Virus puis ad-remover

[Résolu/Fermé]
Signaler
-
 Utilisateur anonyme -
Bonjour,
voila le rapport ad-remover




======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 13:03:45, 09/07/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: COLIN-DOSSMANN | Utilisateur actuel: JULIEN
.
Administrateur: Administrateur
N'est pas administrateur: ASPNET
N'est pas administrateur: ED
N'est pas administrateur: HelpAssistant *Desactive*
N'est pas administrateur: Invité
Administrateur: JULIEN
Administrateur: Principal
N'est pas administrateur: SUPPORT_388945a0 *Desactive*
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
HKCU\Software\EoRezo
HKLM\Software\EoRezo
HKLM\Software\Microsoft\shared tools\msconfig\startupreg\EoWeather
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sof­twareUpdate_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine­
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Software­helper
.
C:\DOCUME~1\JULIEN\APPLIC~1\EoRezo\ConfMedia.cyp
C:\DOCUME~1\JULIEN\APPLIC~1\EoRezo\db
C:\DOCUME~1\JULIEN\APPLIC~1\EoRezo\eoDesktop
C:\DOCUME~1\JULIEN\APPLIC~1\EoRezo\eoStats
C:\DOCUME~1\JULIEN\APPLIC~1\EoRezo\host.cyp
C:\DOCUME~1\JULIEN\APPLIC~1\EoRezo\user.cyp
C:\DOCUME~1\JULIEN\APPLIC~1\EoRezo\eoDesktop\config.xml
C:\DOCUME~1\JULIEN\APPLIC~1\EoRezo\eoDesktop\eoDesktop.html
C:\DOCUME~1\JULIEN\APPLIC~1\EoRezo\eoDesktop\userConfig.xml
C:\DOCUME~1\JULIEN\APPLIC~1\EoRezo\eoStats\eoStats.txt
C:\DOCUME~1\JULIEN\APPLIC~1\EoRezo
C:\Documents and Settings\ED\Application Data\Eorezo\ConfMedia.cyp
C:\Documents and Settings\ED\Application Data\Eorezo\db
C:\Documents and Settings\ED\Application Data\Eorezo\eoDesktop
C:\Documents and Settings\ED\Application Data\Eorezo\host.cyp
C:\Documents and Settings\ED\Application Data\Eorezo\user.cyp
C:\Documents and Settings\ED\Application Data\Eorezo\eoDesktop\config.xml
C:\Documents and Settings\ED\Application Data\Eorezo\eoDesktop\eoDesktop.html
C:\Documents and Settings\ED\Application Data\Eorezo\eoDesktop\userConfig.xml
C:\Documents and Settings\ED\Application Data\Eorezo
C:\Documents and Settings\Principal\Application Data\Eorezo\cache
C:\Documents and Settings\Principal\Application Data\Eorezo\cmhost.cyp
C:\Documents and Settings\Principal\Application Data\Eorezo\ConfMedia.cyp
C:\Documents and Settings\Principal\Application Data\Eorezo\db
C:\Documents and Settings\Principal\Application Data\Eorezo\eoDesktop
C:\Documents and Settings\Principal\Application Data\Eorezo\eoStats
C:\Documents and Settings\Principal\Application Data\Eorezo\host.cyp
C:\Documents and Settings\Principal\Application Data\Eorezo\install.exe
C:\Documents and Settings\Principal\Application Data\Eorezo\SoftwareUpdate
C:\Documents and Settings\Principal\Application Data\Eorezo\user.cyp
C:\Documents and Settings\Principal\Application Data\Eorezo\eoDesktop\config.xml
C:\Documents and Settings\Principal\Application Data\Eorezo\eoDesktop\eoDesktop.html
C:\Documents and Settings\Principal\Application Data\Eorezo\eoDesktop\userConfig.xml
C:\Documents and Settings\Principal\Application Data\Eorezo\eoStats\eoStats.txt
C:\Documents and Settings\Principal\Application Data\Eorezo\SoftwareUpdate\Download
C:\Documents and Settings\Principal\Application Data\Eorezo\SoftwareUpdate\help_config.cyp
C:\Documents and Settings\Principal\Application Data\Eorezo\SoftwareUpdate\Software
C:\Documents and Settings\Principal\Application Data\Eorezo\SoftwareUpdate\SoftwareUpdate.exe
C:\Documents and Settings\Principal\Application Data\Eorezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Documents and Settings\Principal\Application Data\Eorezo\SoftwareUpdate\unins000.dat
C:\Documents and Settings\Principal\Application Data\Eorezo\SoftwareUpdate\unins000.exe
C:\Documents and Settings\Principal\Application Data\Eorezo\SoftwareUpdate\user_config.cyp
C:\Documents and Settings\Principal\Application Data\Eorezo\SoftwareUpdate\user_profil.cyp
C:\Documents and Settings\Principal\Application Data\Eorezo\SoftwareUpdate\Software\itsTV
C:\Documents and Settings\Principal\Application Data\Eorezo\SoftwareUpdate\Software\itsTV\3.0.0.9
C:\Documents and Settings\Principal\Application Data\Eorezo\SoftwareUpdate\Software\itsTV\3.0.1.0
C:\Documents and Settings\Principal\Application Data\Eorezo\SoftwareUpdate\Software\itsTV\3.0.1.0\itstv.exe
C:\Documents and Settings\Principal\Application Data\Eorezo
C:\WINDOWS\Prefetch\SOFTWAREUPDATEHP.EXE-3A3240AA.pf
C:\DOCUME~1\JULIEN\Cookies\julien@ads.eorezo[2].txt
C:\DOCUME~1\JULIEN\Cookies\julien@eorezo[2].txt
C:\Documents and Settings\ED\Cookies\ed@eorezo[2].txt
C:\Documents and Settings\ED\Cookies\ed@partypoker[2].txt
C:\Documents and Settings\Principal\Cookies\principal@ads.eorezo[2].txt
C:\Documents and Settings\Principal\Cookies\principal@eorezo[1].txt

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.

* Mozilla FireFox Version 3.0.11 *

Nom du profil: 6acad0m6.default (JULIEN)
.
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.google.fr");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.11");
.
.

* Internet Explorer Version 7.0.5730.11 *

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchAssistant: hxxp://search.imesh.com/sidebar.html?src=ssb
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://search.imesh.com/sidebar.html?src=ssb
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

============== Suspect (Cracks, Serials ... ) ==============

.
C:\Documents and Settings\ED\Local Settings\Temp\Patch_MSN_Messenger.EXE
.
===================================
.
6612 Octet(s) - C:\Ad-Report-CLEAN.log
.
290 Fichier(s) - C:\DOCUME~1\JULIEN\LOCALS~1\Temp
837 Fichier(s) - C:\WINDOWS\Temp
.
18 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
37 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 17:05:39 | 09/07/2009
.
============== E.O.F ==============

64 réponses

Messages postés
8345
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
4 avril 2019
352
va y sans crainte
ad-remover option nettoyage
Utilisateur anonyme
Bonjour ,

@sherred ,

Tu sais lire un rapport ?

A priori NON !!

=> Lancé à: 13:03:45, 09/07/2009 | Mode Normal | Option: CLEAN

Donc il faudrait peut être lire les rapports avant de dire n'importe quoi...

Aussi un petit bonjour , salut n'a jamais tuer une personne , si les helper doivent dire bonjour ou autres toi aussi.



++
Je veux bien mais les uniques choix que j'ai sont

scanner
nettoyer
désinstaller
quitter

et la personne qui m'a dit de télécharger ad-remover (qui d'ailleurs ne me donne plus de nouvelles) m'a dit de faire nettoyer. donc je ne vais pas le refaire (surtout que y en avait pour 4h...)
Ca c'est fait!!
V-X, pourrais tu m'aider?

Re ,

J'ai demander a un helper que je connait de te reprendre ..

++
Messages postés
8345
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
4 avril 2019
352
bonjour jules964

toute mes escuses pour cette reponse , j'ai effectivement été trés rapide ,
vouloir aidé une quinzaine de personnes en meme temps entraine des erreurs,
mais l'erreur n'est elle pas humaine ?
AD-REMOVER a subit des modifications importante , dernierement ,comme beaucoup d'autres outils..
et j' ai survolé uniquement, la partie élements, le faite est qu'il parle de neutralisé et plus de supprimer
m'a induit en erreur,mais c'est ma faute
V-X si le but est de décourager les gens qui essai d'aider, je crois que tu va y arriver..
car sur le nombre de personnes que j'aide chaque jour, si une erreur si petite fait autant d'eclat..
c'est que je ne suis pas le bien venu
Bonjour,
j'accepte tes excuses sans soucis mais pour ma part, j'ai toujours des soucis!! En plus ça empire : lorsque mon amie ouvre sa cession, une fois sur deux il faut redémarrer car rien n'apparaît sur le bureau...
Messages postés
8345
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
4 avril 2019
352
je comprend mais V-X a dit qu'il faisait appel a un helper qu'il connaissait

tous ce tu peu faire pour avancer
c'est
télécharger hijackthis http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
>> enregistre la cible sous .... "le bureau" renomme HJTInstall.exe en par exemple HJT.exe

>> Fais un double-clic sur "HJT.exe" afin de lancer l'installation

>> Clique sur Install ensuite sur "I Accept"

>> Clique sur" Do a scan system and save log file"

>> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
Voici le rapport hijackthis et merci pour ton aide




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:29, on 11/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Documents and Settings\JULIEN\JULIEN.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\JULIEN\Bureau\HJTInstall.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\JULIEN\Bureau\HJTInstall.exe
C:\Documents and Settings\JULIEN\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [JULIEN] C:\Documents and Settings\JULIEN\JULIEN.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: rbadzm - rbadzm.dll (file missing)
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

bonjour : à la demande de V-X :

Télécharge OTL de OLDTimer

et enregistre le sur ton Bureau.

Double clic sur OTL.exe pour le lancer.

Coche les 2 cases Lop et Purity

Coche la case devant scan all users

Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

Clique sur Parcourir et cherche le fichier ci-dessus.

Clique sur Ouvrir.

Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

Copie ce lien dans ta réponse.

Tu feras la meme chose avec le "Extra.txt" s'il t'est demandé
Messages postés
8345
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
4 avril 2019
352
re

je vois que l'on ne s'occupe pas de toi !

relance hijackthis

coche ces lignes

O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb


et clic sur Fix checked

par contre tu n'a pas renommer hijac ??? comme je te l'ai demandé

donc desinstalle le et recommence
Messages postés
8345
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
4 avril 2019
352
oops desolé gen-hackman , je te laisse....
http://www.cijoint.fr/cjlink.php?file=cj200907/cijDDMayeX.txt

*****************************************************
************** Option 1 (Recherche) **************
*****************************************************


Télécharge FindyKill (de Chiquitine29 et C_XX) sur ton bureau :



! Déconnecte toi et ferme toutes applications en cours !

* Double clique sur "FindyKill.exe" pour lancer l'installation et laisse les paramètres d'instalation par défaut .

* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)

* Double-clique sur le raccourci FindyKill qui est sur ton bureau pour lancer l'outil .

* Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

* Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

Laisse travailler l'outil et ne touche à rien ...

--> Poste le rapport qui apparait à la fin , sur le forum ...

( le rapport est sauvegardé aussi sous C:\FindyKill.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

############################## | FindyKill V6.005 |

# User : JULIEN (Utilisateurs) # COLIN-DOSSMANN
# Update on 11/07/09 by Chiquitine29 & C_XX
# Start at: 10:47:25 | 13/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# Intel(R) Pentium(R) 4 CPU 2.93GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled
# AV : AntiVir Desktop 9.0.1.26 [ Enabled | Updated ]

# C:\ # Disque fixe local # 181,3 Go (152,85 Go free) [HDD] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\JULIEN\JULIEN.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Registre Startup |

R1 - HKCU\..\Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
R1 - HKCU\..\Main: "Search Page"="http://search.imesh.com/sidebar.html?src=ssb"
R1 - HKCU\..\Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
R1 - HKCU\..\Main: "Window Title"=""
F2 - HKLM\..\logon:"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
F2 - HKLM\..\logon:"DefaultUserName"="JULIEN"
F2 - HKLM\..\logon:"AltDefaultUserName"="JULIEN"
F2 - HKLM\..\logon:"LegalNoticeCaption"=""
F2 - HKLM\..\logon:"LegalNoticeText"=""
04 - HKLM\..\Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
04 - HKLM\..\Run: avgnt="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
04 - HKLM\..\Run: QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
04 - HKCU\..\Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
04 - HKCU\..\Run: msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
04 - HKCU\..\Run: fsm=
04 - HKCU\..\Run: QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
04 - HKCU\..\Run: MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
04 - HKCU\..\Run: JULIEN=C:\Documents and Settings\JULIEN\JULIEN.exe

################## | Fichiers # Dossiers infectieux |

Présent ! C:\Documents and Settings\JULIEN\JULIEN.exe [2ea7579894594743eef2411a2c07fdc0]

################## | C:\Documents and Settings\JULIEN\Temporary Internet Files |

Présent ! C:\DOCUME~1\JULIEN\LOCALS~1\Temp\IS52.tmp\install.exe

################## | All Drives ... |

Présent ! D:\Setup.exe [f0559465c03aa2f9545c2ea4ef2b63c6]
Présent ! D:\autorun.inf [99a4364ea246e73c92cebcaf43ec539f]
Présent ! E:\Setup.exe [f0559465c03aa2f9545c2ea4ef2b63c6]
Présent ! E:\autorun.inf [99a4364ea246e73c92cebcaf43ec539f]

################## | Registre # Clés Run infectieuses |

Présent ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "JULIEN"

################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\D
Shell\AutoRun\command =D:\autorun.exe

HKCU\..\..\Explorer\MountPoints2\E
Shell\AutoRun\command =E:\autorun.exe

HKCU\..\..\Explorer\MountPoints2\{4f3bee8f-b1bb-11d9-b42c-806d6172696f}
Shell\AutoRun\command =D:\autorun.exe

################## | Etat / Services / Informations |

# Affichage des fichiers cachés : OK
# Mode sans echec : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )


################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # FindyKill V6.005 ! |

*****************************************************
************* Option 2 (Suppression) *************
*****************************************************


! Déconnecte toi et ferme toutes application en cours ( navigateur compris ) .

* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)

* Relance "FindyKill" : au menu principal choisis l'option " F " pour français et tape sur [entrée] .

* Au second menu choisis l'option 2 (suppression) et tape sur [entrée]

* Le pc va redémarrer automatiquement ...

--> le programme va travailler , ne touche à rien ... , ton bureau ne sera pas accessible c est normal !

* Poste le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )

/!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide


OTL logfile created on: 13/07/2009 10:29:32 - Run 1
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\JULIEN\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

511,48 Mb Total Physical Memory | 263,85 Mb Available Physical Memory | 51,59% Memory free
1,22 Gb Paging File | 0,73 Gb Available in Paging File | 60,22% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 181,30 Gb Total Space | 152,85 Gb Free Space | 84,31% Space Free | Partition Type: NTFS
Drive D: | 7,67 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 7,67 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COLIN-DOSSMANN
Current User Name: JULIEN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2008/04/14 04:34:03 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/04/01 15:46:04 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/03/02 13:08:11 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/01/05 17:18:48 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/08 14:53:23 | 00,051,200 | RHS- | M] () -- C:\Documents and Settings\JULIEN\JULIEN.exe
PRC - [2009/03/02 13:09:54 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003/06/20 09:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2003/07/02 18:40:08 | 00,045,056 | ---- | M] ( ) -- C:\WINDOWS\System32\slserv.exe
PRC - [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/04/14 04:34:13 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2009/06/14 20:00:24 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/13 10:28:41 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JULIEN\Bureau\OTL.exe

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2008/04/14 04:33:18 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\6to4svc.dll -- (6to4 [Auto | Running])
SRV - [2009/04/01 15:46:04 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/03/02 13:09:54 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2004/08/12 22:10:00 | 00,516,096 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [On_Demand | Stopped])
SRV - [2008/04/14 04:33:38 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2003/06/20 09:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - [2003/12/15 02:37:12 | 02,252,800 | ---- | M] () -- c:\mysql\bin\mysqld-nt.exe -- (MysqlInventime [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 19:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2003/07/02 18:40:08 | 00,045,056 | ---- | M] ( ) -- C:\WINDOWS\System32\slserv.exe -- (SLService [Auto | Running])
SRV - [2006/11/03 10:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2001/08/17 22:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2008/04/13 20:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2001/08/17 22:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2001/08/17 22:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [2004/08/12 23:14:46 | 00,786,944 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2009/02/13 12:34:33 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2009/03/24 16:07:58 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2009/03/30 10:32:47 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2005/01/28 22:19:54 | 00,671,104 | ---- | M] (ASUSTek) -- C:\WINDOWS\System32\DRIVERS\Cap713x.sys -- (Cap713x [On_Demand | Running])
DRV - [2001/08/23 18:04:44 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2001/08/17 22:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2009/02/06 18:08:42 | 00,055,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys -- (fssfltr [Auto | Running])
DRV - [2004/03/17 16:10:40 | 00,113,664 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV - [2008/04/13 18:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2004/09/16 12:21:18 | 02,257,920 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2001/08/17 22:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2003/07/16 13:30:26 | 00,221,736 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys -- (Mtlmnt5 [On_Demand | Running])
DRV - [2003/07/02 17:26:36 | 01,301,128 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys -- (Mtlstrm [On_Demand | Stopped])
DRV - [2003/07/02 16:57:10 | 00,167,384 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys -- (NtMtlFax [On_Demand | Stopped])
DRV - [2009/07/08 17:15:43 | 00,008,368 | ---- | M] () -- C:\WINDOWS\System32\PCAMPR5.SYS -- (PCAMPR5 [System | Running])
DRV - [2005/04/28 19:03:07 | 00,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\PCANDIS5.SYS -- (PCANDIS5 [On_Demand | Stopped])
DRV - [2004/03/30 19:29:48 | 00,374,816 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\PRISMA02.sys -- (PRISM_A02 [On_Demand | Stopped])
DRV - [2004/08/05 15:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/10/21 03:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2009/07/10 17:50:34 | 00,071,680 | ---- | M] () -- C:\WINDOWS\System32\drivers\zjjdnya.sys -- (qiyurwany [Auto | Stopped])
DRV - [2001/08/17 22:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2001/08/17 22:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2001/08/17 22:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2009/07/08 17:15:43 | 00,008,368 | ---- | M] () -- C:\WINDOWS\System32\rbadza.sys -- (rbadza [System | Stopped])
DRV - [2004/08/03 23:41:40 | 00,013,776 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\DRIVERS\RecAgent.sys -- (RecAgent [On_Demand | Stopped])
DRV - [2009/07/08 17:15:43 | 00,008,368 | ---- | M] () -- C:\WINDOWS\System32\Drivers\resc_dwb.sys -- (RescueDrv [System | Stopped])
DRV - [2003/12/31 12:58:46 | 00,069,504 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys -- (RTL8023 [On_Demand | Running])
DRV - [2007/11/13 12:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2008/04/13 20:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2003/08/20 18:34:50 | 00,548,952 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\slntamr.sys -- (Slntamr [On_Demand | Running])
DRV - [2003/07/02 17:24:36 | 00,086,128 | ---- | M] ( ) -- C:\WINDOWS\System32\DRIVERS\Slnthal.sys -- (SlNtHal [On_Demand | Stopped])
DRV - [2003/07/02 17:12:52 | 00,039,348 | ---- | M] (Vireo Software) -- C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys -- (SlWdmSup [On_Demand | Running])
DRV - [2001/08/17 23:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2009/02/13 12:49:30 | 00,028,376 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2007/05/02 12:12:34 | 00,083,592 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\ssm_bus.sys -- (ssm_bus [On_Demand | Stopped])
DRV - [2007/05/02 12:12:36 | 00,015,112 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\ssm_mdfl.sys -- (ssm_mdfl [On_Demand | Stopped])
DRV - [2007/05/02 12:12:36 | 00,109,704 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\DRIVERS\ssm_mdm.sys -- (ssm_mdm [On_Demand | Stopped])
DRV - [2001/08/17 23:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2001/08/17 23:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2001/08/17 23:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2001/08/17 23:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2008/06/20 13:08:27 | 00,225,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys -- (Tcpip6 [System | Running])
DRV - [2001/08/17 22:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2009/07/08 17:15:43 | 00,008,368 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw [System | Stopped])
DRV - [2004/07/14 14:53:06 | 00,233,984 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\System32\DRIVERS\zd1211u.sys -- (ZD1211U(Wireless) [On_Demand | Stopped])
DRV - [2009/07/08 17:15:43 | 00,008,368 | ---- | M] () -- C:\WINDOWS\System32\ZDCndis5.SYS -- (ZDCndis5 [System | Stopped])
DRV - [2009/07/08 17:15:43 | 00,008,368 | ---- | M] () -- C:\WINDOWS\System32\Drivers\ZDPSp50.sys -- (ZDPSp50 [System | Stopped])

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3209044353-2627916084-2635611745-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKU\S-1-5-21-3209044353-2627916084-2635611745-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Default_search_url = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-3209044353-2627916084-2635611745-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3209044353-2627916084-2635611745-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.imesh.com/sidebar.html?src=ssb
IE - HKU\S-1-5-21-3209044353-2627916084-2635611745-1010\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKU\S-1-5-21-3209044353-2627916084-2635611745-1010\S-1-5-21-3209044353-2627916084-2635611745-1010\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "https://www.google.fr/?gws_rd=ssl"
FF - prefs.js..extensions.enabledItems: AcqVPlayer@sanstream.co.jp:2.0.3.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - prefs.js..keyword.URL: "http://xeoo.com/?p=url&a=firefox&k="
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/02/23 13:53:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/29 16:12:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/14 20:00:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/14 20:00:31 | 00,000,000 | ---D | M]

[2009/02/23 13:56:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JULIEN\Application Data\mozilla\Extensions
[2009/01/26 14:50:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JULIEN\Application Data\mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2009/01/23 14:15:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JULIEN\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/02/23 13:56:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JULIEN\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/07/13 08:35:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JULIEN\Application Data\mozilla\Firefox\Profiles\6acad0m6.default\extensions
[2009/06/29 17:25:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JULIEN\Application Data\mozilla\Firefox\Profiles\6acad0m6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/30 09:51:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JULIEN\Application Data\mozilla\Firefox\Profiles\6acad0m6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/02/23 14:28:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JULIEN\Application Data\mozilla\Firefox\Profiles\6acad0m6.default\extensions\AcqVPlayer@sanstream.co.jp
[2009/07/13 08:35:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/14 20:00:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/23 13:53:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/18 15:21:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/14 20:00:23 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/14 20:00:23 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/06/14 20:00:27 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/01/28 17:35:40 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/01/28 17:35:40 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/01/28 17:35:40 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/01/28 17:35:40 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/01/28 17:35:40 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/01/28 17:35:40 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/01/28 17:35:40 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2006/09/10 13:35:08 | 00,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2008/09/28 09:10:26 | 00,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2008/04/16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2006/09/10 13:35:08 | 00,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2008/03/29 15:59:44 | 00,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2008/12/30 11:01:20 | 00,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\xeoocom.xml
[2006/09/12 20:49:04 | 00,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: (790 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Every Toolbar) - {A20A76AD-7A29-4756-87FE-70C334CB40C0} - C:\DOCUME~1\ED\Bureau\EVERYT~1.1\everycom.dll File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Every Toolbar) - {A20A76AD-7A29-4756-87FE-70C334CB40C0} - C:\DOCUME~1\ED\Bureau\EVERYT~1.1\everycom.dll File not found
O3 - HKU\S-1-5-21-3209044353-2627916084-2635611745-1010\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-3209044353-2627916084-2635611745-1010\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-3209044353-2627916084-2635611745-1010\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-3209044353-2627916084-2635611745-1010..\Run: [fsm] File not found
O4 - HKU\S-1-5-21-3209044353-2627916084-2635611745-1010..\Run: [JULIEN] C:\Documents and Settings\JULIEN\JULIEN.exe ()
O4 - HKU\S-1-5-21-3209044353-2627916084-2635611745-1010..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3209044353-2627916084-2635611745-1010..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3209044353-2627916084-2635611745-1010..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3209044353-2627916084-2635611745-1010\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} http://acceso.masminutos.com/laaplicacion.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} https://www.oracle.com/java/technologies/ (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 89.2.0.2
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/html - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\rbadzm: DllName - rbadzm.dll - File not found
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/02 11:31:43 | 00,162,880 | R--- | M] () - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2007/02/25 06:23:24 | 00,000,047 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007/03/02 11:31:43 | 00,162,880 | R--- | M] () - D:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2007/03/02 11:31:43 | 00,162,880 | R--- | M] () - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2007/02/25 06:23:24 | 00,000,047 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007/03/02 11:31:43 | 00,162,880 | R--- | M] () - E:\autorun.exe -- [ UDF ]
O33 - MountPoints2\{4f3bee8f-b1bb-11d9-b42c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4f3bee8f-b1bb-11d9-b42c-806d6172696f}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2007/03/02 11:31:43 | 00,162,880 | R--- | M] ()
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe -- [2007/03/02 11:31:43 | 00,162,880 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe -- [2007/03/02 11:31:43 | 00,162,880 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009/07/13 10:28:40 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JULIEN\Bureau\OTL.exe
[2009/07/11 12:49:00 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\JULIEN\Bureau\HiJackThis.exe
[2009/07/11 12:41:04 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\JULIEN\Bureau\HJTInstall.exe
[2009/07/10 17:50:35 | 00,213,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\str.sys
[2009/07/10 17:50:34 | 00,071,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\zjjdnya.sys
[2009/07/09 13:03:31 | 00,001,551 | ---- | C] () -- C:\Documents and Settings\JULIEN\Bureau\Ad-remover.lnk
[2009/07/09 13:03:31 | 00,000,000 | ---D | C] -- C:\Program Files\Ad-remover
[2009/07/09 12:56:52 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/07/09 12:56:49 | 00,000,000 | ---D | C] -- C:\rsit
[2009/07/09 12:56:34 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\JULIEN\Bureau\RSIT.exe
[2009/07/08 17:15:55 | 00,008,368 | ---- | C] () -- C:\WINDOWS\System32\ZDCndis5.SYS
[2009/07/08 17:15:55 | 00,008,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\ZDPSp50.sys
[2009/07/08 17:15:55 | 00,008,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\wanatw4.sys
[2009/07/08 17:15:54 | 00,008,368 | ---- | C] () -- C:\WINDOWS\System32\PCAMPR5.SYS
[2009/07/08 17:15:54 | 00,008,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\resc_dwb.sys
[2009/07/08 17:15:43 | 00,008,368 | ---- | C] () -- C:\WINDOWS\System32\rbadza.sys
[2009/07/08 15:36:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\JULIEN\Application Data\Media Player Classic
[2009/07/08 15:34:01 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/07/08 15:34:00 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/07/08 15:33:59 | 00,839,680 | ---- | C] (http://www.mp3dev.org/ -- C:\WINDOWS\System32\lameACM.acm
[2009/07/08 15:33:59 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2009/07/08 15:33:59 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2009/07/08 15:33:59 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2009/07/08 15:33:58 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/07/08 15:33:57 | 00,685,056 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2009/07/08 15:33:57 | 00,090,112 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2009/07/08 15:33:56 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/07/08 15:33:55 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/07/08 15:33:53 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/07/08 15:12:57 | 00,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/07/08 15:12:54 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/08 15:12:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/08 15:12:52 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/08 15:12:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/08 14:44:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\JULIEN\Mes documents\LimeWire
[2009/07/08 14:43:45 | 00,001,581 | ---- | C] () -- C:\Documents and Settings\JULIEN\Bureau\LimeWire 5.1.4.lnk
[2009/07/07 19:27:53 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\JULIEN\Bureau\Mes Mémoires.doc
[2009/07/06 08:49:00 | 01,796,613 | ---- | C] () -- C:\Documents and Settings\JULIEN\Bureau\remerciements carnaval 09.pdf
[2009/07/04 14:52:03 | 00,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2009/07/03 15:07:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\JULIEN\Mes documents\Command & Conquer 3 Les guerres du Tiberium
[2009/07/03 15:05:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\JULIEN\Application Data\Command & Conquer 3 Les guerres du Tiberium
[2009/07/03 15:05:01 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\JULIEN\Application Data\SecuROM
[2009/07/03 15:04:36 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2009/07/03 14:43:34 | 00,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2009/07/01 15:14:47 | 00,000,000 | ---D | C] -- C:\Program Files\Valve
[2009/06/29 20:42:35 | 02,210,304 | ---- | C] () -- C:\Documents and Settings\JULIEN\Bureau\LesSeptMerveillesduMonde.pps
[2009/01/15 17:33:05 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/05/16 08:32:53 | 00,000,223 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/01/26 03:04:12 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007/01/26 03:04:12 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2006/08/17 19:38:11 | 00,006,850 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2006/08/17 19:38:11 | 00,006,057 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2006/08/17 19:38:11 | 00,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI
[2006/08/03 17:34:12 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dll
[2005/07/28 22:04:58 | 00,000,121 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/06/18 16:00:54 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005/06/18 15:48:02 | 00,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2005/06/18 15:48:02 | 00,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini
[2005/06/18 15:48:02 | 00,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini
[2005/06/18 15:48:02 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2005/04/21 21:10:02 | 00,001,363 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2005/04/21 17:10:29 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/04/21 17:05:14 | 00,260,096 | ---- | C] () -- C:\WINDOWS\System32\cp21_comeai.dll
[2005/02/22 02:08:56 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/22 02:01:00 | 00,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/02/22 01:58:06 | 00,005,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASIOMI.sys
[2005/02/22 01:55:00 | 00,007,154 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2005/02/22 01:54:29 | 00,036,864 | ---- | C] () -- C:\WINDOWS\jRegistryKey.dll
[2005/02/22 01:54:29 | 00,000,232 | ---- | C] () -- C:\WINDOWS\my.ini
[2005/02/22 01:45:15 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\RTCOMDLL.dll
[2005/02/22 01:45:15 | 00,156,160 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/02/22 01:41:10 | 00,475,136 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2005/02/22 01:41:10 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2005/02/22 01:41:10 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2005/02/22 01:41:10 | 00,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2004/12/20 12:08:28 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 12:03:26 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/09/16 13:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/09/07 19:49:32 | 00,005,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/16 19:25:16 | 00,000,829 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/16 18:41:22 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/16 18:41:15 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/06/23 14:14:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/12/14 23:46:02 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggDS.dll
[2002/12/14 23:46:02 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/12/14 23:46:02 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/12/14 22:46:04 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/11/15 14:11:26 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[1980/01/01 01:00:00 | 01,301,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[1980/01/01 01:00:00 | 00,548,952 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[1980/01/01 01:00:00 | 00,221,736 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[1980/01/01 01:00:00 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[1980/01/01 01:00:00 | 00,167,384 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[1980/01/01 01:00:00 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[1980/01/01 01:00:00 | 00,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[1980/01/01 01:00:00 | 00,086,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[1980/01/01 01:00:00 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[1980/01/01 01:00:00 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[9 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/07/13 10:28:41 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JULIEN\Bureau\OTL.exe
[2009/07/13 08:24:39 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/13 08:23:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/13 08:23:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/13 08:23:20 | 53,639,9872 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/11 12:49:01 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\JULIEN\Bureau\HiJackThis.exe
[2009/07/11 12:41:04 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\JULIEN\Bureau\HJTInstall.exe
[2009/07/10 17:50:36 | 00,213,024 | ---- | M] () -- C:\WINDOWS\System32\drivers\str.sys
[2009/07/10 17:50:34 | 00,071,680 | ---- | M] () -- C:\WINDOWS\System32\drivers\zjjdnya.sys
[2009/07/09 13:03:31 | 00,001,551 | ---- | M] () -- C:\Documents and Settings\JULIEN\Bureau\Ad-remover.lnk
[2009/07/09 12:56:36 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\JULIEN\Bureau\RSIT.exe
[2009/07/09 12:47:46 | 00,047,104 | ---- | M] () -- C:\Documents and Settings\JULIEN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/08 17:15:43 | 00,008,368 | ---- | M] () -- C:\WINDOWS\System32\ZDCndis5.SYS
[2009/07/08 17:15:43 | 00,008,368 | ---- | M] () -- C:\WINDOWS\System32\rbadza.sys
[2009/07/08 17:15:43 | 00,008,368 | ---- | M] () -- C:\WINDOWS\System32\PCAMPR5.SYS
[2009/07/08 17:15:43 | 00,008,368 | ---- | M] () -- C:\WINDOWS\System32\drivers\ZDPSp50.sys
[2009/07/08 17:15:43 | 00,008,368 | ---- | M] () -- C:\WINDOWS\System32\drivers\wanatw4.sys
[2009/07/08 17:15:43 | 00,008,368 | ---- | M] () -- C:\WINDOWS\System32\drivers\resc_dwb.sys
[2009/07/08 15:12:57 | 00,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/07/08 14:43:45 | 00,001,581 | ---- | M] () -- C:\Documents and Settings\JULIEN\Bureau\LimeWire 5.1.4.lnk
[2009/07/07 19:27:54 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\JULIEN\Bureau\Mes Mémoires.doc
[2009/07/06 08:49:01 | 01,796,613 | ---- | M] () -- C:\Documents and Settings\JULIEN\Bureau\remerciements carnaval 09.pdf
[2009/07/04 14:52:03 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2009/06/29 20:42:40 | 02,210,304 | ---- | M] () -- C:\Documents and Settings\JULIEN\Bureau\LesSeptMerveillesduMonde.pps
[2009/06/23 09:40:58 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\JULIEN\Bureau\COLIN Julien.doc
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/15 09:04:55 | 00,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI

[color=#E56717]========== LOP Check ==========[/color]

[2009/07/08 15:12:53 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/02/23 15:02:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2006/07/21 14:12:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2009/01/26 14:39:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009/01/26 14:53:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
[2004/08/16 19:28:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/01/26 14:44:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VideoSpin
[2005/02/22 01:53:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/02/22 01:58:37 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2005/02/22 01:53:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver
[2009/07/09 16:56:04 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\ED\Application Data
[2005/04/22 13:55:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ED\Application Data\CyberLink
[2005/04/25 21:47:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ED\Application Data\Leadertech
[2005/05/06 16:03:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ED\Application Data\MP3Chansons
[2007/04/12 10:21:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ED\Application Data\Shareaza
[2008/09/10 14:07:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ED\Application Data\Viewpoint
[2009/05/28 18:33:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ED\Application Data\Windows Live Writer
[2005/02/22 01:53:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ED\Application Data\You've Got Pictures Screensaver
[2009/07/09 16:43:36 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\JULIEN\Application Data
[2009/07/04 14:54:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JULIEN\Application Data\Command & Conquer 3 Les guerres du Tiberium
[2009/07/09 12:34:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JULIEN\Application Data\LimeWire
[2009/01/26 14:50:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JULIEN\Application Data\Participatory Culture Foundation
[2009/01/26 17:10:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JULIEN\Application Data\PCF-VLC
[2009/07/03 15:05:01 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\JULIEN\Application Data\SecuROM
[2005/02/22 01:53:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\JULIEN\Application Data\You've Got Pictures Screensaver
[2004/08/16 19:18:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2005/08/17 19:53:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2009/07/09 16:58:15 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Principal\Application Data
[2005/02/22 01:53:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Principal\Application Data\You've Got Pictures Screensaver
[2005/04/21 21:03:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data
[2005/04/21 21:03:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Propriétaire\Application Data\You've Got Pictures Screensaver
[2004/08/05 15:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/07/13 08:23:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[color=#E56717]========== Purity Check ==========[/color]


< End of report >

c'est pas cela que j'attendais
############################## | FindyKill V6.005 |

# User : JULIEN (Utilisateurs) # COLIN-DOSSMANN
# Update on 11/07/09 by Chiquitine29 & C_XX
# Start at: 11:14:16 | 13/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# Intel(R) Pentium(R) 4 CPU 2.93GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled
# AV : AntiVir Desktop 9.0.1.26 [ Enabled | Updated ]

# C:\ # Disque fixe local # 181,3 Go (152,85 Go free) [HDD] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |
Désolés.



Supprimé ! "C:\Documents and Settings\JULIEN\JULIEN.exe"

################## | C:\Documents and Settings\JULIEN\Temporary Internet Files |

Supprimé ! C:\DOCUME~1\JULIEN\LOCALS~1\Temp\IS52.tmp\install.exe

################## | All Drives ... |

(!) Non supprimé ! D:\Setup.exe
(!) Non supprimé ! D:\autorun.inf
(!) Non supprimé ! E:\Setup.exe
(!) Non supprimé ! E:\autorun.inf
################## | Autres ... |


################## | Registre # Clés Run infectieuses |

possible de l'avoir entier ?
############################## | FindyKill V6.005 |

# User : JULIEN (Utilisateurs) # COLIN-DOSSMANN
# Update on 11/07/09 by Chiquitine29 & C_XX
# Start at: 11:14:16 | 13/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# Intel(R) Pentium(R) 4 CPU 2.93GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Enabled
# AV : AntiVir Desktop 9.0.1.26 [ Enabled | Updated ]

# C:\ # Disque fixe local # 181,3 Go (152,85 Go free) [HDD] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

Supprimé ! "C:\Documents and Settings\JULIEN\JULIEN.exe"

################## | C:\Documents and Settings\JULIEN\Temporary Internet Files |

Supprimé ! C:\DOCUME~1\JULIEN\LOCALS~1\Temp\IS52.tmp\install.exe

################## | All Drives ... |

(!) Non supprimé ! D:\Setup.exe
(!) Non supprimé ! D:\autorun.inf
(!) Non supprimé ! E:\Setup.exe
(!) Non supprimé ! E:\autorun.inf
################## | Autres ... |


################## | Registre # Clés Run infectieuses |