Gros virus plus rien a faire

Résolu
lilou -  
 Utilisateur anonyme -
bonsoir

j ai un soucis .
je n'ai plus d antivirus et impossible de le reinstaller , de plus hijackthis ( conseillè par un ami ) ne fonctionne plus non plus.
mon ami ma dit de prendre malwarebyte et il se bloque...que faire

merci a vous d'aider une étudiante en droit
Configuration: Windows Vista

82 réponses

  • 1
  • 2
  • 3
  • 4
  • 5
Résumé de la discussion

Le problème central porte sur l’impossibilité de réinstaller un antivirus et sur le dysfonctionnement de HijackThis sous Windows Vista, ce qui expose le système à des menaces non détectées et à des outils de sécurité inopérants. Des solutions proposées incluent l’usage de USBFix pour des problèmes de compatibilité, ComboFix pour nettoyer les infections et Malwarebytes en version compatible, après désactivation temporaire des protections résidentes, potentiellement utiles. En pratique, les procédures conseillées consistent à tester des outils et à générer des rapports d’analyse, comme les rapports de ComboFix, afin de guider les étapes suivantes et partager les résultats.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Utilisateur anonyme
     
    T inkietes ..

    Pour usbfix il te dira "version non supporté .." mais ça sera corrigé à la prochaine maj .

    Si tu le souhaite je peux te passer une version que tu peux tester sous seven , et me faire des remontées en mp

    ou ici : http://www.commentcamarche.net/forum/affich 11859597 retour de usbfix?page=10#218

    pour d eventuels bugs , messages d erreures etc .

    2
  2. V-X
     
    Re,

    Euh, tu vas tous les faires ?

    Télécharge ComboFix (de sUBs) sur ton Bureau.

    /!\Désactive temporairement toute protection résidente /!\ (Antivirus, antispywares..)
    Double clique sur ComboFix.exe.
    Accepte la licence en cliquant sur Oui.
    Le programme va te demander si tu souhaites installer la Console de Récupération. C'est une précaution, au cas où l'ordinateur tomberait en panne. Je te conseille donc de l'installer, ça ne coûte rien, et ça pourrait potentiellement servir !
    Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %SystemDrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide :Comment utiliser ComboFix.

    Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
    1
  3. lilou
     
    ComboFix 09-05-11.01 - henri 11/05/2009 22:46.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2814.1322 [GMT 2:00]
    Lancé depuis: d:\dvix\a voir\pipi5217ipip5871.exe
    AV: a-squared Anti-Malware *On-access scanning disabled* (Updated)
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\henri\AppData\Roaming\drivers\downld
    c:\users\henri\AppData\Roaming\drivers\downld\1312233.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1316071.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1316086.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1331016.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1332357.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1332778.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1340922.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1341748.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1345181.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1359891.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1362668.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1363526.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1448672.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1449202.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1449483.exe
    c:\users\henri\AppData\Roaming\drivers\downld\147140.exe
    c:\users\henri\AppData\Roaming\drivers\downld\147514.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1484583.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1485675.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1486252.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1489591.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1490464.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1490480.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1493849.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1494988.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1495004.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1504130.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1506564.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1507281.exe
    c:\users\henri\AppData\Roaming\drivers\downld\169183.exe
    c:\users\henri\AppData\Roaming\drivers\downld\169198.exe
    c:\users\henri\AppData\Roaming\drivers\downld\169229.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1692330.exe
    c:\users\henri\AppData\Roaming\drivers\downld\169245.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1692610.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1803090.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1806023.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1806850.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1807536.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1808503.exe
    c:\users\henri\AppData\Roaming\drivers\downld\1808550.exe
    c:\users\henri\AppData\Roaming\drivers\downld\199946.exe
    c:\users\henri\AppData\Roaming\drivers\downld\200320.exe
    c:\users\henri\AppData\Roaming\drivers\downld\205812.exe
    c:\users\henri\AppData\Roaming\drivers\downld\206248.exe
    c:\users\henri\AppData\Roaming\drivers\downld\207543.exe
    c:\users\henri\AppData\Roaming\drivers\downld\207871.exe
    c:\users\henri\AppData\Roaming\drivers\downld\207886.exe
    c:\users\henri\AppData\Roaming\drivers\downld\212005.exe
    c:\users\henri\AppData\Roaming\drivers\downld\217168.exe
    c:\users\henri\AppData\Roaming\drivers\downld\219384.exe
    c:\users\henri\AppData\Roaming\drivers\downld\223206.exe
    c:\users\henri\AppData\Roaming\drivers\downld\223533.exe
    c:\users\henri\AppData\Roaming\drivers\downld\223549.exe
    c:\users\henri\AppData\Roaming\drivers\downld\227449.exe
    c:\users\henri\AppData\Roaming\drivers\downld\233439.exe
    c:\users\henri\AppData\Roaming\drivers\downld\234984.exe
    c:\users\henri\AppData\Roaming\drivers\downld\235967.exe
    c:\users\henri\AppData\Roaming\drivers\downld\237870.exe
    c:\users\henri\AppData\Roaming\drivers\downld\254656.exe
    c:\users\henri\AppData\Roaming\drivers\downld\257152.exe
    c:\users\henri\AppData\Roaming\drivers\downld\257401.exe
    c:\users\henri\AppData\Roaming\drivers\downld\258696.exe
    c:\users\henri\AppData\Roaming\drivers\downld\259133.exe
    c:\users\henri\AppData\Roaming\drivers\downld\260100.exe
    c:\users\henri\AppData\Roaming\drivers\downld\261598.exe
    c:\users\henri\AppData\Roaming\drivers\downld\261629.exe
    c:\users\henri\AppData\Roaming\drivers\downld\263454.exe
    c:\users\henri\AppData\Roaming\drivers\downld\263828.exe
    c:\users\henri\AppData\Roaming\drivers\downld\264328.exe
    c:\users\henri\AppData\Roaming\drivers\downld\265076.exe
    c:\users\henri\AppData\Roaming\drivers\downld\267526.exe
    c:\users\henri\AppData\Roaming\drivers\downld\268493.exe
    c:\users\henri\AppData\Roaming\drivers\downld\268961.exe
    c:\users\henri\AppData\Roaming\drivers\downld\284202.exe
    c:\users\henri\AppData\Roaming\drivers\downld\286527.exe
    c:\users\henri\AppData\Roaming\drivers\downld\287338.exe
    c:\users\henri\AppData\Roaming\drivers\downld\298773.exe
    c:\users\henri\AppData\Roaming\drivers\downld\299662.exe
    c:\users\henri\AppData\Roaming\drivers\downld\300130.exe
    c:\users\henri\AppData\Roaming\drivers\downld\310660.exe
    c:\users\henri\AppData\Roaming\drivers\downld\313047.exe
    c:\users\henri\AppData\Roaming\drivers\downld\313967.exe
    c:\users\henri\AppData\Roaming\drivers\downld\343545.exe
    c:\users\henri\AppData\Roaming\drivers\downld\344653.exe
    c:\users\henri\AppData\Roaming\drivers\downld\345635.exe
    c:\users\henri\AppData\Roaming\drivers\downld\351298.exe
    c:\users\henri\AppData\Roaming\drivers\downld\353903.exe
    c:\users\henri\AppData\Roaming\drivers\downld\354434.exe
    c:\users\henri\AppData\Roaming\drivers\downld\367943.exe
    c:\users\henri\AppData\Roaming\drivers\downld\368271.exe
    c:\users\henri\AppData\Roaming\drivers\downld\368567.exe
    c:\users\henri\AppData\Roaming\drivers\downld\382764.exe
    c:\users\henri\AppData\Roaming\drivers\downld\383856.exe
    c:\users\henri\AppData\Roaming\drivers\downld\385634.exe
    c:\users\henri\AppData\Roaming\drivers\downld\387568.exe
    c:\users\henri\AppData\Roaming\drivers\downld\388879.exe
    c:\users\henri\AppData\Roaming\drivers\downld\389440.exe
    c:\users\henri\AppData\Roaming\drivers\downld\390376.exe
    c:\users\henri\AppData\Roaming\drivers\downld\390798.exe
    c:\users\henri\AppData\Roaming\drivers\downld\390813.exe
    c:\users\henri\AppData\Roaming\drivers\downld\393481.exe
    c:\users\henri\AppData\Roaming\drivers\downld\394120.exe
    c:\users\henri\AppData\Roaming\drivers\downld\394136.exe
    c:\users\henri\AppData\Roaming\drivers\downld\394152.exe
    c:\users\henri\AppData\Roaming\drivers\downld\394183.exe
    c:\users\henri\AppData\Roaming\drivers\downld\394198.exe
    c:\users\henri\AppData\Roaming\drivers\downld\395509.exe
    c:\users\henri\AppData\Roaming\drivers\downld\396320.exe
    c:\users\henri\AppData\Roaming\drivers\downld\396757.exe
    c:\users\henri\AppData\Roaming\drivers\downld\396772.exe
    c:\users\henri\AppData\Roaming\drivers\downld\396788.exe
    c:\users\henri\AppData\Roaming\drivers\downld\396913.exe
    c:\users\henri\AppData\Roaming\drivers\downld\399690.exe
    c:\users\henri\AppData\Roaming\drivers\downld\400345.exe
    c:\users\henri\AppData\Roaming\drivers\downld\400360.exe
    c:\users\henri\AppData\Roaming\drivers\downld\402560.exe
    c:\users\henri\AppData\Roaming\drivers\downld\402716.exe
    c:\users\henri\AppData\Roaming\drivers\downld\403886.exe
    c:\users\henri\AppData\Roaming\drivers\downld\403902.exe
    c:\users\henri\AppData\Roaming\drivers\downld\406694.exe
    c:\users\henri\AppData\Roaming\drivers\downld\408129.exe
    c:\users\henri\AppData\Roaming\drivers\downld\408597.exe
    c:\users\henri\AppData\Roaming\drivers\downld\413465.exe
    c:\users\henri\AppData\Roaming\drivers\downld\414245.exe
    c:\users\henri\AppData\Roaming\drivers\downld\414635.exe
    c:\users\henri\AppData\Roaming\drivers\downld\414791.exe
    c:\users\henri\AppData\Roaming\drivers\downld\415087.exe
    c:\users\henri\AppData\Roaming\drivers\downld\415883.exe
    c:\users\henri\AppData\Roaming\drivers\downld\417911.exe
    c:\users\henri\AppData\Roaming\drivers\downld\418847.exe
    c:\users\henri\AppData\Roaming\drivers\downld\419299.exe
    c:\users\henri\AppData\Roaming\drivers\downld\442512.exe
    c:\users\henri\AppData\Roaming\drivers\downld\443417.exe
    c:\users\henri\AppData\Roaming\drivers\downld\443947.exe
    c:\users\henri\AppData\Roaming\drivers\downld\446646.exe
    c:\users\henri\AppData\Roaming\drivers\downld\447270.exe
    c:\users\henri\AppData\Roaming\drivers\downld\447286.exe
    c:\users\henri\AppData\Roaming\drivers\downld\449626.exe
    c:\users\henri\AppData\Roaming\drivers\downld\450608.exe
    c:\users\henri\AppData\Roaming\drivers\downld\450624.exe
    c:\users\henri\AppData\Roaming\drivers\downld\455647.exe
    c:\users\henri\AppData\Roaming\drivers\downld\458471.exe
    c:\users\henri\AppData\Roaming\drivers\downld\459890.exe
    c:\users\henri\AppData\Roaming\drivers\downld\460343.exe
    c:\users\henri\AppData\Roaming\drivers\downld\578841.exe
    c:\users\henri\AppData\Roaming\drivers\downld\579075.exe
    c:\users\henri\AppData\Roaming\drivers\downld\579091.exe
    c:\users\henri\AppData\Roaming\drivers\downld\603926.exe
    c:\users\henri\AppData\Roaming\drivers\downld\605533.exe
    c:\users\henri\AppData\Roaming\drivers\downld\605673.exe
    c:\users\henri\AppData\Roaming\drivers\downld\634128.exe
    c:\users\henri\AppData\Roaming\drivers\downld\634144.exe
    c:\users\henri\AppData\Roaming\drivers\downld\634159.exe
    c:\users\henri\AppData\Roaming\drivers\downld\662146.exe
    c:\users\henri\AppData\Roaming\drivers\downld\662364.exe
    c:\users\henri\AppData\Roaming\drivers\downld\662380.exe
    c:\users\henri\AppData\Roaming\drivers\downld\663721.exe
    c:\users\henri\AppData\Roaming\drivers\downld\664111.exe
    c:\users\henri\AppData\Roaming\drivers\downld\664174.exe
    c:\users\henri\AppData\Roaming\drivers\downld\664517.exe
    c:\users\henri\AppData\Roaming\drivers\downld\665515.exe
    c:\users\henri\AppData\Roaming\drivers\downld\718244.exe
    c:\users\henri\AppData\Roaming\drivers\downld\719679.exe
    c:\users\henri\AppData\Roaming\drivers\downld\720272.exe
    c:\users\henri\AppData\Roaming\drivers\downld\720958.exe
    c:\users\henri\AppData\Roaming\drivers\downld\722581.exe
    c:\users\henri\AppData\Roaming\drivers\downld\722783.exe
    c:\users\henri\AppData\Roaming\drivers\downld\745232.exe
    c:\users\henri\AppData\Roaming\drivers\downld\745731.exe
    c:\users\henri\AppData\Roaming\drivers\downld\746105.exe
    c:\users\henri\AppData\Roaming\drivers\downld\746651.exe
    c:\users\henri\AppData\Roaming\drivers\downld\746667.exe
    c:\users\henri\AppData\Roaming\drivers\downld\746714.exe
    c:\users\henri\AppData\Roaming\drivers\downld\754280.exe
    c:\users\henri\AppData\Roaming\drivers\downld\754686.exe
    c:\users\henri\AppData\Roaming\drivers\downld\754764.exe
    c:\users\henri\AppData\Roaming\drivers\downld\755169.exe
    c:\users\henri\AppData\Roaming\drivers\downld\755871.exe
    c:\windows\system32\404Fix.exe
    c:\windows\System32\Desktop_.ini
    c:\windows\system32\dumphive.exe
    c:\windows\system32\IEDFix.exe
    c:\windows\system32\msql32sys.dll
    c:\windows\system32\Process.exe
    c:\windows\system32\SrchSTS.exe
    c:\windows\system32\tmp.reg
    c:\windows\system32\VACFix.exe
    c:\windows\system32\VCCLSID.exe
    c:\windows\system32\WS2Fix.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BOONTY_GAMES
    -------\Legacy_SK9OU0S
    -------\Legacy_SROSA
    -------\Service_Boonty Games

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-12 au 2009-05-12 ))))))))))))))))))))))))))))))))))))
    .

    2009-05-11 20:43 . 2009-05-11 20:44 -------- d-----w C:\caca865a47c851
    2009-05-11 19:58 . 2009-05-11 20:01 -------- d-----w C:\ToolBar SD
    2009-05-11 13:42 . 2009-05-11 13:42 -------- d-----w C:\rsit
    2009-05-11 12:01 . 2009-05-11 17:59 -------- d-----w c:\program files\a-squared Anti-Malware
    2009-05-10 23:22 . 2009-05-10 23:26 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
    2009-05-10 23:22 . 2009-05-10 23:22 -------- d-----w c:\progra~2\Avira
    2009-05-10 23:22 . 2009-05-10 23:22 -------- d-----w c:\users\All Users\Avira
    2009-05-10 23:22 . 2009-05-10 23:22 -------- d-----w c:\program files\Avira
    2009-05-10 22:56 . 2009-05-11 06:56 -------- d-----w C:\FindyKill
    2009-05-10 22:32 . 2009-05-10 22:32 -------- d-----w C:\fixwareout
    2009-05-10 22:12 . 2009-05-10 22:13 -------- d-----w c:\program files\FileRescue Pro
    2009-05-10 21:45 . 2009-05-10 21:55 -------- d-----w C:\Lop SD
    2009-05-10 20:34 . 2009-05-10 22:55 -------- d-----w c:\program files\FindyKill
    2009-05-10 20:05 . 2009-05-11 07:22 -------- d-----w c:\program files\Navilog1
    2009-05-10 18:30 . 2009-05-11 21:04 -------- d--h--w c:\users\henri\AppData\Roaming\drivers
    2009-04-19 08:40 . 2009-04-19 08:40 -------- d-----w c:\program files\The Bitmap Brothers
    2009-04-15 15:18 . 2009-04-15 15:18 -------- d-----w c:\program files\Panda Security
    2009-04-15 13:02 . 2009-04-15 13:02 93 ----a-w c:\users\henri\AppData\Local\fusioncache.dat
    2009-04-15 13:02 . 2009-04-15 13:08 -------- d-----w c:\users\henri\AppData\Local\ApplicationHistory
    2009-04-15 12:57 . 2009-04-15 12:57 -------- d-----w c:\windows\system32\URTTEMP
    2009-04-15 12:50 . 2009-04-15 12:50 -------- d-----w C:\DESI-III
    2009-04-15 12:49 . 2009-04-15 12:49 -------- d-----w c:\users\henri\AppData\Local\Installer2792
    2009-04-13 19:38 . 2009-05-10 22:46 -------- d-----w C:\tmp
    2009-04-13 18:45 . 2009-04-13 18:45 -------- d-----w c:\users\henri\AppData\Roaming\Blender Foundation
    2009-04-13 12:30 . 2009-05-11 13:26 -------- d-----w c:\program files\a-squared Free
    2009-04-13 10:40 . 2006-05-10 12:18 1929216 ----a-w c:\windows\system32\cdintf250.dll
    2009-04-13 10:40 . 2009-04-13 10:40 -------- d-----w c:\program files\EBP
    2009-04-13 10:40 . 2009-04-13 10:40 -------- d-----w C:\EBP
    2009-04-13 10:29 . 2009-04-13 10:29 201 ----a-w c:\windows\runconfmig.bat
    2009-04-13 10:29 . 2009-04-13 10:29 -------- d-----w c:\program files\Common Files\Pervasive Software Shared
    2009-04-13 10:29 . 2002-06-30 11:40 19456 ----a-w c:\windows\keyhh.exe
    2009-04-13 10:28 . 2009-04-13 10:28 544816 ----a-w c:\windows\system32\pscl.dll
    2009-04-13 10:28 . 2009-04-13 10:28 254002 ----a-w c:\windows\system32\pscore.dll
    2009-04-13 10:28 . 2009-04-13 10:28 43760 ----a-w c:\windows\system32\nwlocale.dll
    2009-04-13 10:28 . 2009-04-13 10:28 146976 ----a-w c:\windows\system32\mfcoleui.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-11 18:31 . 2008-05-28 13:33 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-05-11 11:26 . 2007-09-05 16:25 13025 ----a-w c:\users\henri\AppData\Roaming\nvModes.dat
    2009-05-11 07:55 . 2006-12-10 19:02 736660 ----a-w c:\windows\system32\perfh00C.dat
    2009-05-11 07:55 . 2006-12-10 19:02 151838 ----a-w c:\windows\system32\perfc00C.dat
    2009-05-11 07:18 . 2008-01-21 15:26 -------- d-----w c:\program files\Mozilla Firefox 3 Beta 2
    2009-05-10 23:29 . 2008-09-23 12:03 -------- d-----w c:\program files\DAEMON Tools Lite
    2009-05-10 21:26 . 2008-11-05 18:34 35 ----a-w c:\users\henri\AppData\Roaming\SetValue.bat
    2009-05-10 21:26 . 2008-11-05 18:34 691 ----a-w c:\users\henri\AppData\Roaming\GetValue.vbs
    2009-05-10 20:16 . 2008-11-05 18:03 -------- d-----w c:\program files\Trend Micro
    2009-05-07 09:04 . 2006-12-02 07:31 -------- d--h--w c:\program files\InstallShield Installation Information
    2009-04-16 01:12 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
    2009-04-15 13:02 . 2007-09-05 16:03 150968 ----a-w c:\users\henri\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-04-15 12:47 . 2006-12-10 10:09 -------- d-----w c:\program files\Common Files\Adobe
    2009-04-11 14:02 . 2009-04-11 14:02 -------- d-----w c:\program files\Spamihilator
    2009-04-06 13:32 . 2008-09-15 19:09 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-04-06 13:32 . 2008-05-28 13:33 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-04-03 14:14 . 2009-04-03 14:13 -------- d-----w c:\program files\Safari
    2009-04-03 14:13 . 2009-04-03 14:13 -------- d-----w c:\program files\Apple Software Update
    2009-04-03 09:13 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
    2009-04-03 09:13 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
    2009-04-03 09:13 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
    2009-04-01 17:36 . 2009-04-01 17:36 -------- d-----w c:\program files\DIFX
    2009-04-01 17:33 . 2008-09-10 19:27 -------- d-----w c:\program files\ma-config.com
    2009-04-01 17:33 . 2008-09-10 19:27 -------- d-----w c:\progra~2\ma-config.com
    2009-03-29 16:18 . 2008-11-21 10:22 -------- d-----w c:\program files\Common Files\Ahead
    2009-03-29 14:40 . 2009-03-01 16:04 -------- d-----w c:\program files\Téléchargeur de Sonic Adventure DX
    2009-03-29 14:32 . 2006-12-10 10:17 -------- d-----w c:\program files\Common Files\LightScribe
    2009-03-26 08:01 . 2009-03-24 13:41 -------- d-----w c:\program files\Microsoft Visual Studio 8
    2009-03-24 21:36 . 2009-01-02 15:28 -------- d-----w c:\program files\Error Repair Professional
    2009-03-24 21:30 . 2007-09-05 21:41 -------- d-----w c:\program files\Google
    2009-03-24 21:27 . 2009-03-03 15:39 -------- d-----w c:\program files\Motherboard Monitor 5
    2009-03-24 21:25 . 2006-12-10 10:14 -------- d-----w c:\program files\CyberLink
    2009-03-24 18:39 . 2009-03-24 18:36 32768 ----a-w c:\windows\system32\DesignerUninst.exe
    2009-03-24 13:49 . 2009-03-24 13:49 -------- d-----w c:\program files\Microsoft Works
    2009-03-24 13:49 . 2006-11-02 12:37 -------- d-----w c:\program files\MSBuild
    2009-03-24 13:47 . 2008-12-04 18:33 -------- d-----w c:\program files\Microsoft.NET
    2009-03-23 21:52 . 2008-08-19 22:54 -------- d-----w c:\program files\TuneUp Utilities 2008
    2009-03-23 21:52 . 2009-03-23 21:52 354560 ----a-w c:\windows\system32\TuneUpDefragService.exe
    2009-03-23 18:57 . 2009-03-23 18:57 -------- d-----w c:\program files\MSN Messenger
    2009-03-23 11:57 . 2009-03-23 11:57 -------- d-----w c:\program files\Microsoft
    2009-03-23 11:57 . 2009-03-23 11:57 -------- d-----w c:\program files\Windows Live SkyDrive
    2009-03-23 11:56 . 2008-01-03 15:08 -------- d-----w c:\program files\Windows Live
    2009-03-23 11:10 . 2009-03-23 11:10 -------- d-----w c:\program files\Common Files\Windows Live
    2009-03-22 20:07 . 2009-03-04 10:21 21840 ----atw c:\windows\system32\SIntfNT.dll
    2009-03-22 20:07 . 2009-03-04 10:21 17212 ----atw c:\windows\system32\SIntf32.dll
    2009-03-22 20:07 . 2009-03-04 10:21 12067 ----atw c:\windows\system32\SIntf16.dll
    2009-03-17 03:38 . 2009-04-15 07:42 13824 ----a-w c:\windows\system32\apilogen.dll
    2009-03-17 03:38 . 2009-04-15 07:42 24064 ----a-w c:\windows\system32\amxread.dll
    2009-03-14 18:57 . 2007-12-03 23:34 -------- d-----w c:\program files\IncrediMail
    2009-03-08 11:34 . 2009-04-01 09:13 914944 ----a-w c:\windows\system32\wininet.dll
    2009-03-08 11:34 . 2009-04-01 09:13 43008 ----a-w c:\windows\system32\licmgr10.dll
    2009-03-08 11:33 . 2009-04-01 09:13 18944 ----a-w c:\windows\system32\corpol.dll
    2009-03-08 11:33 . 2009-04-01 09:13 109056 ----a-w c:\windows\system32\iesysprep.dll
    2009-03-08 11:33 . 2009-04-01 09:13 109568 ----a-w c:\windows\system32\PDMSetup.exe
    2009-03-08 11:33 . 2009-04-01 09:13 132608 ----a-w c:\windows\system32\ieUnatt.exe
    2009-03-08 11:33 . 2009-04-01 09:13 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
    2009-03-08 11:33 . 2009-04-01 09:13 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
    2009-03-08 11:33 . 2009-04-01 09:13 103936 ----a-w c:\windows\system32\SetDepNx.exe
    2009-03-08 11:33 . 2009-04-01 09:13 420352 ----a-w c:\windows\system32\vbscript.dll
    2009-03-08 11:32 . 2009-04-01 09:13 72704 ----a-w c:\windows\system32\admparse.dll
    2009-03-08 11:32 . 2009-04-01 09:13 71680 ----a-w c:\windows\system32\iesetup.dll
    2009-03-08 11:32 . 2009-04-01 09:13 66560 ----a-w c:\windows\system32\wextract.exe
    2009-03-08 11:32 . 2009-04-01 09:13 169472 ----a-w c:\windows\system32\iexpress.exe
    2009-03-08 11:31 . 2009-04-01 09:13 34816 ----a-w c:\windows\system32\imgutil.dll
    2009-03-08 11:31 . 2009-04-01 09:13 48128 ----a-w c:\windows\system32\mshtmler.dll
    2009-03-08 11:31 . 2009-04-01 09:13 45568 ----a-w c:\windows\system32\mshta.exe
    2009-03-08 11:22 . 2009-04-01 09:13 156160 ----a-w c:\windows\system32\msls31.dll
    2009-03-03 04:46 . 2009-04-15 07:42 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
    2009-03-03 04:46 . 2009-04-15 07:42 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
    2009-03-03 04:39 . 2009-04-15 07:42 183296 ----a-w c:\windows\system32\sdohlp.dll
    2009-03-03 04:39 . 2009-04-15 07:42 551424 ----a-w c:\windows\system32\rpcss.dll
    2009-03-03 04:39 . 2009-04-15 07:42 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
    2009-03-03 04:37 . 2009-04-15 07:42 98304 ----a-w c:\windows\system32\iasrecst.dll
    2009-03-03 04:37 . 2009-04-15 07:42 54784 ----a-w c:\windows\system32\iasads.dll
    2009-03-03 04:37 . 2009-04-15 07:42 44032 ----a-w c:\windows\system32\iasdatastore.dll
    2009-03-03 03:04 . 2009-04-15 07:42 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
    2009-03-03 02:38 . 2009-04-15 07:42 17408 ----a-w c:\windows\system32\iashost.exe
    2009-03-01 18:27 . 2009-03-01 18:27 44384 ----a-w c:\windows\system32\drivers\tifsfilt.sys
    2009-03-01 18:27 . 2009-03-01 18:27 441760 ----a-w c:\windows\system32\drivers\timntr.sys
    2009-03-01 18:27 . 2009-03-01 18:27 129248 ----a-w c:\windows\system32\drivers\snapman.sys
    2009-03-01 18:26 . 2009-03-01 18:26 368736 ----a-w c:\windows\system32\drivers\tdrpman.sys
    2009-02-15 21:48 . 2008-02-13 00:45 86016 ----a-w c:\windows\system32\OpenAL32.dll
    2009-02-13 08:49 . 2009-04-15 07:42 72704 ----a-w c:\windows\system32\secur32.dll
    2009-02-13 08:49 . 2009-04-15 07:42 1255936 ----a-w c:\windows\system32\lsasrv.dll
    2008-05-17 08:05 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
    2008-09-10 14:46 . 2008-06-18 14:42 72 --sh--w c:\windows\SA0594035.tmp
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "AlcoholAutomount"="d:\utilitaire\Alcohol 120\axcmd.exe" [2009-03-17 203928]
    "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
    "Google Update"="c:\users\henri\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-06 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-20 90191]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-20 7766016]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
    "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-07 2620336]
    "AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-07 904880]
    "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-07 140568]
    "Spamihilator"="c:\program files\Spamihilator\spamihilator.exe" [2008-12-23 1321984]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
    "NetFxUpdate_v1.1.4322"="c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" [2007-01-15 73728]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-09 3784704]

    c:\users\henri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Pervasive.SQL Workgroup Engine.lnk - c:\pvsw\Bin\w3dbsmgr.exe [2004-7-22 106546]

    c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
    WiFi Station pour Livebox.lnk - c:\program files\Hercules\WiFi Station pour Livebox\WiFiLB.exe [2007-11-7 102400]

    c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\AutorunsDisabled
    Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-10 528384]

    c:\users\henri\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
    Pervasive.SQL Workgroup Engine.lnk - c:\pvsw\Bin\w3dbsmgr.exe [2004-7-22 106546]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "FilterAdministratorToken"= 1 (0x1)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\WIDEST~1\FREEQU~1\QUICKA~1.DLL

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ "autocheck autochk *"\[u]0/uOODBS

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DSLMON.lnk]
    backup=c:\windows\pss\DSLMON.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
    backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Outil de mise à jour Google.lnk]
    backup=c:\windows\pss\Outil de mise à jour Google.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SnagIt 8.lnk]
    backup=c:\windows\pss\SnagIt 8.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^henri^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GigaTribe.lnk]
    backup=c:\windows\pss\GigaTribe.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^henri^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Moteur WinSauvegarde.lnk]
    backup=c:\windows\pss\Moteur WinSauvegarde.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^henri^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
    backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
    backupExtension=.Startup

    [HKLM\~\startupfolder\C:^Users^henri^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
    path=c:\users\henri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
    backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
    backupExtension=.Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrustPPAP
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\exp32sys
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ItsTV
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "ehTray.exe"=c:\windows\ehome\ehTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001
    "AntiVirusDisableNotify"="0x00000000"
    "UpdatesDisableNotify"="0x00000000"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1754156993-695157337-552481621-1000]
    "EnableNotificationsRef"=dword:00000007

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{081659FE-5F03-42E3-B488-636242C7D835}"= UDP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
    "{2A8BAAA4-1E02-4C0A-BC8A-3882CFC56A0D}"= TCP:c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
    "TCP Query User{9F7ED434-5549-47A2-94EB-DCCE3AA2481E}d:\\jeux\\petanquedemo\\bin\\releasedemo\\petanque.exe"= UDP:d:\jeux\petanquedemo\bin\releasedemo\petanque.exe:Petanque
    "UDP Query User{4AB610E7-08D8-4DF4-82A6-5F45A60BB6EE}d:\\jeux\\petanquedemo\\bin\\releasedemo\\petanque.exe"= TCP:d:\jeux\petanquedemo\bin\releasedemo\petanque.exe:Petanque
    "TCP Query User{1B85A63B-D7ED-4DD7-B3FF-C581273198EE}d:\\jeux\\trackmania nations eswc\\tmnationseswc.exe"= UDP:d:\jeux\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
    "UDP Query User{5BD7C597-8408-4926-8F77-1520ACB69431}d:\\jeux\\trackmania nations eswc\\tmnationseswc.exe"= TCP:d:\jeux\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC
    "{420A529D-26F0-4FA3-9402-62A6F4266AAE}"= UDP:c:\program files\Shareaza\Shareaza.exe:Shareaza
    "{5C5BBB86-7639-49BC-8296-CD09E7567E02}"= TCP:c:\program files\Shareaza\Shareaza.exe:Shareaza
    "{35333AA0-418F-49B8-A630-F2D1B0EE306B}"= UDP:d:\utilitaire\DEFRAGMENTEUR PUISSANT\UDefrag.exe:UltimateDefrag Lite
    "{CBBDD1F7-35DD-41F4-AB97-C1D426DD3216}"= TCP:d:\utilitaire\DEFRAGMENTEUR PUISSANT\UDefrag.exe:UltimateDefrag Lite
    "TCP Query User{1CC85DE6-CEE2-4475-9682-39916DEF32F3}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule Plus
    "UDP Query User{02175312-2328-43C6-876B-2D81BAF632F7}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule Plus
    "{2998AF1F-AD1C-4AA7-B2DC-2F25D76B1F7E}"= UDP:c:\program files\eMule\eMule.exe:eMule Plus
    "{81F178C2-B4BF-4425-ADF6-76FFD8D53E0E}"= TCP:c:\program files\eMule\eMule.exe:eMule Plus
    "{76E0B84A-D1C4-45DA-81D1-B787F8F38D12}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
    "{005EE143-17A9-4CAC-883A-ACC78B3E400B}"= UDP:56390:Pando P2P TCP Listening Port
    "{72E412F1-ABD1-4631-8436-73C1B850076A}"= TCP:56390:Pando P2P UDP Listening Port
    "TCP Query User{1B5CF3E8-9375-4047-9E3B-CF10C5FA2AC2}c:\\program files\\pando networks\\pando\\pando.exe"= UDP:c:\program files\pando networks\pando\pando.exe:pando
    "UDP Query User{8F39B2D7-B1E2-43C6-BF9A-32BE2CE84C4F}c:\\program files\\pando networks\\pando\\pando.exe"= TCP:c:\program files\pando networks\pando\pando.exe:pando
    "{4500800B-1F61-4463-BB0C-7A3C27AAAE83}"= UDP:d:\utilitaire\GigaTribe\gigatribe.exe:GigaTribe
    "{34AB010E-87CD-4F74-8731-AD8FFBAEBECA}"= TCP:d:\utilitaire\GigaTribe\gigatribe.exe:GigaTribe
    "TCP Query User{4CF7F9CD-AFE3-427C-A7F3-C28D415E66ED}d:\\jeux\\x-plane 8.64\\x-plane 864.exe"= Disabled:UDP:d:\jeux\x-plane 8.64\x-plane 864.exe:X-Plane 864
    "UDP Query User{F3399E03-F1FB-4ADF-9E21-3EAC4DBA68E1}d:\\jeux\\x-plane 8.64\\x-plane 864.exe"= Disabled:TCP:d:\jeux\x-plane 8.64\x-plane 864.exe:X-Plane 864
    "TCP Query User{3BED2BA9-947D-4725-A4D0-AE9A98CE055A}d:\\utilitaire\\telechargement peer to peers\\ares\\ares.exe"= UDP:d:\utilitaire\telechargement peer to peers\ares\ares.exe:Ares p2p for windows
    "UDP Query User{8015BB2A-7538-46ED-83FD-04A3608DE0D0}d:\\utilitaire\\telechargement peer to peers\\ares\\ares.exe"= TCP:d:\utilitaire\telechargement peer to peers\ares\ares.exe:Ares p2p for windows
    "{61F10847-37CD-4A58-91BB-2CB9063244A2}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "{070E6C79-A26C-4BEE-A9F1-86778DBC745E}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "TCP Query User{57B0030D-2DCC-43BD-B913-AE4A895827D0}d:\\jeux\\flightgear\\bin\\win32\\fgfs.exe"= UDP:d:\jeux\flightgear\bin\win32\fgfs.exe:fgfs
    "UDP Query User{62E21F5A-A2CD-4647-A73D-72B5BD41946F}d:\\jeux\\flightgear\\bin\\win32\\fgfs.exe"= TCP:d:\jeux\flightgear\bin\win32\fgfs.exe:fgfs
    "TCP Query User{0B90AE32-4F86-4454-BBEA-3AD6776EB863}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
    "UDP Query User{32C4647C-2CE1-49A5-BC68-469F219FECE5}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
    "TCP Query User{260F391E-0476-4F4E-9DC0-94C2A72C718A}d:\\utilitaire\\aida32 - enterprise system information\\aida32.bin"= UDP:d:\utilitaire\aida32 - enterprise system information\aida32.bin:AIDA32 - Worldwide SysInfo Tool
    "UDP Query User{E0A03289-3EFB-4B72-8B3D-9BEA843A4CEC}d:\\utilitaire\\aida32 - enterprise system information\\aida32.bin"= TCP:d:\utilitaire\aida32 - enterprise system information\aida32.bin:AIDA32 - Worldwide SysInfo Tool
    "TCP Query User{BB4D6DC1-09D5-408B-9667-9284FE2E3EED}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
    "UDP Query User{7D56974D-E112-490D-8636-1EAE2B32A6D4}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
    "TCP Query User{378443D9-05CD-4080-AB94-A2BA0938C105}c:\\program files\\iepro\\minidm.exe"= UDP:c:\program files\iepro\minidm.exe:MiniDM
    "UDP Query User{5BA2CF1A-049D-4882-B705-8C25BD6A158C}c:\\program files\\iepro\\minidm.exe"= TCP:c:\program files\iepro\minidm.exe:MiniDM
    "TCP Query User{BEDC6B78-DDBA-46A4-B250-0A025C0C6759}d:\\utilitaire\\izispot\\izispot.exe"= UDP:d:\utilitaire\izispot\izispot.exe:IziSpot
    "UDP Query User{8700A5CB-0315-45A9-B1B4-D83D50A12C55}d:\\utilitaire\\izispot\\izispot.exe"= TCP:d:\utilitaire\izispot\izispot.exe:IziSpot
    "TCP Query User{5BAD5CF7-C94E-4FDA-A871-4AD59F43959F}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
    "UDP Query User{CAF42D3C-CE34-402D-A02A-E5DC877C97E1}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
    "TCP Query User{4DC20D1D-685D-415D-9917-2B518B0855BF}d:\\utilitaire\\emule\\emule.exe"= UDP:d:\utilitaire\emule\emule.exe:eMule
    "UDP Query User{983723EC-916D-4754-91F7-5677ADB044CC}d:\\utilitaire\\emule\\emule.exe"= TCP:d:\utilitaire\emule\emule.exe:eMule
    "{EF94F3A9-B56F-4443-8F76-020AA2BB3763}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
    "{640EC807-DED8-4D00-A9C8-DE9C682BE51A}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
    "TCP Query User{51961A99-3997-4173-AC09-18E3935025FB}d:\\jeux\\worms\\worms 4 mayhem online demo.exe"= UDP:d:\jeux\worms\worms 4 mayhem online demo.exe:Worms 4 Mayhem
    "UDP Query User{46D7A13C-B2CF-4131-8E29-3EB149BE8C9A}d:\\jeux\\worms\\worms 4 mayhem online demo.exe"= TCP:d:\jeux\worms\worms 4 mayhem online demo.exe:Worms 4 Mayhem
    "TCP Query User{898FA178-CBA4-4213-B3B2-1C06DDF310EF}c:\\program files\\foxtarot4\\foxtarot.exe"= UDP:c:\program files\foxtarot4\foxtarot.exe:JEU DE TAROT
    "UDP Query User{9FF49E43-2D68-46A3-8F2B-086F7071BFE9}c:\\program files\\foxtarot4\\foxtarot.exe"= TCP:c:\program files\foxtarot4\foxtarot.exe:JEU DE TAROT
    "{191EF9BA-73FD-4976-8392-E7E7D8920D1D}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{AD6C26BD-4532-4C1F-AE3F-EA2A25898C17}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{778DF7F6-5FE4-4BE5-A8B0-E05B0BA3251D}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{A3B4DB02-D53C-4798-BBD7-678E5C2AC6D6}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
    "TCP Query User{7D96B69D-293A-41BF-9D63-64DE1A12D3A3}d:\\jeux\\tmnationsforever\\tmforever.exe"= UDP:d:\jeux\tmnationsforever\tmforever.exe:TmForever
    "UDP Query User{6E093925-0C0F-4F5A-95EC-7BEB808646E6}d:\\jeux\\tmnationsforever\\tmforever.exe"= TCP:d:\jeux\tmnationsforever\tmforever.exe:TmForever
    "TCP Query User{B1BAFC55-24EC-4C5A-88D6-197C66466BB6}c:\\program files\\echanblard\\emule.exe"= UDP:c:\program files\echanblard\emule.exe:eChanblard
    "UDP Query User{9DAD1F0E-E220-4B8F-A826-0DB6DC696C38}c:\\program files\\echanblard\\emule.exe"= TCP:c:\program files\echanblard\emule.exe:eChanblard
    "TCP Query User{D9813E72-A67A-440B-A82B-31CFC2764662}c:\\program files\\echanblard\\emule.exe"= UDP:c:\program files\echanblard\emule.exe:eChanblard
    "UDP Query User{1278CF72-7DFF-4852-BE9A-70463A11C02D}c:\\program files\\echanblard\\emule.exe"= TCP:c:\program files\echanblard\emule.exe:eChanblard
    "TCP Query User{AFE86CA7-924D-4E89-8ED0-37D13BA860E7}d:\\jeux\\aquadelic gt\\run.exe"= UDP:d:\jeux\aquadelic gt\run.exe:Aquadelic GT game
    "UDP Query User{3A8866ED-93D3-4A37-98B2-919A21B22C73}d:\\jeux\\aquadelic gt\\run.exe"= TCP:d:\jeux\aquadelic gt\run.exe:Aquadelic GT game
    "TCP Query User{A9B8BEC8-3AC3-46F2-A2CB-3635868326BB}c:\\users\\henri\\appdata\\local\\emule\\emule.exe"= UDP:c:\users\henri\appdata\local\emule\emule.exe:emule.exe
    "UDP Query User{63111BC0-99A7-44AB-B8DF-01D4B9968FF8}c:\\users\\henri\\appdata\\local\\emule\\emule.exe"= TCP:c:\users\henri\appdata\local\emule\emule.exe:emule.exe
    "TCP Query User{B47A071B-F523-4672-B258-FD071F46F20A}h:\\gtl\\gtl.exe"= UDP:h:\gtl\gtl.exe:GT Legends
    "UDP Query User{258BAE91-2BC4-4DFA-9610-597609CB41D0}h:\\gtl\\gtl.exe"= TCP:h:\gtl\gtl.exe:GT Legends
    "{427DC75E-E4AF-4428-8E65-C82E782D76CB}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
    "{F6E146A2-FBC2-40C7-8124-54925E6EF5C8}"= c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
    "{EDB0FFC9-A7B2-4C0D-80E7-D79695F6FA7A}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
    "{1F6490C7-ED2C-4173-B77C-028126D70440}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
    "TCP Query User{E6630856-3CE7-4057-8CA0-4BF987D9513E}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java(TM) Platform SE binary
    "UDP Query User{9669BABA-303B-4E26-A00C-7ECE9DF7E0AB}c:\\program files\\java\\jre1.6.0_07\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_07\bin\javaw.exe:Java(TM) Platform SE binary
    "{12EC6FF8-0AFD-43F1-A1E1-6FBD0C819F15}"= UDP:c:\pvsw\Bin\w3dbsmgr.exe:Database Service Manager
    "{4209A43E-D4E3-4DAA-B099-A5C937AF6EB5}"= TCP:c:\pvsw\Bin\w3dbsmgr.exe:Database Service Manager
    "{ECC7DB0A-59A0-4447-A03C-1CA85031E567}"= UDP:c:\pvsw\Bin\w3dbsmgr.exe:Database Service Manager
    "{FB43423C-6BD1-4C7D-A934-22D9B41A49A1}"= TCP:c:\pvsw\Bin\w3dbsmgr.exe:Database Service Manager
    "{4430D02C-9B45-4D6E-9EF8-E38FF83A60E7}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "{3EA6E84A-BB75-42CA-A53A-E8FFF1FD3C02}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
    "{F08EB402-BC07-475D-AE71-59C5C3BFCBD7}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
    "{8492B468-B174-44CE-B925-D03E7D84A184}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{7B590E8C-CEE9-4776-AB34-293956E22B6E}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
    "{CDA0F618-08C0-4513-B421-42E0938D2C32}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
    "{86B95658-206E-472D-9F28-CA38E9362B5C}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
    "TCP Query User{746DF77F-8900-4C64-BAB9-D046D4CA9FD5}d:\\utilitaire\\shareaza\\shareaza.exe"= UDP:d:\utilitaire\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
    "UDP Query User{0C934E9A-5B86-4F78-9FA3-F1705A7AEAF7}d:\\utilitaire\\shareaza\\shareaza.exe"= TCP:d:\utilitaire\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
    "{2B4E082F-56B3-4087-B1CF-AA23C92816B3}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
    "{1EA72BFE-83DD-482E-BAED-813DF96EBDC7}"= TCP:6004|d:\utilitaire\WORD\Office12\outlook.exe:Microsoft Office Outlook
    "TCP Query User{78B040A7-5F07-4FFD-B736-8257C90ABBFD}i:\\jeux loulou\\racer\\racer070\\racer.exe"= UDP:i:\jeux loulou\racer\racer070\racer.exe:racer
    "UDP Query User{D74EAA9B-DE96-4D09-ADFB-F6C403466B56}i:\\jeux loulou\\racer\\racer070\\racer.exe"= TCP:i:\jeux loulou\racer\racer070\racer.exe:racer
    "{E528D0F2-36AE-4517-9316-3F0307D9B95F}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
    "{C838080A-886E-490E-AC60-83D9B95F82EA}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
    "{ECBC4CA1-2902-4A8B-8E16-4DE6A5ADF3B7}"= UDP:c:\program files\Spamihilator\cdcc.exe:Spamihilator DCC Filter Configuration
    "{3D0064B1-F623-444F-9E42-FDF23E1455AC}"= TCP:c:\program files\Spamihilator\cdcc.exe:Spamihilator DCC Filter Configuration
    "{E118666B-9316-4858-973B-9FBAD2291A81}"= UDP:c:\program files\Spamihilator\dccproc.exe:Spamihilator DCC Filter
    "{2804B16F-F9C2-4DBA-845A-3515916E2A8E}"= TCP:c:\program files\Spamihilator\dccproc.exe:Spamihilator DCC Filter
    "{7DD1EE1A-78FE-43C3-A25A-BA6A99C9225B}"= UDP:c:\program files\Spamihilator\spamihilator.exe:Spamihilator
    "{DB5AC62D-9626-4B9B-B7B2-A396983DB663}"= TCP:c:\program files\Spamihilator\spamihilator.exe:Spamihilator
    "TCP Query User{1AEA6EA0-5595-4BFE-BFE5-449E43C28B52}c:\\program files\\spamihilator\\dccproc.exe"= UDP:c:\program files\spamihilator\dccproc.exe:dccproc
    "UDP Query User{0C793B68-6C0B-41E7-9A56-308859D669CD}c:\\program files\\spamihilator\\dccproc.exe"= TCP:c:\program files\spamihilator\dccproc.exe:dccproc
    "TCP Query User{32B33E33-2A51-4313-809B-A2D1389E49B3}c:\\pvsw\\bin\\w3dbsmgr.exe"= UDP:c:\pvsw\bin\w3dbsmgr.exe:Database Service Manager
    "UDP Query User{77C6C854-8020-4324-8977-66759D543F94}c:\\pvsw\\bin\\w3dbsmgr.exe"= TCP:c:\pvsw\bin\w3dbsmgr.exe:Database Service Manager

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS
    "c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM

    R0 PzWDM;PzWDM;c:\windows\System32\drivers\PzWDM.sys [04/06/2008 14:31 15172]
    R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\elrawdsk.sys [18/08/2008 01:24 12800]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/05/2009 01:22 108289]
    R2 MSSQL$EBP;SQL Server (EBP);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 23:31 29263712]
    S2 Apache2.2;Apache2.2;"d:\xampplite\xampplite\apache\bin\apache.exe" -k runservice --> d:\xampplite\xampplite\apache\bin\apache.exe [?]
    S2 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\System32\drivers\adildr.sys [05/09/2007 20:54 56088]
    S3 Ipbuoi;Ipbuoi; [x]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [15/03/2009 09:34 216232]
    S3 magpsc;magpsc;c:\windows\System32\drivers\magpsc.sys [03/04/2009 11:12 53719]
    S3 netr73;Hercules Wireless USB Dongle Driver for Vista;c:\windows\System32\drivers\netr73.sys [07/11/2007 18:21 256000]
    S3 papycpu;papycpu;c:\windows\System32\drivers\papycpu.sys [22/09/2007 15:34 1984]
    S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [07/11/2007 17:52 28224]
    S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [20/09/2008 18:50 80744]

    --- Autres Services/Pilotes en mémoire ---

    *Deregistered* - sptd

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10e1844f-f520-11dd-a758-0016d3547c20}]
    \shell\AutoRun\command - G:\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f647f947-8966-11dd-93ef-0016d3547c20}]
    \shell\AutoRun\command - F:\MLLaunch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe
    HKCU-Run-german.exe - c:\windows\system32\wintems.exe

    .
    ------- Examen supplémentaire -------
    .
    mWindow Title =
    uInternet Settings,ProxyOverride = *.local
    IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 3.76\AMVConverter\grab.html
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Crawler Search - tbr:iemenu
    IE: E&xport to Microsoft Excel - d:\utilit~2\WORD\Office10\EXCEL.EXE/3000
    IE: E&xporter vers Microsoft Excel - d:\utilit~2\WORD\Office12\EXCEL.EXE/3000
    IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 3.76\MediaManager\grab.html
    Trusted Zone: localhost
    TCP: {ED5973AF-F337-492D-9BDD-9273F4F194FE} = 80.10.246.2,80.10.246.129
    Handler: skyline - {3a4f9195-65a8-11d5-85c1-0001023952c1} - c:\program files\Skyline\TerraExplorer\TerraExplorerX.dll
    DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} - hxxp://plug-in.reallusion.com/CrazyTalk4.cab
    FF - ProfilePath - c:\users\henri\AppData\Roaming\Mozilla\Firefox\Profiles\hjs756fj.default\
    FF - prefs.js: browser.startup.homepage - chrome://speeddial/content
    FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\Mozilla Firefox 3 Beta 2\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox 3 Beta 2\plugins\npSton3D.dll
    FF - plugin: c:\users\henri\AppData\Local\Google\Update\1.2.145.5\npGoogleOneClick8.dll
    FF - plugin: c:\users\henri\AppData\Roaming\Mozilla\Firefox\Profiles\hjs756fj.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
    FF - plugin: c:\users\henri\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

    ---- PARAMETRES FIREFOX ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.switch.threshold - 1000000
    FF - user.js: nglayout.initialpaint.delay - 600
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-12 08:48
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    c:\users\henri\AppData\Local\Temp\STS7E2E.tmp 79 bytes

    **************************************************************************
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-1754156993-695157337-552481621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 10.0.dib"

    [HKEY_USERS\S-1-5-21-1754156993-695157337-552481621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 10.0.emf"

    [HKEY_USERS\S-1-5-21-1754156993-695157337-552481621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 10.0.fpx"

    [HKEY_USERS\S-1-5-21-1754156993-695157337-552481621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
    @Denied: (2) (S-1-5-21-1754156993-695157337-552481621-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="PhotoViewer.FileAssoc.Gif"

    [HKEY_USERS\S-1-5-21-1754156993-695157337-552481621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 10.0.icl"

    [HKEY_USERS\S-1-5-21-1754156993-695157337-552481621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 10.0.ico"

    [HKEY_USERS\S-1-5-21-1754156993-695157337-552481621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 10.0.jfif"

    [HKEY_USERS\S-1-5-21-1754156993-695157337-552481621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
    @Denied: (2) (S-1-5-21-1754156993-695157337-552481621-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="Google.PhotoViewer.3.0"

    [HKEY_USERS\S-1-5-21-1754156993-695157337-552481621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
    @Denied: (2) (S-1-5-21-1754156993-695157337-552481621-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="Google.PhotoViewer.3.0"

    [HKEY_USERS\S-1-5-21-1754156993-695157337-552481621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
    @Denied: (2) (S-1-5-21-1754156993-695157337-552481621-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="PhotoViewer.FileAssoc.Png"

    [HKEY_USERS\S-1-5-21-1754156993-695157337-552481621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 10.0.rle"

    [HKEY_USERS\S-1-5-21-1754156993-695157337-552481621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 10.0.tga"

    [HKEY_USERS\S-1-5-21-1754156993-695157337-552481621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 10.0.thm"

    [HKEY_USERS\S-1-5-21-1754156993-695157337-552481621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 10.0.ttc"

    [HKEY_USERS\S-1-5-21-1754156993-695157337-552481621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 10.0.ttf"

    [HKEY_USERS\S-1-5-21-1754156993-695157337-552481621-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 10.0.wmf"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'lsass.exe'(1232)
    c:\windows\system32\relog_ap.dll

    - - - - - - - > 'Explorer.exe'(1936)
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    c:\program files\Acer Arcade Deluxe\VideoMagician\Kernel\EditMovie\MDTLM2Splter.ax
    c:\program files\Acer Arcade Deluxe\VideoMagician\Kernel\EditMovie\MDTLM1Splter.ax
    c:\windows\system32\DivXAF.ax
    c:\program files\CyberLink\PowerDVD\NavFilter\CLDemuxer.ax
    d:\utilitaire\VOSPHOTOALATELE\mcspmpeg.ax
    d:\utilitaire\VOSPHOTOALATELE\mcmpegin.dll
    c:\program files\K-Lite Codec Pack\Filters\avisplitter.ax
    c:\program files\K-Lite Codec Pack\Filters\MP4Splitter.ax
    c:\program files\K-Lite Codec Pack\Filters\WavPackDSSplitter.ax
    c:\program files\Super DVD Creator 9.20\RMSP.DLL
    d:\utilitaire\VOSPHOTOALATELE\HDX4FlashDemuxer.ax
    d:\utilitaire\VOSPHOTOALATELE\mcdsmpeg.ax
    d:\utilitaire\VOSPHOTOALATELE\mcmpgadec.dll
    d:\utilitaire\VOSPHOTOALATELE\mcmpgvdec.dll
    c:\program files\CyberLink\PowerDVD\NavFilter\clm4splt.ax
    c:\program files\K-Lite Codec Pack\Filters\MpegSplitter.ax
    c:\program files\Acer Arcade Deluxe\VideoMagician\Kernel\Movie\CLDemuxer.ax
    c:\windows\system32\aac_parser.ax
    d:\utilitaire\VOSPHOTOALATELE\HDX4AACParser.ax
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\System32\audiodg.exe
    c:\program files\a-squared Anti-Malware\a2service.exe
    c:\program files\a-squared Free\a2service.exe
    c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\windows\System32\drivers\CDANTSRV.EXE
    c:\windows\System32\Crypserv.exe
    c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
    c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
    c:\acer\Empowering Technology\eNet\eNet Service.exe
    c:\program files\Common Files\microsoft shared\VS7Debug\mdm.exe
    c:\acer\Mobility Center\MobilityService.exe
    c:\windows\System32\oodag.exe
    d:\utilitaire\photodexgold\scsiaccess.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    d:\utilitaire\Alcohol 120\StarWind\StarWindServiceAE.exe
    c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
    c:\windows\System32\drivers\XAudio.exe
    c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
    c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
    c:\acer\Empowering Technology\ePower\ePowerSvc.exe
    c:\windows\System32\wbem\unsecapp.exe
    c:\windows\System32\conime.exe
    c:\windows\System32\rundll32.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\users\henri\AppData\Local\Temp\RtkBtMnt.exe
    c:\program files\HP\Digital Imaging\bin\hpqste08.exe
    c:\windows\servicing\TrustedInstaller.exe
    c:\program files\Mozilla Firefox 3 Beta 2\firefox.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-05-12 8:57 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-05-12 06:56

    Avant-CF: 11 261 714 432 octets libres
    Après-CF: 13 293 916 160 octets libres

    736 --- E O F --- 2009-05-11 10:23
    1
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. Utilisateur anonyme
     
    non , on en a pas parlé mais oui l uac seven va pauser des soucis à AD , mais rien de grave .

    Bonne suite .
    1
  6. V-X
     
    Salut,

    Télécharge FindyKill de Chiquitine29

    ▶ Fais un clique droit sur le lien et choisis ( "enregistrer la cible sous ...." )( , destination le bureau .

    ▶ Laisse toi guider pour l'installer.

    ▶ Double clic sur " FindyKill." pour lancer l'outil .

    ▶ Choisis La langue:F pour français

    ▶ Choisis l'option 1 . Puis laisses travailler ...

    ▶ Une fois terminé, postes le rapport FindyKill.txt qui est généré ...

    ( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

    Les-risques-securitaires-du-peer-to-peer

    Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
    0
  7. loloetseb Messages postés 5684 Statut Membre 174
     
    Désactivez le contrôle des comptes utilisateurs avant utilisation de cet outil:

    * Allez dans "Démarrer" puis Panneau de configuration.
    * Double Cliquez sur l'icône Comptes d'utilisateurs et sur "Activer ou désactiver le contrôle des comptes d'utilisateurs".
    * Décochez la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
    * Validez par OK et redémarrez .

    Aides en images ( Uac )

    *****************************************************
    *************** Option 1 (Recherche) ***************
    *****************************************************

    Télécharge FindyKill ( de Chiquitine29) sur ton bureau :

    ! Déconnecte toi et ferme toutes applications en cours !

    * Double clique sur "FindyKill.exe" pour lancer l'installation et laisse les paramètres d'instalation par défaut .

    * Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)

    * Double-clique sur le raccourci FindyKill qui est sur ton bureau pour lancer l'outil .

    * Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

    * Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

    Laisse travailler l'outil et ne touche à rien ...

    --> Poste le rapport qui apparait à la fin , sur le forum ...

    ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    Aides en images ( Installation )
    Aides en images ( Recherche )
    0
  8. lilou
     
    merci de m aider
    mais ça marche pas
    ça me marque acces refuse
    et aucun rapport
    par contre je poste des rapport que ma fait faire mon copain

    Search Navipromo version 3.7.1 commencé le 10/05/2009 à 23:00:09,26

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1

    Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : AMD Turion(tm) 64 X2 Mobile Technology TL-50 )
    BIOS : PhoenixBIOS 4.0 Release 6.1
    USER : henri ( Administrator )
    BOOT : Normal boot

    C:\ (Local Disk) - NTFS - Total:51 Go (Free:9 Go)
    D:\ (Local Disk) - NTFS - Total:44 Go (Free:18 Go)
    E:\ (CD or DVD)
    F:\ (CD or DVD)
    G:\ (USB) - FAT - Total:961 Mo (Free:0 Go)
    H:\ (Local Disk) - NTFS - Total:35 Go (Free:22 Go)
    I:\ (Local Disk) - FAT32 - Total:15 Go (Free:12 Go)

    Recherche executé en mode normal

    *** Recherche Programmes installés ***

    *** Recherche dossiers dans "C:\Windows" ***

    *** Recherche dossiers dans "C:\Program Files" ***

    *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***

    *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***

    *** Recherche dossiers dans "C:\ProgramData" ***

    *** Recherche dossiers dans "c:\users\henri\appdata\roaming\micros~1\windows\startm~1\programs" ***

    *** Recherche dossiers dans "C:\Users\henri\AppData\Local\virtualstore\Program Files" ***

    *** Recherche dossiers dans "C:\Users\henri\AppData\Local" ***

    *** Recherche dossiers dans "C:\Users\henri\AppData\Roaming" ***

    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net
    0
  9. lilou
     
    --------------------\\ Lop S&D 4.2.4-9c XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : AMD Turion(tm) 64 X2 Mobile Technology TL-50 )
    BIOS : PhoenixBIOS 4.0 Release 6.1
    USER : henri ( Administrator )
    BOOT : Normal boot
    C:\ (Local Disk) - NTFS - Total:51 Go (Free:10 Go)
    D:\ (Local Disk) - NTFS - Total:44 Go (Free:18 Go)
    E:\ (CD or DVD)
    F:\ (CD or DVD)
    G:\ (USB) - FAT - Total:961 Mo (Free:0 Go)
    H:\ (Local Disk) - NTFS - Total:35 Go (Free:22 Go)
    I:\ (Local Disk) - FAT32 - Total:15 Go (Free:12 Go)

    "C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
    Option : [2] ( 10/05/2009|23:46 )

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

    -
    [ Fichier Hosts ] .. Restaure!

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    --------------------\\ Listing des dossiers dans Local

    [11/02/2008|16:57] C:\Users\henri\AppData\Local\{B734406A-61B5-4E1D-A964-81B07B93BB70}
    [13/11/2007|14:40] C:\Users\henri\AppData\Local\{C8A2BB40-90D2-4928-AB81-2A84EFB7EA4C}
    [01/01/2008|22:27] C:\Users\henri\AppData\Local\ACD Systems
    [05/09/2007|18:07] C:\Users\henri\AppData\Local\acer eNM
    [29/05/2008|14:31] C:\Users\henri\AppData\Local\Adobe
    [25/01/2008|00:12] C:\Users\henri\AppData\Local\Ahead
    [03/04/2009|16:13] C:\Users\henri\AppData\Local\Apple
    [03/04/2009|16:14] C:\Users\henri\AppData\Local\Apple Computer
    [05/09/2007|18:03] C:\Users\henri\AppData\Local\Application Data
    [15/04/2009|15:08] C:\Users\henri\AppData\Local\ApplicationHistory
    [15/04/2008|02:15] C:\Users\henri\AppData\Local\Apps
    [26/03/2008|19:06] C:\Users\henri\AppData\Local\Ares
    [27/05/2008|18:04] C:\Users\henri\AppData\Local\CDBurnerXP_Soft
    [10/04/2008|00:15] C:\Users\henri\AppData\Local\cdrtfe
    [24/06/2008|17:44] C:\Users\henri\AppData\Local\d3d9caps.dat
    [10/05/2009|21:59] C:\Users\henri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [06/04/2009|17:33] C:\Users\henri\AppData\Local\Deployment
    [01/01/2008|22:21] C:\Users\henri\AppData\Local\Downloaded Installations
    [06/01/2009|23:59] C:\Users\henri\AppData\Local\Dynacom
    [04/12/2008|20:58] C:\Users\henri\AppData\Local\Ebp
    [02/11/2008|00:26] C:\Users\henri\AppData\Local\eMule
    [15/04/2009|15:02] C:\Users\henri\AppData\Local\fusioncache.dat
    [15/04/2009|15:02] C:\Users\henri\AppData\Local\GDIPFONTCACHEV1.DAT
    [13/08/2008|11:21] C:\Users\henri\AppData\Local\GMail Drive
    [07/04/2009|11:28] C:\Users\henri\AppData\Local\Google
    [05/09/2007|18:03] C:\Users\henri\AppData\Local\Historique
    [09/12/2008|17:41] C:\Users\henri\AppData\Local\HP
    [10/05/2009|23:10] C:\Users\henri\AppData\Local\IconCache.db
    [14/03/2009|20:59] C:\Users\henri\AppData\Local\IM
    [15/04/2009|14:49] C:\Users\henri\AppData\Local\Installer2792
    [27/09/2008|22:10] C:\Users\henri\AppData\Local\Installer3980
    [19/11/2008|18:52] C:\Users\henri\AppData\Local\Installer4136
    [20/01/2009|19:53] C:\Users\henri\AppData\Local\Installer4600
    [23/07/2008|12:06] C:\Users\henri\AppData\Local\Macromedia
    [09/09/2007|16:47] C:\Users\henri\AppData\Local\MCE Deluxe Suite
    [03/05/2009|15:49] C:\Users\henri\AppData\Local\Micro Application
    [23/10/2008|13:07] C:\Users\henri\AppData\Local\Microsoft
    [12/11/2007|02:18] C:\Users\henri\AppData\Local\Microsoft Games
    [24/03/2009|15:40] C:\Users\henri\AppData\Local\Microsoft Help
    [13/09/2007|01:02] C:\Users\henri\AppData\Local\MigWiz
    [21/01/2008|17:26] C:\Users\henri\AppData\Local\Mozilla
    [17/09/2007|00:27] C:\Users\henri\AppData\Local\NFS Underground 2
    [26/04/2008|01:21] C:\Users\henri\AppData\Local\Paint.NET
    [11/02/2008|17:03] C:\Users\henri\AppData\Local\Pando
    [09/09/2007|16:46] C:\Users\henri\AppData\Local\PowerCinema
    [06/11/2007|13:53] C:\Users\henri\AppData\Local\Real
    [10/10/2007|11:54] C:\Users\henri\AppData\Local\Shareaza
    [25/09/2007|21:44] C:\Users\henri\AppData\Local\Steam
    [04/12/2008|20:53] C:\Users\henri\AppData\Local\Stimulsoft
    [21/11/2007|02:17] C:\Users\henri\AppData\Local\TechSmith
    [10/05/2009|23:46] C:\Users\henri\AppData\Local\Temp
    [09/10/2008|00:40] C:\Users\henri\AppData\Local\TempDIR
    [05/09/2007|18:03] C:\Users\henri\AppData\Local\Temporary Internet Files
    [22/01/2009|22:32] C:\Users\henri\AppData\Local\vdownloader
    [07/11/2007|17:52] C:\Users\henri\AppData\Local\VirtualStore
    [07/01/2009|12:09] C:\Users\henri\AppData\Local\WDSetup
    [07/10/2008|10:13] C:\Users\henri\AppData\Local\Xenocode

    --------------------\\ Tâches planifiées dans C:\Windows\tasks

    [10/05/2009 19:57][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1754156993-695157337-552481621-1000.job
    [10/05/2009 23:15][--a------] C:\Windows\tasks\Google Software Updater.job
    [08/05/2009 17:17][--a------] C:\Windows\tasks\Maintenance en 1 clic.job
    [10/05/2009 23:11][--a------] C:\Windows\tasks\GlaryInitialize.job
    [10/05/2009 23:13][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{886D59AA-7D3A-4B5C-9D4D-FDB08718D2A7}.job
    [10/05/2009 23:11][--ah-----] C:\Windows\tasks\SA.DAT
    [10/05/2009 23:10][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    --------------------\\ Listing des dossiers dans C:\ProgramData

    [11/09/2008|23:49] C:\ProgramData\.zreglib
    [04/01/2009|13:52] C:\ProgramData\{3AA1BE04-7F2A-41E0-98CA-BC79285DF0A3}
    [04/01/2009|13:47] C:\ProgramData\{B33CBE2B-A739-401D-A5E0-041195C4A17B}
    [06/01/2009|23:58] C:\ProgramData\{B73EC431-2F59-4E5E-9CEA-001681A75E3E}
    [26/11/2008|23:34] C:\ProgramData\4D
    [18/09/2007|10:22] C:\ProgramData\a32l
    [01/01/2008|22:24] C:\ProgramData\ACD Systems
    [23/04/2009|19:24] C:\ProgramData\Acronis
    [15/04/2009|14:48] C:\ProgramData\Adobe
    [25/01/2008|00:00] C:\ProgramData\Ahead
    [03/04/2009|16:13] C:\ProgramData\Apple
    [12/09/2008|00:20] C:\ProgramData\Apple Computer
    [02/11/2006|15:02] C:\ProgramData\Application Data
    [24/03/2009|23:23] C:\ProgramData\Aquadelic GT
    [30/04/2008|01:15] C:\ProgramData\Arovax
    [01/02/2009|21:56] C:\ProgramData\Avira
    [31/01/2009|18:47] C:\ProgramData\Avira(338)
    [21/01/2008|21:02] C:\ProgramData\AVS4YOU
    [24/06/2008|15:29] C:\ProgramData\BOONTY
    [23/10/2008|20:23] C:\ProgramData\Broadcom
    [05/09/2007|18:02] C:\ProgramData\Bureau
    [19/12/2007|18:50] C:\ProgramData\CA
    [01/06/2008|16:24] C:\ProgramData\CheckPoint
    [04/12/2008|18:40] C:\ProgramData\Ciel
    [25/01/2008|10:32] C:\ProgramData\CyberLink
    [02/11/2006|15:02] C:\ProgramData\Desktop
    [02/11/2006|15:02] C:\ProgramData\Documents
    [19/12/2008|23:08] C:\ProgramData\DVD Shrink
    [06/01/2009|23:53] C:\ProgramData\Dynacom
    [27/11/2008|16:22] C:\ProgramData\EBP
    [24/01/2008|19:43] C:\ProgramData\Elaborate Bytes
    [09/08/2008|01:05] C:\ProgramData\eMule
    [20/01/2009|23:24] C:\ProgramData\ezsidmv.dat
    [05/09/2007|18:02] C:\ProgramData\Favoris
    [02/11/2006|15:02] C:\ProgramData\Favorites
    [23/07/2008|12:49] C:\ProgramData\FLEXnet
    [01/02/2009|20:34] C:\ProgramData\GESTAN
    [24/03/2009|23:30] C:\ProgramData\Google
    [10/05/2009|16:29] C:\ProgramData\Google Updater
    [10/03/2008|19:08] C:\ProgramData\HP
    [25/10/2007|16:06] C:\ProgramData\HPSSUPPLY
    [09/12/2008|17:41] C:\ProgramData\hpzinstall.log
    [16/08/2008|01:42] C:\ProgramData\IM
    [04/12/2007|01:35] C:\ProgramData\IncrediMail
    [28/02/2009|14:34] C:\ProgramData\Installations
    [05/09/2007|18:05] C:\ProgramData\InstallShield
    [19/08/2008|00:59] C:\ProgramData\iolo
    [29/03/2008|14:54] C:\ProgramData\jahafydk
    [24/03/2008|21:01] C:\ProgramData\Kaspersky Lab
    [16/12/2007|23:57] C:\ProgramData\Kaspersky Lab Setup Files
    [01/04/2009|19:33] C:\ProgramData\ma-config.com
    [23/07/2008|11:49] C:\ProgramData\Macromedia
    [29/03/2008|20:49] C:\ProgramData\Macrovision
    [28/05/2008|15:33] C:\ProgramData\Malwarebytes
    [21/01/2008|10:35] C:\ProgramData\McAfee
    [05/09/2007|18:02] C:\ProgramData\Menu D‚marrer
    [24/03/2009|15:47] C:\ProgramData\Microsoft
    [02/05/2009|00:34] C:\ProgramData\Microsoft Help
    [05/09/2007|18:02] C:\ProgramData\ModŠles
    [29/03/2008|14:54] C:\ProgramData\noipjros
    [03/11/2007|01:55] C:\ProgramData\NtiDvdCopy
    [17/01/2009|13:53] C:\ProgramData\ntuser.pol
    [26/12/2007|15:43] C:\ProgramData\NVIDIA
    [10/01/2008|17:00] C:\ProgramData\Pinnacle
    [06/11/2007|13:53] C:\ProgramData\Real
    [04/03/2009|23:59] C:\ProgramData\Skyline
    [20/01/2009|23:21] C:\ProgramData\Skype
    [20/01/2008|15:29] C:\ProgramData\SlySoft
    [29/03/2009|17:13] C:\ProgramData\Spybot - Search & Destroy
    [02/11/2006|15:02] C:\ProgramData\Start Menu
    [27/10/2008|18:24] C:\ProgramData\SWiSHMax2WorkFolder
    [16/12/2007|23:46] C:\ProgramData\Symantec
    [27/02/2008|14:34] C:\ProgramData\TDK
    [21/11/2007|02:17] C:\ProgramData\TechSmith
    [20/12/2008|16:42] C:\ProgramData\TEMP
    [02/11/2006|15:02] C:\ProgramData\Templates
    [09/10/2008|00:15] C:\ProgramData\TrackMania
    [19/08/2008|01:15] C:\ProgramData\TuneUp Software
    [25/10/2007|17:02] C:\ProgramData\WEBREG
    [18/09/2007|01:18] C:\ProgramData\WinZip
    [26/04/2008|00:31] C:\ProgramData\WLInstaller
    [05/09/2007|18:52] C:\ProgramData\Yahoo! Companion

    --------------------\\ Listing des dossiers dans C:\Program Files

    [11/09/2008|22:57] C:\Program Files\AAALOGO2008
    [30/04/2008|01:17] C:\Program Files\ACD Systems
    [30/04/2008|01:17] C:\Program Files\Acer Arcade Deluxe
    [30/04/2008|01:18] C:\Program Files\Acer Inc
    [01/03/2009|20:26] C:\Program Files\Acronis
    [15/04/2009|14:47] C:\Program Files\Adobe
    [15/09/2008|21:26] C:\Program Files\adslTV
    [06/01/2009|23:28] C:\Program Files\AMtechnologie
    [03/04/2009|16:13] C:\Program Files\Apple Software Update
    [13/04/2009|15:47] C:\Program Files\a-squared Free
    [01/02/2009|21:56] C:\Program Files\Avira
    [23/10/2008|20:28] C:\Program Files\Broadcom
    [13/04/2009|12:29] C:\Program Files\Common Files
    [24/03/2009|23:25] C:\Program Files\CyberLink
    [23/09/2008|14:03] C:\Program Files\DAEMON Tools Lite
    [01/04/2009|19:36] C:\Program Files\DIFX
    [19/12/2008|22:54] C:\Program Files\DVD Shrink
    [13/04/2009|12:40] C:\Program Files\EBP
    [04/01/2009|13:46] C:\Program Files\eChanblard
    [24/03/2009|23:36] C:\Program Files\Error Repair Professional
    [08/08/2008|15:51] C:\Program Files\FileZilla FTP Client
    [10/05/2009|22:46] C:\Program Files\FindyKill
    [07/01/2009|13:03] C:\Program Files\GESTAN
    [26/09/2008|21:33] C:\Program Files\GIMP-2.0
    [30/04/2008|01:19] C:\Program Files\Glary Utilities
    [24/03/2009|23:30] C:\Program Files\Google
    [30/04/2008|01:19] C:\Program Files\Hercules
    [09/12/2008|17:37] C:\Program Files\HP
    [10/05/2008|09:50] C:\Program Files\IEPro
    [14/03/2009|20:57] C:\Program Files\IncrediMail
    [07/05/2009|11:04] C:\Program Files\InstallShield Installation Information
    [09/05/2009|03:01] C:\Program Files\Internet Explorer
    [30/04/2008|01:20] C:\Program Files\Inventel
    [02/09/2008|01:38] C:\Program Files\Java
    [21/11/2008|18:57] C:\Program Files\JRE
    [30/04/2008|01:20] C:\Program Files\K-Lite Codec Pack
    [30/04/2008|01:20] C:\Program Files\Launch Manager
    [10/09/2008|21:21] C:\Program Files\Lavalys
    [01/04/2009|19:33] C:\Program Files\ma-config.com
    [26/02/2009|10:40] C:\Program Files\Macromedia
    [23/03/2009|23:57] C:\Program Files\Malwarebytes' Anti-Malware
    [23/03/2009|13:57] C:\Program Files\Microsoft
    [30/04/2008|01:20] C:\Program Files\Microsoft ActiveSync
    [30/04/2008|01:20] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [30/04/2008|01:20] C:\Program Files\Microsoft Games
    [23/10/2008|20:23] C:\Program Files\Microsoft IntelliPoint
    [30/04/2008|01:20] C:\Program Files\Microsoft Office
    [09/02/2009|21:14] C:\Program Files\Microsoft SQL Server
    [30/04/2008|01:20] C:\Program Files\Microsoft Visual Studio
    [26/03/2009|10:01] C:\Program Files\Microsoft Visual Studio 8
    [24/03/2009|15:49] C:\Program Files\Microsoft Works
    [24/03/2009|15:47] C:\Program Files\Microsoft.NET
    [24/03/2009|23:27] C:\Program Files\Motherboard Monitor 5
    [17/05/2008|09:52] C:\Program Files\Movie Maker
    [10/05/2009|23:01] C:\Program Files\Mozilla Firefox 3 Beta 2
    [24/03/2009|15:49] C:\Program Files\MSBuild
    [23/03/2009|20:57] C:\Program Files\MSN Messenger
    [10/05/2009|23:00] C:\Program Files\Navilog1
    [01/02/2009|21:54] C:\Program Files\Notebook Hardware Control
    [30/04/2008|01:20] C:\Program Files\Notepad++
    [30/04/2008|01:20] C:\Program Files\Nvu
    [30/04/2008|01:20] C:\Program Files\OpenAL
    [04/01/2009|13:46] C:\Program Files\OpenOffice.org 2.4
    [21/11/2008|18:56] C:\Program Files\OpenOffice.org 3
    [30/04/2008|01:20] C:\Program Files\OpenSource Flash Video Splitter
    [15/04/2009|17:18] C:\Program Files\Panda Security
    [21/02/2009|19:41] C:\Program Files\pdfforge Toolbar
    [12/09/2008|00:21] C:\Program Files\QuickTime
    [30/04/2008|01:21] C:\Program Files\RealMedia
    [30/04/2008|01:21] C:\Program Files\Realtek
    [03/03/2009|11:24] C:\Program Files\Recuva
    [30/04/2008|01:21] C:\Program Files\Reference Assemblies
    [03/04/2009|16:14] C:\Program Files\Safari
    [04/03/2009|23:59] C:\Program Files\Skyline
    [10/09/2008|16:53] C:\Program Files\SlySoft
    [11/04/2009|16:02] C:\Program Files\Spamihilator
    [01/03/2009|14:17] C:\Program Files\SpeedFan
    [06/11/2008|02:11] C:\Program Files\Spybot - Search & Destroy
    [04/01/2009|13:46] C:\Program Files\Super DVD Creator 9.20
    [30/04/2008|01:21] C:\Program Files\Synaptics
    [24/09/2008|20:23] C:\Program Files\SystemRequirementsLab
    [30/04/2008|01:21] C:\Program Files\TechSmith
    [01/03/2009|18:10] C:\Program Files\T‚l‚chargeur de Powershot Pinball
    [29/03/2009|16:40] C:\Program Files\T‚l‚chargeur de Sonic Adventure DX
    [19/04/2009|10:40] C:\Program Files\The Bitmap Brothers
    [10/05/2009|22:16] C:\Program Files\Trend Micro
    [23/03/2009|23:52] C:\Program Files\TuneUp Utilities 2008
    [29/01/2009|00:40] C:\Program Files\TuneUp Utilities 2009
    [22/01/2009|22:32] C:\Program Files\VDOWNLOADER
    [04/01/2009|13:46] C:\Program Files\Wanadoo
    [30/04/2008|01:21] C:\Program Files\WinASPI
    [17/05/2008|09:52] C:\Program Files\Windows Calendar
    [17/05/2008|09:52] C:\Program Files\Windows Collaboration
    [17/05/2008|09:52] C:\Program Files\Windows Defender
    [17/05/2008|09:52] C:\Program Files\Windows Journal
    [23/03/2009|13:56] C:\Program Files\Windows Live
    [24/12/2008|18:39] C:\Program Files\Windows Live Safety Center
    [23/03/2009|13:57] C:\Program Files\Windows Live SkyDrive
    [16/04/2009|03:12] C:\Program Files\Windows Mail
    [12/03/2009|04:06] C:\Program Files\Windows Media Player
    [04/01/2009|13:46] C:\Program Files\Windows NT
    [17/05/2008|09:52] C:\Program Files\Windows Photo Gallery
    [17/05/2008|09:52] C:\Program Files\Windows Sidebar
    [30/04/2008|01:21] C:\Program Files\WinZip
    [20/08/2008|00:46] C:\Program Files\Zoom Player

    --------------------\\ Listing des dossiers dans C:\Program Files\Common Files

    [30/04/2008|01:18] C:\Program Files\Common Files\ACD Systems
    [01/03/2009|20:26] C:\Program Files\Common Files\Acronis
    [15/04/2009|14:47] C:\Program Files\Common Files\Adobe
    [30/04/2008|01:18] C:\Program Files\Common Files\Adobe Systems Shared
    [29/03/2009|18:18] C:\Program Files\Common Files\Ahead
    [30/04/2008|01:18] C:\Program Files\Common Files\AVSMedia
    [15/09/2008|00:40] C:\Program Files\Common Files\BOONTY Shared
    [30/04/2008|01:18] C:\Program Files\Common Files\Designer
    [30/04/2008|01:18] C:\Program Files\Common Files\France Telecom
    [30/04/2008|01:18] C:\Program Files\Common Files\Hewlett-Packard
    [09/12/2008|17:37] C:\Program Files\Common Files\HP
    [30/04/2008|01:18] C:\Program Files\Common Files\InstallShield
    [30/04/2008|01:18] C:\Program Files\Common Files\Java
    [30/04/2008|01:18] C:\Program Files\Common Files\L&H
    [29/03/2009|16:32] C:\Program Files\Common Files\LightScribe
    [23/07/2008|12:25] C:\Program Files\Common Files\Macromedia
    [23/07/2008|02:02] C:\Program Files\Common Files\Macrovision Shared
    [26/03/2009|09:59] C:\Program Files\Common Files\microsoft shared
    [06/01/2009|23:53] C:\Program Files\Common Files\MSSoap
    [30/04/2008|01:19] C:\Program Files\Common Files\muvee Technologies
    [30/04/2008|01:19] C:\Program Files\Common Files\NewTech Infosystems
    [07/01/2009|12:10] C:\Program Files\Common Files\PC SOFT
    [13/04/2009|12:29] C:\Program Files\Common Files\Pervasive Software Shared
    [30/04/2008|01:19] C:\Program Files\Common Files\PX Storage Engine
    [30/04/2008|01:19] C:\Program Files\Common Files\Scanner
    [30/04/2008|01:19] C:\Program Files\Common Files\Services
    [20/01/2009|23:21] C:\Program Files\Common Files\Skype
    [30/04/2008|01:19] C:\Program Files\Common Files\SpeechEngines
    [27/10/2008|18:13] C:\Program Files\Common Files\SWiSHzone.com
    [30/04/2008|01:19] C:\Program Files\Common Files\Symantec Shared
    [24/03/2009|15:54] C:\Program Files\Common Files\System
    [23/03/2009|13:10] C:\Program Files\Common Files\Windows Live
    [02/03/2008|01:57] C:\Program Files\Common Files\WindowsLiveInstaller
    [20/08/2008|00:52] C:\Program Files\Common Files\Wise Installation Wizard

    --------------------\\ Process

    ( 82 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-10 23:47:15
    Windows 6.0.6001 Service Pack 1 NTFS
    scanning hidden processes ...
    ? [4912]
    scanning hidden files ...
    C:\Windows\System32\IME\shared
    C:\Windows\System32\IME\shared\IMEAPIS.DLL 29696 bytes executable
    C:\Windows\System32\IME\shared\res
    C:\Windows\System32\IME\shared\res\padrs404.dll 11264 bytes executable
    C:\Windows\System32\IME\shared\res\padrs804.dll 11776 bytes executable
    C:\Windows\System32\mdelk.exe 67667 bytes executable
    C:\Windows\System32\wintems.exe 67667 bytes executable
    scan completed successfully
    hidden processes: 1
    hidden files: 96

    --------------------\\ Recherche d'autres infections

    --------------------\\ ROOTKIT !!

    Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]
    Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA]
    Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]

    --------------------\\ Cracks & Keygens ..

    C:\Users\henri\AppData\Roaming\Microsoft\Office\Recent\crack.LNK
    C:\Users\henri\AppData\Roaming\Shareaza\Torrents\CloneDVD v2.9.1.2 Incl Keygen.torrent
    C:\Users\henri\AppData\Roaming\Shareaza\Torrents\O&O Defrag 10 Professional Edition + Keygen.rar.torrent
    C:\Users\henri\Favorites\KEYGEN.MS - Generates cracks serials keygens for the software to unlock it for free.url
    C:\Users\henri\Favorites\performancetest 6.0 crack EASY CRACKS - the largest cracks keygens and serials database.url
    C:\Users\henri\Favorites\informatique\CRACK.MS - All CRACKs and SERIALs on ONE Site.url

    [F:5][D:5]-> C:\Users\henri\AppData\Local\Temp
    [F:4][D:1]-> C:\Users\henri\AppData\Roaming\MICROS~1\Windows\Cookies
    [F:474][D:17]-> C:\Users\henri\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
    [F:29][D:49]-> C:\$Recycle.Bin

    1 - "C:\Lop SD\LopR_1.txt" - 10/05/2009|23:55 - Option : [2]

    --------------------\\ Fin du rapport a 23:55:02
    0
  10. lilou
     
    SmitFraudFix v2.323

    Scan done at 23:24:25,49, 10/05/2009
    Run from C:\Users\henri\Desktop\SmitfraudFix
    OS: Microsoft Windows [version 6.0.6001] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Contrôleur de réseau NVIDIA nForce
    DNS Server Search Order: 80.10.246.2
    DNS Server Search Order: 80.10.246.129

    Description: Carte réseau Broadcom 802.11g
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{99ABC338-4ECA-4792-BEB7-AF20591F034D}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{E48E3209-09E1-435B-8A80-A1EDA3A76950}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{ED5973AF-F337-492D-9BDD-9273F4F194FE}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{ED5973AF-F337-492D-9BDD-9273F4F194FE}: NameServer=80.10.246.2,80.10.246.129
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{99ABC338-4ECA-4792-BEB7-AF20591F034D}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{E48E3209-09E1-435B-8A80-A1EDA3A76950}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{ED5973AF-F337-492D-9BDD-9273F4F194FE}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{ED5973AF-F337-492D-9BDD-9273F4F194FE}: NameServer=80.10.246.2,80.10.246.129
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{99ABC338-4ECA-4792-BEB7-AF20591F034D}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{E48E3209-09E1-435B-8A80-A1EDA3A76950}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{ED5973AF-F337-492D-9BDD-9273F4F194FE}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{ED5973AF-F337-492D-9BDD-9273F4F194FE}: NameServer=80.10.246.2,80.10.246.129
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» End
    0
  11. lilou
     
    ben si ça peut vous aider j en sais rien moi
    0
  12. lilou
     
    ############################## [ FindyKill V4.728 ]

    # User : henri (Administrateurs) # PC-DE-HENRI
    # Update on 03/05/09 by Chiquitine29
    # Start at: 00:56:44 | 11/05/2009
    # Website : http://pagesperso-orange.fr/NosTools/findykill.html

    # AMD Turion(tm) 64 X2 Mobile Technology TL-50
    # Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
    # Internet Explorer 8.0.6001.18702
    # Windows Firewall Status : Enabled

    # C:\ # Disque fixe local # 51,99 Go (10,23 Go free) [VISTA] # NTFS
    # D:\ # Disque fixe local # 44,66 Go (18,93 Go free) [LOISIR UTILITAIRE] # NTFS
    # E:\ # Disque CD-ROM
    # F:\ # Disque CD-ROM
    # G:\ # Disque amovible # 961,73 Mo (347,94 Mo free) [PHOTO USB] # FAT
    # H:\ # Disque fixe local # 35,62 Go (22,94 Go free) [AMOVIBLE1] # NTFS
    # I:\ # Disque fixe local # 15,47 Go (12,93 Go free) [AMOVIBLE2] # FAT32

    ############################## [ Processus actifs ]

    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Windows\system32\DRIVERS\CDANTSRV.EXE
    C:\Windows\system32\crypserv.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\Acer\Empowering Technology\eNet\eNet Service.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Acer\Mobility Center\MobilityService.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\oodag.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    D:\utilitaire\photodexgold\ScsiAccess.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    D:\utilitaire\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
    C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\henri\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Windows\System32\wintems.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Hercules\WiFi Station pour Livebox\WiFiLB.exe
    C:\PVSW\Bin\w3dbsmgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\henri\AppData\Local\Temp\RtkBtMnt.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe

    ################## [ Processus infectieux stoppés ]

    "C:\Windows\System32\wintems.exe" (4220)

    ################## [ Fichiers / Dossiers infectieux ]

    Found ! C:\Windows\system32\mdelk.exe
    Found ! C:\Windows\system32\wintems.exe
    Found ! "C:\Users\henri\AppData\Roaming\drivers"
    Found ! "C:\Users\henri\AppData\Roaming\drivers\downld"
    Found ! "C:\Users\henri\AppData\Roaming\drivers\wfsintwq.sys"

    ################## [ Infected Temp Files ]

    Found ! C:\Users\henri\Local Settings\Temporary Internet Files\Content.IE5\UG2RGG88\file[1].txt

    ################## [ Registre / Clés infectieuses ]

    Found ! HKEY_USERS\S-1-5-21-1754156993-695157337-552481621-1000\Software\DateTime4
    Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa
    Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa
    Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa
    Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
    Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
    Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
    Found ! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S
    Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S
    Found ! HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S
    Found ! HKEY_CURRENT_USER\Software\DateTime4
    Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
    Found ! HKEY_USERS\S-1-5-21-1754156993-695157337-552481621-1000\Software\Microsoft\Windows\CurrentVersion\Run\\"drvsyskit"
    Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
    Found ! HKEY_USERS\S-1-5-21-1754156993-695157337-552481621-1000\Software\Microsoft\Windows\CurrentVersion\Run\\"german.exe"
    Found ! HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"
    Found ! HKEY_USERS\S-1-5-21-1754156993-695157337-552481621-1000\Software\Microsoft\Windows\CurrentVersion\Run\\"mule_st_key"

    # (!) HKLM\SYSTEM\...\Services\srosa -> Start = 0x1

    ################## [ Recherche dans supports amovibles]

    ################## [ Registre / Mountpoints2 ]

    # -> Not found !

    ################## [ ! Fin du rapport # FindyKill V4.728 ! ]
    0
  13. V-X
     
    Re,

    Ne fait pas combofix.

    Findykill de chiquitine29 option 2:

    ▶ Branche tes disques amovibles à ton PC ( (clefs USB, disque dur externe, etc...) sans les ouvrir

    ▶ Double-clique sur le raccourci FindyKill sur ton bureau

    ▶ Au menu principal, choisisl'option 2 (Suppression)

    /!\ Il y aura 1 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\

    ▶ Ensuite, poste le rapport FindyKill.txt

    Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.

    Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
    0
  14. lilou
     
    je n ai pas de rapport et ça fait 5 mn que le pc a redemarrer
    0
  15. V-X
     
    Re,

    le rapport FindyKill.txt est sauvegardé à la racine du disque.
    0
  16. V-X
     
    Re,

    V-X, la star du X.
    chuuuuuut euhhhhhh !! , faut pas le dire....
    0
  17. Hiuto
     
    Femme sur Homme ou Homme sur Femme, c'est toi qui voit.
    0
  • 1
  • 2
  • 3
  • 4
  • 5