Bonjour, Je pense que mon problème n'est pas le premier du forum, mais je pense que chaque cas est particulier. En effet lorsque que je démarre mon PC le message " envoyer le rapport d'erreur google" s'affiche. De même lorsque j'effectue une recherche avec google, le temps de recherche est vraiment long, et je dès que je clique sur un résultat de ma recherche je suis redirigé vers un site totalement autre. J'ai fait des analyses du disque dur avec Avast et Antivir, je ne sais vraiment plus quoi faire. En attendant votre aide Cordialement Loïc

Salut, fais ceci pour voir de quoi il retourne : 1- Télécharge et installe le logiciel HijackThis : ici http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html -->Clique sur le setup pour lancer l'installe : laisse toi guider et ne modifie pas les paramètres d'installation . A la fin de l'installe , le prg se lance automatiquement : ferme le en cliquant sur la croix rouge . Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme : "C:\ program files\Trend Micro\HijackThis\HijackThis.exe " . ( ne lance pas ce prg pour l'instant et fais la suite ... ) 2- Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau. -> http://images.malwareremoval.com/random/RSIT.exe ! Déconnecte toi et ferme toutes tes applications en cours ! Double-clique sur " RSIT.exe " pour le lancer . -> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " . * Devant l'option "List files/folders created ..." , tu choisis : 2 months * clique ensuite sur " Continue " pour lancer l'analyse ... -> laisse faire le scan et ne touche pas au PC ... Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note). Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ... Important : poste un rapport, puis l'autre dans la réponse suivante ... Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum ... ( Et si "log.txt" seul, ne passe pas non plus , fais le en 2 fois ... merci ... ) ( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )

bien .... plusieurs infections ! .... ^^" -------------------------- /!\ N'entreprends rien avec le PC sans mon autorisation et suis à la lettre les procédures qui vont suivre . Prends bien connaisance de l'ensemble de ces procédures avant de te lancer . Si tu as un quelconque prb n' hésite pas à m'en faire part ( évite les prises de décision hasardeuses ) . Ne pas utiliser ce PC autrement que pour venir ici poursuivre la désinfection . -------------------------- Commence par ceci : Télécharge SmitfraudFix (de S!Ri, balltrap34 et moe31 ) : http://siri.urz.free.fr/Fix/SmitfraudFix.exe Installe le soft sur ton bureau ( et pas ailleurs! ) . !! Déconnecte toi, ferme toutes tes applications et désactives tes défenses ( anti-virus ,anti-spyware,...) le temps de la manipe !! Tuto ( aide ) : http://siri.urz.free.fr/Fix/SmitfraudFix.php Autre tuto animé ( merci balltrapp34 ;) ) : http://pagesperso-orange.fr/rginformatique/section%20virus/smitfraudfix.htm Utilisation ---> option 1 / Recherche : Double-clique sur l'icône "Smitfraudfix.exe" et sélectionne 1 (et pas sur autre chose sans notre accord !) pour créer un rapport des fichiers responsables de l'infection. Poste le rapport ( "rapport.txt" qui se trouve sous C\: ) et attends la suite ... (Attention : "process.exe", un composant de l'outil, est détecté par certains antivirus comme étant un "RiskTool". Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité.)

Je ne peux pas installer le logiciel, celà me marque "Afficher le rapport d'erreur"

Autant pour moi, en insistant un peu je suis plus têtu que le Pc j'ai réussi Voici le rapport SmitFraudFix v2.423 Rapport fait à 12:23:27,46, 15/07/2009 Executé à partir de C:\WINDOWS\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Labtec\WebCam10\WebCam10.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\DOCUME~1\LOC~1\LOCALS~1\Temp\b.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\WINDOWS\SmitfraudFix\Policies.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\wbem\wmiprvse.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\msxml71.dll PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Lo‹c »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LOC~1\LOCALS~1\Temp »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Lo‹c\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LOC~1\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] »»»»»»»»»»»»»»»»»»»»»»»» RK [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{76D38931-64F9-45A6-8538-30A638D996B6}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{76D38931-64F9-45A6-8538-30A638D996B6}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{76D38931-64F9-45A6-8538-30A638D996B6}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

bien ... Suite de la manipe ( nettoyage avec Smithfraudfix ), fais exactement ce qui suit : Impératif : Démarrer en mode sans echec . /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\ Comment aller en Mode sans échec : 1) Redémarre ton ordi . 2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" . 3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage . 4) Choisis la première option : Sans Échec , et valide en tapant sur [Entrée] . 5) Choisis ton compte habituel ( et pas Administrateur ). attention : pas de connexion possible en mode sans échec , donc copie ou imprime bien la manipe pour éviter les erreurs ... * Double-clique sur SmitfraudFix.exe * Sélectionne 2 et presse "Entrée" dans le menu pour supprimer les fichiers responsables de l'infection. --> Si besion : * A la question: Voulez-vous nettoyer le registre ? répondre O (oui) et presser Entrée afin de débloquer le fond d'écran et supprimer les clés de registre de l'infection. ( Le correctif déterminera si le fichier wininet.dll est infecté.) * A la question: "Corriger le fichier infecté ?" répondre O (oui) et presser Entrée pour remplacer le fichier corrompu. * Un redémarrage sera demandé pour terminer la procédure de nettoyage . Si le redémarrage ne se fais pas , fais le manuellement ( c'est important ! ) . Le rapport se trouve à la racine de disque dur C . ( dans le fichier C:\rapport.txt ) Poste moi ce dernier rapport accompagné d'un nouveau rapport RSIT / "log.txt" ( fais en mode normal ) et attends les instructions ...

bien ... on continue ... dans l'ordre : 1- Télécharge CCleaner : http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner ou https://www.pcastuces.com/logitheque/ccleaner.htm Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corriger ton registre . Lors de l'installation: -choisis bien "français" en langue . -avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 premières. Un tuto ( aide ): http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm ---> Utilisation: *Décocher dans le menu Options - sous-menu Avancé : Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures . ! déconnecte toi et ferme toutes applications en cours ! * va dans "nettoyeur" : fais -analyse- puis -nettoyage- * va dans "registre" : fais -chercher les erreurs- et -réparer toutes les erreurs- ( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) . ( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... ) ====================== 2- Télécharge ToolBar S&D ( de Eric_71/Team IDN ) sur ton bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 ( Tuto : https://sites.google.com/site/toolbarsd/aideenimages ) !! Déconnecte toi et ferme toutes tes applications en cours le temps de la manipe !! * Double-clique sur ToolBar SD.exe pour lancer l'outil et laisse toi guider ... --> Tapes directement sur 2 ( option " suppression " ) puis tape sur [Entrée]. Le nettoyage commence . ! ne touche à rien lors de la suppression ! Un rapport sera généré à la fin du processus : poste son contenu dans ta prochaine réponse accompagné d'un nouveau rapport RSIT pour analyse ... ( le rapport est en outre sauvegardé ici -> C:\TB.txt )

Problemes avec google

Réponse 21 / 37

syd530 Messages postés 145 Statut Membre 3

Rapport de ComboFix

ComboFix 09-07-14.08 - Loïc 16/07/2009 0:27.2.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2047.1602 [GMT 2:00]
Running from: c:\documents and settings\Loïc\Bureau\CFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Martin\Application Data\BITS
c:\documents and settings\Martin\Application Data\BITS\BITS.ini
c:\documents and settings\Martin\Application Data\BITS\DHTTable.dat
c:\documents and settings\Martin\Application Data\BITS\ProxyList.ini
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\btcore.dll
c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\4a58ac3e.torrent
c:\program files\FlashGet Network\FlashGet universal\BtTorrentTemp\4a5cc05d.torrent
c:\program files\FlashGet Network\FlashGet universal\btwrap.dll
c:\program files\FlashGet Network\FlashGet universal\BugReport.dll
c:\program files\FlashGet Network\FlashGet universal\BugReport.exe
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
c:\program files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhocfg.ini
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
c:\program files\FlashGet Network\FlashGet universal\ComDlls\ComDlls.ini
c:\program files\FlashGet Network\FlashGet universal\ComDlls\flashget.xpi
c:\program files\FlashGet Network\FlashGet universal\ComDlls\FlashgetXpi.dll
c:\program files\FlashGet Network\FlashGet universal\ComDlls\IFlashgetXpi.xpt
c:\program files\FlashGet Network\FlashGet universal\dbghelp.dll
c:\program files\FlashGet Network\FlashGet universal\DBTrans.dll
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\DBTransC.exe
c:\program files\FlashGet Network\FlashGet universal\ed2kwrap.dll
c:\program files\FlashGet Network\FlashGet universal\explorerbar.dll
c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
c:\program files\FlashGet Network\FlashGet universal\FGVer.dll
c:\program files\FlashGet Network\FlashGet universal\flashget.exe
c:\program files\FlashGet Network\FlashGet universal\gt.exe
c:\program files\FlashGet Network\FlashGet universal\hashgen.dll
c:\program files\FlashGet Network\FlashGet universal\Help\license.txt
c:\program files\FlashGet Network\FlashGet universal\Help\Readme.txt
c:\program files\FlashGet Network\FlashGet universal\Help\WHATSNEW.TXT
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBatchLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBTTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Added.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddEMTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddHpFpLink.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlgEx.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksModern.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BrowserPlugins.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BTOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CategoryView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ComfirmWhenExitDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CommonDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ConfirmInvalidLinks.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ContextMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DefaultDownloadsDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DeleteFilesDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DetailStatus.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMServers.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExplorerPane.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExtensionRuleDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FG2SearchTopPlugin.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileRemovedDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FindTaskDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashgetAbout.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashGetDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FSUStatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageLoginDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HotResource.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HpFpOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\LogsOutput.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MACReader.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MonitorOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NormalOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NotifyOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Option.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\P4PPluginMain.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ProxySetting.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SearchBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Security.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityScan.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Shutdown.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\StatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskDefOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskListView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskNotify.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\UserListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\XpEnhance.ini
c:\program files\FlashGet Network\FlashGet universal\libupnp.dll
c:\program files\FlashGet Network\FlashGet universal\LiveUpdateUI.dll
c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\ComHelper.dll
c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Downstat.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\P4pclient.dll
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\iexplorer.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.xml
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\search.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\subscribe.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\SearchTop.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Security\FunctionalRepair.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Scanning.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\SECURITY.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.xml
c:\program files\FlashGet Network\FlashGet universal\modules\Security\SystemFix.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SamplerCli.dll
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SnapShot.dll
c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\tasknotifier.dll
c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet universal\P2PCore.dll
c:\program files\FlashGet Network\FlashGet universal\p2pprot.dll
c:\program files\FlashGet Network\FlashGet universal\p2snetio.dll
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.dll
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\p2sprot.dll
c:\program files\FlashGet Network\FlashGet universal\p2spwrap.dll
c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\program files\FlashGet Network\FlashGet universal\Skins\close_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\close_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\close_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\notify.wav
c:\program files\FlashGet Network\FlashGet universal\Skins\notify_board.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\notify_icon.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Back.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Backward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\BrowserBarCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\FlashgetResource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Forward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Home.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Backward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\BrowserBarDisableCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Forward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Home.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Available.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\CategoryTreeCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloaded.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloading.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Favorite.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Flashget.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Release.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Rubbish.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Search.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\Expbar.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\garage.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\transfer.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\BT.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\EM.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\GlobalOptionCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\HpFp.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Monitor.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Normal.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Notify.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Proxy.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\TaskDef.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MainMenuCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveDownTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveUpTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\MainToolbarCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\MainToolbarDisableCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\InfoBkg.Bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\MonitorBkg.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Down.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Error.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Normal.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\OutpuLogCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Up.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\All.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Book.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Bt.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Game.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Movie.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Music.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Phone.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Picture.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\SobarIconCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Software.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Error.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\hashing.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\OK.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pause.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pin.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Schedule.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Start.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\TaskListCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Upload.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Wait.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\storage.dll
c:\program files\FlashGet Network\FlashGet universal\SysOpt.exe
c:\program files\FlashGet Network\FlashGet universal\transaction.log
c:\program files\FlashGet Network\FlashGet universal\uninst.exe
c:\program files\FlashGet Network\FlashGet universal\zlib.dll
c:\program files\Mozilla Firefox\patch.exe
c:\windows\Installer\18eff4.msi
c:\windows\Installer\31a327.msi
c:\windows\Installer\3837be2.msi
c:\windows\Installer\4e7302.msi
c:\windows\Installer\a9029a.msi
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\UACwixjxjbkvxouijdle.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\UACbynrkwjmatvmkvawy.dll
c:\windows\system32\UACdcpkkwpuyxukexrob.dll
c:\windows\system32\UACdipufaymcxgqaetor.dll
c:\windows\system32\UACdpwkxosfjwberqpcx.dll
c:\windows\system32\UAChgmuvhudvxckwysse.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UAClnrvimuewkyqddqxh.dll
c:\windows\system32\UACotgiertfbgosguutl.dat
c:\windows\system32\UACspqbqnlextmdrbide.db
c:\windows\system32\uactmp.db
c:\windows\system32\UACwkvxbqitgxijogful.dat
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\wl.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys

((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.

2009-07-15 18:36 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-15 18:36 . 2009-07-15 18:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-15 18:36 . 2009-07-15 18:36 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-15 18:36 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-15 17:04 . 2009-07-15 18:54 -------- d-----w- C:\FindyKill
2009-07-15 12:00 . 2009-07-15 12:00 -------- d-----w- c:\documents and settings\LOC~1Settings\Loïc
2009-07-15 12:00 . 2009-07-15 12:00 -------- d-----w- c:\documents and settings\LOC~1Settings
2009-07-15 11:55 . 2009-07-15 11:58 -------- d-----w- C:\ToolBar SD
2009-07-15 11:50 . 2009-07-15 11:50 -------- d-----w- c:\program files\CCleaner
2009-07-15 10:22 . 2009-07-15 10:24 -------- d-----w- c:\windows\SmitfraudFix
2009-07-15 09:40 . 2009-07-15 09:40 -------- d-----w- C:\rsit
2009-07-14 22:34 . 2009-07-14 22:34 -------- d-----w- c:\program files\Lavasoft
2009-07-14 22:34 . 2009-07-14 22:34 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
2009-07-14 22:14 . 2009-07-15 09:36 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-07-14 21:15 . 2009-07-14 21:15 -------- d-----w- c:\program files\Alwil Software
2009-07-14 17:55 . 2009-07-14 17:55 -------- d-----w- C:\ProgramData
2009-07-14 17:26 . 2009-07-14 17:26 128 ----a-w- C:\tfhs3xrjdr6djkrserz108.bat
2009-07-14 17:26 . 2009-07-14 17:26 85 ----a-w- c:\windows\system32\geyekriedfmyxr.dat
2009-07-11 16:11 . 2009-07-11 16:11 -------- d-----w- c:\program files\Team6 game studios
2009-07-11 15:14 . 2009-07-14 22:33 -------- d-----w- C:\Downloads
2009-07-02 21:21 . 2009-07-02 21:21 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Babylon
2009-06-27 21:16 . 2002-08-30 12:00 57398 -c--a-w- c:\windows\system32\dllcache\imjpdadm.exe
2009-06-25 18:32 . 2009-06-25 18:41 -------- d-----w- c:\program files\Unlocker
2009-06-25 10:21 . 2009-06-25 10:21 -------- d--h--w- c:\windows\PIF
2009-06-24 09:01 . 2008-10-10 02:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-06-24 09:01 . 2008-10-10 02:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-06-24 09:01 . 2008-10-10 02:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-06-21 08:41 . 2009-06-21 08:41 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-17 21:43 . 2009-06-17 21:43 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Codemasters
2009-06-17 21:42 . 2009-06-17 21:42 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-17 21:42 . 2009-06-17 21:42 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-17 21:42 . 2009-06-17 21:42 -------- d-----w- c:\program files\OpenAL
2009-06-17 21:20 . 2009-06-17 21:20 -------- d-----w- c:\program files\Codemasters
2009-06-16 04:56 . 2009-06-16 04:56 -------- d-----w- C:\profiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 18:16 . 2001-08-24 14:00 84818 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-15 18:16 . 2001-08-24 14:00 510736 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-15 09:00 . 2009-02-21 19:33 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Google Updater
2009-07-14 18:21 . 2008-09-06 17:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-14 18:20 . 2009-05-24 11:07 -------- d-----w- c:\program files\Electronic Arts
2009-07-14 17:10 . 2009-05-22 17:25 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\TrackMania
2009-07-13 21:57 . 2008-10-28 23:05 -------- d-----w- c:\program files\SpeedFan
2009-07-12 21:38 . 2008-09-13 19:40 -------- d-----w- c:\program files\eMule
2009-07-05 12:26 . 2008-11-09 14:38 -------- d-----w- c:\program files\steam
2009-07-04 15:05 . 2008-12-04 07:49 -------- d-----w- c:\program files\UBISOFT
2009-07-02 10:50 . 2008-09-13 09:59 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-02 10:49 . 2008-09-13 09:58 183128 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-26 12:13 . 2009-05-15 14:03 -------- d-----w- c:\program files\Xfire
2009-06-24 09:01 . 2008-09-06 18:30 -------- d-----w- c:\program files\EA GAMES
2009-06-18 19:49 . 2008-09-12 17:04 -------- d-----w- c:\program files\Activision
2009-06-17 14:23 . 2008-11-20 13:46 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-06-15 16:14 . 2009-06-15 16:14 -------- d-----w- c:\documents and settings\Martin\Application Data\vlc
2009-06-15 16:13 . 2009-06-15 16:13 -------- d-----w- c:\documents and settings\Martin\Application Data\dvdcss
2009-06-15 11:05 . 2009-06-15 11:04 -------- d-----w- c:\program files\Hamachi
2009-06-15 11:04 . 2008-09-21 17:04 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-06-14 09:35 . 2008-09-06 17:52 -------- d-----w- c:\program files\ma-config.com
2009-06-14 09:35 . 2008-09-06 17:52 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\ma-config.com
2009-06-13 13:46 . 2008-09-13 09:58 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-11 22:29 . 2009-06-11 22:29 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-06 19:11 . 2009-06-06 17:49 -------- d-----w- c:\program files\PKR
2009-06-05 13:47 . 2009-06-05 13:47 -------- d-----w- c:\program files\Fichiers communs\Futuremark Shared
2009-06-05 11:56 . 2008-09-06 18:20 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-29 16:23 . 2009-01-31 17:08 -------- d-----w- c:\program files\Unreal2
2009-05-28 16:53 . 2009-05-28 16:43 -------- d-----w- c:\program files\GigaTribe
2009-05-27 11:04 . 2009-02-21 19:33 -------- d-----w- c:\program files\Google
2009-05-24 11:18 . 2009-05-24 11:18 -------- d-----w- c:\program files\GameSpy
2009-05-24 11:17 . 2009-03-09 17:12 669184 ----a-w- c:\windows\system32\pbsvc.exe
2009-05-23 16:21 . 2009-05-23 16:21 -------- d-----w- c:\program files\Ahead
2009-05-22 17:16 . 2009-05-22 17:14 -------- d-----w- c:\program files\TmNationsForever
2009-05-22 12:24 . 2009-05-22 12:24 -------- d-----w- c:\program files\SuperCopier2
2009-05-21 23:23 . 2009-05-21 23:23 -------- d-----w- c:\program files\DivX
2009-05-21 23:23 . 2009-05-21 23:23 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2009-05-21 22:55 . 2009-05-21 22:55 -------- d-----w- c:\program files\LimeWire
2009-05-21 22:49 . 2009-05-21 22:28 -------- d-----w- c:\program files\TweakDUN
2008-10-15 20:04 . 2009-05-28 16:17 1499136 ----a-w- c:\program files\cpuz.exe
2008-09-06 19:08 . 2008-09-06 18:35 28982675 ----a-w- c:\program files\vista-inspirat-pack_vista_inspirat_pack_2.0_francais_15013.zip
2009-06-03 05:12 . 2009-07-14 22:07 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"UberIcon"="c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [2006-05-21 180224]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"FlashGet"="c:\program files\FlashGet Network\FlashGet universal\FlashGet.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 488984]
"LogitechQuickCamRibbon"="c:\program files\Labtec\WebCam10\WebCam10.exe" [2007-03-06 1060376]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-09-29 185872]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-05 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"FlashGet"="c:\program files\FlashGet Network\FlashGet universal\FlashGet.exe" [BU]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]

c:\documents and settings\Lo‹c\Menu D‚marrer\Programmes\D‚marrage\
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\steam\\SteamApps\\nomak347\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\steam\\SteamApps\\mamadeus\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Activision\\Call of duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\steam\\SteamApps\\marley530\\counter-strike\\hl.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\UBISOFT\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\UBISOFT\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\UBISOFT\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\UBISOFT\\Far Cry 2\\bin\\FC2ServerLauncher.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\GigaTribe\\gigatribe.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW_LANFixed.exe"=
"c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"c:\\Program Files\\UBISOFT\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\UBISOFT\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\UBISOFT\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Downloads\\KILLING FLOOR - PREPATCHED TO V1003 - UBER MAP PACK V3 PREINSTALLED [TweakerL] [h33t]\\System\\KillingFloor.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

S2 gupdate1c9945bfbc833ca;Service Google Update (gupdate1c9945bfbc833ca);c:\program files\Google\Update\GoogleUpdate.exe [21/02/2009 21:38 133104]
S3 ldiskl;ldiskl;\??\c:\docume~1\LOC~1\LOCALS~1\Temp\ldiskl.sys --> c:\docume~1\LOC~1\LOCALS~1\Temp\ldiskl.sys [?]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 17:13 234864]
.
.
------- Supplementary Scan -------
.
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
FF - ProfilePath - c:\docume~1\LOC~1\APPLIC~1\Mozilla\Firefox\Profiles\yz40jkx0.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/firefox
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 00:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-839522115-1592454029-2147200963-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5B34C8E0-1BF6-33F2-48FA-A06F86868D8F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"pafonlphdfkfilgpkmldccojfciolhok"=hex:6b,61,6b,61,69,61,6a,64,6f,67,6f,6e,69,
65,65,6e,6c,6b,63,67,6a,6c,00,00
"oaholbjbemadhhchkigidfjklkmnji"=hex:6b,61,6b,61,69,61,6a,64,6f,67,6f,6e,69,65,
65,6e,6c,6b,63,67,6a,6c,00,00

[HKEY_USERS\S-1-5-21-839522115-1592454029-2147200963-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:74,d1,7b,77,d0,ac,7b,52,e1,ad,32,40,ad,b8,76,b1,55,cc,80,a1,e6,16,ff,
f1,0e,77,e1,d6,8b,47,e5,db,d6,f4,0c,87,dd,69,f9,fa,ea,09,0a,41,74,9f,9e,79,\
"??"=hex:01,0d,c1,0b,2b,3f,59,00,59,d0,95,b6,30,9f,6d,9d

[HKEY_USERS\S-1-5-21-839522115-1592454029-2147200963-1003\Software\SecuROM\License information*]
"datasecu"=hex:cd,b0,44,48,de,e2,9b,09,4d,84,ce,1e,dd,68,c9,62,6d,21,85,45,00,
19,08,6d,b2,2f,3f,ee,fd,c4,e7,d1,ab,19,05,30,38,f5,bc,93,73,83,d1,27,21,75,\
"rkeysecu"=hex:a2,7f,6c,06,4c,af,96,9e,7b,76,7e,6f,ae,2e,a8,3b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3792)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\program files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
c:\windows\system32\ODBC32.dll
.
Completion time: 2009-07-15 0:31
ComboFix-quarantined-files.txt 2009-07-15 22:30

Pre-Run: 81 806 163 968 octets libres
Post-Run: 81 799 114 752 octets libres

514 --- E O F --- 2008-10-08 16:35

Réponse 22 / 37

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

la suite :

1-Créer un doc texte sur ton bureau :
pointe ta souris sur ton bureau , clique droit : va dans "nouveau" et choisis "document texte" .

Ensuite copie/colle le texte ci-dessous ( et rien d'autre!) dans le fichier texte que tu viens de créer :

File::
C:\tfhs3xrjdr6djkrserz108.bat
c:\windows\system32\geyekriedfmyxr.dat
C:\WINDOWS\system32\tmp.txt
C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
C:\WINDOWS\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

Driver::
ldiskl
geyekr.sys

Puis va dans "fichier" et choisis "enregistrer sous ..." et tu le nommes exactement ainsi :
CFScript puis valide ...

2-Nettoyage :

!! Déconnecte toi, ferme toutes tes applications et désactive TOUTES TES DEFENSES ( tu les réactiveras après ) !!

--->Sur ton bureau, fais glisser avec ta souris le fichier CFScript sur l'icône de ComboFix.exe .

(Regarde ici : http://img.photobucket.com/albums/v666/sUBs/CFScript.gif )

Cette manipulation va relancer combofix .
--> Une fenêtre bleue va apparaître: au message qui apparaît "Type 1 to continue, or 2 to abort" : tape 1 puis valide.

Puis patiente le temps du scan.( Le Bureau va disparaître à plusieurs reprises : c'est normal!)

!! Ne touches à rien tant que le scan n'est pas terminé !!

Note : en fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : poste le accompagné d' un nouveau rapport RSIT pour analyse ...

( Attention : cette manipe a été fait pour ce PC . Toute réutilisation peut endommager sévèrement le système d'exploitation )

Réponse 23 / 37

syd530 Messages postés 145 Statut Membre 3

Après ces étapes dois-je te poster un rapport ou autre ?

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

heu ... tout est indiqué ... ^^"

Poste le nouveau rapport de Combofix que tu auras obtenu ... ensuite tu refait un scan RSIT et tu poste le nouveau "log.txt" pour analyse ...

poste moi ces rapports et je les regarderais demain ... ;)

Bonne nuit ...

Réponse 24 / 37

syd530 Messages postés 145 Statut Membre 3

Un grand merci a toi de m'aider
Passe une bonne soirée et une bonne nuit
Encore merci =D

P.S voici les rapports

ComboFix 09-07-14.08 - Loïc 16/07/2009 1:05.3.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2047.1539 [GMT 2:00]
Running from: c:\documents and settings\Loïc\Bureau\CFix.exe
Command switches used :: c:\documents and settings\Loïc\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090715-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"C:\tfhs3xrjdr6djkrserz108.bat"
"c:\windows\system32\geyekriedfmyxr.dat"
"c:\windows\system32\tmp.txt"
"c:\windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job"
"c:\windows\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job"
.
The following files were disabled during the run:
c:\program files\SuperCopier2\SC2Hook.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\tfhs3xrjdr6djkrserz108.bat
c:\windows\system32\geyekriedfmyxr.dat
c:\windows\system32\tmp.txt
c:\windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
c:\windows\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LDISKL
-------\Service_ldiskl

((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.

2009-07-15 22:48 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-15 22:48 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-15 22:48 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-15 22:48 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-15 22:48 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-15 22:48 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-15 22:48 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-15 22:48 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-15 22:47 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-15 18:36 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-15 18:36 . 2009-07-15 18:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-15 18:36 . 2009-07-15 18:36 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-15 18:36 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-15 17:04 . 2009-07-15 18:54 -------- d-----w- C:\FindyKill
2009-07-15 12:00 . 2009-07-15 12:00 -------- d-----w- c:\documents and settings\LOC~1Settings\Loïc
2009-07-15 12:00 . 2009-07-15 12:00 -------- d-----w- c:\documents and settings\LOC~1Settings
2009-07-15 11:55 . 2009-07-15 11:58 -------- d-----w- C:\ToolBar SD
2009-07-15 11:50 . 2009-07-15 11:50 -------- d-----w- c:\program files\CCleaner
2009-07-15 10:22 . 2009-07-15 10:24 -------- d-----w- c:\windows\SmitfraudFix
2009-07-15 09:40 . 2009-07-15 09:40 -------- d-----w- C:\rsit
2009-07-14 22:34 . 2009-07-14 22:34 -------- d-----w- c:\program files\Lavasoft
2009-07-14 22:34 . 2009-07-14 22:34 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
2009-07-14 22:14 . 2009-07-15 09:36 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-07-14 21:15 . 2009-07-14 21:15 -------- d-----w- c:\program files\Alwil Software
2009-07-14 17:55 . 2009-07-14 17:55 -------- d-----w- C:\ProgramData
2009-07-11 16:11 . 2009-07-11 16:11 -------- d-----w- c:\program files\Team6 game studios
2009-07-11 15:14 . 2009-07-14 22:33 -------- d-----w- C:\Downloads
2009-07-02 21:21 . 2009-07-02 21:21 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Babylon
2009-06-27 21:16 . 2002-08-30 12:00 57398 -c--a-w- c:\windows\system32\dllcache\imjpdadm.exe
2009-06-25 18:32 . 2009-06-25 18:41 -------- d-----w- c:\program files\Unlocker
2009-06-25 10:21 . 2009-06-25 10:21 -------- d--h--w- c:\windows\PIF
2009-06-24 09:01 . 2008-10-10 02:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-06-24 09:01 . 2008-10-10 02:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-06-24 09:01 . 2008-10-10 02:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-06-21 08:41 . 2009-06-21 08:41 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-17 21:43 . 2009-06-17 21:43 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Codemasters
2009-06-17 21:42 . 2009-06-17 21:42 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-17 21:42 . 2009-06-17 21:42 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-17 21:42 . 2009-06-17 21:42 -------- d-----w- c:\program files\OpenAL
2009-06-17 21:20 . 2009-06-17 21:20 -------- d-----w- c:\program files\Codemasters
2009-06-16 04:56 . 2009-06-16 04:56 -------- d-----w- C:\profiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 23:10 . 2009-05-22 12:24 -------- d-----w- c:\program files\SuperCopier2
2009-07-15 18:16 . 2001-08-24 14:00 84818 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-15 18:16 . 2001-08-24 14:00 510736 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-15 09:00 . 2009-02-21 19:33 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Google Updater
2009-07-14 18:21 . 2008-09-06 17:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-14 18:20 . 2009-05-24 11:07 -------- d-----w- c:\program files\Electronic Arts
2009-07-14 17:10 . 2009-05-22 17:25 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\TrackMania
2009-07-13 21:57 . 2008-10-28 23:05 -------- d-----w- c:\program files\SpeedFan
2009-07-12 21:38 . 2008-09-13 19:40 -------- d-----w- c:\program files\eMule
2009-07-05 12:26 . 2008-11-09 14:38 -------- d-----w- c:\program files\steam
2009-07-04 15:05 . 2008-12-04 07:49 -------- d-----w- c:\program files\UBISOFT
2009-07-02 10:50 . 2008-09-13 09:59 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-02 10:49 . 2008-09-13 09:58 183128 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-26 12:13 . 2009-05-15 14:03 -------- d-----w- c:\program files\Xfire
2009-06-24 09:01 . 2008-09-06 18:30 -------- d-----w- c:\program files\EA GAMES
2009-06-18 19:49 . 2008-09-12 17:04 -------- d-----w- c:\program files\Activision
2009-06-17 14:23 . 2008-11-20 13:46 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-06-15 16:14 . 2009-06-15 16:14 -------- d-----w- c:\documents and settings\Martin\Application Data\vlc
2009-06-15 16:13 . 2009-06-15 16:13 -------- d-----w- c:\documents and settings\Martin\Application Data\dvdcss
2009-06-15 11:05 . 2009-06-15 11:04 -------- d-----w- c:\program files\Hamachi
2009-06-15 11:04 . 2008-09-21 17:04 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-06-14 09:35 . 2008-09-06 17:52 -------- d-----w- c:\program files\ma-config.com
2009-06-14 09:35 . 2008-09-06 17:52 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\ma-config.com
2009-06-13 13:46 . 2008-09-13 09:58 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-06-11 22:29 . 2009-06-11 22:29 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-06 19:11 . 2009-06-06 17:49 -------- d-----w- c:\program files\PKR
2009-06-05 13:47 . 2009-06-05 13:47 -------- d-----w- c:\program files\Fichiers communs\Futuremark Shared
2009-06-05 11:56 . 2008-09-06 18:20 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-29 16:23 . 2009-01-31 17:08 -------- d-----w- c:\program files\Unreal2
2009-05-28 16:53 . 2009-05-28 16:43 -------- d-----w- c:\program files\GigaTribe
2009-05-27 11:04 . 2009-02-21 19:33 -------- d-----w- c:\program files\Google
2009-05-24 11:18 . 2009-05-24 11:18 -------- d-----w- c:\program files\GameSpy
2009-05-24 11:17 . 2009-03-09 17:12 669184 ----a-w- c:\windows\system32\pbsvc.exe
2009-05-23 16:21 . 2009-05-23 16:21 -------- d-----w- c:\program files\Ahead
2009-05-22 17:16 . 2009-05-22 17:14 -------- d-----w- c:\program files\TmNationsForever
2009-05-21 23:23 . 2009-05-21 23:23 -------- d-----w- c:\program files\DivX
2009-05-21 23:23 . 2009-05-21 23:23 -------- d-----w- c:\program files\Fichiers communs\DivX Shared
2009-05-21 22:55 . 2009-05-21 22:55 -------- d-----w- c:\program files\LimeWire
2009-05-21 22:49 . 2009-05-21 22:28 -------- d-----w- c:\program files\TweakDUN
2008-10-15 20:04 . 2009-05-28 16:17 1499136 ----a-w- c:\program files\cpuz.exe
2008-09-06 19:08 . 2008-09-06 18:35 28982675 ----a-w- c:\program files\vista-inspirat-pack_vista_inspirat_pack_2.0_francais_15013.zip
2009-06-03 05:12 . 2009-07-14 22:07 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-15_22.17.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-15 22:50 . 2009-07-15 22:50 16384 c:\windows\Temp\Perflib_Perfdata_988.dat
+ 2009-07-15 23:10 . 2009-07-15 23:10 16384 c:\windows\Temp\Perflib_Perfdata_778.dat
+ 2009-07-15 22:50 . 2009-07-15 22:50 16384 c:\windows\Temp\Perflib_Perfdata_76c.dat
+ 2009-07-15 23:10 . 2009-07-15 23:10 16384 c:\windows\Temp\Perflib_Perfdata_68c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"UberIcon"="c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe" [2006-05-21 180224]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"FlashGet"="c:\program files\FlashGet Network\FlashGet universal\FlashGet.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-03-06 488984]
"LogitechQuickCamRibbon"="c:\program files\Labtec\WebCam10\WebCam10.exe" [2007-03-06 1060376]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-09-29 185872]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-05 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"FlashGet"="c:\program files\FlashGet Network\FlashGet universal\FlashGet.exe" [BU]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

c:\documents and settings\Lo‹c\Menu D‚marrer\Programmes\D‚marrage\
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-5-21 180224]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\steam\\SteamApps\\nomak347\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\steam\\SteamApps\\mamadeus\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Activision\\Call of duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\steam\\SteamApps\\marley530\\counter-strike\\hl.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\UBISOFT\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\UBISOFT\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\UBISOFT\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\UBISOFT\\Far Cry 2\\bin\\FC2ServerLauncher.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\GigaTribe\\gigatribe.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW_LANFixed.exe"=
"c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"c:\\Program Files\\UBISOFT\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\UBISOFT\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\UBISOFT\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Downloads\\KILLING FLOOR - PREPATCHED TO V1003 - UBER MAP PACK V3 PREINSTALLED [TweakerL] [h33t]\\System\\KillingFloor.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16/07/2009 00:48 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16/07/2009 00:48 20560]
S2 gupdate1c9945bfbc833ca;Service Google Update (gupdate1c9945bfbc833ca);c:\program files\Google\Update\GoogleUpdate.exe [21/02/2009 21:38 133104]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 17:13 234864]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
.
------- Supplementary Scan -------
.
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
FF - ProfilePath - c:\docume~1\LOC~1\APPLIC~1\Mozilla\Firefox\Profiles\yz40jkx0.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/firefox
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 01:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\LOC~1\LOCALS~1\Temp\mc23.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-839522115-1592454029-2147200963-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5B34C8E0-1BF6-33F2-48FA-A06F86868D8F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"pafonlphdfkfilgpkmldccojfciolhok"=hex:6b,61,6b,61,69,61,6a,64,6f,67,6f,6e,69,
65,65,6e,6c,6b,63,67,6a,6c,00,00
"oaholbjbemadhhchkigidfjklkmnji"=hex:6b,61,6b,61,69,61,6a,64,6f,67,6f,6e,69,65,
65,6e,6c,6b,63,67,6a,6c,00,00

[HKEY_USERS\S-1-5-21-839522115-1592454029-2147200963-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:74,d1,7b,77,d0,ac,7b,52,e1,ad,32,40,ad,b8,76,b1,55,cc,80,a1,e6,16,ff,
f1,0e,77,e1,d6,8b,47,e5,db,d6,f4,0c,87,dd,69,f9,fa,ea,09,0a,41,74,9f,9e,79,\
"??"=hex:01,0d,c1,0b,2b,3f,59,00,59,d0,95,b6,30,9f,6d,9d

[HKEY_USERS\S-1-5-21-839522115-1592454029-2147200963-1003\Software\SecuROM\License information*]
"datasecu"=hex:cd,b0,44,48,de,e2,9b,09,4d,84,ce,1e,dd,68,c9,62,6d,21,85,45,00,
19,08,6d,b2,2f,3f,ee,fd,c4,e7,d1,ab,19,05,30,38,f5,bc,93,73,83,d1,27,21,75,\
"rkeysecu"=hex:a2,7f,6c,06,4c,af,96,9e,7b,76,7e,6f,ae,2e,a8,3b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1348)
c:\program files\SuperCopier2\SC2Hook.dll
c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\devldr32.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-15 1:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-15 23:13

Pre-Run: 81 602 068 480 octets libres
Post-Run: 81 614 032 896 octets libres

290 --- E O F --- 2008-10-08 16:35

Réponse 25 / 37

syd530 Messages postés 145 Statut Membre 3

Voici aussi le Scan Rsit
( le scan Combofix se trouvant au Post précédent )

Logfile of random's system information tool 1.06 (written by random/random)
Run by Loïc at 2009-07-16 01:17:18
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 78 GB (33%) free of 238 GB
Total RAM: 2047 MB (76% free)

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]
FG2CatchUrl - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-09-29 308832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-24 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"=C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [2007-03-06 488984]
"LogitechQuickCamRibbon"=C:\Program Files\Labtec\WebCam10\WebCam10.exe [2007-03-06 1060376]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-09-29 185872]
"AppleSyncNotifier"=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-03-06 177472]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"FlashGet"=C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe /min []
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"UberIcon"=C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"FlashGet"=C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe /min []

C:\Documents and Settings\Loïc\Menu Démarrer\Programmes\Démarrage
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-01-14 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 240128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"HonorAutoRunSetting"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\FlatOut2\FlatOut2.exe"="C:\Program Files\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2"
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\steam\SteamApps\nomak347\counter-strike source\hl2.exe"="C:\Program Files\steam\SteamApps\nomak347\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\steam\SteamApps\mamadeus\counter-strike source\hl2.exe"="C:\Program Files\steam\SteamApps\mamadeus\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Activision\Call of duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\steam\SteamApps\marley530\counter-strike\hl.exe"="C:\Program Files\steam\SteamApps\marley530\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe"="C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\UBISOFT\Far Cry 2\bin\FarCry2.exe"="C:\Program Files\UBISOFT\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"C:\Program Files\UBISOFT\Far Cry 2\bin\FC2Launcher.exe"="C:\Program Files\UBISOFT\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"C:\Program Files\UBISOFT\Far Cry 2\bin\FC2Editor.exe"="C:\Program Files\UBISOFT\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editeur"
"C:\Program Files\UBISOFT\Far Cry 2\bin\FC2ServerLauncher.exe"="C:\Program Files\UBISOFT\Far Cry 2\bin\FC2ServerLauncher.exe:*:Enabled:Far Cry® 2 Server Launcher"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\Program Files\GigaTribe\gigatribe.exe"="C:\Program Files\GigaTribe\gigatribe.exe:*:Enabled:gigatribe"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW_LANFixed.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW_LANFixed.exe:*:Enabled:Call of Duty(R): World at War Campaign/Coop"
"C:\Program Files\Codemasters\GRID\GRID.exe"="C:\Program Files\Codemasters\GRID\GRID.exe:*:Enabled:GRID"
"C:\Program Files\UBISOFT\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Program Files\UBISOFT\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\Program Files\UBISOFT\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Program Files\UBISOFT\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\Program Files\UBISOFT\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Program Files\UBISOFT\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Downloads\KILLING FLOOR - PREPATCHED TO V1003 - UBER MAP PACK V3 PREINSTALLED [TweakerL] [h33t]\System\KillingFloor.exe"="C:\Downloads\KILLING FLOOR - PREPATCHED TO V1003 - UBER MAP PACK V3 PREINSTALLED [TweakerL] [h33t]\System\KillingFloor.exe:*:Enabled:KillingFloor"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 2 months======

2009-07-16 01:17:00 ----SHD---- C:\RECYCLER
2009-07-16 01:14:00 ----A---- C:\ComboFix.txt
2009-07-16 00:47:57 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-07-16 00:09:09 ----A---- C:\WINDOWS\zip.exe
2009-07-16 00:09:09 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-07-16 00:09:09 ----A---- C:\WINDOWS\SWSC.exe
2009-07-16 00:09:09 ----A---- C:\WINDOWS\SWREG.exe
2009-07-16 00:09:09 ----A---- C:\WINDOWS\sed.exe
2009-07-16 00:09:09 ----A---- C:\WINDOWS\PEV.exe
2009-07-16 00:09:09 ----A---- C:\WINDOWS\NIRCMD.exe
2009-07-16 00:09:09 ----A---- C:\WINDOWS\grep.exe
2009-07-16 00:09:03 ----D---- C:\WINDOWS\ERDNT
2009-07-16 00:08:13 ----D---- C:\Qoobox
2009-07-15 20:52:45 ----A---- C:\FindyKill.txt
2009-07-15 20:36:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-15 20:36:19 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-15 20:30:38 ----A---- C:\FindKill recherche.txt
2009-07-15 20:12:34 ----RASHD---- C:\autorun.inf
2009-07-15 19:04:13 ----D---- C:\FindyKill
2009-07-15 14:01:02 ----A---- C:\TB pr le site.txt
2009-07-15 13:56:01 ----A---- C:\TB.txt
2009-07-15 13:55:25 ----D---- C:\ToolBar SD
2009-07-15 13:50:22 ----D---- C:\Program Files\CCleaner
2009-07-15 12:23:27 ----A---- C:\rapport.txt
2009-07-15 12:22:43 ----D---- C:\WINDOWS\SmitfraudFix
2009-07-15 11:40:10 ----D---- C:\rsit
2009-07-15 00:34:20 ----D---- C:\Program Files\Lavasoft
2009-07-15 00:34:19 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-07-15 00:14:15 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-14 23:15:27 ----D---- C:\Program Files\Alwil Software
2009-07-14 19:55:50 ----D---- C:\ProgramData
2009-07-13 13:59:02 ----D---- C:\Documents and Settings\Loïc\Application Data\vlc
2009-07-11 18:11:22 ----D---- C:\Program Files\Team6 game studios
2009-07-11 17:14:07 ----D---- C:\Downloads
2009-07-04 17:05:47 ----D---- C:\Documents and Settings\Loïc\Application Data\InstallShield
2009-07-02 23:21:13 ----D---- C:\Documents and Settings\All Users\Application Data\Babylon
2009-07-02 23:21:12 ----D---- C:\Documents and Settings\Loïc\Application Data\Babylon
2009-06-27 23:17:38 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2009-06-27 23:17:38 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2009-06-27 23:17:37 ----A---- C:\WINDOWS\system32\msir3jp.dll
2009-06-27 23:17:37 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2009-06-27 23:17:22 ----A---- C:\WINDOWS\system32\kbd101a.dll
2009-06-27 23:17:22 ----A---- C:\WINDOWS\system32\c_g18030.dll
2009-06-27 23:17:11 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2009-06-27 23:17:11 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2009-06-27 23:17:11 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2009-06-27 23:17:11 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
2009-06-27 23:17:11 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
2009-06-27 23:17:11 ----A---- C:\WINDOWS\system32\kbdibm02.dll
2009-06-27 23:17:11 ----A---- C:\WINDOWS\system32\kbdax2.dll
2009-06-27 23:17:11 ----A---- C:\WINDOWS\system32\kbd106n.dll
2009-06-27 23:17:11 ----A---- C:\WINDOWS\system32\kbd101.dll
2009-06-27 23:17:11 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
2009-06-27 23:16:54 ----A---- C:\WINDOWS\system32\c_is2022.dll
2009-06-27 23:16:52 ----A---- C:\WINDOWS\system32\uniime.dll
2009-06-27 23:16:47 ----A---- C:\WINDOWS\system32\imjp81k.dll
2009-06-27 23:16:46 ----A---- C:\WINDOWS\system32\kbdkor.dll
2009-06-27 23:16:46 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2009-06-27 23:16:46 ----A---- C:\WINDOWS\system32\kbd106.dll
2009-06-27 23:16:46 ----A---- C:\WINDOWS\system32\kbd103.dll
2009-06-27 23:16:46 ----A---- C:\WINDOWS\system32\kbd101c.dll
2009-06-27 23:16:45 ----A---- C:\WINDOWS\system32\Thawbrkr.dll
2009-06-27 23:16:45 ----A---- C:\WINDOWS\system32\kbd101b.dll
2009-06-27 23:16:44 ----RA---- C:\WINDOWS\system32\kbdvntc.dll
2009-06-27 23:16:44 ----RA---- C:\WINDOWS\system32\kbdintel.dll
2009-06-27 23:16:44 ----RA---- C:\WINDOWS\system32\kbdintam.dll
2009-06-27 23:16:44 ----RA---- C:\WINDOWS\system32\kbdinpun.dll
2009-06-27 23:16:44 ----RA---- C:\WINDOWS\system32\kbdinmar.dll
2009-06-27 23:16:44 ----RA---- C:\WINDOWS\system32\kbdinkan.dll
2009-06-27 23:16:44 ----RA---- C:\WINDOWS\system32\kbdinhin.dll
2009-06-27 23:16:44 ----RA---- C:\WINDOWS\system32\kbdinguj.dll
2009-06-27 23:16:44 ----RA---- C:\WINDOWS\system32\kbdindev.dll
2009-06-27 23:16:44 ----RA---- C:\WINDOWS\system32\kbdgeo.dll
2009-06-27 23:16:44 ----RA---- C:\WINDOWS\system32\kbdarmw.dll
2009-06-27 23:16:44 ----RA---- C:\WINDOWS\system32\kbdarme.dll
2009-06-27 23:16:44 ----A---- C:\WINDOWS\system32\c_iscii.dll
2009-06-27 23:16:42 ----RA---- C:\WINDOWS\system32\kbdurdu.dll
2009-06-27 23:16:42 ----RA---- C:\WINDOWS\system32\kbdsyr2.dll
2009-06-27 23:16:42 ----RA---- C:\WINDOWS\system32\kbdsyr1.dll
2009-06-27 23:16:42 ----RA---- C:\WINDOWS\system32\kbdfa.dll
2009-06-27 23:16:42 ----RA---- C:\WINDOWS\system32\kbddiv2.dll
2009-06-27 23:16:42 ----RA---- C:\WINDOWS\system32\kbddiv1.dll
2009-06-27 23:16:42 ----RA---- C:\WINDOWS\system32\kbda3.dll
2009-06-27 23:16:42 ----RA---- C:\WINDOWS\system32\kbda2.dll
2009-06-27 23:16:42 ----RA---- C:\WINDOWS\system32\kbda1.dll
2009-06-27 23:16:42 ----A---- C:\WINDOWS\system32\kbdusa.dll
2009-06-27 23:16:40 ----RA---- C:\WINDOWS\system32\kbdheb.dll
2009-06-27 23:16:36 ----RA---- C:\WINDOWS\system32\kbdth3.dll
2009-06-27 23:16:36 ----RA---- C:\WINDOWS\system32\kbdth2.dll
2009-06-27 23:16:36 ----RA---- C:\WINDOWS\system32\kbdth1.dll
2009-06-27 23:16:36 ----RA---- C:\WINDOWS\system32\kbdth0.dll
2009-06-27 23:16:36 ----A---- C:\WINDOWS\system32\ftlx041e.dll
2009-06-25 20:32:00 ----D---- C:\Program Files\Unlocker
2009-06-25 12:21:34 ----HD---- C:\WINDOWS\PIF
2009-06-24 11:01:45 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-06-24 11:01:45 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-06-24 11:01:44 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-06-21 10:41:08 ----D---- C:\Program Files\DAEMON Tools Lite
2009-06-17 23:43:32 ----D---- C:\Documents and Settings\All Users\Application Data\Codemasters
2009-06-17 23:42:19 ----D---- C:\Program Files\OpenAL
2009-06-17 23:42:19 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-06-17 23:42:19 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-06-17 23:42:18 ----RA---- C:\WINDOWS\system32\tmp7B.tmp
2009-06-17 23:42:18 ----RA---- C:\WINDOWS\system32\tmp7A.tmp
2009-06-17 23:20:53 ----D---- C:\Program Files\Codemasters
2009-06-16 06:56:24 ----D---- C:\Documents and Settings\Loïc\Application Data\BITS
2009-06-16 06:56:17 ----D---- C:\profiles
2009-06-15 13:04:59 ----D---- C:\Program Files\Hamachi
2009-06-12 00:29:50 ----A---- C:\WINDOWS\system32\xfcodec.dll
2009-06-06 19:49:22 ----D---- C:\Program Files\PKR
2009-06-05 15:47:55 ----D---- C:\Program Files\Fichiers communs\Futuremark Shared
2009-05-28 18:44:07 ----D---- C:\Documents and Settings\Loïc\Application Data\GigaTribe
2009-05-28 18:43:48 ----D---- C:\Program Files\GigaTribe
2009-05-28 18:17:28 ----A---- C:\Program Files\cpuz.exe
2009-05-24 13:18:23 ----D---- C:\Program Files\GameSpy
2009-05-24 13:07:07 ----D---- C:\Program Files\Electronic Arts
2009-05-23 18:21:47 ----N---- C:\WINDOWS\Unnero.exe
2009-05-23 18:21:46 ----N---- C:\WINDOWS\system32\MultiSZ.dll
2009-05-23 18:21:43 ----A---- C:\WINDOWS\system32\TwnLib20.dll
2009-05-23 18:21:43 ----A---- C:\WINDOWS\system32\picn20.dll
2009-05-23 18:21:43 ----A---- C:\WINDOWS\system32\ImagXpr5.dll
2009-05-23 18:21:43 ----A---- C:\WINDOWS\system32\imagx5.dll
2009-05-23 18:21:43 ----A---- C:\WINDOWS\system32\imagr5.dll
2009-05-23 18:21:42 ----D---- C:\Program Files\Ahead
2009-05-23 18:21:42 ----A---- C:\WINDOWS\system32\NeroCheck.exe
2009-05-22 19:25:08 ----D---- C:\Documents and Settings\All Users\Application Data\TrackMania
2009-05-22 19:14:07 ----D---- C:\Program Files\TmNationsForever
2009-05-22 14:24:05 ----D---- C:\Program Files\SuperCopier2
2009-05-22 01:25:32 ----D---- C:\Documents and Settings\Loïc\Application Data\DivX
2009-05-22 01:23:53 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2009-05-22 01:23:53 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2009-05-22 01:23:35 ----D---- C:\Program Files\Fichiers communs\DivX Shared
2009-05-22 01:23:35 ----D---- C:\Program Files\DivX
2009-05-22 01:11:37 ----D---- C:\Documents and Settings\Loïc\Application Data\LimeWire
2009-05-22 00:55:32 ----D---- C:\Program Files\LimeWire
2009-05-22 00:28:13 ----D---- C:\Program Files\TweakDUN

======List of files/folders modified in the last 2 months======

2009-07-16 01:14:55 ----D---- C:\Program Files\Mozilla Firefox
2009-07-16 01:14:50 ----D---- C:\WINDOWS\Prefetch
2009-07-16 01:14:49 ----D---- C:\WINDOWS\Temp
2009-07-16 01:14:02 ----D---- C:\WINDOWS\system32\drivers
2009-07-16 01:14:02 ----D---- C:\WINDOWS\system32
2009-07-16 01:12:47 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-16 01:11:06 ----D---- C:\WINDOWS
2009-07-16 01:11:06 ----A---- C:\WINDOWS\system.ini
2009-07-16 01:10:47 ----SD---- C:\WINDOWS\Tasks
2009-07-16 01:09:18 ----D---- C:\WINDOWS\system32\config
2009-07-16 01:07:49 ----D---- C:\WINDOWS\AppPatch
2009-07-16 01:07:48 ----D---- C:\Program Files\Fichiers communs
2009-07-16 01:05:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-16 01:03:37 ----D---- C:\Documents and Settings\Loïc\Application Data\Skype
2009-07-16 01:00:35 ----D---- C:\Documents and Settings\Loïc\Application Data\skypePM
2009-07-16 01:00:19 ----D---- C:\Documents and Settings\Loïc\Application Data\teamspeak2
2009-07-16 00:18:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-16 00:17:10 ----D---- C:\Program Files
2009-07-16 00:17:05 ----SHD---- C:\WINDOWS\Installer
2009-07-15 20:16:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-15 14:00:52 ----D---- C:\Documents and Settings
2009-07-15 12:48:33 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-15 11:00:51 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-07-14 20:21:00 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-14 11:18:49 ----D---- C:\Documents and Settings\Loïc\Application Data\dvdcss
2009-07-13 23:57:14 ----D---- C:\Program Files\SpeedFan
2009-07-13 22:32:31 ----D---- C:\Documents and Settings\Loïc\Application Data\Hamachi
2009-07-12 23:38:45 ----D---- C:\Program Files\eMule
2009-07-12 23:15:05 ----RSD---- C:\WINDOWS\Fonts
2009-07-12 23:11:34 ----HD---- C:\WINDOWS\inf
2009-07-05 14:26:09 ----D---- C:\Program Files\steam
2009-07-04 17:13:52 ----RSD---- C:\WINDOWS\assembly
2009-07-04 17:13:32 ----D---- C:\WINDOWS\system32\DirectX
2009-07-04 17:05:55 ----D---- C:\Program Files\UBISOFT
2009-07-02 12:49:27 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-06-27 23:27:47 ----SD---- C:\Documents and Settings\Loïc\Application Data\Microsoft
2009-06-27 23:17:37 ----D---- C:\WINDOWS\Help
2009-06-26 22:43:51 ----D---- C:\Documents and Settings\Loïc\Application Data\Xfire
2009-06-26 14:13:08 ----D---- C:\Program Files\Xfire
2009-06-24 11:01:45 ----D---- C:\Program Files\EA GAMES
2009-06-21 10:42:02 ----D---- C:\Documents and Settings\Loïc\Application Data\DAEMON Tools Lite
2009-06-18 21:49:16 ----D---- C:\Program Files\Activision
2009-06-17 16:23:55 ----D---- C:\Program Files\Teamspeak2_RC2
2009-06-14 11:35:56 ----D---- C:\Program Files\ma-config.com
2009-06-14 11:35:56 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com
2009-06-13 15:46:43 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-05-29 18:23:21 ----D---- C:\Program Files\Unreal2
2009-05-27 13:04:53 ----D---- C:\Program Files\Google
2009-05-24 13:17:19 ----A---- C:\WINDOWS\system32\pbsvc.exe
2009-05-22 00:50:03 ----D---- C:\WINDOWS\system32\wbem
2009-05-22 00:50:02 ----D---- C:\WINDOWS\Registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-09-28 5632]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-11-15 279712]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-11-15 25888]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-08-06 4122112]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-01-14 3455488]
R3 catchme;catchme; \??\C:\DOCUME~1\LOC~1\LOCALS~1\Temp\catchme.sys []
R3 emu10k;Creative SB Live! Value (WDM); C:\WINDOWS\system32\drivers\emu10k1f.sys [2001-08-14 775296]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlface.sys [2001-07-11 6912]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-06-15 25280]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-24 9600]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-03-06 41376]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-24 12288]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2007-03-06 491168]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfman.sys [2001-08-31 36992]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
S3 a24klcr5;a24klcr5; C:\WINDOWS\system32\drivers\a24klcr5.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 hidgame;Activateur de port HID à manette de jeu Microsoft; C:\WINDOWS\system32\DRIVERS\hidgame.sys [2001-08-17 8576]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-03-06 1669664]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-03-06 2261792]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 RushTopDevice;RushTopDevice; \??\C:\Program Files\MSI\Core Center\RushTop.sys []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Port II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-08-28 55808]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\LOC~1\LOCALS~1\Temp\mc23.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-01-14 598016]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-06-13 75064]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-01-13 593920]
S2 gupdate1c9945bfbc833ca;Service Google Update (gupdate1c9945bfbc833ca); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-21 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe [2007-03-06 105248]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-05-29 234864]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe [2009-01-31 79360]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Réponse 26 / 37

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Bien ...

on avance ... ^^

fais ceci dans l'ordre :

1- refais un coup de CCleaner ( registre compris ) .

====================

2- Utilise Malwarebytes maintenant :

mets le à jour .

! Déconnecte toi et ferme toutes applications en cours !

* Lance Malwarebyte's .

Fais un examen dit "Rapide" .

--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date) pour analyse ...

=========================

3- Télécharge Ad-remover ( de C_XX ) sur ton bureau :

http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

! Déconnecte toi et ferme toutes applications en cours (Navigateur compris) !

• Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

• Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

• Au menu principal choisis l'option "S" et tape sur [entrée] .

• le scan démarre , laisse travailler l'outil et ne touche à rien ...

/!\ l'outil donne l'impression qu'il a planté et qu'il ne se passe rien , mais ce n'est pas le cas ! ( le scan est très discret et assez long , donc patience ... )

--> Poste le rapport qui apparait à la fin dans ta prochaine pour analyse ...

( Le rapport est sauvegardé aussi sous C:\Ad-report-SCAN.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus :
(AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Aides en images (Installation) : http://pagesperso-orange.fr/NosTools/tuto_ad_r1.html
Aides en images (Recherche) : http://pagesperso-orange.fr/NosTools/tuto_ad_r2.html

Réponse 27 / 37

syd530 Messages postés 145 Statut Membre 3

Voici les rapports

Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2421
Windows 5.1.2600 Service Pack 2

16/07/2009 11:16:34
mbam-log-2009-07-16 (11-16-34).txt

Type de recherche: Examen rapide
Eléments examinés: 90914
Temps écoulé: 2 minute(s), 56 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

---------------------------------------------------------------------------------------------------------------------------------

.
======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 11:18:48, 16/07/2009 | Mode Normal | Option: SCAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
Nom du PC: LOØC | Utilisateur actuel: Lo‹c
.
Administrateur: Administrateur
N'est pas administrateur: ASPNET
N'est pas administrateur: HelpAssistant *Desactive*
N'est pas administrateur: Invité
Administrateur: Loïc
N'est pas administrateur: Martin
N'est pas administrateur: SUPPORT_388945a0 *Desactive*
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.
.
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\ItsLabel
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Classes\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKU\S-1-5-21-839522115-1592454029-2147200963-1003\Software\Eorezo
HKU\S-1-5-21-839522115-1592454029-2147200963-1003\Software\ItsLabel
.
C:\DOCUME~1\LOC~1\APPLIC~1\EoRezo
C:\DOCUME~1\LOC~1\APPLIC~1\ItsLabel
C:\Program Files\EoRezo
C:\DOCUME~1\LOC~1\APPLIC~1\Mozilla\Firefox\Profiles\yz40jkx0.default\searchplugins\lost.xml
C:\Documents and Settings\Lo‹c\Application Data\Eorezo
C:\Documents and Settings\Lo‹c\Application Data\ItsLabel
.
============== Scan additionnel ==============
.

* Mozilla FireFox Version 3.0.11 *

Nom du profil: yz40jkx0.default (Lo‹c)
.
(Prefs.js) user_pref("browser.search.selectedEngine", "Live Search");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.google.fr/firefox");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.11");
.
.

* Internet Explorer Version 6.0.2900.2180 *

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

============== Suspect (Cracks, Serials ... ) ==============

.
C:\Documents and Settings\Lo‹c\Application Data\uTorrent\Call_Of_Duty_4_Crackfix_And_Keygen-Razor1911.torrent
C:\Documents and Settings\Lo‹c\Mes documents\Downloads\Jeux\Patchs COD4 1.6-1.7.rar
C:\Documents and Settings\Lo‹c\Mes documents\Downloads\Keygen\KillingFloor_FR-1.2.zip
.
===================================
.
3250 Octet(s) - C:\Ad-Report-SCAN.log
.
1 Fichier(s) - C:\DOCUME~1\LOC~1\LOCALS~1\Temp
2 Fichier(s) - C:\WINDOWS\Temp
.
1 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 11:37:08 | 16/07/2009
.
============== E.O.F ==============
.

Réponse 28 / 37

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

bien ...

1- ! Déconnecte toi et ferme toutes applications en cours (Navigateur compris) !

• Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

• Au menu principal choisis cette fois l'option "L" et tape sur [entrée] .

• Le nettoyage débute > Laisse travailler l'outil et ne touche à rien !...

--> Poste le rapport qui apparait à la fin dans ta prochaine réponse accompagné d'un nouveau rapport Hijackthis pour analyse ...

( Le rapport est sauvegardé aussi sous C:\Ad-Report-CLEAN.log)
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

Réponse 29 / 37

syd530 Messages postés 145 Statut Membre 3

.
======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 12:26:49, 16/07/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
Nom du PC: LOØC | Utilisateur actuel: Lo‹c
.
Administrateur: Administrateur
N'est pas administrateur: ASPNET
N'est pas administrateur: HelpAssistant *Desactive*
N'est pas administrateur: Invité
Administrateur: Loïc
N'est pas administrateur: Martin
N'est pas administrateur: SUPPORT_388945a0 *Desactive*
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\ItsLabel
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\DOCUME~1\LOC~1\APPLIC~1\EoRezo\cmhost.cyp
C:\DOCUME~1\LOC~1\APPLIC~1\EoRezo\ConfMedia.cyp
C:\DOCUME~1\LOC~1\APPLIC~1\EoRezo\db
C:\DOCUME~1\LOC~1\APPLIC~1\EoRezo\eoDesktop
C:\DOCUME~1\LOC~1\APPLIC~1\EoRezo\eoStats
C:\DOCUME~1\LOC~1\APPLIC~1\EoRezo\host.cyp
C:\DOCUME~1\LOC~1\APPLIC~1\EoRezo\user.cyp
C:\DOCUME~1\LOC~1\APPLIC~1\EoRezo\db\cat.cyp
C:\DOCUME~1\LOC~1\APPLIC~1\EoRezo\eoDesktop\config.xml
C:\DOCUME~1\LOC~1\APPLIC~1\EoRezo\eoDesktop\eoDesktop.html
C:\DOCUME~1\LOC~1\APPLIC~1\EoRezo\eoDesktop\userConfig.xml
C:\DOCUME~1\LOC~1\APPLIC~1\EoRezo\eoStats\eoStats.txt
C:\DOCUME~1\LOC~1\APPLIC~1\EoRezo
C:\DOCUME~1\LOC~1\APPLIC~1\ItsLabel\ItsTV
C:\DOCUME~1\LOC~1\APPLIC~1\ItsLabel\ItsTV\itsTV.xml
C:\DOCUME~1\LOC~1\APPLIC~1\ItsLabel
C:\Program Files\EoRezo\EoAdv
C:\Program Files\EoRezo\EoAdv\eoAdv.url
C:\Program Files\EoRezo\EoAdv\EoRezoBho.old
C:\Program Files\EoRezo
C:\DOCUME~1\LOC~1\APPLIC~1\Mozilla\Firefox\Profiles\yz40jkx0.default\searchplugins\lost.xml

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.

* Mozilla FireFox Version 3.0.11 *

Nom du profil: yz40jkx0.default (Lo‹c)
.
(Prefs.js) user_pref("browser.search.selectedEngine", "Live Search");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.google.fr/firefox");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.11");
.
.

* Internet Explorer Version 6.0.2900.2180 *

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

============== Suspect (Cracks, Serials ... ) ==============

.
C:\Documents and Settings\Lo‹c\Application Data\uTorrent\Call_Of_Duty_4_Crackfix_And_Keygen-Razor1911.torrent
C:\Documents and Settings\Lo‹c\Mes documents\Downloads\Jeux\Patchs COD4 1.6-1.7.rar
C:\Documents and Settings\Lo‹c\Mes documents\Downloads\Keygen\KillingFloor_FR-1.2.zip
.
===================================
.
3952 Octet(s) - C:\Ad-Report-CLEAN.log
.
11 Fichier(s) - C:\DOCUME~1\LOC~1\LOCALS~1\Temp
2 Fichier(s) - C:\WINDOWS\Temp
.
19 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
13 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 12:45:33 | 16/07/2009
.
============== E.O.F ==============
.

Réponse 30 / 37

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

oki ...

fais ceci maintenant :

utilise Hijackthis .

tuto pour utilisation :
Regarde ici, c'est parfaitement expliqué en images (merci balltrap34),
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
( Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement )

> !! Déconnecte toi et ferme toutes tes applications en cours !!

Clique sur le raccourci du bureau pour lancer le prg :
fais un scan HijackThis en cliquant sur : "Do a system scan and save a logfile"

---> Poste le rapport généré pour analyse ...

Réponse 31 / 37

syd530 Messages postés 145 Statut Membre 3

Voici le rapport, excusez moi pour la lenteur de ma réponse

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58:04, on 16/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Labtec\WebCam10\WebCam10.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Loïc\Bureau\Nouveau dossier\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service Google Update (gupdate1c9945bfbc833ca) (gupdate1c9945bfbc833ca) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe

Réponse 32 / 37

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

bien ...

dis moi comment va le PC .... du mieux ? ....

puis fait ceci dans l'ordre :

1- Télécharge OAD ( par !aur3n7) : http://sosvirus.changelog.fr/OAD.exe
----> Enregistre le sur ton bureau .

Double clique sur l'icone OAD pour le lancer

- nom du fichier à rechercher :
-->tape ou fais un copier coller de : geyekr

- Type de recherche : sélectionne l'option 6 puis valide ["entrée"]

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ait terminé.
Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé.

Note : suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient ...

->Sauvegarde ce rapport sur ton Bureau et fais un copier / coller de celui-ci dans ta prochaine réponse ...

Puis recommence avec :

UAC

poste moi donc les deux rapports obtenus et fait la suite ...

======================

2- Télécharge GenProc (de Jean-Chretien1 et Narco4) sur ton bureau (et pas ailleur !) :
http://www.genproc.com/GenProc.exe

!!Déconnecte toi et ferme tes applications en cours !!

* double-clique sur GenProc.exe pour lancer le scan et laisse faire ...

* A la question "faites vous aidez sur un forum..." > clique sur " oui " .

-> poste le contenu du rapport qui s'ouvre ...

Aide en images ici : http://www.alt-shift-return.org/Info/GenProc-HowTo.html

IMPORTANT : poste le rapport et ne fais rien d'autre pour l'instant ( souvant il faut ajouter des consignes à la manipe indiquée pour que cela fonctionne parfaitement ) .

Réponse 33 / 37

syd530 Messages postés 145 Statut Membre 3

Voici déjà les deux rapport.
Je vais effectuer la seconde manipulation.
Et effectivement mon Pc fonctionne vraiment mieux, il Rame moins et le beug Google n'est plus là =D

16/07/2009 ---- 19:32:06,64

----------------------------------
§§§§§§ [geyekr] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete

********************
[Registre]
********************

Aucune entrée détectée

*******************
[Fichier]
*******************

*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté

Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------

16/07/2009 ---- 19:33:36,00

----------------------------------
§§§§§§ [UAC] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete

********************
[Registre]
********************

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\UsageStats\Daily\Booleans]
"worker_is_uac_disabled"=hex:00,00,00,00

"gm_r_Files_5"="wJk4PvCs(,'3?zemo+uq5BgP)h$6tg7{uY`,@Su16f`wfftSZQyCR[YJr`8-3%D1P$7Tndsn974Xm3AR,*]sE$_qzoinT-G@V[Sw$R-R2TK{UA^a{hKu@t`-@Gfqg)W,4C've-{FJt3L,b^)P$'9hiH6$6kk(~AUL]9!-eUC.*j1=$l)5'[GBi=-R0+Ofpob0(gpuZ*l]K@[ag),9h]vaivl1C?-fJ]VDtw2pK0PR1M07Hyg&~_?e?lknB_2c?*JN+yZtJo}^YJ-[[+iKZ79dV`@R0WhKX@w{_Apq9zQ!DQ&{-`DqkHAft]3i(]Vl']o}*4.qDf%+m4*L2%mfQr5btUg..qToGFB'1Fd7awt4ER&YkSIrsS{mWe~j~+MkV]z8A_aIQnfZfj]0f!93,$BPYyo=vdckWCu^ZrSDxQxGI=RYSCJXGR=W&j_MXDM]93LFp5[+rmh}=7[JI~~j0cy7LsOzcdHZiior.2`1d=M$Tv00{SLEOp3PT]Z]!4'8,oj}F_bMkKH}FS?3xUrfHja?=pDj?jdny$1rl(8jYi(_tdh]5]1Z9v'4ROo5@0}E_(tRVz3YrdChg+5?bcpaGiR'V6ll-8Y6BMW$x*roGWP)arXxZWbb*K3t,%qj3b{C7E22(YN@pSOT)R')ka%andP'ykG_%Ep^z(NmR2)QHiJRR8D?nxT'u_D@_n66X.hh`zjk9t2(srzYzrWp`E7}tmwpR.mj?[j3lvdOBi=e[_)UQPZ=%38rl2KSIzk}0H0QniqLWGHCJ!r1M!YYPglH5o[8ogiv1u]RdJUWT.g27Nz83E)''UuZKH`lvNWab8KMtoea&Gn0?3%x2UEF*1(!hnDgS0+Q]XM,yH@+8YRoy'b_d=2iz28uHmeKR*A)`x$$xnQub^PRG%?fgtl]vnTfGw[`lRTytmm(m+RB+G^C9B{h].6*$28xhY0.nX^~!jsjt3spv{ie@3smSh8LR_9z=W`]]^w^`QR.(oOYcK@F&e]]yk0@KT%kpoT1KcUabbs$A&z&r1'1@C~7cgl)0oz~Bp`r=5&KqWUv.jO6PazF=,nz=Ys3ODSU0n,^EgyB4Z-T,}MuW@NgkBb^BCyhu,SYN0Vj+iMD,k)i@ni*a}qXgy^zT&!ZBRk-o2.AL7K0o97eRtA&MwcX?VLS_8@.1lgnm^Dax7^1Kp(SG1+5,FqC(tVlylD_Dze[[N@8bv$!aJS'$-{0g28ns*Va._RanU`f97%@_U2eq~x?0$fwFx@pXPAs^,6uWS8D0a.,PSm)34MfTUUlw+4uaCb?coDREyJoi-szyOf6vh&1.d)CtRcp}QBE)=xVTC}=IqxqQvu8JYnIa%,OAaL5IFLeoT{E?{(eL-fwU&Hc+?*svp,LG1OpWYJAF=Y'$F0%,kfWRyzFVI(v++z(3~Zsa&4gjmYo6.c-~J_X(1+ju=+?kdJKMy`'QViXc%?28$XaeA2+,b4a.O)?a{XL&Lz&u?sk?(x?%~dwU1Y8'o0h3&{bj0@3(IB6P.[s2LYQZq_oLfb?rTVa_S04[k*~?USLmy-@c){{^yO6zUx+_IBxtdrQ`k+6$)4esee`,HJ].'eXkw-3Q=yzVu)jjxenIEYgvGYWE25w8WQ!cBMj9e~-*O`DrjcdZ)UFK'6MFBil.~*A_'{oE[tOk4E}Mgzh^VX&L%K()HdjP@C!oUyLCD2vj_U7yt{Eg}Eiu2U-yB0[(aVBgrGTyTbY*k]DdSf~31f+'@c{,Cx40dTheyb?(U6QZ=rY^~BWo4q,+0xPsub)+%%qZn454=OLeI4Ixp0ndxl$?Aq{T~r+?RF-XPY^00XG^Fh~u4ofjoS!32TBY2s-0_OirQ,e*}F.6'Q_0F6T59_Ik3&0_h0{LCA*0Nt_Dh]9!YLd~raJkX.-$'DZBro]a]'sT@b}O_m'q.lx70Z[{Hab_nWvKy3]Xu3*7EbRr=GUg{N+aJgyjq(WBZ_nQf2pbmPGJBuNC6DCW9Dij6!uEbnVo4fFLfmiBl09N*D*jR^x.}9.$(^5%7FZdLTT3qpoB.u6Crh3CK!IF@R,oYgIW~?4}gHL!ZneoZ6LC-r[.n_7s11i,''su`3'bxHt1R=3cMeB3LcelmdUF$B8(+}qO*E^O_,X^7NPZ*w&SFqR.NwoyP.9*qNqn_GV,!dunLgLHoz}q[[bUmi&fORRWT8=EETF`DvPx[fZB[1EQK?_q,6uB&^p(RekLVb[btPr_TD1?QLAcl=QH@Jx.y.`?EagXki][fy_$'~aY_*z3$xZkrS7AdsTk-kN`RTh8DGK=hsARRQO)29qcRb*V??(qXR4qZi8FEv**a5CFoq"

"QuickTimeEssentials"="TD_.UDBXu9BWe%xw`*tdY(M'Oa8YX?JlP@zA]?dPU'[}?D]p_8aFZU26(O)[hD8f.KZhu?&dw?G7u'fPzfo.6e(KeAg$b)n.g0eYg!k!9TzPM@)}t+*JIz1i4z2ey8W`a?D]ELG3@5.sz{wUL^qGU9+V'pFBY167$8!_Ybs}-?.O0CEPt)N@*wdErlmYS9+*yq?_IkZ!fx]&i`tLc?e@(-c[U,Tp3xCRE$sf??9s4rg{{amEdA*0[DkQS9~j=6,?!GhQr&yS?)jd2=s4qL'&K&]DA[hddxHdg=T$[77]0RY(Pq8G!DDJ+?XUH52f{V.h@=UBE4J}W@((MkkP8^GfMqkwbm~Rq8%Xk!`%M'$Y?s]i^Eh$4=V0~{Irc5!(LSq@vvIH(?E=5m3sDcoY`5uXN,k-}?yq[nA^NJK*OU-WKewhJAW+cnwVo8~Gi?iObgW!Y@Kt%dM.{HTu4Zi4U$vly9[eA(A3zHmm$jm8[TD!C?ZGQvISNfy^e$h)4K2}]@PnN.ONtwG320p4YymJ+=^jfLO9!NbRWfNVY4!3cA-F6n2-atXtQ[[w?O[Ft?i+]O!&C?toqHQLl~S?P?&zn*j^s![%s$WU*D`[R=W%PnUfuFIs}RG*ZF5,)@O@9N@378'mg2O@l!Y!b9!DZ[LuVLHI9iRW^FgfN@4PdUWvj+jb~%VFt.4f%=$tPK_sK!J!)4b`kql0s953rb(Db`8OoWoeg,hav9vN@0AONU9qqoSpK4E[+?cvk'J6O0`zY[Ek*[Q1T=w^kOYi_KixF9C=MOE939a_]$1p?@xuaVPlpCF1E@Nn+UsCq{@U)Y`@Z.xG4@x6f%L9`UMC!p!dNMD)m8avr6!+Cxs,NpHZ(lH9Y=2LXl-i26`8r~-@3x^-?Aejq]k]!~jPgbwecPOVX@Z'L4DyuKRHcc&t]%Y^i@^_.vP&W.wLdyirTVc)=93Y`}U$yuitFrQ}[%id39By3Q@M~y!WOi=FPfY_EA9QZ`?P8xTdkR6h`eE~,=qG0uHh%Ng%)=gI,4l5I?n[M=S,)Dwpyp)lWTORFAac*T8Dm(~cH@y*AJHZq@HOxJ(@]Q[R!^a{9+m}?9BOFb=]*u2)7I+!YhIfc9!n2-v,a+FL{V7'Z%c7y8z0vSlsK!L+bL8?FDBU{9weuGnz$2+$'5ht&eqVR?V~CU?f}2LLs+0RGq-Z%?a)$Se^cY6,Ev'6+.Xld@9n]JZ-x+a^0sWB2V@{Y?]mue[,9ren.}S'iZL'y@V-M0q[rUe1HguaYEh96?@cCrhX%61u[z8UyY9.r?h%{?[U&toP+rJXaYaBm9}zHFZJ+UK&+=@Xn3S`@?8JU@H&yRnNK,ia*(4`V=sNBh^VvgOPH5U=K[j'B=V]*i%tP1wezsyDOB0?k@$jX&2o6QDOexdr3g8d6A[Y=.)%e}))=b,V^J3vh9yS{4m?nq'QYnSW5s%{w9.@,e4,oH3YQ3t]=,gS?=pDui!P@GqVUo9y'mezq8m]Lc(6!KC]GM_IZXpi3A?k_d43&.R`GX1v2c22~9tHL==-7CxDM@0FQqI}_=RAGNBv_]]lI.7G3=yIT@2RHkl`F0d8A^@u_@uVIAZD+BD$!z)SV_?1(IEDS=T45Se0aP+c'r-`xlQi(@oAz!pR3[4NupQ$6YAXe8DS9e?KY[2a!5[&A%'TQAd-&9jv?D1MdiZPhdu}KAtVu7Jps+0_?.BO16H{g(FU%cD&lrLWlf~nDe[?)=Stzq8cY~vw0%UHQ}7qY?2w}=w'Q=G%D3o3+16}(A^4TeCV7ujy'4sV25e0p=x}521q-6QowCw]'C*}EA^puh2%ehcp5WpbXVg)RA1=2yE6v4Sg&%R=AUQ[l=K+cuuiz!0j7?~+?j(vl8E?qTEz.Tx,G1Ob?r~Cp@P$doi4ghrmn(O4Vy,uN@&{v%DvUXk7-XJPY7!&.?cAI~chOn481Vu]p^_do=QqW5y&MJ{'vJ3AL23@MA,s5bW5Y2iY%i_E.?^)k=ri_p[yS-BIW6po2a-wf?3`*?9}vYgDJF,vS`1}YAYNjP0?u[N)bWTkT1h*_A65@L=Z84t^{EFLWqaN[AVKS`y]@e2])1{=2!lw=?ojH3{c)TN)MH,--9pMA=gi%M+AANQggK6nR{g1q9_&7j!rQH-M^&3(w^EOI=NmCmOJm,Y%}_`z!BIcV@DH,kaN`J(_&&5O@u_dH9a$2@x=um[zWYNBY@b5*AekKfyb^G*D^v{{c!x@7AHXUIcVTJk8Rrk+Xpi-B?eeYnd60,HBmkPf5)=SV?)PiA])&d?J2ihGac3*x=cv5_OG]{QEgx}3I&Kz7?q`[lxQ~X^n2ju`]Bs(m@~0`+qU)'$Z7DuD(70J'Apk~_VKF})Fqgpl,vw@AAV^2uyk@pBe_lKEgUk6e@yWnlGICLycE%$AiZXhi?l_txx4i%ibdag$I&hda=6F-FxL-bK6MT0OdIQ5`=*,N0p9ZJIgu3oLe?[1U=t_j'Q7zPxU_(BKdS%t`8VZ]0HG[37VDIi@9XJjF=+vBY18H?T^rvUavrq]MA&BHeDMhZdm+veM512Ir9(N9$6,i+GHp'*)pfr*l8ShBxPQTs_8Tl[L9U@A29{I4FOO^{8dM*zwhbPx!A%(=kg'sSHN$W?ndJl[n=8o14.!zj_iVr2$o]Hw'=N_%AB}'R9xJI,TX62(6==UgwZ6L4nGkQu+Aq)e59ri~?`_6K^B7oHAi2{qt@)mpP&V1p}GzI]${!T{_?$1^W-9Z}QUZl6{bq8t'Auu2R1HuL}IPO&M]}l$`?wTXq%)9zKoZ6sis-@IbA58Ic5S%jsFZa3=V?L6)AYGk,X,G=iJ+f`Kuf}5A9Mug1GQ0[RT$CixGb*Y)?&fmm%lg[)zqKeMD_^[$AyD4U2N=VJ@YJCSDLH]897gWZp.$VWdA9Pl%P,Zj@aDoj[sP?'CHwk]WW[L~=iTte+}-V(8AI9AeWtGX=TQ0j!cOr8v_vG0Zi%Gc@QNu,2C`?zRH3~,v[6c!@`1.Jcqa-h!3Dndh9OkT9bHmN3n{[sRM*KiTc{=-A6w)%33beQp&{5Bc.GkF@UJS)z.6MsRhZ-bGS?Xq@~yD.,N)dlv3xj~GjiB%ABUSJM^b85&csGiE`YbQAvw?ePa72Y=v2VU('?^~?&oupdib%CB(^_^^.IvF@ilkzW4y=(,-TKW9261s=o9IcA=z}$Q1un0wispi?mF%s63`c7yXPg+,=*A8AXUH}rb&j`R*?`gk31BD=,'x]boXq6HUdofZsuH6=+g[!5,Aw7UcV1[A^~n[9n$%$5p[X?4a(q6ySGDH9,-_(MZZ{NrL3TR`$B3CASGRTB@0D9aGgTzAMS!~@wh@gqdRFfoLog6C1RGR?sSRI,Uzqbz8'FirX&xf@{[?-O~9QZpp7$)?B*b.9)`FtH,&x~+csrIk=zbn@F-j77XQRm5O1b'!s2YL?vJZfQrhh3=*]CSk,a5~@.YeMn09xGXP,46ecBL_@!]iBcqP*ZlfgH9v^IB{?y^7X1w_LaE8KJB=x6@8?7%Cin1t])w8kn0Swh$&@[SfSPjT_ToJa&%E}%](=Qa!sv4fJA%%*rim18pg?n4(9Z)`X+Qr^glryu*_8&ZCk-r}TQ*N{tPJSqNk8{3G_6zn.{6cpp),Q+pb?m=}M_$H(!m4-xPb}$)v@iA[GciTY%YhTTOri*b{?i25l8z6xZt!$aMzHPf`AMEQ6RL[qGPG73%a$Okq9=%gm=AuY93j%)Uy1N5d@(PVZqr_rI`0%%X0o^dy9zCifM`A9mrIG4A*75cy?pdEM&,a1F07qC*g^yy}8,JUFM2`lkNSpgDvfa=I99VZiOJ[@'Ml}{TOA^DbAb.LG1%Qq@3iPf!C=eA]=$)l)X^6{$$1m$U36~)K@fjfgtXqJtDnUHfVv_gw=rpG15@2$IQTf1ym$D)ZAm{7)oyCjTibAwOk...0AehehCS{-zbpwX@SMO?!@CnSb)lbue6wbS[`&QjUAcq0`-jJ`iluMiZT&34i?awK^CBABTzi8Is_Ba@?=aNvO.o!P'1jaH~!`d_[8(}2M5sI4[.MMMU8L1Qz=8Kz4)ZfR@7zst?P~1uY=~zwr(Oz]{^=mo]yZhB1?R7~-f`Vp)U272=4LMx,?PvwO3t,16]r[07dSmQv?YBU!Y3bHK846N-lg=n_8iGW{k.E_Rmub-HL3rtu?7%{{kxnL[&mhCg?Y~n4Ah1^^0[CQ+7^GBi8vxks9B@=tAs155fBUv,p7htn9ZkW4NQx?YrSh@Ll^,D%@u0X?vLh7'VX[NDIo.0%9km@AbGgbE4!yJem20)PAhRDK8Qt7LHUl,EPQLs99-WSFkkNKmn.TvlPk{pz?i1HHi7(nnG=^JEA)tD59fUfm80s2&`CTwElwf)3?3Uip$_*UVHnRmPVq,GM=)Bj]yF)q*)GSaqL-R]_=]bZv`*3%x@nj1W4+Z1*?6!(x%K2?bdB%zmED[ZR9}IY}2yfPqAmO*u?_@j-997JS]!u'u87hK5z7w@y?pfpHqwFe(qfz+IEV_8A?sl$(UG,-LcPrwxtmy5[@I_f{sXtEzL{N-r6qdLX8DnbqsGe?]%7$AK3}[@8=+*w=r^ER4jsoKSUX3S`?`m5exzbPH9.IIGa38yi9J-pbkLr60Wo{qmRRD,U9WRL0D1de%9IO`+.GJuI95bLa8ehp]g'JIy0eCaR?x6$!4?Z6tlaS,KY_w)29j[{{v1yWyO,,M{A61iZ@eot?&xPu=!Fh^Zc}@LT?.3v,RY&}pR7yAZzwm{e?=^^,nb]Zs,fMdXCfwRDAWktnwPcGCab$d2De{=g@NIGcztQY+!S!)n,FsBKACS{o&Kzh!T4NCJS+T@'=(zS.zD=Uy.=$V(8NPie8!S{p%mbT8B1`)W8q=9HA.8b+YOAOx&wi*U8XEPB?+Npv-=8KWK'FD,'*}f{@PuiRBwVsW({z&9ucU@B9C6r[URKZOx%Dld(,=`(@}=h24pm~HbG-FtRLYX*9^Ylq@_WE7&Zcm=9!dF=9Lle2Ycc47B6GQFdaN'p=A7JeKFD).s)X%(CV(1^?Ce+)%9G3&iw__F1.?J[@(tZDaEwb`V'(d@Fck~B=I7Q!]=H1da^erNWDsT5Ae+'BLe!E$V4I!}uh7f_@^T2[+,kScc?'([XJKU1AH?6mj[J'0@')&+6I4?(={3xSmq&dvD'6tXN-bDF=?Wg&NHky'nHZ]UZyNb-9jyTyE%$z9M)?SV*WH.n8}~X%?LS1efv-[d4S'oMAQhNPBgMB-R?Z)JTKZl{?aPCasfnzi+X[`g=,[pb8Ei6IdDKIlJ&tsB896L_99g'QEuG`jEbk)jlK6LU?UuBU$X.A[VzV81?LE}y?z3~1++T&M15LfrKb~8^@@k~oEhs`.4{6EGyclli?f!j8(`&TCvPes!$N@iN9Z?Ng`J7wxjF^+Yhx9tP='83=%SlTD6jJ.A*zrF.AzYlBOa2.?T]o=h+dbMO?YK^Sc-}d}_ToFy1TOZo@d4$d0)rOVN6dMSM2DJ!?2^wl+9?W8OIu}$T!@K`@bb=pq`1Sr+zSuSzLubB?WV$'7TlTLH7_JOD5n%0A7~wRD&F%Weq{u%?,yrL@LT==xp-F^dQx,BCtMf4@OUc9Kse1`9BDxtUWLVH='5gcZ`sGhYlmg-*I-?[94nPtD==1@zDY3*Sfz0(9N.elWtQ$2.eO1+h85ni9lS4tU7~prNF@lvh'Lwn8-~A(%gc]6rP72~)k9$h@KM`3m0wci6]t6O_LG,7@`.S5G?jZXRJ]e_Y'tlY?'sIq7{!nN3g6q1B[T!s@HWJm6R9k,7TB%Ms+8-h?)UxeMg5o'AMvgab.0-l?,p8sBEaDtCb6l7=_mUCA$GK(VBdS*GcOu=?el$j?ZKk)MKT^pmg-vr&`Jg^@XZ.k[FPZwSYCC..}xrm=a10Bo%6sXLPZS5Ugb~1?P4(zEhQFYB8s(P&gY{99xISeXUVD*5VxrA=L8yA@cQ^@8jfw@-OmtzGmFd.A,.-2qAY}V$Kwxm]k^3b=HxFXXeeHN0.wsU!H45&A^3vL&HsKOkIYQ7lhQlf@Vv(ma=7SG9?k6!IG2u]?^8}tw+2QH@26CTB@+]d8-X&H%nhg2v}CW+KnFde8SzwMR~CerKh8Y2.tH0b8i}Ll'Itl{V$ELk49icu@&jG,Yb2^nLu6aX%Aq$j8ZFeCzYH36FTXzk$}Z$1?nUiO)n[FedkdA!'i[3F?a2]17u@2LJX6Lnhn0}F95PPE.oBR=sKwIW!z!zh8oL=W1XAky@JZb[v{4N_A)y}r?ZmL'bA0CH_[.Dx?f&Ed=`ZEU=Os2)$ApW7ABf`9(}sYJBP69WG(a{S=yv6F-z@X&ixcK@5.I,*ADp1vt]-u_,~o1o&}}~T?0b4~KhS'B)$H]JAnd4b8`z6,)'$!TP@Qma7bg0h?ta{Dr@[foC{EJsKCq}*@,)D9tfw($n%Z[Wme4[290g`GU(f]v=S6EMG8L[v=iccVaa3MN_~6r)=V,8EA`_7tF4'qr_zZsTA,f3F=!%sqdBRy^i9o.RO+ah2@(=.T4Q.9x,G8TG@%(Ks=+xKSteQ{m`Q0LvxKB9L=vTlp7l4}6^iY&bGd!G!9uhS@2u1tmP[)tBbex3QAb]CMtK$O^%Yk7)NXj=!?nYJ-7BiM0??n9y=iOg~870xI%l=jWBwZIz!%vod?5PA6jeS2cJ5FG'@RBdM9K%ex[@A8v`Zhs7l)0d,APqZbPM[2*($Iw5SV0?z@oz1dE_(~Zi"

[HKEY_USERS\S-1-5-21-839522115-1592454029-2147200963-1003\Software\Microsoft\MSNMessenger\PerPassportSettings\3518703834]
"UTL"="<msnobj Creator=\"sergent_loic@hotmail.fr\" Type=\"3\" SHA1D=\"zVPW5eZcdmvnpZTb64nXYTBbIUs=\" Size=\"17548\" Location=\"0\" Friendly=\"OQAyADgAMABhAC0AbABhAG0AYgBvAHIAZwBoAGkAbgBpAF8AaQBuAHQAZQByAGUAcwBzAGUAXwBwAGEAcgBfAGwAZQBfAG0AYQByAGMAaAAAAA==\"/>"

[HKEY_USERS\S-1-5-21-839522115-1592454029-2147200963-1003\Software\RealNetworks\Gemini\0.1\Preferences\PluginHandlerData\PluginInfo0]
@="{PluginFilename~Sgct23201.dll~ComponentCLSID~XQH3lPnIR1BGVIwDQtxQWiQ==}{PluginFilename~Sgct23201.dll~ComponentCLSID~Xgny3XaugdkSObWS2WDj03w==}{PluginFilename~Sgct23201.dll~ComponentCLSID~XoAeOu/I5CUOG84VLTV44Yg==}{ComponentName~Shttp://ns.real.com/gemini.v1:pagecontrol~PluginFilename~Sgct23201.dll~ComponentCLSID~XANYTojxj1BGDDQDQt3LynQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:page~PluginFilename~Sgct23201.dll~ComponentCLSID~XxT03JF0MwUCgTffzxlBycg==}{ComponentName~Shttp://ns.real.com/gemini.v1:wizard~PluginFilename~Sgct23201.dll~ComponentCLSID~X5CIwrBdn4E2lcNBrl9O6Tg==}{ComponentName~Shttp://ns.real.com/gemini.v1:wizardpages~PluginFilename~Sgct23201.dll~ComponentCLSID~XUgZoyayvq0adJNmjbZzn3g==}{PluginFilename~Sgct23201.dll~ComponentCLSID~XxS3v8m4Xq0G3puw46Y9RJw==}{PluginFilename~Sgct23201.dll~ComponentCLSID~XbF7coL0ThEi9r552f7jDfA==}{PluginFilename~Sgct23201.dll~ComponentCLSID~XCCNMXSQkR0mmU2fzP5Mthw==}{ComponentName~Shttp://ns.real.com/gemini.v1:CloseActor~PluginFilename~Sgema3201.dll~ComponentCLSID~X7YY8kHra0xGU7gDQtxA1UA==}{ComponentName~Shttp://ns.real.com/gemini.v1:RCAMinimizeActor~PluginFilename~Sgema3201.dll~ComponentCLSID~XXVteWuLTNEmOVB+azVYRgg==}{ComponentName~Shttp://ns.real.com/gemini.v1:RCAMaximizeActor~PluginFilename~Sgema3201.dll~ComponentCLSID~Xu0zQkWdswUiuhZN/7bB/yg==}{ComponentName~Shttp://ns.real.com/gemini.v1:dragactor~PluginFilename~Sgema3201.dll~ComponentCLSID~Xa4O2GBSZik2uTXO+2tiWhw==}{PluginFilename~Sgema3201.dll~ComponentCLSID~XGHQWub3CeEOqDDSz+2pF3Q==}{ComponentName~Shttp://ns.real.com/gemini.v1:SkinSwitchActor~PluginFilename~Sgema3201.dll~ComponentCLSID~XAUHCcTdmG0uU1VbtemkgUA==}{PluginFilename~Sgema3201.dll~ComponentCLSID~XwGi80LkJ1BGVCwDQtxAxsg==}{ComponentName~Shttp://ns.real.com/gemini.v1:PageControlActor~PluginFilename~Sgema3201.dll~ComponentCLSID~XcMcGfXEt1BGC0gDQt3LynQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:PageControlManager~PluginFilename~Sgema3201.dll~ComponentCLSID~X0OoTsMgv1BGC0wDQt3LynQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:showhideactor~PluginFilename~Sgema3201.dll~ComponentCLSID~XsM4B9vhdpUWIM7qrpuoN5w==}{ComponentName~Shttp://ns.real.com/gemini.v1:contextmenuactor~PluginFilename~Sgema3201.dll~ComponentCLSID~X3I/dngvQu0ys6M00jnDZwA==}{PluginFilename~Sgema3201.dll~ComponentCLSID~XUF1EX0I71BGVdwCQJ2IV7g==}{ComponentName~Shttp://ns.real.com/gemini.v1:scrollablearea~PluginFilename~Sgemx3201.dll~ComponentCLSID~XVs/tO9p7K0qQ1OqPpX7wgA==}{ComponentName~Shttp://ns.real.com/gemini.v1:grid~PluginFilename~Sgemx3201.dll~ComponentCLSID~XKRgvm88PgkyAuBlUpOy6IA==}{ComponentName~Shttp://ns.real.com/gemini.v1:gridcolumn~PluginFilename~Sgemx3201.dll~ComponentCLSID~XpDrAZtaPsUKOUWj0MUTbJg==}{ComponentName~Shttp://ns.real.com/gemini.v1:subgridcolumn~PluginFilename~Sgemx3201.dll~ComponentCLSID~X56UHkxGGH062d8JJ/Gv6gA==}{ComponentName~Shttp://ns.real.com/gemini.v1:gridheaderbutton~PluginFilename~Sgemx3201.dll~ComponentCLSID~XMWh0Wp581RGTZQDQt0neQg==}{ComponentName~Shttp://ns.real.com/gemini.v1:gridtextfieldchannel~PluginFilename~Sgemx3201.dll~ComponentCLSID~XqLWzZ1qFv0Cq3WgRLRrdhA==}{ComponentName~Shttp://ns.real.com/gemini.v1:gridedittextfieldchannel~PluginFilename~Sgemx3201.dll~ComponentCLSID~X/5O9AeZCt0OwEZgawzwjyw==}{ComponentName~Shttp://ns.real.com/gemini.v1:gridrangecontrolchannel~PluginFilename~Sgemx3201.dll~ComponentCLSID~XTSPiWKJtbESyHTHp+R7zeA==}{ComponentName~Shttp://ns.real.com/gemini.v1:gridtextpercentchannel~PluginFilename~Sgemx3201.dll~ComponentCLSID~XaCDLBlA2nUuO4M9B7IpNow==}{ComponentName~Shttp://ns.real.com/gemini.v1:gridtextenumchannel~PluginFilename~Sgemx3201.dll~ComponentCLSID~XFzPmp4k3aUyZRoWm10WY6w==}{ComponentName~Shttp://ns.real.com/gemini.v1:gridimageenumchannel~PluginFilename~Sgemx3201.dll~ComponentCLSID~X/0NmWVflhEeOITFNHD9cKw==}{ComponentName~Shttp://ns.real.com/gemini.v1:gridtextfilesizechannel~PluginFilename~Sgemx3201.dll~ComponentCLSID~Xht3ywgVhyEmavIunK+DcCg==}{ComponentName~Shttp://ns.real.com/gemini.v1:gridvisiblecondchannel~PluginFilename~Sgemx3201.dll~ComponentCLSID~XHw+GbtS5EkS+SKAHfX6DCg==}{ComponentName~Shttp://ns.real.com/gemini.v1:gridenabledcondchannel~PluginFilename~Sgemx3201.dll~ComponentCLSID~XwyOprOlog0+QNOMUC8Ih1w==}{ComponentName~Shttp://ns.real.com/gemini.v1:gridtextcliplengthchannel~PluginFilename~Sgemx3201.dll~ComponentCLSID~Xx+hsMSGsQU6GIye6JKcQ/A==}{ComponentName~Shttp://ns.real.com/gemini.v1:toasterwindow~PluginFilename~Sgemx3201.dll~ComponentCLSID~XWiiinKIaH0KPCSD55Tm4KQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:listcontrol~PluginFilename~Sgemx3201.dll~ComponentCLSID~XUN8oX0ml1BGVyACQJ2IV7g==}{ComponentName~Shttp://ns.real.com/gemini.v1:listentry~PluginFilename~Sgemx3201.dll~ComponentCLSID~XYJ8mi0Sp1BGVzACQJ2IV7g==}{ComponentName~Shttp://ns.real.com/gemini.v1:listarea~PluginFilename~Sgemx3201.dll~ComponentCLSID~XUGQfUl2s1BGV0gCQJ2IV7g==}{ComponentName~Shttp://ns.real.com/gemini.v1:spinneredittext~PluginFilename~Sgemx3201.dll~ComponentCLSID~Xsuy/kd4pa0mpUJJXdwo+dA==}{ComponentName~Shttp://ns.real.com/gemini.v1:compositeslider~PluginFilename~Sgemx3201.dll~ComponentCLSID~XmCuH9KTPjE+VhlThDG9ZCA==}{ComponentName~Shttp://ns.real.com/gemini.v1:compositeslidertrack~PluginFilename~Sgemx3201.dll~ComponentCLSID~XqJmLAilcyUCUsKIBcuJkqw==}{ComponentName~Shttp://ns.real.com/gemini.v1:compositesliderthumb~PluginFilename~Sgemx3201.dll~ComponentCLSID~Xub0c2ISh30mMLOV/OCpW3w==}{ComponentName~Shttp://ns.real.com/gemini.v1:delegatingpushbutton~PluginFilename~Sgemx3201.dll~ComponentCLSID~Xltlbg+QTvEi2DLsRUgVpbg==}{ComponentName~Shttp://ns.real.com/gemini.v1:containerarea~PluginFilename~Sgemx3201.dll~ComponentCLSID~XEE2oFG0D1RGTKgACswfx4w==}{PluginFilename~Sgemx3201.dll~ComponentCLSID~XAuwsmEQg1BGt2wDQtwd23Q==}{ComponentName~Shttp://ns.real.com/gemini.v1:animationcontrol~PluginFilename~Sgemx3201.dll~ComponentCLSID~Xk4LfzGtrBUa8ar5L7vZIGA==}{ComponentName~Shttp://ns.real.com/gemini.v1:tabcontrolitem~PluginFilename~Sgemx3201.dll~ComponentCLSID~XrniTRfM1sUmzCzpMCve5vA==}{ComponentName~Shttp://ns.real.com/gemini.v1:nativechecklistbox~PluginFilename~Sgemx3201.dll~ComponentCLSID~XgSRJg90P1BGVIwDQtxQWiQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:nativetreecontrol~PluginFilename~Sgemx3201.dll~ComponentCLSID~XYEi7Q2/w0xGVDADQtxQWiQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:nativetabcontrol~PluginFilename~Sgemx3201.dll~ComponentCLSID~XYpDAWiRBWkeOe6/taqcFjw==}{ComponentName~Shttp://ns.real.com/gemini.v1:nativelistviewcontrol~PluginFilename~Sgemx3201.dll~ComponentCLSID~XycNsVrW5zkCLNndggh2G/w==}{ComponentName~Shttp://ns.real.com/gemini.v1:nativelistviewcontrol2~PluginFilename~Sgemx3201.dll~ComponentCLSID~XCDj+71p8gkS47rXSKfT3Dw==}{ComponentName~Shttp://ns.real.com/gemini.v1:nativeheadercontrol~PluginFilename~Sgemx3201.dll~ComponentCLSID~XIIms6Xjx0xGVDQDQtxQWiQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:nativehtmlwindow~PluginFilename~Sgemx3201.dll~ComponentCLSID~XYOBjet350xGVDgDQtxQWiQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:nativeshellbrowser~PluginFilename~Sgemx3201.dll~ComponentCLSID~Xz54ogXNTE02NVMh0zJ9iSw==}{PluginFilename~Slocd3210.dll~ComponentCLSID~XOuo+6X5T70SIxZUtI+X6pg==}{PluginFilename~Slocd3210.dll~ComponentCLSID~XUtkdWG9Rlki+svUqznoyQw==}{PluginFilename~Slocd3210.dll~ComponentCLSID~XQcDz3NePE0GRtf/k7fE/NQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:popoutpage~PluginFilename~Srpcontrols1.dll~ComponentCLSID~XyWhLl5RVlE6auBgX5XD0VQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:rppushbutton~PluginFilename~Srpcontrols1.dll~ComponentCLSID~XyfnJ0Xt3x0CBrlsOpVqBFg==}{ComponentName~Shttp://ns.real.com/gemini.v1:navigatoractor~PluginFilename~Srpcontrols1.dll~ComponentCLSID~XgfkGr3rA1BG1fADQt0wtXA==}{ComponentName~Shttp://ns.real.com/gemini.v1:rplayoutmanageractor~PluginFilename~Srpcontrols1.dll~ComponentCLSID~Xyd0ZUSdm/0iFq1K824phbA==}{ComponentName~Shttp://ns.real.com/gemini.v1:rpverticallayout~PluginFilename~Srpcontrols1.dll~ComponentCLSID~X5KySQKHsNE+EgWbS27dJ1g==}{ComponentName~Shttp://ns.real.com/gemini.v1:rphorizontallayout~PluginFilename~Srpcontrols1.dll~ComponentCLSID~XBs1Dh5j6qkG24meMU1ECPw==}{ComponentName~Shttp://ns.real.com/gemini.v1:rpstateactor~PluginFilename~Srpcontrols1.dll~ComponentCLSID~XB4/ajQ2C7UmPrMgwTDkLQg==}{ComponentName~Shttp://ns.real.com/gemini.v1:variableexpression~PluginFilename~Srpcontrols1.dll~ComponentCLSID~Xxf5Fri03mEazhBWPAu9d6w==}{ComponentName~Shttp://ns.real.com/gemini.v1:rpwindowactor~PluginFilename~Srpcontrols1.dll~ComponentCLSID~XM5JWOPloBU64elT3FaBC7g==}{ComponentName~Shttp://ns.real.com/gemini.v1:rpboundscheckactor~PluginFilename~Srpcontrols1.dll~ComponentCLSID~XzzxFvJHlF0WbzY38golEcA==}{ComponentName~Shttp://ns.real.com/gemini.v1:rpdockablewindowactor~PluginFilename~Srpcontrols1.dll~ComponentCLSID~XmDx9u/hH5kyT0QkP4rSyJw==}{ComponentName~Shttp://ns.real.com/gemini.v1:navigator~PluginFilename~Srpcontrols1.dll~ComponentCLSID~Xb3Vi3Xy8Z0uPamcOLSXpDg==}{ComponentName~Shttp://ns.real.com/gemini.v1:rpdraghandle~PluginFilename~Srpcontrols1.dll~ComponentCLSID~XxaAZfJPz9UO+FVOxkgRdfA==}{ComponentName~Shttp://ns.real.com/gemini.v1:rpstatictext~PluginFilename~Srpcontrols1.dll~ComponentCLSID~XFBqbhQsClU6VSvuSRQDJeQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:rpstaticimage~PluginFilename~Srpcontrols1.dll~ComponentCLSID~XANACki/fbUq3jj1ygti7tg==}{ComponentName~Shttp://ns.real.com/gemini.v1:rpspacer~PluginFilename~Srpcontrols1.dll~ComponentCLSID~X6KhzuJN0JkK8GhDdzbET/Q==}{ComponentName~Shttp://ns.real.com/gemini.v1:rpbuttonbar~PluginFilename~Srpcontrols1.dll~ComponentCLSID~Xvwe3KKST9UywYSoxeGuNzQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:rpchevronactor~PluginFilename~Srpcontrols1.dll~ComponentCLSID~XtYa94WbHyUSsdGD84ITm7w==}{ComponentName~Shttp://ns.real.com/gemini.v1:rpmenuactor~PluginFilename~Srpcontrols1.dll~ComponentCLSID~Xr7BqnMhDlECvYSis0ztfHw==}{ComponentName~Shttp://ns.real.com/gemini.v1:rpresizeactor~PluginFilename~Srpcontrols1.dll~ComponentCLSID~X7pAyXJiTrUO5GvM1O/olBA==}{ComponentName~Shttp://ns.real.com/gemini.v1:rpwindow~PluginFilename~Srpcontrols1.dll~Componen"

[HKEY_USERS\S-1-5-21-839522115-1592454029-2147200963-1003\Software\RealNetworks\RealPlayer\6.0\Preferences\PluginHandlerData\PluginInfo1]
@="IN3rrB1HE2yDVepduTy/Q==}{PluginFilename~Spdge3260.dll~ComponentCLSID~XrDGKjBbg7k2/Dfa6/RlYwg==}{PluginFilename~Spdge3260.dll~ComponentCLSID~XyR2O6ZVpy0GXOtx/7apDiw==}{PluginFilename~Spdge3260.dll~ComponentCLSID~X1RwXnaTKGEGSzo1jSr0zZA==}{PluginFilename~Spdge3260.dll~ComponentCLSID~XXNexAQ/tpESbtIfrbEW6DA==}{PluginFilename~Spdge3260.dll~ComponentCLSID~XrMYgj483yEWfQApVWvO5ig==}{PluginFilename~Spdge3260.dll~ComponentCLSID~XWAN8bxxtlkGiWqhfdZckOg==}{PluginFilename~Spdge3260.dll~ComponentCLSID~XEO6d+0mrG0K0dejttWwo8g==}{PluginFilename~Spdge3260.dll~ComponentCLSID~XnThneTCabkWJBalKflD+VQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:pdgenxferconfigmgr~PluginFilename~Spdge3260.dll~ComponentCLSID~XTndHnuHv3U6SJW0zGdJMew==}{PluginFilename~Spdge3260.dll~ComponentCLSID~X0dxkpq8n/EOixWjKxQT5Vw==}{PluginFilename~Spdge3260.dll~ComponentCLSID~Xj0y+Tn4Ym0y4zwwneYqsDw==}{PluginFilename~Spdge3260.dll~ComponentCLSID~XLp/3qgdD80GoaHd0pniebA==}{PluginFilename~Spdge3260.dll~ComponentCLSID~XDQH4RCjfLEeJAePkXmoMIw==}{PluginFilename~Spdge3260.dll~ComponentCLSID~XSBEnizj/e0SMai9M0xttvg==}{PluginFilename~Spdge3260.dll~ComponentCLSID~X7+uh6tBiLU2MoazixTQDGA==}{PluginFilename~Spdge3260.dll~ComponentCLSID~XkyCVjMQjcUCE/lunUP7wAw==}{PluginFilename~Spdge3260.dll~ComponentCLSID~XMjR1D1k+VEmuPT75I0Y/Jg==}{PluginFilename~Spdge3260.dll~ComponentCLSID~XP+H3V6sA10armDaPhZ4nxQ==}{PluginFilename~Spdge3260.dll~ComponentCLSID~XPtDm50s87UGMwYaDb+F6Fw==}{PluginFilename~Spdge3260.dll~ComponentCLSID~XTLnRn6VvSEut8o6glM21HA==}{PluginFilename~Spdge3260.dll~ComponentCLSID~X1vPFqZgTp0am43ZV3fr/sQ==}{PluginFilename~Spdge3260.dll~ComponentCLSID~XnnyxE35uGUa/Scoat4uKWw==}{PluginFilename~Spdge3260.dll~ComponentCLSID~XYESnXD2eFkmXNfZ7VElvHQ==}{PluginFilename~Spdge3260.dll~ComponentCLSID~XruZ0EeUqfk+9x9l8LSoGaQ==}{PluginFilename~Spdge3260.dll~ComponentCLSID~XR3Oq1Y9WYUykd7ZyWdqwPg==}{PluginFilename~Spdge3260.dll~ComponentCLSID~XoV+htYhiL0eHroz0KCdYZQ==}{PluginFilename~Spdge3260.dll~ComponentCLSID~XM2npXXRRuU2hFmhgiOEcJA==}{PluginFilename~Spdge3260.dll~ComponentCLSID~XIEsnpsj5Uk+Qy5bPnoNIoA==}{PluginFilename~Spdge3260.dll~ComponentCLSID~XgEpGE99GwECoXFlmirkmZg==}{PluginFilename~Spdge3260.dll~ComponentCLSID~Xw1zPyZbws02vFCqdaC4x7Q==}{PluginFilename~Spdge3260.dll~ComponentCLSID~XashVQi4uuUut/E74P4fbfw==}{PluginFilename~Spdge3260.dll~ComponentCLSID~Xx/DkPePZe0KyfCtRZgd37w==}{PluginFilename~Spdwmdm.dll~ComponentCLSID~X49A3zGio6k2D0Bu6HLAf+A==}{PluginFilename~Spdwmdm.dll~ComponentCLSID~XNP/S/296Mk6J2n3OGVZB/g==}{PluginFilename~Spdwmdm.dll~ComponentCLSID~XkK9ud9qZHUy+p+W/gjcdIg==}{PluginFilename~Spdwmdm.dll~ComponentCLSID~XIK1426CluEidsGRuiCY/XQ==}{PluginFilename~Spdwmdm.dll~ComponentCLSID~XoC9nafprrEKZTskW+xgIhA==}{PluginFilename~Spdwmdm.dll~ComponentCLSID~XDGYicXmpTEO1o4SRKybteg==}{PluginFilename~Spdwmdm.dll~ComponentCLSID~X87oLLmsA60mi8vVZYkikJg==}{PluginFilename~Spdwmdm.dll~ComponentCLSID~X8M2PCoABIEyE8kH2I1K8kQ==}{PluginFilename~Spdwmdm.dll~ComponentCLSID~Xwrql2pgFgketMF6JhSDXPw==}{PluginFilename~Spdwmdm.dll~ComponentCLSID~X/OeeNwm53UOS0j9tBasTNw==}{PluginFilename~Spdwmdm.dll~ComponentCLSID~X+d/RJKipg02OGYKEpXxqiQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:medialibraryactor~PluginFilename~Srjbc3260.dll~ComponentCLSID~Xz3Gagbvl7k+fotYFEiGcWQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:rjbmenuactor~PluginFilename~Srjbc3260.dll~ComponentCLSID~X4s1k33gwXkqvSKpayK6Rgw==}{PluginFilename~Srjbc3260.dll~ComponentCLSID~XmBytOtati0OhN++SvsO/cQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:rptemplatemanager~PluginFilename~Srjbc3260.dll~ComponentCLSID~XKqAEBcAtikO4GziM2cnAEQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:RPDownloadMgrActor~PluginFilename~Srjbc3260.dll~ComponentCLSID~XSCYYkQ/ls0yk9xmvxkJ9VA==}{PluginFilename~Srjbc3260.dll~ComponentCLSID~X92zCN4dO1UGQrwMhyd3qRA==}{PluginFilename~Srjbc3260.dll~ComponentCLSID~XRO5h/4NjKUGTIu61HzkU9g==}{ComponentName~Shttp://ns.real.com/gemini.v1:nativemedialibrary~PluginFilename~Srjbc3260.dll~ComponentCLSID~XtBE+ZotXfkm45FUdI0QpVA==}{ComponentName~Shttp://ns.real.com/gemini.v1:nativemedialibrarytree~PluginFilename~Srjbc3260.dll~ComponentCLSID~Xf+5baHFowEe9ElT/gk+x7w==}{ComponentName~Shttp://ns.real.com/gemini.v1:nativeautoplaylistmanager~PluginFilename~Srjbc3260.dll~ComponentCLSID~Xf+5baHJowEe9ElT/gk+x7w==}{ComponentName~Shttp://ns.real.com/gemini.v1:licenseacquisitionhelper~PluginFilename~Srjbc3260.dll~ComponentCLSID~XwTV49pYP1hGt0gDA8ECmGg==}{ComponentName~Shttp://ns.real.com/gemini.v1:rpdatabase~PluginFilename~Srjbc3260.dll~ComponentCLSID~XdGxGPLn8gUahHGwv2StEyQ==}{PluginFilename~Srjbc3260.dll~ComponentCLSID~XnrIlF+oHxE2GqRsLFACNiA==}{PluginFilename~Srjbc3260.dll~ComponentCLSID~Xmbrbbw96aUqWw22s4eMi5Q==}{PluginFilename~Srjbc3260.dll~ComponentCLSID~XMERKAJhTbkaaKxDSioA8Aw==}{PluginFilename~Srjbc3260.dll~ComponentCLSID~XSJ5j1v59l0unfPVzm0+yfg==}{ComponentName~Shttp://ns.real.com/gemini.v1:nativerjbapplication~PluginFilename~Srjbdll.dll~ComponentCLSID~X1W+pGzTmAU6qA9lfbdTQWA==}{ComponentName~Shttp://ns.real.com/gemini.v1:rjbactor~PluginFilename~Srjbdll.dll~ComponentCLSID~Xva4TuczCm0GHOIaNnXi4mg==}{ComponentName~Shttp://ns.real.com/gemini.v1:RPAddClipsActor~PluginFilename~Srjbdll.dll~ComponentCLSID~Xh6yt0pLMBEeNcQyEn+595g==}{ComponentName~Shttp://ns.real.com/gemini.v1:thumbslistviewactor~PluginFilename~Srjbdll.dll~ComponentCLSID~XhPG23vqgvEe4jXD08TTZog==}{ComponentName~Shttp://ns.real.com/gemini.v1:thumbssortbtnactor~PluginFilename~Srjbdll.dll~ComponentCLSID~X+enl7IUWFEemNN/HQ5NAeQ==}{PluginFilename~Srjbdll.dll~ComponentCLSID~XestUe5fH4EKYbS7/PbC/dg==}{ComponentName~Shttp://ns.real.com/gemini.v1:devicedroptarget~PluginFilename~Srjbdll.dll~ComponentCLSID~XrOZOqC0HSkazTMiiHGHbRQ==}{PluginFilename~Srjbdll.dll~ComponentCLSID~XHYlERg0I4UarpgXQ9KcTPg==}{PluginFilename~Srjbdll.dll~ComponentCLSID~XPmjzWBzeCUer0rmiE0qMHw==}{PluginFilename~Srjbdll.dll~ComponentCLSID~XayFacM2HdE21Dt8n1hM61A==}{PluginFilename~Srjbdll.dll~ComponentCLSID~XzELQyOv7l0C8bWNWyL9hrg==}{PluginFilename~Srjbdll.dll~ComponentCLSID~XZpTFNf5qU0KLrG3TmrDk7Q==}{ComponentName~Shttp://ns.real.com/gemini.v1:rpeqactor~PluginFilename~Srjbe3260.dll~ComponentCLSID~X1LH2uuTm1BGTRwDQt7I98A==}{ComponentName~Shttp://ns.real.com/gemini.v1:crossfadeactor~PluginFilename~Srjbxfade.dll~ComponentCLSID~X+DZJ7f83CEaMzEEi0i4E8A==}{IRCAPreferencable~SPrefPage~PluginFilename~Srjmisc.dll~ComponentCLSID~Xs3RTL5fZYUWCRRX5ihvOEA==}{IRCAPreferencable~SPrefPage~PluginFilename~Srjmisc.dll~ComponentCLSID~XZp0X+N6wEEiYRRq4BcuRww==}{IRCAPreferencable~SPrefPage~PluginFilename~Srjmisc.dll~ComponentCLSID~XSPeZpO9Jh0eIgzvtc0Z2sg==}{IRCAPreferencable~SPrefPage~PluginFilename~Srjmisc.dll~ComponentCLSID~X+Fgg5xVVBUOz3jviwehu2Q==}{IRCAPreferencable~SPrefPage~PluginFilename~Srjmisc.dll~ComponentCLSID~XysvYYzK0akGmwJ72SlKWKA==}{IRCAPreferencable~SPrefPage~PluginFilename~Srjmisc.dll~ComponentCLSID~XI7gO9txx8UKqGyUF1Hsaxw==}{PluginFilename~Srpap3260.dll~ComponentCLSID~XiRT3Bv9DbEKU6Ux1TCelAQ==}{ComponentName~Shttp://ns.real.com/viper.v1:RPFrameWindowActor~PluginFilename~Srpap3260.dll~ComponentCLSID~XI0GawtyqakyQYvXfi2nZPQ==}{ComponentName~Shttp://ns.real.com/viper.v1:_rpskinmanager~PluginFilename~Srpap3260.dll~ComponentCLSID~XkdstWlNN5USqADNkz9vSdg==}{ComponentName~Shttp://ns.real.com/viper.v1:http://ns.real.com/viper.v1~PluginFilename~Srpap3260.dll~ComponentCLSID~XZfbp11r1SkCr9Ea1l+TUZQ==}{PluginFilename~Srpap3260.dll~ComponentCLSID~XIzecvUPgJEOoGqR7csQn1w==}{PluginFilename~Srpap3260.dll~ComponentCLSID~XqFzhbIWh9Uid7fqzMhBqHw==}{PluginFilename~Srpap3260.dll~ComponentCLSID~XW/fye8K2K02EFNJ085fEkA==}{PluginFilename~Srpap3260.dll~ComponentCLSID~XswfKoCgdbUONJGSl+phlcA==}{PluginFilename~Srpap3260.dll~ComponentCLSID~XtrTzYPxdw0yef1NP/XrD+g==}{PluginFilename~Srpap3260.dll~ComponentCLSID~XSPWYqsyRWEGoSs+/mt4Dzg==}{PluginFilename~Srpap3260.dll~ComponentCLSID~XcYYA5t2snkS9O1tYFLAMWA==}{PluginFilename~Srpap3260.dll~ComponentCLSID~X9jYD3CW+RkKxtXXtw5BtRw==}{PluginFilename~Srpappdemon.dll~ComponentCLSID~Xk3FTTq3it0SiNCfo8ZIVxA==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XgOZpQdC+SEWsq9SN/Op5RQ==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XFDdHvbNxHkqT4BuHjkzt+A==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XczBEpUJvU02oAvL4iVlNcw==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XgqT4AiKWCk+PybAXCGifDg==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XL2RxoqZeCUeHgGP36kqTTw==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XYK0zn7y88E22vsF6Byr6nA==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~X8FzB82X+0hGn5gDA8DGKWQ==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XXA2J8mqqhkWpwJW26g33yw==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XTIwar04ck0qIPBYr5jNMEQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:_rpsystemsettingsdb~PluginFilename~Srpcl3260.dll~ComponentCLSID~XFOBygqvLQU6ZywcWJeycTA==}{ComponentName~Shttp://ns.real.com/gemini.v1:_rpregistrydb~PluginFilename~Srpcl3260.dll~ComponentCLSID~XGrzsEgIhi06aucWRl86Pww==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~X/WH7sw5ow0+A/xDfxgcPyA==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XBpDcEXSyPkiVJc4PM7umig==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XBRQiAUmJZU2lHB48kePS/Q==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XIjUyT2m3ekex63CnHUdTqw==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XZhwZyHMNf067q2b4nIJnOw==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~X5SpD4VMbpkGeXpxiTEl/Mg==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~X7KRU02R7Nk2cDmFSFg44vw==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XDKRe4zjTzECcT2YRTzLr4A==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XAcANo9F01RGttgDA8ECmGg==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XNeJ5c+I/mUCVwo6BPHFqww==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~X9T6V8ARhG0C7EC99zfzJag==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XFAO0kbReVE+bDCa1RKL1mQ==}{PluginFilename~Srpcl3260.dll~ComponentCLSID~XrO9TAK+y9E24XPD+e65wMQ==}{PluginFilename~Srpcomproxy.dll~ComponentCLSID~X2qIcFVxQXEezOjUN9G5p/A==}{PluginFilename~Srpcomproxy.dll~ComponentCLSID~X4g05z8xrek2FBGMVX0aiYw==}{PluginFilename~Srpcomproxy.dll~ComponentCLSID~XoNIJGJFgnU"

[HKEY_USERS\S-1-5-21-839522115-1592454029-2147200963-1003\Software\RealNetworks\RealPlayer\6.0\Preferences\PluginHandlerData\PluginInfo3]
@="Srpwe3260.dll~ComponentCLSID~Xry7oYutEkU+w7/Sg9MOziQ==}{PluginFilename~Srpwe3260.dll~ComponentCLSID~X8KCvv9eA60mL4cJ5nL5rtg==}{PluginFilename~Srpwe3260.dll~ComponentCLSID~XDoCfxTdaI0qRIv3YYdL+Pg==}{ComponentName~Shttp://ns.real.com/gemini.v1:RPShowHtmlActor~PluginFilename~Srpwe3260.dll~ComponentCLSID~Xu5+52VQM+0aGpWpRyiZriQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:RPUrlMenuActor~PluginFilename~Srpwe3260.dll~ComponentCLSID~Xg8R9cJP+1UmNKStS9f02/w==}{PluginFilename~Srpwe3260.dll~ComponentCLSID~X0Qi6pmWoy0yrEt3JZ5gPug==}{PluginFilename~Srpwe3260.dll~ComponentCLSID~X4D7ttnuqUkCXx/FwBGG4yA==}{PluginFilename~Srpwe3260.dll~ComponentCLSID~XMUk8AWCpHk2ZG3jFtfjG1A==}{PluginFilename~Srpwm3260.dll~rpplayersupportedextensions~Sasf|wma|wmv|asx|wm|wax|wvx|wmx~rpplayersupportedmimetypes~Svideo/x-ms-asf|audio/x-ms-wma|audio/x-ms-wax|video/x-ms-wmv|video/x-ms-wm|video/x-ms-wmx|video/x-ms-wvx|application/x-mplayer2~rpplayersupportedprotocols~Sfile|http|mms~rpplayersupportedtracktypes~SWMDVD~ComponentCLSID~X+dDoLF3uxUuiqoBLgyzS0A==}{PluginFilename~Srpwm3260.dll~ComponentCLSID~Xwmd4yQR9bkSHntMCOe50sg==}{PluginFilename~Srpwm3260.dll~rpbgrecordersupportedextensions~Sasf|wma|wmv|asx|wm|wax|wvx|wmx~rpbgrecordersupportedmimetype~Svideo/x-ms-asf|audio/x-ms-wma|audio/x-ms-wax|video/x-ms-wmv|video/x-ms-wm|video/x-ms-wmx|video/x-ms-wvx|application/x-mplayer2~rpbgrecordersupportedprotocols~Smms~ComponentCLSID~X+J/SyFNGj0C+EIJ131uLFA==}{ComponentName~Shttp://ns.real.com/gemini.v1:tmdeditactor~PluginFilename~Stmde3210.dll~ComponentCLSID~X7wzpc6PgGUWPL+qkGUWdTw==}{PluginFilename~Stmde3210.dll~ComponentCLSID~XcvLfKM+peki4cfa2G6uLpQ==}{PluginFilename~Stmde3210.dll~ComponentCLSID~Xf+jSozDPlU6YtoxZJn2ZWg==}{ComponentName~Shttp://ns.real.com/gemini.v1:nativetmdeditorlistcontrol~PluginFilename~Stmde3210.dll~ComponentCLSID~X+0t3o3xr0EW9RsNkyrFfdw==}31843"

[HKEY_USERS\S-1-5-21-839522115-1592454029-2147200963-1003\Software\RealNetworks\Update\6.0\Preferences\PluginHandlerData\PluginInfo0]
@="{ComponentName~Shttp://ns.real.com/gemini.v1:CRNFaust~PluginFilename~Sfaus3270.dll~ComponentCLSID~X0Utm1Ihh1BGU8gDQtyOttQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:CRNDTInfo~PluginFilename~Sfaus3270.dll~ComponentCLSID~XcZogsXti1BGU8gDQtyOttQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:CRNDTAssoc~PluginFilename~Sfaus3270.dll~ComponentCLSID~XofNv0N9o1BGU9gDQtyOttQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:CRNAppInfo~PluginFilename~Sfaus3270.dll~ComponentCLSID~XYTVKVkdu1BGU9gDQtyOttQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:RNATHInstallDlgActor~PluginFilename~Sfaus3270.dll~ComponentCLSID~XyZ6NnWvE0xGIAgCQJ5ApnA==}{ComponentName~Shttp://ns.real.com/gemini.v1:ATH2AutoUpdateDlgActor~PluginFilename~Sfaus3270.dll~ComponentCLSID~XIMyeU58Ns0asRL0LAYMXVA==}{ComponentName~Shttp://ns.real.com/gemini.v1:RNATHNotificationDlgActor~PluginFilename~Sfaus3270.dll~ComponentCLSID~XwfV7obaF1BGU+wDQtyOttQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:FaustSettingsDlgActor~PluginFilename~Sfaus3270.dll~ComponentCLSID~XQT6tUQaJ1BGU+wDQtyOttQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:ListControlActor~PluginFilename~Sfaus3270.dll~ComponentCLSID~XpUIm+cuRO0K9KSANV0pxXA==}{ComponentName~Shttp://ns.real.com/gemini.v1:RNATHListBoxActor~PluginFilename~Sfaus3270.dll~ComponentCLSID~XeuyP1jSPbUSEdTV/xbAlPA==}{ComponentName~Shttp://ns.real.com/gemini.v1:ListEntryActor~PluginFilename~Sfaus3270.dll~ComponentCLSID~Xz6LeyIzGU0KPL78P8nZskQ==}{IRCAPreferencable~SPrefPage~PluginFilename~Sfaus3270.dll~ComponentCLSID~X9OLiGhXqhkK5x1PN5rvdkA==}{ComponentName~Shttp://ns.real.com/gemini.v1:AutomaticServicesPreferencesDlgActor~PluginFilename~Sfaus3270.dll~ComponentCLSID~XMGoptj7auUi/PKyzjPndOA==}{IRCAPreferencable~SPrefPage~PluginFilename~Sfaus3270.dll~ComponentCLSID~XMGmJQyN2r0WH8nUP9+Rw7A==}{IRCAPreferencable~SChinPrefPage~PluginFilename~Sfaus3270.dll~ComponentCLSID~XMGmJQyN2r0WH8nUP9+Rw7A==}{ComponentName~Shttp://ns.real.com/gemini.v1:EmbeddedPreferencesDlgActor~PluginFilename~Sfaus3270.dll~ComponentCLSID~XsgyBIINhEE6+Pr82uzt+Jw==}{PluginFilename~Spnmi3270.dll~ComponentCLSID~XAIl1dDY00RGl6ABgl+V8eA==}{ComponentName~Shttp://ns.real.com/gemini.v1:CRNSchedUtils~PluginFilename~Srnad3201.dll~ComponentCLSID~XYWBa5BdZ1BGU8QDQtyOttg==}{ComponentName~Shttp://ns.real.com/gemini.v1:CRNSingleInstanceEventProcessor~PluginFilename~Srnad3201.dll~ComponentCLSID~XYlla5BdZ1BGU8QDQtyOlvQ==}{PluginFilename~Srnms3270.dll~ComponentCLSID~XAAcAACNhUBR86gcLGANqdg==}{ComponentName~Shttp://ns.real.com/gemini.v1:MsgViewerActor~PluginFilename~Srnms3270.dll~ComponentCLSID~XYd1E9KtL1BGU7gDQtyOttQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:MsgDownloadDlg~PluginFilename~Srnms3270.dll~ComponentCLSID~XoUciWJpL1BGU7gDQtyOttQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:Toaster~PluginFilename~Srnms3270.dll~ComponentCLSID~XoUczWJpL1BGU7krQtyOtuA==}{ComponentName~Shttp://ns.real.com/gemini.v1:MsgPresentationActor~PluginFilename~Srnms3270.dll~ComponentCLSID~X0P3ZWWYR1RGTKAACswf0Gg==}{ComponentName~Shttp://ns.real.com/gemini.v1:Personalizator~PluginFilename~Srnms3270.dll~ComponentCLSID~XALyesZMZ1RGTKQACswf0Gg==}{ComponentName~Shttp://ns.real.com/gemini.v1:MsgPreferences~PluginFilename~Srnms3270.dll~ComponentCLSID~X0O2/1fMe1RGTKQACswf0Gg==}{PluginFilename~Srnms3270.dll~ComponentCLSID~XcIeai85e1RGTRAACswf0Gg==}{ComponentName~Shttp://ns.real.com/gemini.v1:MsgContacting~PluginFilename~Srnms3270.dll~ComponentCLSID~XQOKksu9r1RGTTQACswf0Gg==}{ComponentName~Shttp://ns.real.com/gemini.v1:MsgProduct~PluginFilename~Srnms3270.dll~ComponentCLSID~XYkNtceAm60uS+ug+7PWCLg==}{ComponentName~Shttp://ns.real.com/gemini.v1:SubscriptionLimitDlgActor~PluginFilename~Srnms3270.dll~ComponentCLSID~XXEXVdT54XUCQc1E+Rpzt3g==}{IRCAPreferencable~SPrefPage~PluginFilename~Srnms3270.dll~ComponentCLSID~XjuFS/mAVu0mjA4fOfoKUKQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:RNMsgCenterPrefPageActor~PluginFilename~Srnms3270.dll~ComponentCLSID~Xa/7hcNTBt0Oq59bcxHlP9Q==}{ComponentName~Shttp://ns.real.com/gemini.v1:RNMsgListControlActor~PluginFilename~Srnms3270.dll~ComponentCLSID~XZD0/m9zP806dGKqnCchIjA==}{ComponentName~Shttp://ns.real.com/gemini.v1:RNMsgListEntryActor~PluginFilename~Srnms3270.dll~ComponentCLSID~XGued0Ba10EuxHb3cwGJCIA==}{ComponentName~Shttp://ns.real.com/gemini.v1:RNMsgDisableSystrayIconDlgActor~PluginFilename~Srnms3270.dll~ComponentCLSID~XNIECF/Bm4UyQ5plzInRh7A==}{PluginFilename~Srnqu3270.dll~ComponentCLSID~XQ2ZxNDHI0hGzOQDA8DGHmA==}{PluginFilename~Srnqu3270.dll~ComponentCLSID~XQAVqLjjf0xGU6ADQtyOttQ==}{PluginFilename~Srnqu3270.dll~ComponentCLSID~XQWZxNDHI0hGzOQDA8DGHmA==}{PluginFilename~Srnqu3270.dll~ComponentCLSID~XAygAAAEJ0RGLBgCgJEBtWQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:UpgUICreator~PluginFilename~Srnup3270.dll~ComponentCLSID~XQPKptVbN1BGV/wCQJ2IV7g==}{ComponentName~Shttp://ns.real.com/gemini.v1:CancelUpgButton~PluginFilename~Srnup3270.dll~ComponentCLSID~Xge9Thin50xGVQQCQJ2IV7g==}{ComponentName~Shttp://ns.real.com/gemini.v1:ProgressDlgActor~PluginFilename~Srnup3270.dll~ComponentCLSID~XUAizUl780xGVQQCQJ2IV7g==}{ComponentName~Shttp://ns.real.com/gemini.v1:DoItBtnActor~PluginFilename~Srnup3270.dll~ComponentCLSID~XkFq65dUJ1BGVSgCQJ2IV7g==}{ComponentName~Shttp://ns.real.com/gemini.v1:UpgAlwaysDnldTBtnActor~PluginFilename~Srnup3270.dll~ComponentCLSID~X0AJlNdUP1BGVSwCQJ2IV7g==}{ComponentName~Shttp://ns.real.com/gemini.v1:UpgSizeDataActor~PluginFilename~Srnup3270.dll~ComponentCLSID~XYDxmR40R1BGVTQCQJ2IV7g==}{ComponentName~Shttp://ns.real.com/gemini.v1:UpgProductNameTxtActor~PluginFilename~Srnup3270.dll~ComponentCLSID~XcGvhMt0W1BGVUgCQJ2IV7g==}{ComponentName~Shttp://ns.real.com/gemini.v1:UpgErrorDlgActor~PluginFilename~Srnup3270.dll~ComponentCLSID~XEFkEDQld1BGVlQCQJ2IV7g==}{ComponentName~Shttp://ns.real.com/gemini.v1:PauseResumeBtnActor~PluginFilename~Srnup3270.dll~ComponentCLSID~XoMudDJ901BGVpgCQJ2IV7g==}{ComponentName~Shttp://ns.real.com/gemini.v1:MIMEStringActor~PluginFilename~Srnup3270.dll~ComponentCLSID~XMJBKkaIR1RGTNwACswfx4w==}{ComponentName~Shttp://ns.real.com/gemini.v1:UpgMenuActor~PluginFilename~Srnup3270.dll~ComponentCLSID~XQBtqpCIe1RGTRAACswfx4w==}{IRCAPreferencable~SPrefPage~PluginFilename~Srnup3270.dll~ComponentCLSID~XsFedKucf1RGxwQCQJ2IV7g==}{ComponentName~Shttp://ns.real.com/gemini.v1:UpgCompListCtlActor~PluginFilename~Srnup3270.dll~ComponentCLSID~XgDsfUiC11BGV3gCQJ2IV7g==}{ComponentName~Shttp://ns.real.com/gemini.v1:UpgDefaultCompListEntryActor~PluginFilename~Srnup3270.dll~ComponentCLSID~X4Lleqg651BGV5wCQJ2IV7g==}{ComponentName~Shttp://ns.real.com/gemini.v1:InstalledComponentsListActor~PluginFilename~Srnup3270.dll~ComponentCLSID~X0CD3C+4h1RGTTAACswfx4w==}{ComponentName~Shttp://ns.real.com/gemini.v1:SetCompSelStateBtnActor~PluginFilename~Srnup3270.dll~ComponentCLSID~XgBdiWOFP1RGTbgACswfx4w==}{ComponentName~Shttp://ns.real.com/gemini.v1:DisableWhileInstallingActor~PluginFilename~Srnup3270.dll~ComponentCLSID~XkHggfUuQ1RGyLwCQJ2IV7g==}{ComponentName~Shttp://ns.real.com/gemini.v1:MsgUIActor~PluginFilename~Srnup3270.dll~ComponentCLSID~XcK44MZeV1RGTagACswf0Gg==}{ComponentName~Shttp://ns.real.com/gemini.v1:DetailsOnNoAvailCompWithMIMEActor~PluginFilename~Srnup3270.dll~ComponentCLSID~XLAo5mSUNOkKHl0JjDUBiTQ==}{ComponentName~Shttp://ns.real.com/gemini.v1:UpgConfigureNotificationsActor~PluginFilename~Srnup3270.dll~ComponentCLSID~X/rRVfxBsG0yisvfy+0q7Ug==}{ComponentName~Shttp://ns.real.com/gemini.v1:RNUpdateClient~PluginFilename~Srnup3270.dll~ComponentCLSID~XPbr5gWEkcEWNbTkwdSTmCA==}{PluginFilename~SRPElevation.dll~ComponentCLSID~XdMzGnrCQSk20n5UX+zUv0Q==}{PluginFilename~Ssetu3270.dll~ComponentCLSID~XoNNlj+zn1BGWDQCQJ2IV7g==}{PluginFilename~Ssetu3270.dll~ComponentCLSID~XAAcAAN9h0BGd7wkBFgNQSA==}{PluginFilename~Ssetu3270.dll~ComponentCLSID~Xo9Nlj+zn1BGWDQCQJ2IV7g==}{PluginFilename~Ssetu3270.dll~ComponentCLSID~XotNlj+zn1BGWDQCQJ2IV7g==}{PluginFilename~Ssetu3270.dll~ComponentCLSID~XQJ8igqDX1BGWBwCQJ2IV7g==}{PluginFilename~Ssetu3270.dll~ComponentCLSID~XodNlj+zn1BGWDQCQJ2IV7g==}{PluginFilename~Ssetu3270.dll~ComponentCLSID~Xl7VDl0Wbl0qTJm7SIaGNxg==}{PluginFilename~Supgr3270.dll~ComponentCLSID~XsMvaIAH91BGTJAACswfx4w==}{PluginFilename~Supgr3270.dll~ComponentCLSID~XoEPvnRL20xGVQACQJ2IV7g==}{PluginFilename~Supgr3270.dll~ComponentCLSID~XwKSUKSrG1BGV+ACQJ2IV7g==}{PluginFilename~Supgr3270.dll~ComponentCLSID~XIMXcktdl1RGThAACswfx4w==}{PluginFilename~Supgr3270.dll~ComponentCLSID~X8AgrnrVs1RGTiwACswfx4w==}{PluginFilename~Supgr3270.dll~ComponentCLSID~X0JVckR1v1RGTjQACswfx4w==}8455"

*******************
[Fichier]
*******************

c:\FindyKill\Reg\Uac.$$A

*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté

Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------

Réponse 34 / 37

syd530 Messages postés 145 Statut Membre 3

Rapport GenProc

Rapport GenProc 2.604 [2] - 16/07/2009 à 19:38:49
@ Windows XP Service Pack 2 - Mode normal
@ Mozilla Firefox (3.0.11) [Navigateur par défaut]

GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :

Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
- C:\Program Files\EsetOnlineScanner\log.txt

~~~~ INFORMATION COMPLEMENTAIRE ~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:39:11, on 16/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Labtec\WebCam10\WebCam10.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\cmd.exe
C:\GenProc\outil\Loïc_GenProc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Labtec\WebCam10\WebCam10.exe" /hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [UberIcon] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service Google Update (gupdate1c9945bfbc833ca) (gupdate1c9945bfbc833ca) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe

Réponse 35 / 37

syd530 Messages postés 145 Statut Membre 3

Bonsoir, la mise a jour de la base de données est vraiment très longue. je l'ai commencée aux alentours de 23H et il est désormais 01H40 et je ne suis qu'à 15% de la mise a jour.

Réponse 36 / 37

syd530 Messages postés 145 Statut Membre 3

Voici les rapports,

[ Rapport ToolsCleaner version 2.3.7 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\TB.txt: trouvé !
C:\FindyKill.txt: trouvé !
C:\GenProc: trouvé !
C:\Qoobox: trouvé !
C:\Toolbar SD: trouvé !
C:\FindyKill: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\Loïc\Bureau\Ad-remover.lnk: trouvé !
C:\Documents and Settings\Loïc\Bureau\Combofix.txt: trouvé !
C:\Documents and Settings\Loïc\Bureau\OAD.exe: trouvé !
C:\Documents and Settings\Loïc\Bureau\SmitFraudfix: trouvé !
C:\Documents and Settings\Loïc\Bureau\Nouveau dossier\HijackThis.exe: trouvé !
C:\Documents and Settings\Loïc\Bureau\Nouveau dossier\HJTInstall.exe: trouvé !
C:\Documents and Settings\Loïc\Bureau\Nouveau dossier\hijackthis.log: trouvé !
C:\Documents and Settings\Loïc\Bureau\Nouveau dossier\SmitFraudfix: trouvé !
C:\Documents and Settings\Loïc\Bureau\Nouveau dossier (2)\SmitFraudFix.exe: trouvé !
C:\Documents and Settings\Loïc\Bureau\Nouveau dossier (2)\ToolBarSD.exe: trouvé !
C:\Documents and Settings\Loïc\Bureau\Nouveau dossier (2)\Rsit.exe: trouvé !
C:\Documents and Settings\Loïc\Bureau\Nouveau dossier (3)\Gmer.txt: trouvé !
C:\Documents and Settings\Loïc\Menu Démarrer\Programmes\FindyKill: trouvé !
C:\Documents and Settings\Loïc\Menu Démarrer\Programmes\Ad-remover: trouvé !
C:\GenProc\outil\hijackthis.log: trouvé !
C:\GenProc\outil\mbr.exe: trouvé !
C:\GenProc\Page\GenProc[*].html: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Program Files\Ad-remover\BACKUP\Ad-R.exe: trouvé !
C:\WINDOWS\SmitFraudfix: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\Loïc\Bureau\Ad-remover.lnk: supprimé !
C:\Documents and Settings\Loïc\Bureau\Nouveau dossier\HijackThis.exe: supprimé !
C:\Documents and Settings\Loïc\Bureau\Nouveau dossier\HJTInstall.exe: supprimé !
C:\Documents and Settings\Loïc\Bureau\Nouveau dossier (2)\SmitFraudFix.exe: supprimé !
C:\Documents and Settings\Loïc\Bureau\Nouveau dossier (2)\ToolBarSD.exe: supprimé !
C:\Program Files\Ad-remover\BACKUP\Ad-R.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\TB.txt: supprimé !
C:\FindyKill.txt: supprimé !
C:\Documents and Settings\Loïc\Bureau\Combofix.txt: supprimé !
C:\Documents and Settings\Loïc\Bureau\OAD.exe: supprimé !
C:\Documents and Settings\Loïc\Bureau\Nouveau dossier\hijackthis.log: supprimé !
C:\Documents and Settings\Loïc\Bureau\Nouveau dossier (2)\Rsit.exe: supprimé !
C:\Documents and Settings\Loïc\Bureau\Nouveau dossier (3)\Gmer.txt: supprimé !
C:\GenProc\outil\hijackthis.log: supprimé !
C:\GenProc\outil\mbr.exe: supprimé !
C:\GenProc\Page\GenProc[*].html: ERREUR DE SUPPRESSION !!
C:\GenProc: supprimé !
C:\Qoobox: supprimé !
C:\Toolbar SD: supprimé !
C:\FindyKill: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\Loïc\Bureau\SmitFraudfix: supprimé !
C:\Documents and Settings\Loïc\Bureau\Nouveau dossier\SmitFraudfix: supprimé !
C:\Documents and Settings\Loïc\Menu Démarrer\Programmes\FindyKill: supprimé !
C:\Documents and Settings\Loïc\Menu Démarrer\Programmes\Ad-remover: supprimé !
C:\Program Files\Ad-remover: supprimé !
C:\WINDOWS\SmitFraudfix: supprimé !

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: rapport d'analyse
vendredi 17 juillet 2009
Système d'exploitation : Microsoft Windows XP Professional Service Pack 2 (build 2600)
Version de Kaspersky Online Scanner : 7.0.26.13
Dernière mise à jour de la base : Friday, July 17, 2009 01:26:33
Enregistrements dans la base : 2477826
--------------------------------------------------------------------------------

Paramètres d'analyse:
analyser avec la base suivante: étendue
Analyser les archives: oui
Analyser les bases de messagerie: oui

Zone d'analyse - Poste de travail:
C:\
D:\
E:\
F:\

Statistiques d'analyse:
Objets analysés: 122175
Menaces trouvées: 0
Objets infectés trouvés: 0
Objets suspects trouvés: 0
Durée d'analyse: 02:34:53

Aucune menace trouvée. La zone d'analyse est propre.

La zone sélectionnée a été analysée.

Réponse 37 / 37

sKe69 Messages postés 21955 Statut Contributeur sécurité 463

Salut,

de retour .... ^^

si tu n'as plus de soucis , on finalise .... dans l'ordre :

1- Mets à jours ce qui suit, c'est important ( des versions pas à jours = failles de sécurité ) :

Version Console Java à jour > 6 Update 14
Version Adobe Reader à jour > v 9.1.2
Version Internet Explorer à jour > v 8

* pour la console Java :
-> désinstalle toutes les versions antérieurs via le panneau de config./"Ajout et suppression de programmes" (pour XP) ou " Programmes et fonctionnalités " (pour Vista) .
-> Puis télécharge et installe la dernière version ici :
http://www.commentcamarche.net/telecharger/telecharger 34055318 java runtime environment
ou https://www.java.com/fr/

( Autre astuce pour faire cette maj ainsi que la suppression des anciennes versions
avec l'outil Javara : http://www.commentcamarche.net/faq/sujet 15645 javara indispensable )

-> Enfin contrôle ceci :
Démarrer > Panneau de configuration > Icône Java > onglet Mise à jour > cocher la case "Automatiser la détection des mises à jour".

* Adobe Reader :
-> désinstalle avant l'ancienne version via le panneau de config./"Ajout et suppression de programmes" (pour XP) ou " Programmes et fonctionnalités " (pour Vista) .
-> Note : si tu as une imprimante ,éteinds la et débranche la du PC avant de faire la mise à jour.
-> télécharge et installe la dernière version ici :
http://www.commentcamarche.net/telecharger/telecharger 27 acrobat reader

* Internet Explorer :
Même si tu utilises un autre Navigateur , il faut tenir IE à jours ! ( sinon faille de sécurité ) .
->Télécharge le ici : https://support.microsoft.com/fr-fr/allproducts
ou ici : http://www.commentcamarche.net/telecharger/telecharger 220 internet explorer

http://www.microsoft.com/downloads/details.aspx?familyid=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=fr

! Ferme toutes applications en cours ( navigateurs compris ), désactive toutes tes défenses ( antivirus , pare feu , guarde anti-spyware ...), et en restant connecté !

> puis lance l'installe de IE8 et laisse toi guider ...( regarde bien le du tuto ci-dessous )

->Pourquoi mettre à jours IE et tuto ici :
https://forum.malekal.com/viewtopic.php?f=45&t=12405

=================

2- Fais une mise à jours de ton Système via panneau de config / "Windows Update" :
-> fais toutes les mises à jours disponibles, surtout les dites "critiques" et "importantes" ( XP SP3 , ect ... ).
-> tu les télécharges , puis une fois celles-ci téléchargées , lance les installations ( il te sera surement demandé de redémarrer le PC pour finir les installes ...).

Astuce ici :
http://www.commentcamarche.net/faq/sujet 273 windows update toutes versions

Note :
ferme toutes applications en cours et ne fais rien d'autre avec le PC lors de la mise à jour du système .

==================

3- une fois tout ceci fait , utilise Hijackthis :

tuto pour utilisation :
Regarde ici, c'est parfaitement expliqué en images (merci balltrap34),
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
( Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement )

> !! Déconnecte toi et ferme toutes tes applications en cours !!

Clique sur le raccourci du bureau pour lancer le prg :
fais un scan HijackThis en cliquant sur : "Do a system scan and save a logfile"

---> Poste le rapport généré pour analyse ...

Problemes avec google

37 réponses

Votre réponse

Newsletters