera\Opera\profile\images\www.crack.ms.idx
C:\DOCUME~1\kei\Local Settings\Application Data\Opera\Opera\profile\images\www.keygen.ms.idx
C:\DOCUME~1\kei\Mes documents\Downloads\Mirrors.Edge.Crackfix-RELOADED
C:\DOCUME~1\kei\Mes documents\Downloads\Illustrator_Cs3\Illustrator CS3 fr crack.exe
C:\DOCUME~1\kei\Mes documents\Downloads\Mirrors.Edge.Crackfix-RELOADED\rld-mefx.rar
C:\DOCUME~1\kei\Mes documents\Downloads\Mirrors.Edge.Crackfix-RELOADED\~BitTorrentPartFile_C5472B.dat
C:\DOCUME~1\kei\Mes documents\Downloads\SnowPatrol-AHundredMillionSuns[2008][CD+SkidVid_XviD+Cov]\02 Snow Patrol - Crack The Shutters.mp3
1 - "C:\ToolBar SD\TB_1.txt" - 19/04/2009|19:48 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 19/04/2009|19:54 - Option : [2]
-----------\\ Fin du rapport a 19:54:09,60
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz )
BIOS : Default System BIOS
USER : kei ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Internet Security 8.0.0.506 (Not Activated)
Firewall : Kaspersky Internet Security 8.0.0.506 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:149 Go (Free:44 Go)
D:\ (Local Disk) - NTFS - Total:465 Go (Free:299 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
H:\ (USB) - FAT - Total:1936 Mo (Free:0 Go)
I:\ (USB) - FAT32 - Total:966 Mo (Free:0 Go)
J:\ (USB) - FAT32 - Total:494 Mo (Free:0 Go)
K:\ (USB) - FAT - Total:969 Mo (Free:0 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 19/04/2009|19:50 )
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\Dealio\kb127
Supprime! - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
Supprime! - C:\Program Files\DAEMON Tools Toolbar\Resources
Supprime! - C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
Supprime! - C:\DOCUME~1\kei\APPLIC~1\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\Program Files\Dealio
Supprime! - C:\Program Files\DAEMON Tools Toolbar
Supprime! - C:\DOCUME~1\kei\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(kei) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(kei) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\kei\Application Data\BitTorrent\Macromedia.Flash.PRO.8.with.keygen.torrent
C:\DOCUME~1\kei\Application Data\BitTorrent\Mirrors.Edge.Crackfix-RELOADED.torrent
C:\DOCUME~1\kei\Local Settings\Application Data\Opera\Opera\profile\images\http%3A%2F%2Fwww.crack.ms%2Fcracks%2Ffavicon.ico
C:\DOCUME~1\kei\Local Settings\Application Data\Opera\Opera\profile\images\http%3A%2F%2Fwww.keygen.ms%2Ffavicon.ico
C:\DOCUME~1\kei\Local Settings\Application Data\Opera\Opera\profile\images\www.crack.ms.idx
C:\DOCUME~1\kei\Local Settings\Application Data\Opera\Opera\profile\images\www.keygen.ms.idx
C:\DOCUME~1\kei\Mes documents\Downloads\Mirrors.Edge.Crackfix-RELOADED
C:\DOCUME~1\kei\Mes documents\Downloads\Illustrator_Cs3\Illustrator CS3 fr crack.exe
C:\DOCUME~1\kei\Mes documents\Downloads\Mirrors.Edge.Crackfix-RELOADED\rld-mefx.rar
C:\DOCUME~1\kei\Mes documents\Downloads\Mirrors.Edge.Crackfix-RELOADED\~BitTorrentPartFile_C5472B.dat
C:\DOCUME~1\kei\Mes documents\Downloads\SnowPatrol-AHundredMillionSuns[2008][CD+SkidVid_XviD+Cov]\02 Snow Patrol - Crack The Shutters.mp3
1 - "C:\ToolBar SD\TB_1.txt" - 19/04/2009|19:48 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 19/04/2009|19:54 - Option : [2]
-----------\\ Fin du rapport a 19:54:09,60
