Sujet Précédent Sujet Suivant

Trojan dropper agent AIUB

Résolu/Fermé
Charly - 14 mai 2009 à 23:28
 stellie - 19 mai 2009 à 10:46
Bonjour,
depuis hier mon pc est infecté par un Trojan dropper agent AIUB ,disons 6 plutot ,analysé avec pc tool spyware doctor
je n'arrive pas à m'en debarrasser ,il revient a chaque demarrage ou si je prend internet explorer comme navigateur.
je n'y connais rien en informatique . Merci de m'aider

43 réponses

Réponse 1 / 43
Utilisateur anonyme
14 mai 2009 à 23:29
Salut,

Télécharge OTViewIt (de OldTimer) sur ton Bureau.

/!\ Désactive ton Antivirus,antispyware,pare-feu /!\

Double clique sur le raccourci présent sur le Bureau)

Coche la case "Scan All User"

Sous "File Age" en haut, clique sur le menu déroulant et sélectionne "90 days".

Clique sur "Run Scan"

/!\ Laisse Travailler l'outil /!\

2 rapports s'afficheront sur ton bureau OTViewIt ainsi que Extra.TxT.

Poste le rapport OTViewIt
0
Réponse 2 / 43
Charly
15 mai 2009 à 09:56
Voici le rapport .





OTViewIt logfile created on: 15/05/2009 09:49:04 - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\charles\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16830)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,35 Gb Available Physical Memory | 67,68% Memory free
4,00 Gb Paging File | 2,97 Gb Available in Paging File | 74,17% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290,09 Gb Total Space | 248,28 Gb Free Space | 85,59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-CHARLES
Current User Name: charles
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 90 Days

[color=orange]========== Processes ==========[/color]

[2006/11/02 11:45:57 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2006/11/02 11:45:21 | 00,210,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2008/04/29 11:38:56 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2009/02/09 21:22:08 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[2007/01/11 11:40:22 | 00,166,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
[2008/06/13 15:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
[2008/11/03 11:12:52 | 01,079,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
[2006/11/02 14:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2007/11/27 16:46:32 | 00,086,016 | ---- | M] (BitDefender) -- C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
[2008/11/27 12:51:19 | 01,179,648 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
[2008/09/25 11:22:05 | 01,261,568 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
[2006/11/02 11:46:02 | 00,143,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
[2006/11/02 11:45:04 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2007/03/01 16:38:48 | 04,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2007/01/11 11:40:22 | 00,232,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
[2008/09/22 19:27:27 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[2006/11/02 11:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2006/11/02 11:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2008/03/30 10:36:40 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/05/18 16:02:52 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2005/06/23 20:33:00 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
[2008/09/25 11:21:56 | 00,368,640 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
[2008/11/03 11:13:08 | 01,168,264 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
[2009/03/03 03:59:26 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
[2001/11/20 12:51:28 | 00,356,352 | ---- | M] () -- C:\Program Files\Browser Mouse\Browser Mouse\1.1\Mouse32A.exe
[2009/03/27 12:52:56 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/04/29 11:36:49 | 01,232,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
[2008/09/22 19:27:27 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[2007/05/03 15:44:10 | 01,116,728 | ---- | M] (Packard Bell BV) -- C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
[2006/11/02 14:35:32 | 00,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
[2007/08/30 11:50:42 | 00,205,480 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[2006/11/02 14:36:04 | 00,201,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2009/04/05 11:52:59 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\Users\charles\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
[2006/11/02 14:35:32 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
[2008/04/29 11:36:49 | 01,232,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
[2007/01/11 11:40:20 | 00,887,544 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
[2006/11/02 11:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2006/11/02 14:36:04 | 00,895,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2006/11/02 14:34:48 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
[2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2006/11/02 11:45:48 | 00,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2006/11/02 11:45:50 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
[2007/01/11 11:40:18 | 00,017,656 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
[2008/10/16 23:09:43 | 00,051,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2006/11/02 11:45:13 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\hh.exe
[2009/05/14 23:30:13 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\charles\Downloads\OTViewIt.exe

[color=orange]========== (O23) Win32 Services ==========[/color]

File not found -- -- (Apple Mobile Device [Auto | Running])
File not found -- -- (Bonjour Service [Auto | Running])
File not found -- -- (Boonty Games [On_Demand | Stopped])
File not found -- -- (CertPropSvc [Unknown | Running])
[2006/11/02 08:34:11 | 00,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
File not found -- -- (CLTNetCnService [Auto | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
[2006/11/02 14:36:25 | 02,089,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2008/04/29 11:46:56 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2006/11/02 14:35:28 | 00,291,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006/11/02 14:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2006/11/02 14:36:00 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
File not found -- -- (GoogleDesktopManager-061008-081103 [On_Demand | Stopped])
[2006/11/02 11:46:05 | 00,569,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpsvc.dll -- (gpsvc [Unknown | Running])
File not found -- -- (gupdate1c98aebbc2a90e6 [Auto | Stopped])
File not found -- -- (gusvc [Auto | Stopped])
File not found -- -- (IDriverT [On_Demand | Stopped])
File not found -- -- (iPod Service [On_Demand | Running])
File not found -- -- (LIVESRV [Auto | Running])
[2008/05/07 14:32:38 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2006/11/02 14:36:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
File not found -- -- (RoxMediaDB9 [On_Demand | Running])
File not found -- -- (RoxWatch9 [Auto | Running])
[2006/11/02 11:46:12 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
File not found -- -- (sdAuxService [Auto | Running])
File not found -- -- (sdCoreService [Auto | Running])
[2008/04/29 11:38:56 | 02,605,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 11:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
File not found -- -- (stllssvr [On_Demand | Stopped])
[2006/11/02 11:45:50 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2006/11/02 11:45:50 | 00,392,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
File not found -- -- (VSSERV [Auto | Running])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2006/11/02 14:34:46 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])
[2007/11/27 16:46:24 | 00,077,824 | ---- | M] (BitDefender) -- C:\Windows\System32\xcomm.dll -- (XCOMM [Auto | Running])

[color=orange]========== Driver Services ==========[/color]

[2006/11/02 11:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006/11/02 11:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006/11/02 11:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006/11/02 11:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006/11/02 11:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2006/11/02 11:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006/11/02 11:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2006/11/02 11:49:26 | 00,015,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006/11/02 10:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2006/11/02 10:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])
[2006/11/02 11:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006/11/02 11:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2008/06/12 23:48:00 | 00,271,360 | ---- | M] () -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt [Auto | Running])
[2008/09/25 11:22:06 | 00,086,792 | ---- | M] (BitDefender SRL) -- C:\Windows\System32\drivers\bdfndisf.sys -- (Bdfndisf [On_Demand | Running])
[2008/01/07 17:41:34 | 00,196,368 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Windows\System32\drivers\bdfsfltr.sys -- (bdfsfltr [On_Demand | Running])
File not found -- -- (bdftdif [System | Running])
File not found -- -- (BDSelfPr [On_Demand | Running])
[2006/11/02 10:31:12 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 10:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 10:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 10:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 10:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 10:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 10:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2006/11/02 10:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2006/11/02 10:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008/04/30 09:52:02 | 00,224,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2006/11/02 11:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2006/11/02 11:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006/11/02 10:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2006/11/02 10:31:04 | 00,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2008/04/29 11:46:56 | 00,619,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2006/11/02 09:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2006/11/02 14:34:35 | 00,132,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2006/11/02 11:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2006/11/02 11:49:58 | 00,056,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2006/11/02 10:32:55 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2006/11/02 11:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/04/29 11:35:22 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/02 10:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 10:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006/11/02 11:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006/11/02 11:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2006/11/02 11:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2008/11/03 11:12:37 | 00,040,840 | ---- | M] (PCTools Research Pty Ltd.) -- C:\Windows\System32\drivers\ikfilesec.sys -- (IKFileSec [Boot | Running])
[2008/11/03 11:12:37 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) -- C:\Windows\System32\drivers\iksysflt.sys -- (IKSysFlt [System | Running])
[2008/11/03 11:12:38 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) -- C:\Windows\System32\drivers\iksyssec.sys -- (IKSysSec [System | Running])
[2007/03/01 17:21:10 | 01,744,928 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
[2006/11/02 10:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2006/11/02 11:51:12 | 00,168,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 11:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 11:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2006/11/02 10:51:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [Disabled | Stopped])
[2008/06/12 23:47:59 | 00,018,048 | ---- | M] () -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt [Auto | Running])
[2006/11/02 10:56:49 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006/11/02 11:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006/11/02 11:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006/11/02 11:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2006/11/02 10:33:07 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2006/11/02 11:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2008/04/29 11:44:27 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2006/11/02 11:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2008/04/29 11:43:18 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 11:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2008/08/26 03:11:59 | 00,211,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2008/04/29 11:35:10 | 00,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2006/11/02 11:49:44 | 00,023,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006/11/02 11:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2006/11/02 11:49:20 | 00,013,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2006/11/02 11:51:09 | 00,160,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2008/04/29 11:42:27 | 00,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Stopped])
[2006/11/02 11:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2006/11/02 10:57:30 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/11/02 09:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2007/09/12 05:28:00 | 07,623,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2006/11/02 11:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2006/11/02 11:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2006/11/02 11:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2006/12/05 12:34:42 | 00,507,136 | ---- | M] (PixArt Imaging Inc.) -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207 [On_Demand | Stopped])
[2006/11/02 11:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2008/04/29 11:46:56 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2008/02/23 04:38:33 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2006/11/02 11:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 11:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2006/11/02 14:34:31 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2006/11/02 11:02:01 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2006/11/02 10:56:49 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2006/11/02 09:30:56 | 00,047,104 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
[2006/11/02 11:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2006/11/30 16:13:56 | 00,061,536 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\se45bus.sys -- (se45bus [On_Demand | Stopped])
[2006/11/30 16:14:04 | 00,009,360 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\se45mdfl.sys -- (se45mdfl [On_Demand | Stopped])
[2006/11/30 16:14:04 | 00,097,088 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\se45mdm.sys -- (se45mdm [On_Demand | Stopped])
[2006/11/30 16:12:26 | 00,061,536 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\se57bus.sys -- (se57bus [On_Demand | Stopped])
[2006/11/30 16:12:32 | 00,009,360 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\se57mdfl.sys -- (se57mdfl [On_Demand | Stopped])
[2006/11/30 16:12:32 | 00,097,088 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\se57mdm.sys -- (se57mdm [On_Demand | Stopped])
[2006/11/30 16:12:38 | 00,088,624 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\se57mgmt.sys -- (se57mgmt [On_Demand | Stopped])
[2006/11/30 16:12:38 | 00,018,704 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\se57nd5.sys -- (se57nd5 [On_Demand | Stopped])
[2006/11/30 16:12:42 | 00,086,432 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\se57obex.sys -- (se57obex [On_Demand | Stopped])
[2006/11/30 16:12:48 | 00,090,800 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\se57unic.sys -- (se57unic [On_Demand | Stopped])
[2006/09/05 20:07:00 | 00,061,536 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\se59bus.sys -- (se59bus [On_Demand | Stopped])
[2006/09/05 20:07:48 | 00,009,360 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\se59mdfl.sys -- (se59mdfl [On_Demand | Stopped])
[2006/09/05 20:07:52 | 00,097,088 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\se59mdm.sys -- (se59mdm [On_Demand | Stopped])
[2006/09/05 20:08:40 | 00,088,624 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\se59mgmt.sys -- (se59mgmt [On_Demand | Stopped])
[2006/09/05 20:06:28 | 00,018,704 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\se59nd5.sys -- (se59nd5 [On_Demand | Stopped])
[2006/09/05 20:09:26 | 00,086,432 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\se59obex.sys -- (se59obex [On_Demand | Stopped])
[2006/09/05 20:06:22 | 00,090,800 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\se59unic.sys -- (se59unic [On_Demand | Stopped])
[2006/11/02 08:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008/04/30 09:51:59 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2007/07/06 22:55:46 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2007/07/06 22:55:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2007/07/06 22:55:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2006/11/02 11:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006/11/02 11:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2006/11/02 10:57:10 | 00,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2006/11/02 11:49:35 | 00,018,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2008/04/29 11:35:10 | 00,130,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2008/04/29 11:35:10 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2005/08/30 02:47:38 | 00,058,320 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus [On_Demand | Stopped])
[2005/08/30 02:49:34 | 00,008,336 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\ssm_mdfl.sys -- (ssm_mdfl [On_Demand | Stopped])
[2005/08/30 02:49:38 | 00,094,000 | ---- | M] (MCCI) -- C:\Windows\System32\drivers\ssm_mdm.sys -- (ssm_mdm [On_Demand | Stopped])
[2006/11/02 11:14:19 | 00,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\serscan.sys -- (StillCam [On_Demand | Running])
[2006/11/02 11:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2006/11/02 11:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 11:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2006/11/02 10:57:47 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2006/11/02 10:57:35 | 00,068,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2006/11/02 11:02:07 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Running])
[2008/04/29 11:43:17 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2008/04/29 11:43:17 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2006/11/02 11:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [Boot | Running])
[2006/11/02 11:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006/11/02 11:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 11:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006/11/02 11:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2006/11/02 10:55:24 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2006/11/02 10:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2001/05/07 12:56:02 | 00,019,805 | ---- | M] (Thesycon GmbH, Germany) -- C:\Windows\System32\drivers\usbio.sys -- (USBIO [On_Demand | Stopped])
[2006/11/02 10:53:56 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006/11/02 10:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2008/04/29 11:42:28 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Boot | Running])
[2006/11/02 11:50:24 | 00,050,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2006/11/02 11:51:30 | 00,290,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2006/11/02 11:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 10:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006/11/02 11:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008/04/30 09:52:00 | 00,495,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2006/11/02 10:35:03 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [Disabled | Stopped])
[2006/11/02 10:58:26 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])
File not found -- -- (X4HSX32Ex [Auto | Running])

[color=orange]========== (R ) Internet Explorer ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=https://www.msn.com/fr-fr/?ocid=iehp
"Default_Search_URL"=https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
"Security Risk Page"=about:SecurityRisk
"Start Page"=https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=https://www.google.com/?gws_rd=ssl
"Start Page"=https://www.google.fr/?gws_rd=ssl
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1967679314-696530962-786977126-1002\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=https://www.google.com/?gws_rd=ssl
"Start Page"=https://www.google.fr/?gws_rd=ssl
"StartPageCache"=

[HKEY_USERS\S-1-5-21-1967679314-696530962-786977126-1002\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/keyword/%s

[HKEY_USERS\S-1-5-21-1967679314-696530962-786977126-1002\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1967679314-696530962-786977126-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[color=orange]========== (O1) Hosts File ==========[/color]

HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost

[color=orange]========== (O2) BHO's ==========[/color]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Programmes\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll File not found
{64F56FC1-1272-44CD-BA6E-39723696E350} (HKLM) -- C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Programmes\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- C:\Programmes\Google\Google Toolbar\GoogleToolbar.dll File not found
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Programmes\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll File not found
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (HKLM) -- C:\Programmes\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
{CA6319C0-31B7-401E-A518-A07C3DB8F777} (HKLM) -- C:\Programmes\Google\Google_BAE\BAE.dll File not found
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Programmes\Java\jre6\bin\jp2ssv.dll File not found

[color=orange]========== (O3) Toolbars ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- C:\Programmes\Google\Google Toolbar\GoogleToolbar.dll File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{381FFDE8-2394-4f90-B10D-FC6124A40F8C}" (HKLM) -- C:\Programmes\BitDefender\BitDefender 2008\IEToolbar.dll File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Programmes\Google\Google Toolbar\GoogleToolbar.dll File not found

[HKEY_USERS\S-1-5-21-1967679314-696530962-786977126-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- C:\Programmes\Google\Google Toolbar\GoogleToolbar.dll File not found

[color=orange]========== (O4) Run Keys ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" File not found
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" File not found
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" File not found
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" File not found
"EoEngine"= File not found
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup File not found
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" File not found
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" File not found
"LWBMOUSE"=C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE File not found
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"NvSvc"=RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart (NVIDIA Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime File not found
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" File not found
"RtHDVCpl"=RtHDVCpl.exe (Realtek Semiconductor)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" File not found
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot File not found
"toolbar_eula_launcher"=C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe File not found
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"isqseay"="c:\users\charles\appdata\local\isqseay.exe" isqseay File not found
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler File not found
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun File not found
"SmpcSys"=C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe File not found
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OrangePlayer"=c:\program files\orange\player orange\Orange Player.exe /systray File not found
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OrangePlayer"=c:\program files\orange\player orange\Orange Player.exe /systray File not found
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OrangePlayer"=c:\program files\orange\player orange\Orange Player.exe /systray File not found
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem File not found
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OrangePlayer"=c:\program files\orange\player orange\Orange Player.exe /systray File not found
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem File not found
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1967679314-696530962-786977126-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"isqseay"="c:\users\charles\appdata\local\isqseay.exe" isqseay File not found
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler File not found
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun File not found
"SmpcSys"=C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe File not found
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe File not found

[color=orange]========== (O6 & O7) Current Version Policies ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=95 00 00 00 [binary data]

[HKEY_USERS\S-1-5-21-1967679314-696530962-786977126-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=95 00 00 00 [binary data]

[color=orange]========== (O9) IE Extensions ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{85d1f590-48f4-11d9-9669-0800200c9a66}: Menu: Uninstall BitDefender Online Scanner v8 -- %SystemRoot%\bdoscandel.exe [2006/05/25 01:22:06 | 00,053,248 | ---- | M] ()

[color=orange]========== (O12) Internet Explorer Plugins ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

[color=orange]========== (O13) Default Prefixes ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[color=orange]========== (O15) Trusted Sites ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
6 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
GD: ":Range"=127.0.0.1 -- http in Intranet local |

[HKEY_USERS\S-1-5-21-1967679314-696530962-786977126-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
6 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1967679314-696530962-786977126-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
GD: ":Range"=127.0.0.1 -- http in Intranet local |

[color=orange]========== (O16) DPF ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab -- Windows Genuine Advantage Validation Tool
{193C772A-87BE-4B19-A7BB-445B226FE9A1}: http://downloads.ewido.net/ewidoOnlineScan.cab -- ewidoOnlineScan Control
{4C39376E-FA9D-4349-BACC-D305C1750EF3}: http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab -- EPUImageControl Class
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab -- BDSCANONLINE Control
{6A060448-60F9-11D5-A6CD-0002B31F7455}: -- ExentInf Class
{7F8C8173-AD80-4807-AA75-5672F22B4582}: http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab -- ICSScanner Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab -- Java Plug-in 1.6.0_13
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{9122D757-5A4F-4768-82C5-B4171D8556A7}: http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab -- PhotoPickConvert Class
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}: http://ax.emsisoft.com/asquared.cab -- a-squared Scanner
{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}: http://game08.zylom.com/activex/zylomgamesplayer.cab -- Zylom Games Player
{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB}: http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab -- EPUImageControl Class
{C237A80A-4C55-4C68-BAA9-CBE4408D12B2}: http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab -- F-Secure Online Scanner 4.0 Launcher
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab -- Java Plug-in 1.6.0_06
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab -- Java Plug-in 1.6.0_13
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab -- Java Plug-in 1.6.0_13
{D0C0F75C-683A-4390-A791-1ACFD5599AB8}: http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab -- Oberon Flash Game Host

[color=orange]========== (O17) DNS Name Servers ==========[/color]

{0100E242-C00F-48E4-8BBA-A9ED023FF29D} (Servers: | Description: Sony Ericsson Device 089 USB Ethernet Emulation (NDIS 5))
{A9AFE3A1-B1A9-4573-AEB4-37C28E7B1549} (Servers: | Description: Carte réseau Fast Ethernet Realtek RTL8139/810x Family)
{CB44C17E-09D9-4F6E-AD18-7E9A8809A8E0} (Servers: | Description: Sony Ericsson Device 087 USB Ethernet Emulation (NDIS 5))

[color=orange]========== (O20) AppInit_DLLs ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
>File not found -- C:\Programmes\Google\Google Desktop Search\GoogleDesktopNetwork3.dll

[color=orange]========== HKLM *SecurityProviders* ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2006/11/02 11:46:03 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

[color=orange]========== LSA *Security Packages* ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2006/11/02 11:46:13 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

[color=orange]========== Safeboot Options ==========[/color]

"AlternateShell"=cmd.exe

[color=orange]========== CDRom AutoRun Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

[color=orange]========== Autorun Files on Drives ==========[/color]

autoexec.bat [REM Dummy file for NTVDM | ]
[2006/09/18 23:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

[color=orange]========== Files/Folders - Created Within 90 Days ==========[/color]

[2009/05/14 23:35:18 | 00,000,856 | ---- | C] () -- C:\Users\charles\Desktop\OTViewIt - Raccourci.lnk
[2009/05/13 14:17:42 | 00,000,000 | ---D | C] -- C:\Users\charles\Desktop\MSNFix
@Alternate Data Stream - 76 bytes -> C:\Users\charles\Desktop\MSNFix:Roxio EMC Stream
[2009/05/13 11:58:40 | 00,455,680 | ---- | C] () -- C:\Users\charles\Desktop\ToolsCleaner2.exe
[2009/05/06 19:40:31 | 00,000,000 | ---D | C] -- C:\Users\charles\Documents\Mes fichiers reçus
@Alternate Data Stream - 76 bytes -> C:\Users\charles\Documents\Mes fichiers reçus:Roxio EMC Stream
[2009/05/06 16:55:26 | 00,000,000 | ---D | C] -- C:\Users\charles\Documents\Programme d'installation
@Alternate Data Stream - 76 bytes -> C:\Users\charles\Documents\Programme d'installation:Roxio EMC Stream
[2009/05/06 16:49:26 | 00,000,000 | ---D | C] -- C:\Users\charles\Documents\Equipes divers
@Alternate Data Stream - 76 bytes -> C:\Users\charles\Documents\Equipes divers:Roxio EMC Stream
[2009/05/06 16:47:23 | 00,000,000 | ---D | C] -- C:\Users\charles\Documents\Caen A.S.M
@Alternate Data Stream - 76 bytes -> C:\Users\charles\Documents\Caen A.S.M:Roxio EMC Stream
[2009/05/06 16:43:26 | 00,000,000 | ---D | C] -- C:\Users\charles\Documents\A.S Cannes
@Alternate Data Stream - 76 bytes -> C:\Users\charles\Documents\A.S Cannes:Roxio EMC Stream
[2009/05/02 18:57:52 | 00,000,000 | ---D | C] -- C:\Users\charles\Documents\Aix En Provence AS
@Alternate Data Stream - 76 bytes -> C:\Users\charles\Documents\Aix En Provence AS:Roxio EMC Stream
[2009/05/02 12:46:57 | 00,000,000 | ---D | C] -- C:\Users\charles\Documents\Mulhouse
@Alternate Data Stream - 76 bytes -> C:\Users\charles\Documents\Mulhouse:Roxio EMC Stream
[2009/05/02 12:31:12 | 00,021,686 | ---- | C] () -- C:\Users\charles\Documents\pr_Lullaby.dcf
[2009/05/02 12:31:07 | 00,020,662 | ---- | C] () -- C:\Users\charles\Documents\pr_Just_like_heaven.dcf
[2009/05/02 12:30:58 | 00,022,470 | ---- | C] () -- C:\Users\charles\Documents\pr_Inbetween_days.dcf
[2009/05/02 12:30:50 | 00,018,870 | ---- | C] () -- C:\Users\charles\Documents\pr_A_forest.dcf
[2009/05/02 12:30:40 | 00,144,132 | ---- | C] () -- C:\Users\charles\Documents\A_forest.fl
[2009/05/02 12:30:22 | 05,937,467 | ---- | C] () -- C:\Users\charles\Documents\01 Sound Of Freedom Feat. Gary Pine.mp3
@Alternate Data Stream - 76 bytes -> C:\Users\charles\Documents\01 Sound Of Freedom Feat. Gary Pine.mp3:Roxio EMC Stream
[2009/05/01 23:45:13 | 00,000,849 | ---- | C] () -- C:\Users\charles\Desktop\Virtual DJ Trial.lnk
[2009/05/01 23:45:07 | 00,000,000 | ---D | C] -- C:\Users\charles\Documents\VirtualDJ
@Alternate Data Stream - 76 bytes -> C:\Users\charles\Documents\VirtualDJ:Roxio EMC Stream
[2009/05/01 23:45:07 | 00,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2009/04/28 19:42:14 | 00,102,743 | ---- | C] () -- C:\Users\charles\Documents\football Magazine de Décembre 1968 N°106 2quipe de lyon.jpg
@Alternate Data Stream - 76 bytes -> C:\Users\charles\Documents\football Magazine de Décembre 1968 N°106 2quipe de lyon.jpg:Roxio EMC Stream
[2009/04/26 11:28:46 | 00,000,763 | ---- | C] () -- C:\Users\charles\Desktop\Dofus - Raccourci.lnk
[2009/04/17 18:52:48 | 07,618,040 | ---- | C] (Mozilla) -- C:\Users\charles\Desktop\Firefox Setup 3.0.8.exe
[2009/04/16 10:22:21 | 00,500,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/04/16 10:22:21 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/04/16 10:22:15 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/04/16 10:22:14 | 03,595,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/04/16 10:22:13 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/04/16 10:22:12 | 01,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/04/16 10:22:12 | 00,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/04/16 10:22:12 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/04/16 10:22:12 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/04/16 10:22:12 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/04/16 10:22:12 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/04/16 10:22:12 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/04/16 10:22:12 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/04/16 10:22:12 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/04/16 10:22:12 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/04/16 10:22:11 | 01,830,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/04/16 10:22:11 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/04/16 10:22:11 | 00,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/04/16 10:22:11 | 00,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/04/16 10:22:11 | 00,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/04/16 10:22:11 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/04/16 10:22:11 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/04/16 10:22:11 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/04/16 10:22:11 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/04/16 10:22:11 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/04/16 10:22:11 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/04/16 10:22:11 | 00,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/04/16 10:22:11 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/04/16 10:22:10 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/04/16 10:22:10 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/04/16 10:22:10 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/04/16 10:22:10 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/04/16 10:22:01 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/04/16 10:21:50 | 00,549,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/04/16 10:21:49 | 03,503,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/04/16 10:21:49 | 03,469,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/04/16 10:21:48 | 00,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/04/16 10:21:48 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/04/16 10:21:48 | 00,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/04/16 10:21:48 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/04/16 10:21:48 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/04/16 10:21:48 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/04/16 10:21:42 | 01,233,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/04/16 10:21:42 | 00,875,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/04/16 10:21:41 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/04/16 10:21:40 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/04/16 10:21:40 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/04/16 10:21:40 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/04/07 13:48:49 | 00,000,000 | ---D | C] -- C:\Program Files\Dofus
[2009/04/06 17:58:25 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/04/
0
Réponse 3 / 43
Utilisateur anonyme
15 mai 2009 à 10:16
Re,

Utilisateurs de Windows Vista :

* Afin que Navilog1 puisse fonctionner correctement, il est recommandé de désactiver l'UAC pendant l'utilisation de Navilog1 (Installation, Utilisation). N'oubliez pas dès l'utilisation de Navilog1 terminé à réactiver l'UAC sur votre Ordinateur.
comment faire pour désactiver l'UAC

* A chaque fois que vous êtes amené à exécuter Navilog1.bat ou Navilog1.exe pour l'installation, ne double-cliquez pas sur le fichier ou raccourci mais faites un clic droit dessus et dans le menu contextuel choisssez "Exécuter en tant qu'administrateur".

▶ Installe NAVILOG1

Remarque concernant la détection de Navilog1 par certains programmes de sécurités :

▶ Certains fichiers de Navilog1.exe peuvent être considérés comme dangereux et donc supprimés ou neutralisés par certains programmes de sécurités. Ce sont des faux positifs et dans certains cas, vous serez amener à désactiver votre protection le temps du téléchargement/utilisation de Navilog1.
/ !\ Déconnecte toi du net et désactive ton antivirus et antispyware résident pour que Navilog1 puisse s'exécuter normalement. / !\


Le lancement de l'installation de Navilog1 se fait en exécutant Navilog1.exe

(Si vous avez téléchargé navilog1.zip, Veuillez auparavant décompresser ce fichier)

Une fois l'installation terminé, pour lancer le fix :

- en utilisant le raccourci crée sur le bureau : Navilog1

- Via le poste de travail, en exécutant le fichier Navilog1.bat se trouvant dans %program files%Navilog1

Après le choix de la langue et les messages d'avertissement, le menu s'affiche.

Faite le choix 1

Effectue la vérification du système à la recherche de l'adware. Un scan avec catchme de GMER est également éffectué pour Windows XP. Cette analyse peut durer une dizaine de minutes. Patientez alors jusqu'au message «Analyse terminée le ....». Appuyez sur une touche comme demandé et le bloc note va souvrir , Enregistrez-le sur votre disque. Puis Ouvrez-le et Copiez-Collez l'intégralité de ce rapport sur le forum qui vous l'auras demandé.

(si le bloc-note ne s'ouvre pas : Rendez-vous dans votre poste de travail, à la racine du disque C vous trouverez le rapport sous le nom de fixnavi.txt)

Attention : Ne lancez-pas la partie désinfection (choix 2, 3 ou 4) sans l'avis/accord express de l'Helper qui vous as pris en charge sur le forum d'aide ou vous aurez exposer votre problème.

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Charly
15 mai 2009 à 10:27
J'ai redemarré le pc et Je viens de refaire un antispyware et il ne trouve plus rien .
Dois-je faire quand meme Navilog1 .
c'est un peu compliqué pour moi tout ça
Merci
0
Réponse 4 / 43
Utilisateur anonyme
15 mai 2009 à 11:01
Re,

OUi fait na&vilog 1 et tu clic droit sur l'icone de "Navilog1" et "exécute en tant qu'administrateur".

poste moi le rapport.

merci
0
Charly
15 mai 2009 à 11:40
Re

Je dois vraiment me deconnecter d'internet ? car pour cela je dois debrancher ma livebox et apres l'analyse j'ai un peu peur de ne plus pouvoir me reconnecter au net
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 43
Utilisateur anonyme
15 mai 2009 à 11:42
Re,

Tu fermes toutes tes fenêtres ouvertes si ???

Désactive ton antivirus et antispyware.
0
Réponse 6 / 43
Charly
15 mai 2009 à 16:48
Re
J'ai fait Navilog1 ,mais est-ce normal qu'il continue a scanner plus de 2 heures comme s'il etait bloqué .
donc je l'ai arrété ,mais j'ai trouvé un rapport de navilog1 , le voici



Search Navipromo version 3.7.7 commencé le 15/05/2009 à 14:18:22,98

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 12.05.2009 à 18h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU @ 2.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : charles ( Administrator )
BOOT : Normal boot

Antivirus : Bitdefender Antivirus 8.0 (Not Activated)
Firewall : Bitdefender Firewall 8.0 (Not Activated)

C:\ (Local Disk) - NTFS - Total:290 Go (Free:248 Go)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (CD or DVD)
I:\ (USB)


Recherche executé en mode normal


*** Recherche dossiers dans "C:\Windows" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***


*** Recherche dossiers dans "C:\ProgramData" ***


*** Recherche dossiers dans "c:\users\charles\appdata\roaming\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "C:\Users\charles\AppData\Local\virtualstore\Program Files" ***

...\InternetGameBox trouvé !


*** Recherche dossiers dans "C:\Users\charles\AppData\Local" ***




*** Recherche dossiers dans "C:\Users\charles\AppData\Roaming" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
0
Réponse 7 / 43
Utilisateur anonyme
15 mai 2009 à 17:38
Re,

Ton rapport n'est pas complet....

Reposte le entièrement.

merci
0
Charly
15 mai 2009 à 17:50
Re .

Navilog1 stagnait plus de 1h30 a ce niveau la . c'est moi qui l'ai arrété car cela faisait plus de 2 h qu'il scannait . Peut etre j'aurai du laisser encore plus longtemps ???? ,mais plus de 2 heures je trouvais ça bizarre ,donc j'ai stoppé mais j'ai trouvé le rapport à la racine du disque C comme c'etait indiqué dans l'explication.
Je le reposte mais je pense que ça ne changera pas



Search Navipromo version 3.7.7 commencé le 15/05/2009 à 14:18:22,98

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 12.05.2009 à 18h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU @ 2.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : charles ( Administrator )
BOOT : Normal boot

Antivirus : Bitdefender Antivirus 8.0 (Not Activated)
Firewall : Bitdefender Firewall 8.0 (Not Activated)

C:\ (Local Disk) - NTFS - Total:290 Go (Free:248 Go)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (CD or DVD)
I:\ (USB)


Recherche executé en mode normal


*** Recherche dossiers dans "C:\Windows" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***


*** Recherche dossiers dans "C:\ProgramData" ***


*** Recherche dossiers dans "c:\users\charles\appdata\roaming\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "C:\Users\charles\AppData\Local\virtualstore\Program Files" ***

...\InternetGameBox trouvé !


*** Recherche dossiers dans "C:\Users\charles\AppData\Local" ***




*** Recherche dossiers dans "C:\Users\charles\AppData\Roaming" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
0
Réponse 8 / 43
Utilisateur anonyme
15 mai 2009 à 17:51
Re,

fait sa alors:

Télécharge et installe MalwareByte's Anti-Malware
Malwarebyte

Mets le à jour

▶ Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.

▶ Sélectionne Exécuter un examen RAPIDE si ce n'est pas déjà fait

▶ clique sur Rechercher

▶ Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

Tutoriel pour MalwareByte's

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 9 / 43
Charly
15 mai 2009 à 18:01
Dois-je desactiver mon antivirus pour cela?
0
Réponse 10 / 43
Utilisateur anonyme
15 mai 2009 à 18:04
Re,

C'est comme tu le sent , mais pas obligatoire...
0
Réponse 11 / 43
Charly
15 mai 2009 à 18:27
Re

Voici le rapport .



Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2135
Windows 6.0.6000

15/05/2009 18:18:12
mbam-log-2009-05-15 (18-18-12).txt

Type de recherche: Examen rapide
Eléments examinés: 82373
Temps écoulé: 9 minute(s), 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.
0
Réponse 12 / 43
Utilisateur anonyme
15 mai 2009 à 19:33
Re,

Si tu n'as pas redémarrer ton PC redémarre le et refait navilog 1.

merci
0
Charly
15 mai 2009 à 21:00
C'est fait j'ai redemarré et refait navilog1 ,mais toujours pareil il stagne .je l'ai laissé plus d'une heure et j'ai stoppé . Est-ce que c'est normal ????? surtout qu'il est indiqué que le scan peut durer plus d'une dizaine de minutes ,la apres plus d'une heure il scanne toujours!!!!!

Voici le rapport quand meme.



Search Navipromo version 3.7.7 commencé le 15/05/2009 à 19:35:54,15

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 12.05.2009 à 18h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU @ 2.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : charles ( Administrator )
BOOT : Normal boot

Antivirus : Bitdefender Antivirus 8.0 (Not Activated)
Firewall : Bitdefender Firewall 8.0 (Not Activated)

C:\ (Local Disk) - NTFS - Total:290 Go (Free:248 Go)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (CD or DVD)
I:\ (USB)


Recherche executé en mode normal


*** Recherche dossiers dans "C:\Windows" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***


*** Recherche dossiers dans "C:\ProgramData" ***


*** Recherche dossiers dans "c:\users\charles\appdata\roaming\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "C:\Users\charles\AppData\Local\virtualstore\Program Files" ***

...\InternetGameBox trouvé !


*** Recherche dossiers dans "C:\Users\charles\AppData\Local" ***




*** Recherche dossiers dans "C:\Users\charles\AppData\Roaming" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
0
Réponse 13 / 43
Utilisateur anonyme
15 mai 2009 à 21:01
Re,

Désinstalle navilog1.

▶ Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :


/!\ Déconnectes toi et fermes toutes applications en cours/!\

● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
Réponse 14 / 43
Charly
15 mai 2009 à 21:55
Re
Voila le rapport.



------- LOGFILE OF AD-REMOVER 1.1.3.8 | ONLY XP/VISTA -------

Updated by C_XX on 15/05/2009 at 13:30
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

Start at: 21:33:50, 15/05/2009 | Boot mode: Normal Boot
Option: Scan | Executed from: C:\Program Files\Ad-remover\
Operating System: Microsoft® Windows Vista Home Premium V6.0.6000
Computer Name: PC-DE-CHARLES
Current User: charles - Administrator
Drive(s):
- C:\ (File System: NTFS)


============ Known Adwares Found ============

.
.
C:\Users\charles\AppData\Local\Temp\nsp5F8E.tmp

+-----------------| Eorezo Elements Found:

HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\EoRezoBHO.EoBho
HKLM\Software\Classes\EoRezoBHO.EoBho.1
HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKU\S-1-5-21-1967679314-696530962-786977126-1002\Software\Eorezo
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
.
C:\Users\charles\AppData\Roaming\EoRezo

+-----------------| It's TV Elements Found:

.

+-----------------| Sweetim Elements Found:

.

+-----------------| Added Scan:

---- Mozilla FireFox Version 3.0.10 ----

ProfilePath: cu1snq6h.default (charles)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Google");
(Prefs.js) user_pref("browser.search.selectedEngine", "Live Search");
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.google.fr/webhp?hl=fr");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.10");
.

---- Internet Explorer Version 7.0.6000.16830 ----

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start Page: hxxp://www.google.fr/

[HKEY_USERS\S-1-5-21-1967679314-696530962-786977126-1002\..\Internet Explorer\Main]

Default_Page_URL: hxxp://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start Page: hxxp://www.google.fr/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.cooxer.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://www.lo.st/?tabs

=========== Suspicious ==========

C:\Users\charles\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\charles\.housecall6.6\patch.exe
[218736 Byte(s)|--a------|19/06/2008 10:58|HashMD5: b9a80ba0083fb8196f8ca0bef053ea4e |CRC32: 12c79c8b]


+---------------------------------------------------------------------------+

3560 Byte(s) - C:\Ad-Report-Scan-15.05.2009.log

1 File(s) - C:\Program Files\Ad-remover\BACKUP
0 File(s) - C:\Program Files\Ad-remover\QUARANTINE

End at: 21:41:30 | 15/05/2009
.
+-----------------| E.O.F
.
0
Réponse 15 / 43
Utilisateur anonyme
15 mai 2009 à 22:16
Re,

!Déconnectes toi et fermes toutes applications en cours !

● Relances "Ad-remover" : au menu principal choisi l'option "B" .

● Coche à l'écran de sélèction ( http://sd-1.archive-host.com/membres/up/16506160323759868/Capturer-ADR.JPG ) :


1 - Suppression Adwares connus
2 - Suppression Eorezo



● Puis choisi "S" , le programme va travailler,

● Postes le rapport qui apparait à la fin.

( le rapport est sauvegardé sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

/!\Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides)
0
Réponse 16 / 43
Charly
15 mai 2009 à 22:46
Re,





------- LOGFILE OF AD-REMOVER 1.1.3.8 | ONLY XP/VISTA -------

Updated by C_XX on 15/05/2009 at 13:30
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

**** LIMITED TO ****

Known Adwares
Eorezo

********************

Start at: 22:26:58, 15/05/2009 | Boot mode: Normal Boot
Option: Clean | Executed from: C:\Program Files\Ad-remover\
Operating System: Microsoft® Windows Vista Home Premium V6.0.6000
Computer Name: PC-DE-CHARLES
Current User: charles - Administrator
Drive(s):
- C:\ (File System: NTFS)


(!) -- IE start pages/Tabs reset

============ Known Adwares Deleted ============

.
.
C:\Users\charles\AppData\Local\Temp\nsp5F8E.tmp

+-----------------| Eorezo Elements Deleted :

HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
.
C:\Users\charles\AppData\Roaming\EoRezo

(!) -- Temp files deleted.
(!) -- Recycle bin emptied in all drives.



+-----------------| Added Scan:

---- Mozilla FireFox Version 3.0.10 ----

ProfilePath: cu1snq6h.default (charles)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Google");
(Prefs.js) user_pref("browser.search.selectedEngine", "Live Search");
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.google.fr/webhp?hl=fr");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.10");
.

+---------------------------------------------------------------------------+

2030 Byte(s) - C:\Ad-Report-Clean-15.05.2009.log
3777 Byte(s) - C:\Ad-Report-Scan-15.05.2009.log

20 File(s) - C:\Program Files\Ad-remover\BACKUP
0 File(s) - C:\Program Files\Ad-remover\QUARANTINE

End at: 22:35:37 | 15/05/2009
.
+-----------------| E.O.F
.
0
Réponse 17 / 43
Utilisateur anonyme
16 mai 2009 à 01:13
Re,

Dans l'ordre:

▶ Télécharge hijackthis

▶ Enregistre la cible sous .... "le bureau"

▶ Fais un double-clic sur "HJTInstall.exe" afin de lancer l'installation

▶ Clique sur Install ensuite sur "I Accept"

▶ Clique sur" Do a scan system and save log file"

▶ Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

▶ Tuto hijackthis(Merci à Balltrap34)
0
Réponse 18 / 43
Charly
16 mai 2009 à 12:33
Re,



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:08, on 16/05/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.1\Mouse32A.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\charles\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [isqseay] "c:\users\charles\appdata\local\isqseay.exe" isqseay
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [OrangePlayer] c:\program files\orange\player orange\Orange Player.exe /systray (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [OrangePlayer] c:\program files\orange\player orange\Orange Player.exe /systray (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OrangePlayer] c:\program files\orange\player orange\Orange Player.exe /systray (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\charles\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O13 - Gopher Prefix:
O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} (F-Secure Online Scanner 4.0 Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c98aebbc2a90e6) (gupdate1c98aebbc2a90e6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
0
Réponse 19 / 43
Utilisateur anonyme
16 mai 2009 à 23:15
Re,

▶ Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.

▶ Double clique sur RSIT.exe pour lancer l'outil.

▶ Clique sur ' continue ' à l'écran Disclaimer.

Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports séparément.
( log.txt & info.txt )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 20 / 43
charly
17 mai 2009 à 11:35
Bonjour,

Il n'y a qu'un rapport qui s'affiche



Logfile of random's system information tool 1.06 (written by random/random)
Run by charles at 2009-05-17 11:30:42
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 255 GB (86%) free of 297 GB
Total RAM: 2046 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:49, on 17/05/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.1\Mouse32A.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\charles\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\charles\Downloads\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\charles.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [isqseay] "c:\users\charles\appdata\local\isqseay.exe" isqseay
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [OrangePlayer] c:\program files\orange\player orange\Orange Player.exe /systray (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [OrangePlayer] c:\program files\orange\player orange\Orange Player.exe /systray (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OrangePlayer] c:\program files\orange\player orange\Orange Player.exe /systray (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\charles\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O13 - Gopher Prefix:
O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} (F-Secure Online Scanner 4.0 Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c98aebbc2a90e6) (gupdate1c98aebbc2a90e6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
0

Discussions similaires

qu'est ce qu'un "trojan agent/gen" ? svp
Saber03 -
jacques.gache -

33 réponses
QuickShare c'est quoi ce truc
edelweiss2604 -
edelweiss2604 -

41 réponses
Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
Boucle sur la première diapositive d'une présentation
ND83 -
ndubau -

3 réponses
Market feedback agent s'est arrêté. Toutes mes messageries sont bloquées ainsi t
Val -
Utilisateur anonyme -

1 réponse