Sujet Précédent Sujet Suivant

Analyse hijackthis après virus

Résolu
phabryss -  
 phabryss -
Bonjour,

Après avoir eu un joli petit virus qui m'a bien foutu le b***** dans mon pc, je viens vous demander votre avis sur le log hijackthis. Pour info, au redémarrage de mon pc, j'avais droit à l'écran bleu de la mort ;) du coup j'ai redémarrer en mode sans échec pour tout scanner (antivir, malwarebyte, avg antirootkit et spybot S&D)... après ce nettoyage ne règle, il me reste encore des fichiers "louches" voilà pourquoi j'aimerais savoir ce que je dois fixer.

Merci

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28:04, on 05/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\RCS\GSelector\WebStarterGS\WebStarterGS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
C:\Documents and Settings\Fabrice\Bureau\fichiers téléchargés\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1644491937-1580818891-725345543-1005\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'GSelectorSQLAdmin')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GSelectorWebService - Unknown owner - C:\Program Files\RCS\GSelector\WebStarterGS\WebStarterGS.exe
O23 - Service: Service Google Update (gupdate1ca065363ad5965) (gupdate1ca065363ad5965) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
A voir également:

19 réponses

Réponse 1 / 19
Utilisateur anonyme
 
Bonjour
* Télécharge OtmoveIT (de Old_Timer) sur ton Bureau
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/ (de OldTimer) sur ton Bureau
* Double-clique sur OTMoveIt.exe pour le lancer.
* Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.
* copie la liste en gras ci-dessous et colle la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.

:processes
explorer.exe
nielsenonline.exe

:files
c:\program files\netratingsnetsight\netsight\nielsenonline.exe

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NielsenOnline"=-


:commands
[emptytemp]
[purity]
[start explorer]
[reboot]

-----------------------------

* clique sur MoveIt! pour lancer la suppression.
* Le résultat apparaitra dans le cadre "Results".
* Clique sur Exit pour fermer.
* Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
* Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
0
Réponse 2 / 19
phabryss
 
Merci Nanard4700 mais "nielsenonline.exe" c'est un logiciel que j'ai installé en connaissance de cause (enquête de Médiamétrie), il est installé depuis plus d'un an et je n'ai jamais eu de soucis. C'est seulement depuis 2-3 jours que j'ai chopé ce virus et les problèmes qui vont avec.
Pour info quand je lance une analyse avec avg antirootkit, il me trouve toujours des fichiers suspects et j'ai beau les supprimers avec avg, ils reviennent à chaque fois mais avec un nom différent :

C:\WINDOWS\System32\Drivers\ae9ovxir.SYS ===== Hidden driver file
C:\WINDOWS\System32\Drivers\ajcs0ikt.SYS ===== Hidden driver file
0
Réponse 3 / 19
Utilisateur anonyme
 
• Télécharge : Télécharge Rooter de l'équipe IDN sur ton bureau :

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/Rooter.exe?attachauth=ANoY7cpzQksLcJt-e1z30LGu7t4JjUhh8amzWs_oSPSJpXbXp8ythGbW2WF8ysioh5NNlarrn7zMnYCRfsT5rCwNrfw5_CZYELApylTiY_MGu0G6uKzWpLEF2YXM3tF7nKZZAWj0JSAajXlZhd8dIyI3MrZ-lAIT5ZrAdcrct9_7bshwVpaZRPizuMTv9SDvmvY31BX4Vvvh2F2Brp1cy_K0jtTTfjttEA%3D%3D&attredirects=2

! Déconnecte toi d'internet et ferme toutes applications en cours !

* Exécute Rooter et laisse travailler l'outil .

* Une fois terminé, poste le rapport obtenu pour analyse ...

0
Réponse 4 / 19
phabryss
 
Et voilà :

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 2
[32_bits] - x86 Family 6 Model 15 Stepping 13, GenuineIntel
.
Error OpenService (wscsvc) : 1060
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 7.0.5730.11
.
C:\ [Fixed-NTFS] .. ( Total:106 Go - Free:10 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
.
Scan : 18:54.52
Path : C:\Documents and Settings\Fabrice\Mes documents\Downloads\Rooter.exe
User : Fabrice ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (1056)
______ \??\C:\WINDOWS\system32\csrss.exe (1168)
______ \??\C:\WINDOWS\system32\winlogon.exe (1264)
______ C:\WINDOWS\system32\services.exe (1324)
______ C:\WINDOWS\system32\lsass.exe (1336)
______ C:\WINDOWS\system32\svchost.exe (1508)
______ C:\WINDOWS\system32\svchost.exe (1572)
______ C:\WINDOWS\System32\svchost.exe (1612)
______ C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe (1640)
______ C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1692)
______ C:\WINDOWS\Explorer.EXE (1944)
______ C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (2020)
______ C:\WINDOWS\system32\svchost.exe (392)
______ C:\WINDOWS\system32\svchost.exe (468)
______ C:\WINDOWS\System32\WLTRYSVC.EXE (696)
______ C:\WINDOWS\System32\bcmwltry.exe (708)
______ C:\WINDOWS\system32\spoolsv.exe (756)
______ C:\Program Files\Avira\AntiVir Desktop\sched.exe (836)
______ C:\Program Files\Avira\AntiVir Desktop\avguard.exe (920)
______ C:\Program Files\Bonjour\mDNSResponder.exe (976)
______ C:\Program Files\RCS\GSelector\WebStarterGS\WebStarterGS.exe (1012)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1196)
______ C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe (1688)
______ c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe (1752)
______ C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (268)
______ c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (548)
______ C:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe (912)
______ C:\WINDOWS\system32\nvsvc32.exe (784)
______ C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (280)
______ c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (1824)
______ c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (2060)
______ C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (2096)
______ C:\WINDOWS\system32\svchost.exe (2196)
______ c:\program files\lenovo\system update\suservice.exe (2360)
______ C:\WINDOWS\System32\TUProgSt.exe (3344)
______ C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe (3364)
______ C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe (3564)
______ C:\WINDOWS\System32\alg.exe (2604)
______ C:\WINDOWS\system32\wbem\wmiapsrv.exe (2724)
______ C:\WINDOWS\RTHDCPL.EXE (3808)
______ C:\WINDOWS\system32\WLTRAY.exe (492)
______ C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (2004)
______ C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (564)
______ C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (4048)
______ C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe (2264)
______ C:\Program Files\Java\jre6\bin\jusched.exe (2796)
______ C:\WINDOWS\system32\ctfmon.exe (2720)
______ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (3276)
______ C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (2028)
______ C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE (3740)
______ C:\Documents and Settings\Fabrice\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (1728)
______ C:\Documents and Settings\Fabrice\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2112)
______ C:\Documents and Settings\Fabrice\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (4064)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (3428)
______ C:\Documents and Settings\Fabrice\Mes documents\Downloads\Rooter.exe (872)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:1048576 | Length:5768216576)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:5769265152 | Length:114263326720)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\Google Software Updater.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1580818891-725345543-1003Core.job
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1580818891-725345543-1003UA.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\User_Feed_Synchronization-{3ACA8BC9-743E-47E2-AA90-24357B2F9020}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 18:56.13
.
C:\Rooter$\Rooter_1.txt - (05/09/2009 | 18:56.13)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 19
Utilisateur anonyme
 
/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.

/!\ Désactive tous tes logiciels de protection /!\

• Télécharge combofix(de sUBs) sur ton Bureau.
• Double-clique sur ComboFix.exe afin de le lancer.
• Il va te demander d'installer la console de récupération : accepte.
• Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
#Si combofix ne veut pas se lancer renommes le en ccm.exe et éxécutes le en mode sans échec .
Tutoriel officiel de Combofix : http://www.bleepingcomputer.com/combofix/fr/comment-utiliser¬-combofix
0
Réponse 6 / 19
phabryss
 
ComboFix 09-09-05.01 - Fabrice 05/09/2009 21:43.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2046.1204 [GMT 2:00]
Running from: c:\documents and settings\Fabrice\Mes documents\Downloads\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\rotscxbxdnfyxm.sy_
c:\windows\system32\images
c:\windows\system32\images\+ DOSSIER UTILISE PAR LE PROGRAMME 'ENREGISTREZ SOUS EDITEUR'
c:\windows\system32\images\1.ico
c:\windows\system32\images\2.ico
c:\windows\system32\images\3.ico
c:\windows\system32\images\4.ico
c:\windows\system32\images\5.ico
c:\windows\system32\images\Flèche bas.ico
c:\windows\system32\images\Flèche haut.ico
c:\windows\system32\rotscxbbexnlnk.dll
c:\windows\system32\rotscxbdmqapvl.dat
c:\windows\system32\rotscxdeobqynx.dll
c:\windows\system32\rotscxiqjkvdlo.dat
c:\windows\UA000106.DLL

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_rotscxdivxviww
-------\Service_rotscxdivxviww

((((((((((((((((((((((((( Files Created from 2009-08-05 to 2009-09-05 )))))))))))))))))))))))))))))))
.

2009-09-05 19:51 . 2009-09-05 19:51 -------- d-----w- c:\windows\LastGood
2009-09-05 16:56 . 2009-09-05 16:56 -------- d-----w- C:\Rooter$
2009-09-05 10:48 . 2009-09-05 10:48 -------- d-----w- c:\program files\Uniblue
2009-09-04 22:56 . 2009-09-04 22:56 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-09-04 22:36 . 2009-09-04 22:36 -------- d-----w- C:\Downloads
2009-08-22 18:36 . 2009-08-22 18:36 -------- d-----w- c:\program files\TVAnts
2009-08-19 19:20 . 2009-08-19 19:20 -------- d-----w- c:\program files\SopCast
2009-08-17 00:46 . 2009-08-17 00:46 -------- d-----w- c:\program files\bfe
2009-08-16 18:59 . 2009-08-16 18:59 -------- d-----w- c:\program files\LED
2009-08-15 12:53 . 2009-08-15 12:53 -------- d-----w- c:\documents and settings\Fabrice\Local Settings\Application Data\2020 Fusion
2009-08-15 12:53 . 2009-08-15 12:53 -------- d-----w- c:\documents and settings\Fabrice\Application Data\2020 Fusion
2009-08-15 12:53 . 2009-08-15 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\iDeal Designer Hygena
2009-08-15 12:53 . 2009-08-15 12:53 -------- d-----w- c:\program files\Hygena
2009-08-10 19:43 . 2009-08-10 19:43 -------- d-----w- c:\documents and settings\Fabrice\Application Data\OpenOffice.org
2009-08-10 18:54 . 2009-08-10 18:54 -------- d-----w- c:\program files\OpenOffice.org 3
2009-08-09 01:07 . 2008-05-30 12:19 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
2009-08-09 01:07 . 2008-05-30 12:17 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll
2009-08-09 01:07 . 2008-05-30 12:18 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
2009-08-09 01:07 . 2008-05-30 12:17 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-05 13:39 . 2008-03-22 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-05 11:27 . 2008-03-22 21:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-05 10:53 . 2008-04-18 17:53 -------- d-----w- c:\documents and settings\Fabrice\Application Data\Free Download Manager
2009-09-04 21:33 . 2009-07-13 16:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-04 15:56 . 2008-11-04 19:10 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-03 21:15 . 2009-07-03 23:37 -------- d-----w- c:\documents and settings\Fabrice\Application Data\GrabIt
2009-09-03 20:59 . 2008-08-24 01:26 -------- d-----w- c:\documents and settings\Fabrice\Application Data\StumbleUpon
2009-08-29 23:12 . 2008-03-25 01:58 -------- d-----w- c:\program files\eMule
2009-08-18 23:41 . 2009-05-08 14:28 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-17 23:02 . 2008-03-27 00:17 81408 ----a-w- c:\documents and settings\Fabrice\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-10 18:52 . 2008-04-03 23:19 -------- d-----w- c:\program files\OpenOffice.org 2.4
2009-08-10 00:19 . 2008-04-03 23:21 -------- d-----w- c:\documents and settings\Fabrice\Application Data\OpenOffice.org2
2009-08-09 01:25 . 2008-03-26 22:52 -------- d-----w- c:\documents and settings\Fabrice\Application Data\Sports Interactive
2009-08-04 20:16 . 2009-08-04 20:16 -------- d-----w- c:\documents and settings\Fabrice\Application Data\FastStone
2009-08-04 20:16 . 2009-08-04 20:16 -------- d-----w- c:\program files\FastStone Capture
2009-08-03 13:02 . 2009-08-03 13:02 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-08-03 13:02 . 2008-03-20 01:56 -------- d-----w- c:\program files\Java
2009-08-03 11:36 . 2009-07-13 16:30 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-07-13 16:30 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-01 19:43 . 2009-08-01 19:43 -------- d-----w- c:\program files\El Juky
2009-07-29 13:10 . 2009-07-29 13:10 16512 ----a-w- c:\windows\gdrv.sys
2009-07-27 16:16 . 2008-05-03 00:32 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-07-24 15:58 . 2009-07-24 15:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_nielprt_01007.Wdf
2009-07-24 15:58 . 2009-07-24 15:58 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-07-20 15:53 . 2009-06-18 12:21 -------- d-----w- c:\program files\Ekahau
2009-07-19 13:33 . 2009-07-19 13:33 -------- d-----w- c:\documents and settings\Fabrice\Application Data\NotMyIp
2009-07-19 13:33 . 2009-07-19 13:33 8704 ----a-w- c:\windows\system32\SpOrder.dll
2009-07-16 20:26 . 2009-07-16 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-16 20:24 . 2009-07-16 20:17 -------- d-----w- c:\program files\Google
2009-07-13 16:30 . 2009-07-13 16:30 -------- d-----w- c:\documents and settings\Fabrice\Application Data\Malwarebytes
2009-07-13 16:30 . 2009-07-13 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-09 20:27 . 2009-07-09 19:49 -------- d-----w- c:\program files\IObit
2009-07-09 20:00 . 2009-07-09 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-07-09 19:49 . 2009-07-09 19:49 -------- d-----w- c:\documents and settings\Fabrice\Application Data\IObit
2009-06-15 21:43 . 2009-06-15 21:43 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-15 21:43 . 2009-06-15 21:43 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2008-12-28 13:51 . 2008-03-25 01:20 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-28 13:51 . 2008-03-25 01:20 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-28 13:51 . 2008-03-25 01:20 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-06-03 14:25 . 2009-07-24 15:58 176128 ----a-w- c:\program files\mozilla firefox\components\nsgkff20_meter3.dll
2008-12-28 13:51 . 2008-03-25 01:20 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-28 13:51 . 2008-03-25 01:20 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

------- Sigcheck -------

[-] 2006-11-11 14:02 359808 8D8949936913B041C6A0E184FBF1030B c:\windows\system32\drivers\tcpip.sys

[-] 2006-11-18 23:59 1035264 7BA68DF484B550C1F75DD80AE1D7EF67 c:\windows\explorer.exe

[-] 2006-12-13 13:06 1548288 0CEF991C04073F5EC8BFD65B961705F1 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-16 39408]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-01-25 53248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-21 7585792]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-12 1282048]
"NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2007-11-30 45056]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2007-03-21 86016]
"TVT Scheduler Proxy"="c:\program files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe" [2006-12-10 536576]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-15 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-03 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-01-30 16116224]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-30 1657376]

c:\documents and settings\Fabrice\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2006-11-13 561213]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoNetworkConnections"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"MaxRecentDocs"= 15 (0xf)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"DisallowCpl"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft SQL Server\\MSSQL.1\\MSSQL\\Binn\\sqlservr.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\BitBlinder\\BitBlinder.exe"=
"c:\\Program Files\\BitBlinder\\Tor.exe"=
"c:\\Program Files\\GigaTribe\\gigatribe.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1434:UDP"= 1434:UDP:SQL Browser
"8787:TCP"= 8787:TCP:Cassini

R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [17/03/2009 00:58 14336]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [08/05/2009 16:28 108289]
R2 Ekauio;Ekahau NDIS Usermode I/O Protocol;c:\windows\system32\drivers\ekauio.sys [07/04/2009 14:45 12416]
R2 GSelectorWebService;GSelectorWebService;c:\program files\RCS\GSelector\WebStarterGS\webstarterGS.exe [22/01/2009 10:33 20480]
R2 msftesql$GSELECTOR;SQL Server FullText Search (GSELECTOR);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [28/08/2006 03:53 92952]
R2 MSSQL$BP2X;SQL Server (BP2X);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [10/02/2007 15:29 29178224]
R2 MSSQL$GSELECTOR;SQL Server (GSELECTOR);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/02/2007 06:29 29178224]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [15/06/2009 23:43 604416]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [25/03/2009 21:59 8832]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S2 ecytzdca;ecytzdca;c:\windows\system32\drivers\dxgxr.sys --> c:\windows\system32\drivers\dxgxr.sys [?]
S2 gupdate1ca065363ad5965;Service Google Update (gupdate1ca065363ad5965);c:\program files\Google\Update\GoogleUpdate.exe [16/07/2009 22:24 133104]
S2 yntjpkldbaxxfdu;yntjpkldbaxxfdu;\??\c:\windows\system32\drivers\iondbjyvmxxd.sys --> c:\windows\system32\drivers\iondbjyvmxxd.sys [?]
S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys --> c:\program files\MediaCoder\SysInfo.sys [?]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 17:13 234864]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [03/06/2009 22:52 120168]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-16 20:24]

2009-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-16 20:24]

2009-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1580818891-725345543-1003Core.job
- c:\documents and settings\Fabrice\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 22:57]

2009-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1580818891-725345543-1003UA.job
- c:\documents and settings\Fabrice\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 22:57]

2009-09-05 c:\windows\Tasks\User_Feed_Synchronization-{3ACA8BC9-743E-47E2-AA90-24357B2F9020}.job
- c:\windows\system32\msfeedssync.exe [2006-12-13 12:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.fr/search?q=%s
IE: Envoyer au périphérique &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Fabrice\Application Data\Mozilla\Firefox\Profiles\nv2vokyd.default\
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Mozilla Firefox\components\nsgkff20_meter3.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-05 21:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql$GSELECTOR]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:GSELECTOR"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1580818891-725345543-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008]
"Currency"=dword:00000017
"GameDir"="c:\\Documents and Settings\\Fabrice\\Mes documents\\Sports Interactive\\Football Manager 2008\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Documents and Settings\\Fabrice\\Mes documents\\Sports Interactive\\Football Manager 2008"
"SaveDir"="c:\\Documents and Settings\\Fabrice\\Mes documents\\Sports Interactive\\Football Manager 2008\\"
"HistoryDir"="c:\\Documents and Settings\\Fabrice\\Bureau\\fichiers téléchargés\\FM 2008\\fm_genie_scout_2008\\FM Genie Scout 2008\\History Points"
"LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2008\\data\\updates\\update-802\\db\\802\\lang_db.dat"
"LastSaveGame"="c:\\Documents and Settings\\Fabrice\\Mes documents\\Sports Interactive\\Football Manager 2008\\games\\strasbourg.fm"
"Language"="French"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:0000005a
"SkinID"=dword:00000001
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"WindowState"=dword:00000002
"WindowHeight"=dword:000002de
"WindowWidth"=dword:000003fc
"WindowLeft"=dword:00000005
"WindowTop"=dword:00000000
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""

[HKEY_USERS\S-1-5-21-1644491937-1580818891-725345543-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Clubs]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000032
"Position4"=dword:00000004
"Visible4"=dword:00000001
"Width4"=dword:00000032
"Position5"=dword:00000005
"Visible5"=dword:00000001
"Width5"=dword:00000050
"Position6"=dword:00000006
"Visible6"=dword:00000001
"Width6"=dword:00000050
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000002d
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000001e
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000001e
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000001e
"Position13"=dword:0000000d
"Visible13"=dword:00000001
"Width13"=dword:0000003c
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000032
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:00000032
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000032
"Position17"=dword:00000011
"Visible17"=dword:00000001
"Width17"=dword:00000050
"Position18"=dword:00000012
"Visible18"=dword:00000001
"Width18"=dword:00000089
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050

[HKEY_USERS\S-1-5-21-1644491937-1580818891-725345543-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Players]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000009a
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000053
"Position4"=dword:00000008
"Visible4"=dword:00000001
"Width4"=dword:00000023
"Position5"=dword:00000009
"Visible5"=dword:00000001
"Width5"=dword:00000064
"Position6"=dword:0000000a
"Visible6"=dword:00000001
"Width6"=dword:00000066
"Position7"=dword:0000000c
"Visible7"=dword:00000001
"Width7"=dword:00000061
"Position8"=dword:0000000d
"Visible8"=dword:00000001
"Width8"=dword:0000006b
"Position9"=dword:0000000e
"Visible9"=dword:00000001
"Width9"=dword:00000077
"Position10"=dword:00000010
"Visible10"=dword:00000000
"Width10"=dword:00000050
"Position11"=dword:00000011
"Visible11"=dword:00000000
"Width11"=dword:0000004b
"Position12"=dword:00000012
"Visible12"=dword:00000000
"Width12"=dword:0000002d
"Position13"=dword:00000013
"Visible13"=dword:00000000
"Width13"=dword:0000003c
"Position14"=dword:00000014
"Visible14"=dword:00000000
"Width14"=dword:0000004b
"Position15"=dword:00000015
"Visible15"=dword:00000000
"Width15"=dword:00000064
"Position16"=dword:00000016
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000017
"Visible17"=dword:00000000
"Width17"=dword:0000004b
"Position18"=dword:00000018
"Visible18"=dword:00000000
"Width18"=dword:00000064
"Position19"=dword:00000019
"Visible19"=dword:00000000
"Width19"=dword:0000003c
"Position20"=dword:0000001a
"Visible20"=dword:00000000
"Width20"=dword:0000004b
"Position21"=dword:0000001b
"Visible21"=dword:00000000
"Width21"=dword:00000050
"Position22"=dword:0000001c
"Visible22"=dword:00000000
"Width22"=dword:00000073
"Position23"=dword:0000001d
"Visible23"=dword:00000000
"Width23"=dword:00000050
"Position24"=dword:0000001e
"Visible24"=dword:00000000
"Width24"=dword:0000005a
"Position25"=dword:0000001f
"Visible25"=dword:00000000
"Width25"=dword:0000006e
"Position26"=dword:00000020
"Visible26"=dword:00000000
"Width26"=dword:00000064
"Position27"=dword:00000021
"Visible27"=dword:00000000
"Width27"=dword:00000087
"Position28"=dword:00000022
"Visible28"=dword:00000000
"Width28"=dword:00000064
"Position29"=dword:00000023
"Visible29"=dword:00000000
"Width29"=dword:00000064
"Position30"=dword:00000024
"Visible30"=dword:00000000
"Width30"=dword:00000046
"Position31"=dword:00000025
"Visible31"=dword:00000000
"Width31"=dword:0000004b
"Position32"=dword:00000026
"Visible32"=dword:00000000
"Width32"=dword:00000046
"Position33"=dword:00000027
"Visible33"=dword:00000000
"Width33"=dword:0000004b
"Position34"=dword:00000028
"Visible34"=dword:00000000
"Width34"=dword:0000003c
"Position35"=dword:0000002a
"Visible35"=dword:00000000
"Width35"=dword:00000064
"Position36"=dword:0000002e
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000030
"Visible37"=dword:00000000
"Width37"=dword:0000005f
"Position38"=dword:00000033
"Visible38"=dword:00000000
"Width38"=dword:00000091
"Position39"=dword:00000035
"Visible39"=dword:00000000
"Width39"=dword:0000003c
"Position40"=dword:0000002c
"Visible40"=dword:00000000
"Width40"=dword:0000005a
"Position41"=dword:00000036
"Visible41"=dword:00000000
"Width41"=dword:00000041
"Position42"=dword:00000029
"Visible42"=dword:00000000
"Width42"=dword:00000050
"Position43"=dword:0000002b
"Visible43"=dword:00000000
"Width43"=dword:00000055
"Position44"=dword:0000002d
"Visible44"=dword:00000000
"Width44"=dword:0000005f
"Position45"=dword:00000037
"Visible45"=dword:00000000
"Width45"=dword:00000050
"Position46"=dword:00000038
"Visible46"=dword:00000000
"Width46"=dword:0000004b
"Position47"=dword:00000039
"Visible47"=dword:00000000
"Width47"=dword:0000004b
"Position48"=dword:0000003a
"Visible48"=dword:00000000
"Width48"=dword:00000046
"Position49"=dword:0000003b
"Visible49"=dword:00000000
"Width49"=dword:00000032
"Position50"=dword:0000003c
"Visible50"=dword:00000000
"Width50"=dword:0000003c
"Position51"=dword:0000003d
"Visible51"=dword:00000000
"Width51"=dword:0000004b
"Position52"=dword:0000003e
"Visible52"=dword:00000000
"Width52"=dword:0000003c
"Position53"=dword:0000003f
"Visible53"=dword:00000000
"Width53"=dword:00000037
"Position54"=dword:00000040
"Visible54"=dword:00000000
"Width54"=dword:00000069
"Position55"=dword:00000041
"Visible55"=dword:00000000
"Width55"=dword:0000005a
"Position56"=dword:00000044
"Visible56"=dword:00000000
"Width56"=dword:0000004b
"Position57"=dword:00000045
"Visible57"=dword:00000000
"Width57"=dword:0000004b
"Position58"=dword:00000046
"Visible58"=dword:00000000
"Width58"=dword:00000037
"Position59"=dword:00000047
"Visible59"=dword:00000000
"Width59"=dword:0000003c
"Position60"=dword:00000048
"Visible60"=dword:00000000
"Width60"=dword:0000003c
"Position61"=dword:00000049
"Visible61"=dword:00000000
"Width61"=dword:00000041
"Position62"=dword:0000004a
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:0000004b
"Visible63"=dword:00000000
"Width63"=dword:0000003c
"Position64"=dword:0000004c
"Visible64"=dword:00000000
"Width64"=dword:0000003c
"Position65"=dword:0000004d
"Visible65"=dword:00000000
"Width65"=dword:0000004b
"Position66"=dword:0000004e
"Visible66"=dword:00000000
"Width66"=dword:0000003c
"Position67"=dword:0000004f
"Visible67"=dword:00000000
"Width67"=dword:00000046
"Position68"=dword:00000050
"Visible68"=dword:00000000
"Width68"=dword:00000028
"Position69"=dword:00000051
"Visible69"=dword:00000000
"Width69"=dword:00000041
"Position70"=dword:00000052
"Visible70"=dword:00000000
"Width70"=dword:0000003c
"Position71"=dword:00000053
"Visible71"=dword:00000000
"Width71"=dword:00000069
"Position72"=dword:00000054
"Visible72"=dword:00000000
"Width72"=dword:00000041
"Position73"=dword:00000055
"Visible73"=dword:00000000
"Width73"=dword:0000005f
"Position74"=dword:00000056
"Visible74"=dword:00000000
"Width74"=dword:0000003c
"Position75"=dword:00000057
"Visible75"=dword:00000000
"Width75"=dword:00000037
"Position76"=dword:00000058
"Visible76"=dword:00000000
"Width76"=dword:0000004b
"Position77"=dword:00000059
"Visible77"=dword:00000000
"Width77"=dword:00000050
"Position78"=dword:0000005a
"Visible78"=dword:00000000
"Width78"=dword:00000037
"Position79"=dword:0000005b
"Visible79"=dword:00000000
"Width79"=dword:00000037
"Position80"=dword:0000005c
"Visible80"=dword:00000000
"Width80"=dword:0000005a
"Position81"=dword:0000005d
"Visible81"=dword:00000000
"Width81"=dword:0000004b
"Position82"=dword:0000005e
"Visible82"=dword:00000000
"Width82"=dword:00000055
"Position83"=dword:0000005f
"Visible83"=dword:00000000
"Width83"=dword:0000002d
"Position84"=dword:00000060
"Visible84"=dword:00000000
"Width84"=dword:00000037
"Position85"=dword:00000061
"Visible85"=dword:00000000
"Width85"=dword:0000003c
"Position86"=dword:00000062
"Visible86"=dword:00000000
"Width86"=dword:00000046
"Position87"=dword:00000063
"Visible87"=dword:00000000
"Width87"=dword:0000003c
"Position88"=dword:00000064
"Visible88"=dword:00000000
"Width88"=dword:0000005a
"Position89"=dword:00000065
"Visible89"=dword:00000000
"Width89"=dword:0000003c
"Position90"=dword:00000066
"Visible90"=dword:00000000
"Width90"=dword:00000050
"Position91"=dword:00000067
"Visible91"=dword:00000000
"Width91"=dword:00000046
"Position92"=dword:00000068
"Visible92"=dword:00000000
"Width92"=dword:0000005a
"Position93"=dword:00000069
"Visible93"=dword:00000000
"Width93"=dword:00000037
"Position94"=dword:0000006a
"Visible94"=dword:00000000
"Width94"=dword:0000003c
"Position95"=dword:0000006b
"Visible95"=dword:00000000
"Width95"=dword:0000003c
"Position96"=dword:0000006c
"Visible96"=dword:00000000
"Width96"=dword:00000046
"Position97"=dword:0000006d
"Visible97"=dword:00000000
"Width97"=dword:00000046
"Position98"=dword:0000006e
"Visible98"=dword:00000000
"Width98"=dword:00000055
"Position99"=dword:0000006f
"Visible99"=dword:00000000
"Width99"=dword:00000073
"Position100"=dword:00000042
"Visible100"=dword:00000000
"Width100"=dword:00000041
"Position101"=dword:00000070
"Visible101"=dword:00000000
"Width101"=dword:0000003c
"Position102"=dword:00000071
"Visible102"=dword:00000000
"Width102"=dword:0000003c
"Position103"=dword:00000072
"Visible103"=dword:00000000
"Width103"=dword:00000046
"Position104"=dword:00000073
"Visible104"=dword:00000000
"Width104"=dword:0000003c
"Position105"=dword:00000074
"Visible105"=dword:00000000
"Width105"=dword:00000041
"Position106"=dword:0000000f
"Visible106"=dword:00000001
"Width106"=dword:0000008d
"Position107"=dword:0000000b
"Visible107"=dword:00000001
"Width107"=dword:00000028
"Position108"=dword:00000043
"Visible108"=dword:00000000
"Width108"=dword:00000050
"Position109"=dword:0000002f
"Visible109"=dword:00000000
"Width109"=dword:00000050
"Position110"=dword:00000031
"Visible110"=dword:00000000
"Width110"=dword:00000055
"Position111"=dword:00000032
"Visible111"=dword:00000000
"Width111"=dword:00000082
"Position112"=dword:00000034
"Visible112"=dword:00000000
"Width112"=dword:00000087
"Position113"=dword:00000075
"Visible113"=dword:00000000
"Width113"=dword:00000050
"Position114"=dword:00000076
"Visible114"=dword:00000000
"Width114"=dword:00000050
"Position115"=dword:00000077
"Visible115"=dword:00000000
"Width115"=dword:00000050
"Position116"=dword:00000078
"Visible116"=dword:00000000
"Width116"=dword:00000050
"Position117"=dword:00000079
"Visible117"=dword:00000000
"Width117"=dword:00000050
"Position118"=dword:0000007a
"Visible118"=dword:00000000
"Width118"=dword:00000050
"Position119"=dword:0000007b
"Visible119"=dword:00000000
"Width119"=dword:00000050
"Position120"=dword:0000007c
"Visible120"=dword:00000000
"Width120"=dword:00000050
"Position121"=dword:0000007d
"Visible121"=dword:00000000
"Width121"=dword:00000050
"Position122"=dword:0000007e
"Visible122"=dword:00000000
"Width122"=dword:00000050
"Position123"=dword:0000007f
"Visible123"=dword:00000000
"Width123"=dword:00000050
"Position124"=dword:00000080
"Visible124"=dword:00000000
"Width124"=dword:00000050
"Position125"=dword:00000081
"Visible125"=dword:00000000
"Width125"=dword:00000050
"Position126"=dword:00000082
"Visible126"=dword:00000000
"Width126"=dword:00000050
"Position127"=dword:00000083
"Visible127"=dword:00000000
"Width127"=dword:00000050
"Position128"=dword:00000084
"Visible128"=dword:00000000
"Width128"=dword:00000050
"Position129"=dword:00000085
"Visible129"=dword:00000000
"Width129"=dword:00000050
"Position130"=dword:00000086
"Visible130"=dword:00000000
"Width130"=dword:00000050
"Position131"=dword:00000087
"Visible131"=dword:00000000
"Width131"=dword:00000050
"Position132"=dword:00000088
"Visible132"=dword:00000000
"Width132"=dword:00000050
"Position133"=dword:00000089
"Visible133"=dword:00000000
"Width133"=dword:00000050
"Position134"=dword:0000008a
"Visible134"=dword:00000000
"Width134"=dword:00000050
"Position135"=dword:0000008b
"Visible135"=dword:00000000
"Width135"=dword:00000050
"Position136"=dword:0000008c
"Visible136"=dword:00000000
"Width136"=dword:00000050
"Position137"=dword:0000008d
"Visible137"=dword:00000000
"Width137"=dword:00000050
"Position138"=dword:0000008e
"Visible138"=dword:00000000
"Width138"=dword:00000050
"Position139"=dword:0000008f
"Visible139"=dword:00000000
"Width139"=dword:00000050
"Position140"=dword:00000090
"Visible140"=dword:00000000
"Width140"=dword:00000050
"Position141"=dword:00000091
"Visible141"=dword:00000000
"Width141"=dword:00000050
"Position142"=dword:00000092
"Visible142"=dword:00000000
"Width142"=dword:00000050
"Position143"=dword:00000093
"Visible143"=dword:00000000
"Width143"=dword:00000050
"Position144"=dword:00000094
"Visible144"=dword:00000000
"Width144"=dword:00000050
"Position145"=dword:00000095
"Visible145"=dword:00000000
"Width145"=dword:00000050
"Position146"=dword:00000004
"Visible146"=dword:00000000
"Width146"=dword:00000037
"Position147"=dword:00000005
"Visible147"=dword:00000000
"Width147"=dword:00000028
"Position148"=dword:00000006
"Visible148"=dword:00000000
"Width148"=dword:00000037
"Position149"=dword:00000007
"Visible149"=dword:00000001
"Width149"=dword:0000002c

[HKEY_USERS\S-1-5-21-1644491937-1580818891-725345543-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Staff]
"Position0"=dword:00000000
"Visible0"=dword:00000001
"Width0"=dword:0000007d
"Position1"=dword:00000001
"Visible1"=dword:00000001
"Width1"=dword:00000064
"Position2"=dword:00000002
"Visible2"=dword:00000001
"Width2"=dword:00000064
"Position3"=dword:00000003
"Visible3"=dword:00000001
"Width3"=dword:00000069
"Position4"=dword:00000005
"Visible4"=dword:00000001
"Width4"=dword:00000028
"Position5"=dword:00000006
"Visible5"=dword:00000001
"Width5"=dword:00000028
"Position6"=dword:00000004
"Visible6"=dword:00000001
"Width6"=dword:00000028
"Position7"=dword:00000007
"Visible7"=dword:00000001
"Width7"=dword:00000050
"Position8"=dword:00000008
"Visible8"=dword:00000000
"Width8"=dword:00000050
"Position9"=dword:00000009
"Visible9"=dword:00000000
"Width9"=dword:0000004b
"Position10"=dword:0000000a
"Visible10"=dword:00000000
"Width10"=dword:0000002d
"Position11"=dword:0000000b
"Visible11"=dword:00000000
"Width11"=dword:0000003c
"Position12"=dword:0000000c
"Visible12"=dword:00000000
"Width12"=dword:0000004b
"Position13"=dword:0000000d
"Visible13"=dword:00000000
"Width13"=dword:00000064
"Position14"=dword:0000000e
"Visible14"=dword:00000000
"Width14"=dword:00000064
"Position15"=dword:0000000f
"Visible15"=dword:00000000
"Width15"=dword:0000004b
"Position16"=dword:00000010
"Visible16"=dword:00000000
"Width16"=dword:00000064
"Position17"=dword:00000011
"Visible17"=dword:00000000
"Width17"=dword:0000003c
"Position18"=dword:00000012
"Visible18"=dword:00000000
"Width18"=dword:0000004b
"Position19"=dword:00000013
"Visible19"=dword:00000000
"Width19"=dword:00000050
"Position20"=dword:00000014
"Visible20"=dword:00000000
"Width20"=dword:00000046
"Position21"=dword:00000015
"Visible21"=dword:00000000
"Width21"=dword:0000004b
"Position22"=dword:00000016
"Visible22"=dword:00000000
"Width22"=dword:00000046
"Position23"=dword:00000017
"Visible23"=dword:00000000
"Width23"=dword:00000046
"Position24"=dword:00000018
"Visible24"=dword:00000000
"Width24"=dword:0000003c
"Position25"=dword:00000019
"Visible25"=dword:00000000
"Width25"=dword:00000041
"Position26"=dword:0000001a
"Visible26"=dword:00000000
"Width26"=dword:0000003c
"Position27"=dword:0000001b
"Visible27"=dword:00000000
"Width27"=dword:00000055
"Position28"=dword:0000001c
"Visible28"=dword:00000000
"Width28"=dword:00000069
"Position29"=dword:0000001d
"Visible29"=dword:00000000
"Width29"=dword:0000006e
"Position30"=dword:0000001e
"Visible30"=dword:00000000
"Width30"=dword:00000064
"Position31"=dword:0000001f
"Visible31"=dword:00000000
"Width31"=dword:00000078
"Position32"=dword:00000020
"Visible32"=dword:00000000
"Width32"=dword:00000064
"Position33"=dword:00000021
"Visible33"=dword:00000000
"Width33"=dword:00000087
"Position34"=dword:00000022
"Visible34"=dword:00000000
"Width34"=dword:00000069
"Position35"=dword:00000023
"Visible35"=dword:00000000
"Width35"=dword:0000006e
"Position36"=dword:00000024
"Visible36"=dword:00000000
"Width36"=dword:00000073
"Position37"=dword:00000025
"Visible37"=dword:00000000
"Width37"=dword:0000004b
"Position38"=dword:00000026
"Visible38"=dword:00000000
"Width38"=dword:0000002d
"Position39"=dword:00000027
"Visible39"=dword:00000000
"Width39"=dword:00000055
"Position40"=dword:00000028
"Visible40"=dword:00000000
"Width40"=dword:00000046
"Position41"=dword:00000029
"Visible41"=dword:00000000
"Width41"=dword:0000004b
"Position42"=dword:0000002a
"Visible42"=dword:00000000
"Width42"=dword:0000003c
"Position43"=dword:0000002b
"Visible43"=dword:00000000
"Width43"=dword:00000046
"Position44"=dword:0000002c
"Visible44"=dword:00000000
"Width44"=dword:00000073
"Position45"=dword:0000002d
"Visible45"=dword:00000000
"Width45"=dword:0000004b
"Position46"=dword:0000002e
"Visible46"=dword:00000000
"Width46"=dword:00000073
"Position47"=dword:0000002f
"Visible47"=dword:00000000
"Width47"=dword:0000007d
"Position48"=dword:00000030
"Visible48"=dword:00000000
"Width48"=dword:0000006e
"Position49"=dword:00000031
"Visible49"=dword:00000000
"Width49"=dword:00000037
"Position50"=dword:00000032
"Visible50"=dword:00000000
"Width50"=dword:00000064
"Position51"=dword:00000033
"Visible51"=dword:00000000
"Width51"=dword:00000037
"Position52"=dword:00000034
"Visible52"=dword:00000000
"Width52"=dword:0000004b
"Position53"=dword:00000035
"Visible53"=dword:00000000
"Width53"=dword:00000046
"Position54"=dword:00000036
"Visible54"=dword:00000000
"Width54"=dword:00000037
"Position55"=dword:00000037
"Visible55"=dword:00000000
"Width55"=dword:0000003c
"Position56"=dword:00000038
"Visible56"=dword:00000000
"Width56"=dword:00000055
"Position57"=dword:00000039
"Visible57"=dword:00000000
"Width57"=dword:0000003c
"Position58"=dword:0000003a
"Visible58"=dword:00000000
"Width58"=dword:0000003c
"Position59"=dword:0000003b
"Visible59"=dword:00000000
"Width59"=dword:00000055
"Position60"=dword:0000003c
"Visible60"=dword:00000000
"Width60"=dword:00000046
"Position61"=dword:0000003d
"Visible61"=dword:00000000
"Width61"=dword:0000004b
"Position62"=dword:0000003e
"Visible62"=dword:00000000
"Width62"=dword:00000055
"Position63"=dword:0000003f
"Visible63"=dword:00000000
"Width63"=dword:0000005a
"Position64"=dword:00000040
"Visible64"=dword:00000000
"Width64"=dword:0000006e
"Position65"=dword:00000041
"Visible65"=dword:00000000
"Width65"=dword:00000050
"Position66"=dword:00000042
"Visible66"=dword:00000000
"Width66"=dword:00000032
"Position67"=dword:00000043
"Visible67"=dword:00000000
"Width67"=dword:00000064
"Position68"=dword:00000044
"Visible68"=dword:00000000
"Width68"=dword:0000004b
"Position69"=dword:00000045
"Visible69"=dword:00000000
"Width69"=dword:0000002d
"Position70"=dword:00000046
"Visible70"=dword:00000000
"Width70"=dword:0000004b
"Position71"=dword:00000047
"Visible71"=dword:00000000
"Width71"=dword:0000005a
"Position72"=dword:00000048
"Visible72"=dword:00000000
"Width72"=dword:0000005a
"Position73"=dword:00000049
"Visible73"=dword:00000000
"Width73"=dword:00000050
"Position74"=dword:0000004a
"Visible74"=dword:00000000
"Width74"=dword:0000004b
"Position75"=dword:0000004b
"Visible75"=dword:00000000
"Width75"=dword:00000050
"Position76"=dword:0000004c
"Visible76"=dword:00000000
"Width76"=dword:0000005a
"Position77"=dword:0000004d
"Visible77"=dword:00000000
"Width77"=dword:00000041
"Position78"=dword:0000004e
"Visible78"=dword:00000000
"Width78"=dword:00000041
"Position79"=dword:0000004f
"Visible79"=dword:00000000
"Width79"=dword:00000041
"Position80"=dword:00000050
"Visible80"=dword:00000000
"Width80"=dword:00000041
"Position81"=dword:00000051
"Visible81"=dword:00000000
"Width81"=dword:00000041
"Position82"=dword:00000052
"Visible82"=dword:00000000
"Width82"=dword:00000041
"Position83"=dword:00000053
"Visible83"=dword:00000000
"Width83"=dword:00000041
"Position84"=dword:00000054
"Visible84"=dword:00000000
"Width84"=dword:00000041
"Position85"=dword:00000055
"Visible85"=dword:00000000
"Width85"=dword:00000041
"Position86"=dword:00000056
"Visible86"=dword:00000000
"Width86"=dword:00000050

[HKEY_USERS\S-1-5-21-1644491937-1580818891-725345543-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Rating Coefficients]
"GKWeightCoef"=dword:00000064
"GKCurrentAbilityCoef"=dword:00000000
"GKCornersCoef"=dword:00000000
"GKCrossingCoef"=dword:00000000
"GKDribblingCoef"=dword:00000000
"GKFinishingCoef"=dword:00000000
"GKFirstTouchCoef"=dword:00000000
"GKFreeKicksCoef"=dword:00000000
"GKHeadingCoef"=dword:00000000
"GKLongShotsCoef"=dword:00000000
"GKLongThrowsCoef"=dword:00000000
"GKMarkingCoef"=dword:00000000
"GKPassingCoef"=dword:00000000
"GKPenaltiesCoef"=dword:00000000
"GKTacklingCoef"=dword:00000005
"GKTechniqueCoef"=dword:00000000
"GKLeftFootCoef"=dword:00000000
"GKRightFootCoef"=dword:00000000
"GKAggressionCoef"=dword:0000000a
"GKAnticipationCoef"=dword:00000005
"GKBraveryCoef"=dword:00000014
"GKComposureCoef"=dword:00000014
"GKConcentrationCoef"=dword:0000000a
"GKConsistencyCoef"=dword:0000000a
"GKCreativityCoef"=dword:00000000
"GKDecisionsCoef"=dword:00000014
"GKDeterminationCoef"=dword:0000000a
"GKDirtinessCoef"=dword:fffffffb
"GKFlairCoef"=dword:00000000
"GKImportantMatchesCoef"=dword:0000000a
"GKInfluenceCoef"=dword:0000000a
"GKOffTheBallCoef"=dword:00000000
"GKPositioningCoef"=dword:00000050
"GKTeamworkCoef"=dword:00000005
"GKWorkRateCoef"=dword:00000000
"GKAccelerationCoef"=dword:00000005
"GKAgilityCoef"=dword:0000000a
"GKBalanceCoef"=dword:0000000a
"GKInjuryPronenessCoef"=dword:fffffffb
"GKJumpingCoef"=dword:00000050
"GKNaturalFitnessCoef"=dword:00000005
"GKPaceCoef"=dword:00000000
"GKStaminaCoef"=dword:00000000
"GKStrengthCoef"=dword:0000000a
"GKVersatilityCoef"=dword:00000000
"GKAerialAbilityCoef"=dword:00000032
"GKCommandOfAreaCoef"=dword:00000014
"GKCommunicationCoef"=dword:00000032
"GKEccentricityCoef"=dword:ffffffec
"GKHandlingCoef"=dword:00000064
"GKKickingCoef"=dword:0000000a
"GKOneOnOnesCoef"=dword:00000032
"GKReflexesCoef"=dword:00000064
"GKRushingOutCoef"=dword:00000014
"GKTendencyToPunchCoef"=dword:fffffff6
"GKThrowingCoef"=dword:0000000a
"GKAdaptabilityCoef"=dword:00000005
"GKAmbitionCoef"=dword:0000000a
"GKControversyCoef"=dword:fffffffb
"GKLoyalityCoef"=dword:00000005
"GKPressureCoef"=dword:00000005
"GKProfessionalismCoef"=dword:00000005
"GKSportsmanshipCoef"=dword:00000005
"GKTemperamentCoef"=dword:00000005
"SWWeightCoef"=dword:00000066
"SWCurrentAbilityCoef"=dword:00000000
"SWCornersCoef"=dword:00000000
"SWCrossingCoef"=dword:00000000
"SWDribblingCoef"=dword:00000000
"SWFinishingCoef"=dword:00000000
"SWFirstTouchCoef"=dword:00000014
"SWFreeKicksCoef"=dword:0000000a
"SWHeadingCoef"=dword:00000064
"SWLongShotsCoef"=dword:0000000a
"SWLongThrowsCoef"=dword:00000000
"SWMarkingCoef"=dword:00000064
"SWPassingCoef"=dword:0000000a
"SWPenaltiesCoef"=dword:00000005
"SWTacklingCoef"=dword:00000064
"SWTechniqueCoef"=dword:0000000a
"SWLeftFootCoef"=dword:00000005
"SWRightFootCoef"=dword:00000005
"SWAggressionCoef"=dword:00000014
"SWAnticipationCoef"=dword:00000014
"SWBraveryCoef"=dword:00000028
"SWComposureCoef"=dword:00000028
"SWConcentrationCoef"=dword:0000003c
"SWConsistencyCoef"=dword:0000000a
"SWCreativityCoef"=dword:0000000a
"SWDecisionsCoef"=dword:00000014
"SWDeterminationCoef"=dword:0000000a
"SWDirtinessCoef"=dword:ffffffe7
"SWFlairCoef"=dword:00000000
"SWImportantMatchesCoef"=dword:0000000a
"SWInfluenceCoef"=dword:0000000a
"SWOffTheBallCoef"=dword:0000000a
"SWPositioningCoef"=dword:00000064
"SWTeamworkCoef"=dword:00000028
"SWWorkRateCoef"=dword:00000014
"SWAccelerationCoef"=dword:0000001e
"SWAgilityCoef"=dword:0000000a
"SWBalanceCoef"=dword:00000014
"SWInjuryPronenessCoef"=dword:fffffffb
"SWJumpingCoef"=dword:00000064
"SWNaturalFitnessCoef"=dword:00000005
"SWPaceCoef"=dword:00000014
"SWStaminaCoef"=dword:0000000a
"SWStrengthCoef"=dword:00000050
"SWVersatilityCoef"=dword:00000005
"SWAerialAbilityCoef"=dword:00000000
"SWCommandOfAreaCoef"=dword:00000000
"SWCommunicationCoef"=dword:00000000
"SWEccentricityCoef"=dword:00000000
"SWHandlingCoef"=dword:00000000
"SWKickingCoef"=dword:00000000
"SWOneOnOnesCoef"=dword:00000005
"SWReflexesCoef"=dword:00000005
"SWRushingOutCoef"=dword:00000000
"SWTendencyToPunchCoef"=dword:00000000
"SWThrowingCoef"=dword:00000000
"SWAdaptabilityCoef"=dword:00000005
"SWAmbitionCoef"=dword:0000000a
"SWControversyCoef"=dword:fffffffb
"SWLoyalityCoef"=dword:00000005
"SWPressureCoef"=dword:00000005
"SWProfessionalismCoef"=dword:00000005
"SWSportsmanshipCoef"=dword:00000005
"SWTemperamentCoef"=dword:00000005
"CBWeightCoef"=dword:00000064
"CBCurrentAbilityCoef"=dword:00000000
"CBCornersCoef"=dword:00000000
"CBCrossingCoef"=dword:00000000
"CBDribblingCoef"=dword:00000000
"CBFinishingCoef"=dword:00000000
"CBFirstTouchCoef"=dword:00000014
"CBFreeKicksCoef"=dword:0000000a
"CBHeadingCoef"=dword:00000064
"CBLongShotsCoef"=dword:0000000a
"CBLongThrowsCoef"=dword:00000000
"CBMarkingCoef"=dword:00000050
"CBPassingCoef"=dword:00000014
"CBPenaltiesCoef"=dword:00000005
"CBTacklingCoef"=dword:00000064
"CBTechniqueCoef"=dword:0000000a
"CBLeftFootCoef"=dword:00000005
"CBRightFootCoef"=dword:00000005
"CBAggressionCoef"=dword:00000014
"CBAnticipationCoef"=dword:00000014
"CBBraveryCoef"=dword:00000028
"CBComposureCoef"=dword:00000014
"CBConcentrationCoef"=dword:00000028
"CBConsistencyCoef"=dword:0000000a
"CBCreativityCoef"=dword:0000000a
"CBDecisionsCoef"=dword:00000014
"CBDeterminationCoef"=dword:0000000a
"CBDirtinessCoef"=dword:ffffffec
"CBFlairCoef"=dword:00000000
"CBImportantMatchesCoef"=dword:0000000a
"CBInfluenceCoef"=dword:0000000a
"CBOffTheBallCoef"=dword:0000000a
"CBPositioningCoef"=dword:00000050
"CBTeamworkCoef"=dword:00000028
"CBWorkRateCoef"=dword:00000014
"CBAccelerationCoef"=dword:00000028
"CBAgilityCoef"=dword:0000000a
"CBBalanceCoef"=dword:00000014
"CBInjuryPronenessCoef"=dword:fffffffb
"CBJumpingCoef"=dword:00000064
"CBNaturalFitnessCoef"=dword:00000005
"CBPaceCoef"=dword:0000001e
"CBStaminaCoef"=dword:0000000a
"CBStrengthCoef"=dword:0000003c
"CBVersatilityCoef"=dword:00000005
"CBAerialAbilityCoef"=dword:00000000
"CBCommandOfAreaCoef"=dword:00000000
"CBCommunicationCoef"=dword:00000000
"CBEccentricityCoef"=dword:00000000
"CBHandlingCoef"=dword:00000000
"CBKickingCoef"=dword:00000000
"CBOneOnOnesCoef"=dword:00000005
"CBReflexesCoef"=dword:00000005
"CBRushingOutCoef&quo
0
Réponse 7 / 19
Utilisateur anonyme
 
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent

▶ Télécharge:List&Kill'em et enregistre le sur ton bureau</gras>

Il ne necessite pas d'installation

▶double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

choisis la langue puis choisis l'option 1 = Mode Recheche

▶laisse travailler l'outil

le rapport va s'afficher , une fois le scan fini

▶colle le contenu dans ta prochaine réponse
0
Réponse 8 / 19
phabryss
 
List'em by g3n-h@ckm@n 1.0.3.0

updated on 03.09.2009 ::::: 0.25

Microsoft Windows XP [version 5.1.2600]

05/09/2009 22:57:12,79

Nom de l'h“te: PCFABRICE
Nom du systŠme d'exploitation: Microsoft Windows XP Professionnel
Version du systŠme: 5.1.2600 Service Pack 2 version 2600
Fabricant du systŠme d'exploitation: Microsoft Corporation
Configuration du systŠme d'exploitation: Station de travail autonome
Type de version du systŠme d'exploitation: Multiprocessor Free
Propri‚taire enregistr‚ÿ: Fabrice
Organisation enregistr‚eÿ:
Identificateur de produit: 55274-642-3428963-23553
Date d'installation originale: 20/03/2008, 02:39:19
Dur‚e d'activit‚ systŠme: 0 jours, 1 heures, 7 minutes, 7 secondes
Fabricant du systŠme: LENOVO
ModŠle du systŠme: 0769A44
Type du systŠme: X86-based PC
Processeur(s): 2 processeur(s) install‚(s).
[01]: x86 Family 6 Model 15 Stepping 13 GenuineIntel ~1463 MHz
[02]: x86 Family 6 Model 15 Stepping 13 GenuineIntel ~1462 MHz
Version du BIOS: LENOVO - 6040000
R‚pertoire Windows: C:\WINDOWS
R‚pertoire systŠme: C:\WINDOWS\system32
P‚riph‚rique d'amor‡age: \Device\HarddiskVolume2
Option r‚gionale du systŠme: fr;Fran‡ais (France)
ParamŠtres r‚gionaux d'entr‚eÿ: fr;Fran‡ais (France)
Fuseau horaire: N/D
M‚moire physique totale: 2ÿ046 Mo
M‚moire physique disponible: 1ÿ353 Mo
M‚moire virtuelle : taille maximale: 2ÿ048 Mo
M‚moire virtuelle : disponible: 2ÿ006 Mo
M‚moire virtuelle : en cours d'utilisation: 42 Mo
Emplacements des fichiers d'‚change: C:\pagefile.sys
Domaine: HOME
Serveur d'ouverture de session: \\PCFABRICE
Correctif(s): 186 Corrections install‚es.
[01]: File 1
[02]: File 1
[03]: File 1
[04]: File 1
[05]: File 1
[06]: File 1
[07]: File 1
[08]: File 1
[09]: File 1
[10]: File 1
[11]: File 1
[12]: File 1
[13]: File 1
[14]: File 1
[15]: File 1
[16]: File 1
[17]: File 1
[18]: File 1
[19]: File 1
[20]: File 1
[21]: File 1
[22]: File 1
[23]: File 1
[24]: File 1
[25]: File 1
[26]: File 1
[27]: File 1
[28]: File 1
[29]: File 1
[30]: File 1
[31]: File 1
[32]: File 1
[33]: File 1
[34]: File 1
[35]: File 1
[36]: File 1
[37]: File 1
[38]: File 1
[39]: File 1
[40]: File 1
[41]: File 1
[42]: File 1
[43]: File 1
[44]: File 1
[45]: File 1
[46]: File 1
[47]: File 1
[48]: File 1
[49]: File 1
[50]: File 1
[51]: File 1
[52]: File 1
[53]: File 1
[54]: File 1
[55]: File 1
[56]: File 1
[57]: File 1
[58]: File 1
[59]: File 1
[60]: File 1
[61]: File 1
[62]: File 1
[63]: File 1
[64]: File 1
[65]: File 1
[66]: File 1
[67]: File 1
[68]: File 1
[69]: File 1
[70]: File 1
[71]: File 1
[72]: File 1
[73]: File 1
[74]: File 1
[75]: File 1
[76]: File 1
[77]: File 1
[78]: File 1
[79]: File 1
[80]: File 1
[81]: File 1
[82]: File 1
[83]: File 1
[84]: File 1
[85]: File 1
[86]: File 1
[87]: File 1
[88]: File 1
[89]: File 1
[90]: File 1
[91]: File 1
[92]: File 1
[93]: File 1
[94]: Q147222
[95]: M886903 - Update
[96]: S867460 - Update
[97]: KB917283 - Update
[98]: KB922770 - Update
[99]: Q927978
[100]: IDNMitigationAPIs
[101]: NLSDownlevelMapping
[102]: KB911565
[103]: KB925398_WMP64
[104]: MSCompPackV1 - Update
[105]: KB885222
[106]: KB890859
[107]: KB893756
[108]: KB893803v2
[109]: KB894391
[110]: KB896256 - Update
[111]: KB896344 - Update
[112]: KB896358
[113]: KB896423
[114]: KB896424
[115]: KB896428
[116]: KB896626
[117]: KB897338
[118]: KB897663
[119]: KB898461
[120]: KB899271
[121]: KB899587
[122]: KB899588
[123]: KB899591
[124]: KB900485
[125]: KB900725
[126]: KB901017
[127]: KB901190
[128]: KB901214
[129]: KB902400
[130]: KB903234
[131]: KB904412
[132]: KB904706
[133]: KB904942
[134]: KB905414
[135]: KB905749
[136]: KB906569
[137]: KB907265
[138]: KB907865
[139]: KB908519
[140]: KB908521
[141]: KB908531
[142]: KB909441
[143]: KB910437
[144]: KB911280
[145]: KB911562
[146]: KB911927
[147]: KB912461
[148]: KB912919
[149]: KB913580
[150]: KB914388
[151]: KB914389
[152]: KB914440
[153]: KB914841
[154]: KB915865
[155]: KB916595
[156]: KB916846
[157]: KB917021
[158]: KB917537
[159]: KB917730
[160]: KB918439
[161]: KB919007
[162]: KB920213 - Update
[163]: KB920214
[164]: KB920342
[165]: KB920670
[166]: KB920683
[167]: KB920685
[168]: KB920872
[169]: KB921398
[170]: KB922582
[171]: KB922616
[172]: KB922760
[173]: KB922819
[174]: KB923191
[175]: KB923414
[176]: KB923694
[177]: KB923980
[178]: KB924191
[179]: KB924270
[180]: KB924867
[181]: KB925486
[182]: KB926140
[183]: KB926239 - Update
[184]: KB926255
[185]: KB928388 - Update
[186]: KB929120
Carte(s) r‚seau: 3 carte(s) r‚seau install‚e(s).
[01]: Carte r‚seau 1394
Nom de la connexion : Connexion 1394
DHCP activ‚ : Oui
Serveur DHCP : N/D
Adresse(s) IP
[02]: Pilote de serveur d'accŠs au r‚seau local Bluetooth
Nom de la connexion : Connexion au r‚seau local
tat : Support d‚connect‚
[03]: Intel(R) PRO/Wireless 3945ABG Network Connection
Nom de la connexion : Connexion r‚seau sans fil
DHCP activ‚ : Oui
Serveur DHCP : 192.168.1.1
Adresse(s) IP
[01] : 192.168.1.11

Nom de l'image PIDÿ Nom de la sessio Num‚ro d Utilisation
========================= ====== ================ ======== ============
System Idle Process 0 Console 0 16 Ko
System 4 Console 0 220 Ko
smss.exe 1140 Console 0 396 Ko
csrss.exe 1252 Console 0 3ÿ060 Ko
winlogon.exe 1380 Console 0 7ÿ952 Ko
services.exe 1440 Console 0 3ÿ684 Ko
lsass.exe 1452 Console 0 8ÿ296 Ko
svchost.exe 1636 Console 0 5ÿ196 Ko
svchost.exe 1684 Console 0 4ÿ520 Ko
svchost.exe 1740 Console 0 27ÿ996 Ko
btwdins.exe 1768 Console 0 2ÿ468 Ko
EvtEng.exe 1828 Console 0 11ÿ824 Ko
S24EvMon.exe 268 Console 0 10ÿ780 Ko
svchost.exe 508 Console 0 5ÿ740 Ko
svchost.exe 560 Console 0 3ÿ932 Ko
WLTRYSVC.EXE 844 Console 0 1ÿ736 Ko
BCMWLTRY.EXE 856 Console 0 7ÿ200 Ko
spoolsv.exe 904 Console 0 6ÿ904 Ko
sched.exe 1000 Console 0 388 Ko
avguard.exe 1080 Console 0 13ÿ060 Ko
mDNSResponder.exe 1124 Console 0 3ÿ536 Ko
webstarterGS.exe 1200 Console 0 19ÿ840 Ko
jqs.exe 1348 Console 0 1ÿ384 Ko
GoogleCrashHandler.exe 1904 Console 0 544 Ko
msftesql.exe 760 Console 0 4ÿ896 Ko
sqlservr.exe 832 Console 0 2ÿ112 Ko
sqlservr.exe 1588 Console 0 7ÿ060 Ko
sqlservr.exe 148 Console 0 2ÿ112 Ko
nvsvc32.exe 600 Console 0 4ÿ892 Ko
RegSrvc.exe 1012 Console 0 3ÿ080 Ko
sqlbrowser.exe 2160 Console 0 2ÿ360 Ko
sqlwriter.exe 2252 Console 0 3ÿ572 Ko
StarWindServiceAE.exe 2356 Console 0 3ÿ980 Ko
svchost.exe 2428 Console 0 4ÿ336 Ko
SUService.exe 2488 Console 0 11ÿ600 Ko
TUProgSt.exe 3744 Console 0 5ÿ292 Ko
tvtsched.exe 3808 Console 0 5ÿ788 Ko
ULCDRSvr.exe 3924 Console 0 884 Ko
wmiapsrv.exe 2344 Console 0 4ÿ508 Ko
alg.exe 3244 Console 0 3ÿ600 Ko
RTHDCPL.exe 1400 Console 0 19ÿ852 Ko
WLTRAY.EXE 3564 Console 0 5ÿ676 Ko
NielsenOnline.exe 3632 Console 0 10ÿ740 Ko
avgnt.exe 3848 Console 0 2ÿ876 Ko
NielsenOnline.exe 3896 Console 0 23ÿ008 Ko
scheduler_proxy.exe 4044 Console 0 3ÿ552 Ko
jusched.exe 2072 Console 0 2ÿ548 Ko
BTTray.exe 2268 Console 0 7ÿ936 Ko
soffice.exe 3088 Console 0 2ÿ240 Ko
BTSTAC~1.EXE 3828 Console 0 8ÿ984 Ko
soffice.bin 2900 Console 0 24ÿ308 Ko
explorer.exe 2536 Console 0 40ÿ600 Ko
notepad.exe 2868 Console 0 680 Ko
chrome.exe 964 Console 0 14ÿ924 Ko
chrome.exe 3456 Console 0 16ÿ972 Ko
chrome.exe 2792 Console 0 27ÿ360 Ko
chrome.exe 784 Console 0 31ÿ736 Ko
chrome.exe 172 Console 0 4ÿ264 Ko
chrome.exe 256 Console 0 25ÿ032 Ko
List_Killem.exe 584 Console 0 6ÿ020 Ko
cmd.exe 4052 Console 0 1ÿ796 Ko
wmiprvse.exe 1312 Console 0 7ÿ940 Ko
wmiprvse.exe 2564 Console 0 4ÿ756 Ko
tasklist.exe 1320 Console 0 5ÿ364 Ko

Infections :
==========

¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"
"C:\WINDOWS\System32\prnjobs.vbs"
C:\WINDOWS\System32\SET5B.tmp

¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch :

ALCMTR.EXE-01A7139B.pf
ALG.EXE-275708CF.pf
ATTRIB.CFXXE-1334C304.pf
ATTRIB.CFXXE-2659F53E.pf
ATTRIB.EXE-15ACDFFE.pf
AVCENTER.EXE-0EE40991.pf
AVGARKT.EXE-11059116.pf
AVGNT.EXE-24287AD0.pf
AVNOTIFY.EXE-05C5A637.pf
AZMIXERSEL.EXE-0057985F.pf
BTSTAC~1.EXE-1802E163.pf
BTTRAY.EXE-3B352DC0.pf
CATCHME.CFXXE-34F10BBC.pf
CATCHME.TMP-1C9402FA.pf
CF24440.EXE-09258DE4.pf
CHCP.COM-17EDBDC9.pf
CHROME.EXE-0BB6A59C.pf
CMD.EXE-034B0549.pf
CMD.EXECF-04239AFE.pf
COMBOFIX-DOWNLOAD.CFXXE-2BE3D9AE.pf
COMBOFIX.EXE-2A4865F4.pf
CSCRIPT.EXE-0A13A05C.pf
CTFMON.EXE-05E57A5E.pf
DUMPHIVE.CFXXE-0FFD4E49.pf
ERUNT.CFXXE-1101DA25.pf
EXPLORER.EXE-02121B1A.pf
EY5WCLMHI.EXE-0E44CCD9.pf
F97VLWM3GC.EXE-001CCAD3.pf
FINDSTR.CFXXE-128A9760.pf
FOXITR~1.EXE-245B4279.pf
FXUNPCPBVN.EXE-09ADE645.pf
GOOGLECRASHHANDLER.EXE-010C3C76.pf
GOOGLECRASHHANDLER.EXE-2FB258D9.pf
GOOGLETOOLBARNOTIFIER.EXE-0047A1C5.pf
GOOGLEUPDATE.EXE-06BA906D.pf
GOOGLEUPDATE.EXE-160E1F62.pf
GOOGLEUPDATERSERVICE.EXE-2F4A2F77.pf
GRABIT.EXE-38E3753B.pf
GREP.CFXXE-058D1CFD.pf
GREP.CFXXE-1143901C.pf
GREP.EXE-1C6A2624.pf
GRPCONV.EXE-375690AD.pf
GSAR.CFXXE-064080BD.pf
GSAR.CFXXE-301E7415.pf
GUARDGUI.EXE-0C9FDE58.pf
HANDLE.CFXXE-1ABC4A3B.pf
HIDEC.EXE-110154A1.pf
HIDEC.EXE-2888B6D9.pf
HIJACKTHIS.EXE-12EFA3B0.pf
IEXPLORE.EXE-030260BF.pf
IPCONFIG.EXE-05D7908C.pf
JAVA.EXE-24B0B58D.pf
JAVA.EXE-32FD225F.pf
JUSCHED.EXE-04A13915.pf
KTN.EXE-1C767721.pf
Layout.ini
LIST_KILLEM.EXE-166B939E.pf
LOGONUI.EXE-312BE1BF.pf
MODE.COM-318FFE37.pf
MSFEEDSSYNC.EXE-05335A39.pf
MSNMSGR.EXE-3744B6D8.pf
MTEE.CFXXE-1381448E.pf
N.PIF-2ACDD654.pf
NIELSENONLINE.EXE-1C4869D3.pf
NIRCMD.CFXXE-13FF818C.pf
NIRCMD.CFXXE-258F36B6.pf
NIRCMD.EXE-3789D3CC.pf
NIRCMDB.EXE-1464644A.pf
NIRCMDB.EXE-2F733B3E.pf
NIRCMDC.CFXXE-1A723DB9.pf
NIRCMDC.CFXXE-1EF93FDF.pf
NOTEPAD.EXE-2F2D61E1.pf
NPIPTOOL.EXE-1FB17EE5.pf
NTOSBOOT-B00DFAAD.pf
NWIZ.EXE-2D374245.pf
OTM.EXE-2684D825.pf
PDFILL.EXE-09A510C0.pf
PDFILL_PDF_TOOLS.EXE-371C69B9.pf
PEV.CFXXE-163A75C2.pf
PEV.CFXXE-234F95B8.pf
PEV.EXE-0AB51BE4.pf
PEV.EXE-2D02605A.pf
PING.EXE-30F9CA9D.pf
PV.CFXXE-0E10E3CC.pf
PV.CFXXE-22055E2E.pf
QTTASK.EXE-1876A1A1.pf
QUICKSTART.EXE-33E8A351.pf
RE5057~1.SCR-37DBF517.pf
REGEDIT.EXE-2AE3423E.pf
REGT.CFXXE-1BAC62A7.pf
ROOTER.EXE-15EF0051.pf
RTHDCPL.EXE-005A6E31.pf
RUNDLL32.EXE-3C500167.pf
RUNDLL32.EXE-3F17F011.pf
RUNDLL32.EXE-4853FA67.pf
RUNDLL32.EXE-4D5D6CC3.pf
RUNDLL32.EXE-4FF9832D.pf
RUNDLL32.EXE-50E8D616.pf
RUNDLL32.EXE-52381468.pf
RUNDLL32.EXE-57C8756E.pf
RUNDLL32.EXE-5F120771.pf
RUNDLL32.EXE-60A59F38.pf
RUNDLL32.EXE-6ACD0C83.pf
RUNONCE.EXE-01CA3A2F.pf
SCHEDULER_PROXY.EXE-13D010E5.pf
SED.CFXXE-13206BAB.pf
SED.CFXXE-26699FCF.pf
SED.EXE-1EFB2ADD.pf
SKYTEL.EXE-15B3DBDE.pf
SNDVOL32.EXE-0EC6FD20.pf
SOFFICE.BIN-091CC27D.pf
SOFFICE.EXE-012D2D56.pf
SORT.EXE-19728AC5.pf
SPYBOTSD.EXE-1702AD5F.pf
SWREG.CFXXE-2EA30468.pf
SWREG.EXE-20DD5B9B.pf
SWREG.EXE-2E6304DD.pf
SWSC.CFXXE-1BF2C69F.pf
SWXCACLS.CFXXE-082AB030.pf
SWXCACLS.CFXXE-1399F302.pf
TASKMGR.EXE-06144C13.pf
TEATIMER.EXE-0390E8A7.pf
THUNDERBIRD.EXE-1BF62657.pf
UPDATE.EXE-2F5EF2F5.pf
VERCLSID.EXE-28F52AD2.pf
VLC.EXE-02F29DFD.pf
WLTRAY.EXE-0D3A5A80.pf
WMIPRVSE.EXE-0D449B4F.pf
WUAUCLT.EXE-1360D60A.pf

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 9 / 19
Utilisateur anonyme
 
Désinfection

Ferme toutes tes fenetres(y compris internet et windows live messenger) , puis :

▶ Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),

mais cette fois-ci :

▶ choisis l'option 2 = Mode Destruction

laisse travailler l'outil

▶ colle le contenu du rapport qui s'ouvre
**********************************************************************
• Bonjour

• Télécharge et installe : Malwarebyte’s Anti-Malware
• (NB : S'il te manque"COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/
• A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
• Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
• Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
• Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
• A la fin du scan, clique sur Afficher les résultats
• Coche tous les éléments détectés puis clique sur Supprimer la sélection
• Enregistre le rapport
• S'il t'est demandé de redémarrer, clique sur Yes
• Poste le rapport de scan après la suppression ici
• Si tu as besoin d’aide regarde ce tutorial
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

0
Réponse 10 / 19
phabryss
 
Infections :
==========

¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"
"C:\WINDOWS\System32\prnjobs.vbs"

¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch :

Layout.ini
NTOSBOOT-B00DFAAD.pf

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 11 / 19
phabryss
 
Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2551
Windows 5.1.2600 Service Pack 2

06/09/2009 01:46:21
mbam-log-2009-09-06 (01-46-21).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 257108
Temps écoulé: 57 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 12 / 19
Utilisateur anonyme
 
Bonjour

• Télécharge : http://images.malwareremoval.com/random/RSIT.exe
/!\ Important (Sous Vista) /!\
Vous devez exécuter RSIT avec les droits d'administrateur, pour cela Clique droit sur RSIT et "Lancer en tant qu'administrateur"
• Double clique sur RSIT.exe pour lancer l'outil.
• Clique sur 'Continue' à l'écran Disclaimer.
• Si l'outil Hijackthis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
• Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports.
( C:\RSIT\log.txt et C:\RSIT\info.txt )
• CTRL A pour sélectionner tout, CTRL C pour copier et puis CTRL V pour coller
0
Réponse 13 / 19
phabryss
 
et d'un :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Fabrice at 2009-09-06 11:05:43
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 8 GB (8%) free of 109 GB
Total RAM: 2046 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:55, on 06/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\RCS\GSelector\WebStarterGS\WebStarterGS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Fabrice\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fabrice\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fabrice\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Fabrice\Mes documents\Downloads\RSIT.exe
C:\Documents and Settings\Fabrice\Bureau\fichiers téléchargés\Fabrice.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-1644491937-1580818891-725345543-1005\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'GSelectorSQLAdmin')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GSelectorWebService - Unknown owner - C:\Program Files\RCS\GSelector\WebStarterGS\WebStarterGS.exe
O23 - Service: Service Google Update (gupdate1ca065363ad5965) (gupdate1ca065363ad5965) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
0
Réponse 14 / 19
Utilisateur anonyme
 
• Rends toi sur le site https://www.virustotal.com/gui/
analyses les deux dossiers
• Clique sur Parcourir, et navigue jusqu'au fichier suivant et valide :
c:\documents and settings\Fabrice\Application Data\GrabIt
c:\documents and settings\Fabrice\Application Data\StumbleUpon
• Clique sur "Envoyer le fichier" : s'il a déjà été analysé, demande une nouvelle analyse.
• Fais un copier/coller du rapport sur le forum.
0
Réponse 15 / 19
phabryss
 
RAS après Virustotal
0
Réponse 16 / 19
Utilisateur anonyme
 
* Télécharge OtmoveIT (de Old_Timer) sur ton Bureau
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/ (de OldTimer) sur ton Bureau
* Double-clique sur OTMoveIt.exe pour le lancer.
* Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.
* copie la liste en gras ci-dessous et colle la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.

:processes
explorer.exe

:services
autochk

:files
C:\WINDOWS\TEMP\fxunpcpbvn.exe
c:\documents and settings\fabrice\protect.dll
c:\windows\system32\autochk.dll

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"autochk"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"autochk"=-

:commands
[emptytemp]
[purity]
[start explorer]
[reboot]

-----------------------------

* clique sur MoveIt! pour lancer la suppression.
* Le résultat apparaitra dans le cadre "Results".
* Clique sur Exit pour fermer.
* Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
* Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
0
Réponse 17 / 19
phabryss
 
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== SERVICES/DRIVERS ==========
Service\Driver autochk not found.
Service\Driver autochk not found.
========== FILES ==========
File/Folder C:\WINDOWS\TEMP\fxunpcpbvn.exe not found.
File/Folder c:\documents and settings\fabrice\protect.dll not found.
File/Folder c:\windows\system32\autochk.dll not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \Run not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\autochk not found.

OTM by OldTimer - Version 3.0.0.6 log created on 09062009_153713
0
Réponse 18 / 19
Utilisateur anonyme
 
Scanner en ligne avec TrendMicro HouseCall
Prenez Internet Explorer et allez sur https://www.trendmicro.com/en_us/forHome/products/housecall.html
Si un virus est trouvé, l'antivirus vous le signalera.
Il vous suffit alors de cliquer sur "Nettoyer":
Tutoriel.
https://www.commentcamarche.net/faq/8873-scanner-en-ligne-avec-trendmicro-housecall
0
Réponse 19 / 19
phabryss
 
Après une dernière alerte de mon antivirus (antivir) cet après-midi, plus rien et mon pc fonctionne de nouveau normalement... apparemment tout est rentré dans l'ordre.

Merci
0

Discussions similaires

Google Chrome "  Échec de l'analyse antivirus "
jmpower -
RBmoon -

18 réponses
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Huawei P8 Lite "nouveau tag ajouté"
ArianeKathleen -
Mn -

25 réponses
Nouveau tag ajouté - Utilité
Eerfers -
madmyke -

1 réponse
" Échec de l'analyse antivirus " la solution.
bazfile -
bazfile -

0 réponse