Analyse hijackthis après virus

Résolu
phabryss -  
 phabryss -
Bonjour,

Après avoir eu un joli petit virus qui m'a bien foutu le b***** dans mon pc, je viens vous demander votre avis sur le log hijackthis. Pour info, au redémarrage de mon pc, j'avais droit à l'écran bleu de la mort ;) du coup j'ai redémarrer en mode sans échec pour tout scanner (antivir, malwarebyte, avg antirootkit et spybot S&D)... après ce nettoyage ne règle, il me reste encore des fichiers "louches" voilà pourquoi j'aimerais savoir ce que je dois fixer.

Merci

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28:04, on 05/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\RCS\GSelector\WebStarterGS\WebStarterGS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
C:\Documents and Settings\Fabrice\Bureau\fichiers téléchargés\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1644491937-1580818891-725345543-1005\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'GSelectorSQLAdmin')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GSelectorWebService - Unknown owner - C:\Program Files\RCS\GSelector\WebStarterGS\WebStarterGS.exe
O23 - Service: Service Google Update (gupdate1ca065363ad5965) (gupdate1ca065363ad5965) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

19 réponses

  1. Utilisateur anonyme
     
    Bonjour
    * Télécharge OtmoveIT (de Old_Timer) sur ton Bureau
    http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/ (de OldTimer) sur ton Bureau
    * Double-clique sur OTMoveIt.exe pour le lancer.
    * Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.
    * copie la liste en gras ci-dessous et colle la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.

    :processes
    explorer.exe
    nielsenonline.exe

    :files
    c:\program files\netratingsnetsight\netsight\nielsenonline.exe

    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "NielsenOnline"=-


    :commands
    [emptytemp]
    [purity]
    [start explorer]
    [reboot]

    -----------------------------

    * clique sur MoveIt! pour lancer la suppression.
    * Le résultat apparaitra dans le cadre "Results".
    * Clique sur Exit pour fermer.
    * Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
    * Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
    0
  2. phabryss
     
    Merci Nanard4700 mais "nielsenonline.exe" c'est un logiciel que j'ai installé en connaissance de cause (enquête de Médiamétrie), il est installé depuis plus d'un an et je n'ai jamais eu de soucis. C'est seulement depuis 2-3 jours que j'ai chopé ce virus et les problèmes qui vont avec.
    Pour info quand je lance une analyse avec avg antirootkit, il me trouve toujours des fichiers suspects et j'ai beau les supprimers avec avg, ils reviennent à chaque fois mais avec un nom différent :

    C:\WINDOWS\System32\Drivers\ae9ovxir.SYS ===== Hidden driver file
    C:\WINDOWS\System32\Drivers\ajcs0ikt.SYS ===== Hidden driver file
    0
  3. Utilisateur anonyme
     
    • Télécharge : Télécharge Rooter de l'équipe IDN sur ton bureau :

    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/Rooter.exe?attachauth=ANoY7cpzQksLcJt-e1z30LGu7t4JjUhh8amzWs_oSPSJpXbXp8ythGbW2WF8ysioh5NNlarrn7zMnYCRfsT5rCwNrfw5_CZYELApylTiY_MGu0G6uKzWpLEF2YXM3tF7nKZZAWj0JSAajXlZhd8dIyI3MrZ-lAIT5ZrAdcrct9_7bshwVpaZRPizuMTv9SDvmvY31BX4Vvvh2F2Brp1cy_K0jtTTfjttEA%3D%3D&attredirects=2

    ! Déconnecte toi d'internet et ferme toutes applications en cours !

    * Exécute Rooter et laisse travailler l'outil .

    * Une fois terminé, poste le rapport obtenu pour analyse ...

    0
  4. phabryss
     
    Et voilà :

    Rooter.exe (v1.0.2) by Eric_71
    .
    SeDebugPrivilege granted successfully ...
    .
    Windows XP . (5.1.2600) Service Pack 2
    [32_bits] - x86 Family 6 Model 15 Stepping 13, GenuineIntel
    .
    Error OpenService (wscsvc) : 1060
    [SharedAccess] RUNNING (state:4)
    Windows Firewall -> Enabled
    .
    Internet Explorer 7.0.5730.11
    .
    C:\ [Fixed-NTFS] .. ( Total:106 Go - Free:10 Go )
    D:\ [CD_Rom]
    E:\ [CD_Rom]
    .
    Scan : 18:54.52
    Path : C:\Documents and Settings\Fabrice\Mes documents\Downloads\Rooter.exe
    User : Fabrice ( Administrator -> YES )
    .
    ----------------------\\ Processes
    .
    Locked [System Process] (0)
    ______ System (4)
    ______ \SystemRoot\System32\smss.exe (1056)
    ______ \??\C:\WINDOWS\system32\csrss.exe (1168)
    ______ \??\C:\WINDOWS\system32\winlogon.exe (1264)
    ______ C:\WINDOWS\system32\services.exe (1324)
    ______ C:\WINDOWS\system32\lsass.exe (1336)
    ______ C:\WINDOWS\system32\svchost.exe (1508)
    ______ C:\WINDOWS\system32\svchost.exe (1572)
    ______ C:\WINDOWS\System32\svchost.exe (1612)
    ______ C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe (1640)
    ______ C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1692)
    ______ C:\WINDOWS\Explorer.EXE (1944)
    ______ C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (2020)
    ______ C:\WINDOWS\system32\svchost.exe (392)
    ______ C:\WINDOWS\system32\svchost.exe (468)
    ______ C:\WINDOWS\System32\WLTRYSVC.EXE (696)
    ______ C:\WINDOWS\System32\bcmwltry.exe (708)
    ______ C:\WINDOWS\system32\spoolsv.exe (756)
    ______ C:\Program Files\Avira\AntiVir Desktop\sched.exe (836)
    ______ C:\Program Files\Avira\AntiVir Desktop\avguard.exe (920)
    ______ C:\Program Files\Bonjour\mDNSResponder.exe (976)
    ______ C:\Program Files\RCS\GSelector\WebStarterGS\WebStarterGS.exe (1012)
    ______ C:\Program Files\Java\jre6\bin\jqs.exe (1196)
    ______ C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe (1688)
    ______ c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe (1752)
    ______ C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (268)
    ______ c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (548)
    ______ C:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe (912)
    ______ C:\WINDOWS\system32\nvsvc32.exe (784)
    ______ C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (280)
    ______ c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (1824)
    ______ c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (2060)
    ______ C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (2096)
    ______ C:\WINDOWS\system32\svchost.exe (2196)
    ______ c:\program files\lenovo\system update\suservice.exe (2360)
    ______ C:\WINDOWS\System32\TUProgSt.exe (3344)
    ______ C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe (3364)
    ______ C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe (3564)
    ______ C:\WINDOWS\System32\alg.exe (2604)
    ______ C:\WINDOWS\system32\wbem\wmiapsrv.exe (2724)
    ______ C:\WINDOWS\RTHDCPL.EXE (3808)
    ______ C:\WINDOWS\system32\WLTRAY.exe (492)
    ______ C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (2004)
    ______ C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (564)
    ______ C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (4048)
    ______ C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe (2264)
    ______ C:\Program Files\Java\jre6\bin\jusched.exe (2796)
    ______ C:\WINDOWS\system32\ctfmon.exe (2720)
    ______ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (3276)
    ______ C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (2028)
    ______ C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE (3740)
    ______ C:\Documents and Settings\Fabrice\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (1728)
    ______ C:\Documents and Settings\Fabrice\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2112)
    ______ C:\Documents and Settings\Fabrice\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (4064)
    ______ C:\WINDOWS\system32\wbem\wmiprvse.exe (3428)
    ______ C:\Documents and Settings\Fabrice\Mes documents\Downloads\Rooter.exe (872)
    .
    ----------------------\\ Device\Harddisk0\
    .
    \Device\Harddisk0 [Sectors : 63 x 512 Bytes]
    .
    \Device\Harddisk0\Partition1 (Start_Offset:1048576 | Length:5768216576)
    \Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:5769265152 | Length:114263326720)
    .
    ----------------------\\ Scheduled Tasks
    .
    C:\WINDOWS\Tasks\desktop.ini
    C:\WINDOWS\Tasks\Google Software Updater.job
    C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1580818891-725345543-1003Core.job
    C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1580818891-725345543-1003UA.job
    C:\WINDOWS\Tasks\SA.DAT
    C:\WINDOWS\Tasks\User_Feed_Synchronization-{3ACA8BC9-743E-47E2-AA90-24357B2F9020}.job
    .
    ----------------------\\ Registry
    .
    .
    ----------------------\\ Files & Folders
    .
    ----------------------\\ Scan completed at 18:56.13
    .
    C:\Rooter$\Rooter_1.txt - (05/09/2009 | 18:56.13)
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    /!\ A l'attention de ceux qui passent sur ce sujet /!\
    Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.

    /!\ Désactive tous tes logiciels de protection /!\

    • Télécharge combofix(de sUBs) sur ton Bureau.
    • Double-clique sur ComboFix.exe afin de le lancer.
    • Il va te demander d'installer la console de récupération : accepte.
    • Ne touche à rien pendant le scan.
    • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
    #Si combofix ne veut pas se lancer renommes le en ccm.exe et éxécutes le en mode sans échec .
    Tutoriel officiel de Combofix : http://www.bleepingcomputer.com/combofix/fr/comment-utiliser¬-combofix
    0
  7. phabryss
     
    ComboFix 09-09-05.01 - Fabrice 05/09/2009 21:43.1.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2046.1204 [GMT 2:00]
    Running from: c:\documents and settings\Fabrice\Mes documents\Downloads\ComboFix.exe
    * Resident AV is active

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\drivers\rotscxbxdnfyxm.sy_
    c:\windows\system32\images
    c:\windows\system32\images\+ DOSSIER UTILISE PAR LE PROGRAMME 'ENREGISTREZ SOUS EDITEUR'
    c:\windows\system32\images\1.ico
    c:\windows\system32\images\2.ico
    c:\windows\system32\images\3.ico
    c:\windows\system32\images\4.ico
    c:\windows\system32\images\5.ico
    c:\windows\system32\images\Flèche bas.ico
    c:\windows\system32\images\Flèche haut.ico
    c:\windows\system32\rotscxbbexnlnk.dll
    c:\windows\system32\rotscxbdmqapvl.dat
    c:\windows\system32\rotscxdeobqynx.dll
    c:\windows\system32\rotscxiqjkvdlo.dat
    c:\windows\UA000106.DLL

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_rotscxdivxviww
    -------\Service_rotscxdivxviww

    ((((((((((((((((((((((((( Files Created from 2009-08-05 to 2009-09-05 )))))))))))))))))))))))))))))))
    .

    2009-09-05 19:51 . 2009-09-05 19:51 -------- d-----w- c:\windows\LastGood
    2009-09-05 16:56 . 2009-09-05 16:56 -------- d-----w- C:\Rooter$
    2009-09-05 10:48 . 2009-09-05 10:48 -------- d-----w- c:\program files\Uniblue
    2009-09-04 22:56 . 2009-09-04 22:56 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2009-09-04 22:36 . 2009-09-04 22:36 -------- d-----w- C:\Downloads
    2009-08-22 18:36 . 2009-08-22 18:36 -------- d-----w- c:\program files\TVAnts
    2009-08-19 19:20 . 2009-08-19 19:20 -------- d-----w- c:\program files\SopCast
    2009-08-17 00:46 . 2009-08-17 00:46 -------- d-----w- c:\program files\bfe
    2009-08-16 18:59 . 2009-08-16 18:59 -------- d-----w- c:\program files\LED
    2009-08-15 12:53 . 2009-08-15 12:53 -------- d-----w- c:\documents and settings\Fabrice\Local Settings\Application Data\2020 Fusion
    2009-08-15 12:53 . 2009-08-15 12:53 -------- d-----w- c:\documents and settings\Fabrice\Application Data\2020 Fusion
    2009-08-15 12:53 . 2009-08-15 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\iDeal Designer Hygena
    2009-08-15 12:53 . 2009-08-15 12:53 -------- d-----w- c:\program files\Hygena
    2009-08-10 19:43 . 2009-08-10 19:43 -------- d-----w- c:\documents and settings\Fabrice\Application Data\OpenOffice.org
    2009-08-10 18:54 . 2009-08-10 18:54 -------- d-----w- c:\program files\OpenOffice.org 3
    2009-08-09 01:07 . 2008-05-30 12:19 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
    2009-08-09 01:07 . 2008-05-30 12:17 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll
    2009-08-09 01:07 . 2008-05-30 12:18 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
    2009-08-09 01:07 . 2008-05-30 12:17 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-09-05 13:39 . 2008-03-22 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-09-05 11:27 . 2008-03-22 21:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-09-05 10:53 . 2008-04-18 17:53 -------- d-----w- c:\documents and settings\Fabrice\Application Data\Free Download Manager
    2009-09-04 21:33 . 2009-07-13 16:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-09-04 15:56 . 2008-11-04 19:10 -------- d-----w- c:\program files\Mozilla Thunderbird
    2009-09-03 21:15 . 2009-07-03 23:37 -------- d-----w- c:\documents and settings\Fabrice\Application Data\GrabIt
    2009-09-03 20:59 . 2008-08-24 01:26 -------- d-----w- c:\documents and settings\Fabrice\Application Data\StumbleUpon
    2009-08-29 23:12 . 2008-03-25 01:58 -------- d-----w- c:\program files\eMule
    2009-08-18 23:41 . 2009-05-08 14:28 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-08-17 23:02 . 2008-03-27 00:17 81408 ----a-w- c:\documents and settings\Fabrice\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-08-10 18:52 . 2008-04-03 23:19 -------- d-----w- c:\program files\OpenOffice.org 2.4
    2009-08-10 00:19 . 2008-04-03 23:21 -------- d-----w- c:\documents and settings\Fabrice\Application Data\OpenOffice.org2
    2009-08-09 01:25 . 2008-03-26 22:52 -------- d-----w- c:\documents and settings\Fabrice\Application Data\Sports Interactive
    2009-08-04 20:16 . 2009-08-04 20:16 -------- d-----w- c:\documents and settings\Fabrice\Application Data\FastStone
    2009-08-04 20:16 . 2009-08-04 20:16 -------- d-----w- c:\program files\FastStone Capture
    2009-08-03 13:02 . 2009-08-03 13:02 410984 ----a-w- c:\windows\system32\deploytk.dll
    2009-08-03 13:02 . 2008-03-20 01:56 -------- d-----w- c:\program files\Java
    2009-08-03 11:36 . 2009-07-13 16:30 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-03 11:36 . 2009-07-13 16:30 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-08-01 19:43 . 2009-08-01 19:43 -------- d-----w- c:\program files\El Juky
    2009-07-29 13:10 . 2009-07-29 13:10 16512 ----a-w- c:\windows\gdrv.sys
    2009-07-27 16:16 . 2008-05-03 00:32 -------- d-----w- c:\program files\Fichiers communs\Adobe
    2009-07-24 15:58 . 2009-07-24 15:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_nielprt_01007.Wdf
    2009-07-24 15:58 . 2009-07-24 15:58 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
    2009-07-20 15:53 . 2009-06-18 12:21 -------- d-----w- c:\program files\Ekahau
    2009-07-19 13:33 . 2009-07-19 13:33 -------- d-----w- c:\documents and settings\Fabrice\Application Data\NotMyIp
    2009-07-19 13:33 . 2009-07-19 13:33 8704 ----a-w- c:\windows\system32\SpOrder.dll
    2009-07-16 20:26 . 2009-07-16 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2009-07-16 20:24 . 2009-07-16 20:17 -------- d-----w- c:\program files\Google
    2009-07-13 16:30 . 2009-07-13 16:30 -------- d-----w- c:\documents and settings\Fabrice\Application Data\Malwarebytes
    2009-07-13 16:30 . 2009-07-13 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-07-09 20:27 . 2009-07-09 19:49 -------- d-----w- c:\program files\IObit
    2009-07-09 20:00 . 2009-07-09 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
    2009-07-09 19:49 . 2009-07-09 19:49 -------- d-----w- c:\documents and settings\Fabrice\Application Data\IObit
    2009-06-15 21:43 . 2009-06-15 21:43 604416 ----a-w- c:\windows\system32\TUProgSt.exe
    2009-06-15 21:43 . 2009-06-15 21:43 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
    2008-12-28 13:51 . 2008-03-25 01:20 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
    2008-12-28 13:51 . 2008-03-25 01:20 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
    2008-12-28 13:51 . 2008-03-25 01:20 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
    2009-06-03 14:25 . 2009-07-24 15:58 176128 ----a-w- c:\program files\mozilla firefox\components\nsgkff20_meter3.dll
    2008-12-28 13:51 . 2008-03-25 01:20 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
    2008-12-28 13:51 . 2008-03-25 01:20 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
    .

    ------- Sigcheck -------

    [-] 2006-11-11 14:02 359808 8D8949936913B041C6A0E184FBF1030B c:\windows\system32\drivers\tcpip.sys

    [-] 2006-11-18 23:59 1035264 7BA68DF484B550C1F75DD80AE1D7EF67 c:\windows\explorer.exe

    [-] 2006-12-13 13:06 1548288 0CEF991C04073F5EC8BFD65B961705F1 c:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-16 39408]
    "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-01-25 53248]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-21 7585792]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-10-12 1282048]
    "NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2007-11-30 45056]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2007-03-21 86016]
    "TVT Scheduler Proxy"="c:\program files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe" [2006-12-10 536576]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-08-15 413696]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-03 148888]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-01-30 16116224]
    "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
    "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-30 1657376]

    c:\documents and settings\Fabrice\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    BTTray.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2006-11-13 561213]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "SynchronousMachineGroupPolicy"= 0 (0x0)
    "SynchronousUserGroupPolicy"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoSimpleStartMenu"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoStrCmpLogical"= 0 (0x0)
    "NoResolveTrack"= 0 (0x0)
    "NoNetworkConnections"= 1 (0x1)
    "NoSMMyPictures"= 1 (0x1)
    "MaxRecentDocs"= 15 (0xf)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 0 (0x0)
    "DisallowCpl"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Microsoft SQL Server\\MSSQL.1\\MSSQL\\Binn\\sqlservr.exe"=
    "c:\\Program Files\\Opera\\Opera.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "c:\\Program Files\\Free Download Manager\\fdm.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "c:\\Program Files\\BitBlinder\\BitBlinder.exe"=
    "c:\\Program Files\\BitBlinder\\Tor.exe"=
    "c:\\Program Files\\GigaTribe\\gigatribe.exe"=
    "c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
    "c:\\Program Files\\Java\\jre1.6.0_07\\bin\\java.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\SopCast\\SopCast.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\TVAnts\\Tvants.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1434:UDP"= 1434:UDP:SQL Browser
    "8787:TCP"= 8787:TCP:Cassini

    R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [17/03/2009 00:58 14336]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [08/05/2009 16:28 108289]
    R2 Ekauio;Ekahau NDIS Usermode I/O Protocol;c:\windows\system32\drivers\ekauio.sys [07/04/2009 14:45 12416]
    R2 GSelectorWebService;GSelectorWebService;c:\program files\RCS\GSelector\WebStarterGS\webstarterGS.exe [22/01/2009 10:33 20480]
    R2 msftesql$GSELECTOR;SQL Server FullText Search (GSELECTOR);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [28/08/2006 03:53 92952]
    R2 MSSQL$BP2X;SQL Server (BP2X);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [10/02/2007 15:29 29178224]
    R2 MSSQL$GSELECTOR;SQL Server (GSELECTOR);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/02/2007 06:29 29178224]
    R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [15/06/2009 23:43 604416]
    R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [25/03/2009 21:59 8832]
    S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
    S2 ecytzdca;ecytzdca;c:\windows\system32\drivers\dxgxr.sys --> c:\windows\system32\drivers\dxgxr.sys [?]
    S2 gupdate1ca065363ad5965;Service Google Update (gupdate1ca065363ad5965);c:\program files\Google\Update\GoogleUpdate.exe [16/07/2009 22:24 133104]
    S2 yntjpkldbaxxfdu;yntjpkldbaxxfdu;\??\c:\windows\system32\drivers\iondbjyvmxxd.sys --> c:\windows\system32\drivers\iondbjyvmxxd.sys [?]
    S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys --> c:\program files\MediaCoder\SysInfo.sys [?]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 17:13 234864]
    S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
    S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [03/06/2009 22:52 120168]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contents of the 'Scheduled Tasks' folder

    2009-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-16 20:24]

    2009-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-16 20:24]

    2009-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1580818891-725345543-1003Core.job
    - c:\documents and settings\Fabrice\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 22:57]

    2009-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1580818891-725345543-1003UA.job
    - c:\documents and settings\Fabrice\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-05 22:57]

    2009-09-05 c:\windows\Tasks\User_Feed_Synchronization-{3ACA8BC9-743E-47E2-AA90-24357B2F9020}.job
    - c:\windows\system32\msfeedssync.exe [2006-12-13 12:46]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.fr/
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.fr/search?q=%s
    IE: Envoyer au périphérique &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
    IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
    IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
    IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
    IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
    IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    FF - ProfilePath - c:\documents and settings\Fabrice\Application Data\Mozilla\Firefox\Profiles\nv2vokyd.default\
    FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
    FF - component: c:\program files\Mozilla Firefox\components\nsgkff20_meter3.dll
    FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-09-05 21:51
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql$GSELECTOR]
    "ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:GSELECTOR"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1644491937-1580818891-725345543-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008]
    "Currency"=dword:00000017
    "GameDir"="c:\\Documents and Settings\\Fabrice\\Mes documents\\Sports Interactive\\Football Manager 2008\\games"
    "ShortlistDir"=""
    "ScreenshotsDir"="c:\\Documents and Settings\\Fabrice\\Mes documents\\Sports Interactive\\Football Manager 2008"
    "SaveDir"="c:\\Documents and Settings\\Fabrice\\Mes documents\\Sports Interactive\\Football Manager 2008\\"
    "HistoryDir"="c:\\Documents and Settings\\Fabrice\\Bureau\\fichiers téléchargés\\FM 2008\\fm_genie_scout_2008\\FM Genie Scout 2008\\History Points"
    "LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2008\\data\\updates\\update-802\\db\\802\\lang_db.dat"
    "LastSaveGame"="c:\\Documents and Settings\\Fabrice\\Mes documents\\Sports Interactive\\Football Manager 2008\\games\\strasbourg.fm"
    "Language"="French"
    "LoadLangDB"=dword:00000001
    "CompressHistoryPoints"=dword:00000000
    "HighlightedAttributes"=dword:00000000
    "MinCondition"=dword:0000005a
    "SkinID"=dword:00000001
    "LastUpdateCheck"=dword:00000000
    "HighQualityGUI"=dword:00000001
    "AutomaticallyUpdateCheck"=dword:00000001
    "AdvancedGeneration"=dword:00000000
    "TranslateStaffSkills"=dword:00000001
    "TranslatePlayerSkills"=dword:00000001
    "TranslatePositions"=dword:00000001
    "ShowHistory"=dword:00000001
    "WindowState"=dword:00000002
    "WindowHeight"=dword:000002de
    "WindowWidth"=dword:000003fc
    "WindowLeft"=dword:00000005
    "WindowTop"=dword:00000000
    "UseProxy"=dword:00000000
    "ProxyHost"=""
    "ProxyPort"=""
    "UseAuthentication"=dword:00000000
    "UserName"=""
    "UserPassword"=""

    [HKEY_USERS\S-1-5-21-1644491937-1580818891-725345543-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Clubs]
    "Position0"=dword:00000000
    "Visible0"=dword:00000001
    "Width0"=dword:0000007d
    "Position1"=dword:00000001
    "Visible1"=dword:00000001
    "Width1"=dword:00000064
    "Position2"=dword:00000002
    "Visible2"=dword:00000001
    "Width2"=dword:00000064
    "Position3"=dword:00000003
    "Visible3"=dword:00000001
    "Width3"=dword:00000032
    "Position4"=dword:00000004
    "Visible4"=dword:00000001
    "Width4"=dword:00000032
    "Position5"=dword:00000005
    "Visible5"=dword:00000001
    "Width5"=dword:00000050
    "Position6"=dword:00000006
    "Visible6"=dword:00000001
    "Width6"=dword:00000050
    "Position7"=dword:00000007
    "Visible7"=dword:00000001
    "Width7"=dword:00000050
    "Position8"=dword:00000008
    "Visible8"=dword:00000000
    "Width8"=dword:00000050
    "Position9"=dword:00000009
    "Visible9"=dword:00000000
    "Width9"=dword:0000002d
    "Position10"=dword:0000000a
    "Visible10"=dword:00000000
    "Width10"=dword:0000001e
    "Position11"=dword:0000000b
    "Visible11"=dword:00000000
    "Width11"=dword:0000001e
    "Position12"=dword:0000000c
    "Visible12"=dword:00000000
    "Width12"=dword:0000001e
    "Position13"=dword:0000000d
    "Visible13"=dword:00000001
    "Width13"=dword:0000003c
    "Position14"=dword:0000000e
    "Visible14"=dword:00000000
    "Width14"=dword:00000032
    "Position15"=dword:0000000f
    "Visible15"=dword:00000000
    "Width15"=dword:00000032
    "Position16"=dword:00000010
    "Visible16"=dword:00000000
    "Width16"=dword:00000032
    "Position17"=dword:00000011
    "Visible17"=dword:00000001
    "Width17"=dword:00000050
    "Position18"=dword:00000012
    "Visible18"=dword:00000001
    "Width18"=dword:00000089
    "Position19"=dword:00000013
    "Visible19"=dword:00000000
    "Width19"=dword:00000050

    [HKEY_USERS\S-1-5-21-1644491937-1580818891-725345543-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Players]
    "Position0"=dword:00000000
    "Visible0"=dword:00000001
    "Width0"=dword:0000009a
    "Position1"=dword:00000001
    "Visible1"=dword:00000001
    "Width1"=dword:00000064
    "Position2"=dword:00000002
    "Visible2"=dword:00000001
    "Width2"=dword:00000064
    "Position3"=dword:00000003
    "Visible3"=dword:00000001
    "Width3"=dword:00000053
    "Position4"=dword:00000008
    "Visible4"=dword:00000001
    "Width4"=dword:00000023
    "Position5"=dword:00000009
    "Visible5"=dword:00000001
    "Width5"=dword:00000064
    "Position6"=dword:0000000a
    "Visible6"=dword:00000001
    "Width6"=dword:00000066
    "Position7"=dword:0000000c
    "Visible7"=dword:00000001
    "Width7"=dword:00000061
    "Position8"=dword:0000000d
    "Visible8"=dword:00000001
    "Width8"=dword:0000006b
    "Position9"=dword:0000000e
    "Visible9"=dword:00000001
    "Width9"=dword:00000077
    "Position10"=dword:00000010
    "Visible10"=dword:00000000
    "Width10"=dword:00000050
    "Position11"=dword:00000011
    "Visible11"=dword:00000000
    "Width11"=dword:0000004b
    "Position12"=dword:00000012
    "Visible12"=dword:00000000
    "Width12"=dword:0000002d
    "Position13"=dword:00000013
    "Visible13"=dword:00000000
    "Width13"=dword:0000003c
    "Position14"=dword:00000014
    "Visible14"=dword:00000000
    "Width14"=dword:0000004b
    "Position15"=dword:00000015
    "Visible15"=dword:00000000
    "Width15"=dword:00000064
    "Position16"=dword:00000016
    "Visible16"=dword:00000000
    "Width16"=dword:00000064
    "Position17"=dword:00000017
    "Visible17"=dword:00000000
    "Width17"=dword:0000004b
    "Position18"=dword:00000018
    "Visible18"=dword:00000000
    "Width18"=dword:00000064
    "Position19"=dword:00000019
    "Visible19"=dword:00000000
    "Width19"=dword:0000003c
    "Position20"=dword:0000001a
    "Visible20"=dword:00000000
    "Width20"=dword:0000004b
    "Position21"=dword:0000001b
    "Visible21"=dword:00000000
    "Width21"=dword:00000050
    "Position22"=dword:0000001c
    "Visible22"=dword:00000000
    "Width22"=dword:00000073
    "Position23"=dword:0000001d
    "Visible23"=dword:00000000
    "Width23"=dword:00000050
    "Position24"=dword:0000001e
    "Visible24"=dword:00000000
    "Width24"=dword:0000005a
    "Position25"=dword:0000001f
    "Visible25"=dword:00000000
    "Width25"=dword:0000006e
    "Position26"=dword:00000020
    "Visible26"=dword:00000000
    "Width26"=dword:00000064
    "Position27"=dword:00000021
    "Visible27"=dword:00000000
    "Width27"=dword:00000087
    "Position28"=dword:00000022
    "Visible28"=dword:00000000
    "Width28"=dword:00000064
    "Position29"=dword:00000023
    "Visible29"=dword:00000000
    "Width29"=dword:00000064
    "Position30"=dword:00000024
    "Visible30"=dword:00000000
    "Width30"=dword:00000046
    "Position31"=dword:00000025
    "Visible31"=dword:00000000
    "Width31"=dword:0000004b
    "Position32"=dword:00000026
    "Visible32"=dword:00000000
    "Width32"=dword:00000046
    "Position33"=dword:00000027
    "Visible33"=dword:00000000
    "Width33"=dword:0000004b
    "Position34"=dword:00000028
    "Visible34"=dword:00000000
    "Width34"=dword:0000003c
    "Position35"=dword:0000002a
    "Visible35"=dword:00000000
    "Width35"=dword:00000064
    "Position36"=dword:0000002e
    "Visible36"=dword:00000000
    "Width36"=dword:00000073
    "Position37"=dword:00000030
    "Visible37"=dword:00000000
    "Width37"=dword:0000005f
    "Position38"=dword:00000033
    "Visible38"=dword:00000000
    "Width38"=dword:00000091
    "Position39"=dword:00000035
    "Visible39"=dword:00000000
    "Width39"=dword:0000003c
    "Position40"=dword:0000002c
    "Visible40"=dword:00000000
    "Width40"=dword:0000005a
    "Position41"=dword:00000036
    "Visible41"=dword:00000000
    "Width41"=dword:00000041
    "Position42"=dword:00000029
    "Visible42"=dword:00000000
    "Width42"=dword:00000050
    "Position43"=dword:0000002b
    "Visible43"=dword:00000000
    "Width43"=dword:00000055
    "Position44"=dword:0000002d
    "Visible44"=dword:00000000
    "Width44"=dword:0000005f
    "Position45"=dword:00000037
    "Visible45"=dword:00000000
    "Width45"=dword:00000050
    "Position46"=dword:00000038
    "Visible46"=dword:00000000
    "Width46"=dword:0000004b
    "Position47"=dword:00000039
    "Visible47"=dword:00000000
    "Width47"=dword:0000004b
    "Position48"=dword:0000003a
    "Visible48"=dword:00000000
    "Width48"=dword:00000046
    "Position49"=dword:0000003b
    "Visible49"=dword:00000000
    "Width49"=dword:00000032
    "Position50"=dword:0000003c
    "Visible50"=dword:00000000
    "Width50"=dword:0000003c
    "Position51"=dword:0000003d
    "Visible51"=dword:00000000
    "Width51"=dword:0000004b
    "Position52"=dword:0000003e
    "Visible52"=dword:00000000
    "Width52"=dword:0000003c
    "Position53"=dword:0000003f
    "Visible53"=dword:00000000
    "Width53"=dword:00000037
    "Position54"=dword:00000040
    "Visible54"=dword:00000000
    "Width54"=dword:00000069
    "Position55"=dword:00000041
    "Visible55"=dword:00000000
    "Width55"=dword:0000005a
    "Position56"=dword:00000044
    "Visible56"=dword:00000000
    "Width56"=dword:0000004b
    "Position57"=dword:00000045
    "Visible57"=dword:00000000
    "Width57"=dword:0000004b
    "Position58"=dword:00000046
    "Visible58"=dword:00000000
    "Width58"=dword:00000037
    "Position59"=dword:00000047
    "Visible59"=dword:00000000
    "Width59"=dword:0000003c
    "Position60"=dword:00000048
    "Visible60"=dword:00000000
    "Width60"=dword:0000003c
    "Position61"=dword:00000049
    "Visible61"=dword:00000000
    "Width61"=dword:00000041
    "Position62"=dword:0000004a
    "Visible62"=dword:00000000
    "Width62"=dword:00000055
    "Position63"=dword:0000004b
    "Visible63"=dword:00000000
    "Width63"=dword:0000003c
    "Position64"=dword:0000004c
    "Visible64"=dword:00000000
    "Width64"=dword:0000003c
    "Position65"=dword:0000004d
    "Visible65"=dword:00000000
    "Width65"=dword:0000004b
    "Position66"=dword:0000004e
    "Visible66"=dword:00000000
    "Width66"=dword:0000003c
    "Position67"=dword:0000004f
    "Visible67"=dword:00000000
    "Width67"=dword:00000046
    "Position68"=dword:00000050
    "Visible68"=dword:00000000
    "Width68"=dword:00000028
    "Position69"=dword:00000051
    "Visible69"=dword:00000000
    "Width69"=dword:00000041
    "Position70"=dword:00000052
    "Visible70"=dword:00000000
    "Width70"=dword:0000003c
    "Position71"=dword:00000053
    "Visible71"=dword:00000000
    "Width71"=dword:00000069
    "Position72"=dword:00000054
    "Visible72"=dword:00000000
    "Width72"=dword:00000041
    "Position73"=dword:00000055
    "Visible73"=dword:00000000
    "Width73"=dword:0000005f
    "Position74"=dword:00000056
    "Visible74"=dword:00000000
    "Width74"=dword:0000003c
    "Position75"=dword:00000057
    "Visible75"=dword:00000000
    "Width75"=dword:00000037
    "Position76"=dword:00000058
    "Visible76"=dword:00000000
    "Width76"=dword:0000004b
    "Position77"=dword:00000059
    "Visible77"=dword:00000000
    "Width77"=dword:00000050
    "Position78"=dword:0000005a
    "Visible78"=dword:00000000
    "Width78"=dword:00000037
    "Position79"=dword:0000005b
    "Visible79"=dword:00000000
    "Width79"=dword:00000037
    "Position80"=dword:0000005c
    "Visible80"=dword:00000000
    "Width80"=dword:0000005a
    "Position81"=dword:0000005d
    "Visible81"=dword:00000000
    "Width81"=dword:0000004b
    "Position82"=dword:0000005e
    "Visible82"=dword:00000000
    "Width82"=dword:00000055
    "Position83"=dword:0000005f
    "Visible83"=dword:00000000
    "Width83"=dword:0000002d
    "Position84"=dword:00000060
    "Visible84"=dword:00000000
    "Width84"=dword:00000037
    "Position85"=dword:00000061
    "Visible85"=dword:00000000
    "Width85"=dword:0000003c
    "Position86"=dword:00000062
    "Visible86"=dword:00000000
    "Width86"=dword:00000046
    "Position87"=dword:00000063
    "Visible87"=dword:00000000
    "Width87"=dword:0000003c
    "Position88"=dword:00000064
    "Visible88"=dword:00000000
    "Width88"=dword:0000005a
    "Position89"=dword:00000065
    "Visible89"=dword:00000000
    "Width89"=dword:0000003c
    "Position90"=dword:00000066
    "Visible90"=dword:00000000
    "Width90"=dword:00000050
    "Position91"=dword:00000067
    "Visible91"=dword:00000000
    "Width91"=dword:00000046
    "Position92"=dword:00000068
    "Visible92"=dword:00000000
    "Width92"=dword:0000005a
    "Position93"=dword:00000069
    "Visible93"=dword:00000000
    "Width93"=dword:00000037
    "Position94"=dword:0000006a
    "Visible94"=dword:00000000
    "Width94"=dword:0000003c
    "Position95"=dword:0000006b
    "Visible95"=dword:00000000
    "Width95"=dword:0000003c
    "Position96"=dword:0000006c
    "Visible96"=dword:00000000
    "Width96"=dword:00000046
    "Position97"=dword:0000006d
    "Visible97"=dword:00000000
    "Width97"=dword:00000046
    "Position98"=dword:0000006e
    "Visible98"=dword:00000000
    "Width98"=dword:00000055
    "Position99"=dword:0000006f
    "Visible99"=dword:00000000
    "Width99"=dword:00000073
    "Position100"=dword:00000042
    "Visible100"=dword:00000000
    "Width100"=dword:00000041
    "Position101"=dword:00000070
    "Visible101"=dword:00000000
    "Width101"=dword:0000003c
    "Position102"=dword:00000071
    "Visible102"=dword:00000000
    "Width102"=dword:0000003c
    "Position103"=dword:00000072
    "Visible103"=dword:00000000
    "Width103"=dword:00000046
    "Position104"=dword:00000073
    "Visible104"=dword:00000000
    "Width104"=dword:0000003c
    "Position105"=dword:00000074
    "Visible105"=dword:00000000
    "Width105"=dword:00000041
    "Position106"=dword:0000000f
    "Visible106"=dword:00000001
    "Width106"=dword:0000008d
    "Position107"=dword:0000000b
    "Visible107"=dword:00000001
    "Width107"=dword:00000028
    "Position108"=dword:00000043
    "Visible108"=dword:00000000
    "Width108"=dword:00000050
    "Position109"=dword:0000002f
    "Visible109"=dword:00000000
    "Width109"=dword:00000050
    "Position110"=dword:00000031
    "Visible110"=dword:00000000
    "Width110"=dword:00000055
    "Position111"=dword:00000032
    "Visible111"=dword:00000000
    "Width111"=dword:00000082
    "Position112"=dword:00000034
    "Visible112"=dword:00000000
    "Width112"=dword:00000087
    "Position113"=dword:00000075
    "Visible113"=dword:00000000
    "Width113"=dword:00000050
    "Position114"=dword:00000076
    "Visible114"=dword:00000000
    "Width114"=dword:00000050
    "Position115"=dword:00000077
    "Visible115"=dword:00000000
    "Width115"=dword:00000050
    "Position116"=dword:00000078
    "Visible116"=dword:00000000
    "Width116"=dword:00000050
    "Position117"=dword:00000079
    "Visible117"=dword:00000000
    "Width117"=dword:00000050
    "Position118"=dword:0000007a
    "Visible118"=dword:00000000
    "Width118"=dword:00000050
    "Position119"=dword:0000007b
    "Visible119"=dword:00000000
    "Width119"=dword:00000050
    "Position120"=dword:0000007c
    "Visible120"=dword:00000000
    "Width120"=dword:00000050
    "Position121"=dword:0000007d
    "Visible121"=dword:00000000
    "Width121"=dword:00000050
    "Position122"=dword:0000007e
    "Visible122"=dword:00000000
    "Width122"=dword:00000050
    "Position123"=dword:0000007f
    "Visible123"=dword:00000000
    "Width123"=dword:00000050
    "Position124"=dword:00000080
    "Visible124"=dword:00000000
    "Width124"=dword:00000050
    "Position125"=dword:00000081
    "Visible125"=dword:00000000
    "Width125"=dword:00000050
    "Position126"=dword:00000082
    "Visible126"=dword:00000000
    "Width126"=dword:00000050
    "Position127"=dword:00000083
    "Visible127"=dword:00000000
    "Width127"=dword:00000050
    "Position128"=dword:00000084
    "Visible128"=dword:00000000
    "Width128"=dword:00000050
    "Position129"=dword:00000085
    "Visible129"=dword:00000000
    "Width129"=dword:00000050
    "Position130"=dword:00000086
    "Visible130"=dword:00000000
    "Width130"=dword:00000050
    "Position131"=dword:00000087
    "Visible131"=dword:00000000
    "Width131"=dword:00000050
    "Position132"=dword:00000088
    "Visible132"=dword:00000000
    "Width132"=dword:00000050
    "Position133"=dword:00000089
    "Visible133"=dword:00000000
    "Width133"=dword:00000050
    "Position134"=dword:0000008a
    "Visible134"=dword:00000000
    "Width134"=dword:00000050
    "Position135"=dword:0000008b
    "Visible135"=dword:00000000
    "Width135"=dword:00000050
    "Position136"=dword:0000008c
    "Visible136"=dword:00000000
    "Width136"=dword:00000050
    "Position137"=dword:0000008d
    "Visible137"=dword:00000000
    "Width137"=dword:00000050
    "Position138"=dword:0000008e
    "Visible138"=dword:00000000
    "Width138"=dword:00000050
    "Position139"=dword:0000008f
    "Visible139"=dword:00000000
    "Width139"=dword:00000050
    "Position140"=dword:00000090
    "Visible140"=dword:00000000
    "Width140"=dword:00000050
    "Position141"=dword:00000091
    "Visible141"=dword:00000000
    "Width141"=dword:00000050
    "Position142"=dword:00000092
    "Visible142"=dword:00000000
    "Width142"=dword:00000050
    "Position143"=dword:00000093
    "Visible143"=dword:00000000
    "Width143"=dword:00000050
    "Position144"=dword:00000094
    "Visible144"=dword:00000000
    "Width144"=dword:00000050
    "Position145"=dword:00000095
    "Visible145"=dword:00000000
    "Width145"=dword:00000050
    "Position146"=dword:00000004
    "Visible146"=dword:00000000
    "Width146"=dword:00000037
    "Position147"=dword:00000005
    "Visible147"=dword:00000000
    "Width147"=dword:00000028
    "Position148"=dword:00000006
    "Visible148"=dword:00000000
    "Width148"=dword:00000037
    "Position149"=dword:00000007
    "Visible149"=dword:00000001
    "Width149"=dword:0000002c

    [HKEY_USERS\S-1-5-21-1644491937-1580818891-725345543-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Columns\Staff]
    "Position0"=dword:00000000
    "Visible0"=dword:00000001
    "Width0"=dword:0000007d
    "Position1"=dword:00000001
    "Visible1"=dword:00000001
    "Width1"=dword:00000064
    "Position2"=dword:00000002
    "Visible2"=dword:00000001
    "Width2"=dword:00000064
    "Position3"=dword:00000003
    "Visible3"=dword:00000001
    "Width3"=dword:00000069
    "Position4"=dword:00000005
    "Visible4"=dword:00000001
    "Width4"=dword:00000028
    "Position5"=dword:00000006
    "Visible5"=dword:00000001
    "Width5"=dword:00000028
    "Position6"=dword:00000004
    "Visible6"=dword:00000001
    "Width6"=dword:00000028
    "Position7"=dword:00000007
    "Visible7"=dword:00000001
    "Width7"=dword:00000050
    "Position8"=dword:00000008
    "Visible8"=dword:00000000
    "Width8"=dword:00000050
    "Position9"=dword:00000009
    "Visible9"=dword:00000000
    "Width9"=dword:0000004b
    "Position10"=dword:0000000a
    "Visible10"=dword:00000000
    "Width10"=dword:0000002d
    "Position11"=dword:0000000b
    "Visible11"=dword:00000000
    "Width11"=dword:0000003c
    "Position12"=dword:0000000c
    "Visible12"=dword:00000000
    "Width12"=dword:0000004b
    "Position13"=dword:0000000d
    "Visible13"=dword:00000000
    "Width13"=dword:00000064
    "Position14"=dword:0000000e
    "Visible14"=dword:00000000
    "Width14"=dword:00000064
    "Position15"=dword:0000000f
    "Visible15"=dword:00000000
    "Width15"=dword:0000004b
    "Position16"=dword:00000010
    "Visible16"=dword:00000000
    "Width16"=dword:00000064
    "Position17"=dword:00000011
    "Visible17"=dword:00000000
    "Width17"=dword:0000003c
    "Position18"=dword:00000012
    "Visible18"=dword:00000000
    "Width18"=dword:0000004b
    "Position19"=dword:00000013
    "Visible19"=dword:00000000
    "Width19"=dword:00000050
    "Position20"=dword:00000014
    "Visible20"=dword:00000000
    "Width20"=dword:00000046
    "Position21"=dword:00000015
    "Visible21"=dword:00000000
    "Width21"=dword:0000004b
    "Position22"=dword:00000016
    "Visible22"=dword:00000000
    "Width22"=dword:00000046
    "Position23"=dword:00000017
    "Visible23"=dword:00000000
    "Width23"=dword:00000046
    "Position24"=dword:00000018
    "Visible24"=dword:00000000
    "Width24"=dword:0000003c
    "Position25"=dword:00000019
    "Visible25"=dword:00000000
    "Width25"=dword:00000041
    "Position26"=dword:0000001a
    "Visible26"=dword:00000000
    "Width26"=dword:0000003c
    "Position27"=dword:0000001b
    "Visible27"=dword:00000000
    "Width27"=dword:00000055
    "Position28"=dword:0000001c
    "Visible28"=dword:00000000
    "Width28"=dword:00000069
    "Position29"=dword:0000001d
    "Visible29"=dword:00000000
    "Width29"=dword:0000006e
    "Position30"=dword:0000001e
    "Visible30"=dword:00000000
    "Width30"=dword:00000064
    "Position31"=dword:0000001f
    "Visible31"=dword:00000000
    "Width31"=dword:00000078
    "Position32"=dword:00000020
    "Visible32"=dword:00000000
    "Width32"=dword:00000064
    "Position33"=dword:00000021
    "Visible33"=dword:00000000
    "Width33"=dword:00000087
    "Position34"=dword:00000022
    "Visible34"=dword:00000000
    "Width34"=dword:00000069
    "Position35"=dword:00000023
    "Visible35"=dword:00000000
    "Width35"=dword:0000006e
    "Position36"=dword:00000024
    "Visible36"=dword:00000000
    "Width36"=dword:00000073
    "Position37"=dword:00000025
    "Visible37"=dword:00000000
    "Width37"=dword:0000004b
    "Position38"=dword:00000026
    "Visible38"=dword:00000000
    "Width38"=dword:0000002d
    "Position39"=dword:00000027
    "Visible39"=dword:00000000
    "Width39"=dword:00000055
    "Position40"=dword:00000028
    "Visible40"=dword:00000000
    "Width40"=dword:00000046
    "Position41"=dword:00000029
    "Visible41"=dword:00000000
    "Width41"=dword:0000004b
    "Position42"=dword:0000002a
    "Visible42"=dword:00000000
    "Width42"=dword:0000003c
    "Position43"=dword:0000002b
    "Visible43"=dword:00000000
    "Width43"=dword:00000046
    "Position44"=dword:0000002c
    "Visible44"=dword:00000000
    "Width44"=dword:00000073
    "Position45"=dword:0000002d
    "Visible45"=dword:00000000
    "Width45"=dword:0000004b
    "Position46"=dword:0000002e
    "Visible46"=dword:00000000
    "Width46"=dword:00000073
    "Position47"=dword:0000002f
    "Visible47"=dword:00000000
    "Width47"=dword:0000007d
    "Position48"=dword:00000030
    "Visible48"=dword:00000000
    "Width48"=dword:0000006e
    "Position49"=dword:00000031
    "Visible49"=dword:00000000
    "Width49"=dword:00000037
    "Position50"=dword:00000032
    "Visible50"=dword:00000000
    "Width50"=dword:00000064
    "Position51"=dword:00000033
    "Visible51"=dword:00000000
    "Width51"=dword:00000037
    "Position52"=dword:00000034
    "Visible52"=dword:00000000
    "Width52"=dword:0000004b
    "Position53"=dword:00000035
    "Visible53"=dword:00000000
    "Width53"=dword:00000046
    "Position54"=dword:00000036
    "Visible54"=dword:00000000
    "Width54"=dword:00000037
    "Position55"=dword:00000037
    "Visible55"=dword:00000000
    "Width55"=dword:0000003c
    "Position56"=dword:00000038
    "Visible56"=dword:00000000
    "Width56"=dword:00000055
    "Position57"=dword:00000039
    "Visible57"=dword:00000000
    "Width57"=dword:0000003c
    "Position58"=dword:0000003a
    "Visible58"=dword:00000000
    "Width58"=dword:0000003c
    "Position59"=dword:0000003b
    "Visible59"=dword:00000000
    "Width59"=dword:00000055
    "Position60"=dword:0000003c
    "Visible60"=dword:00000000
    "Width60"=dword:00000046
    "Position61"=dword:0000003d
    "Visible61"=dword:00000000
    "Width61"=dword:0000004b
    "Position62"=dword:0000003e
    "Visible62"=dword:00000000
    "Width62"=dword:00000055
    "Position63"=dword:0000003f
    "Visible63"=dword:00000000
    "Width63"=dword:0000005a
    "Position64"=dword:00000040
    "Visible64"=dword:00000000
    "Width64"=dword:0000006e
    "Position65"=dword:00000041
    "Visible65"=dword:00000000
    "Width65"=dword:00000050
    "Position66"=dword:00000042
    "Visible66"=dword:00000000
    "Width66"=dword:00000032
    "Position67"=dword:00000043
    "Visible67"=dword:00000000
    "Width67"=dword:00000064
    "Position68"=dword:00000044
    "Visible68"=dword:00000000
    "Width68"=dword:0000004b
    "Position69"=dword:00000045
    "Visible69"=dword:00000000
    "Width69"=dword:0000002d
    "Position70"=dword:00000046
    "Visible70"=dword:00000000
    "Width70"=dword:0000004b
    "Position71"=dword:00000047
    "Visible71"=dword:00000000
    "Width71"=dword:0000005a
    "Position72"=dword:00000048
    "Visible72"=dword:00000000
    "Width72"=dword:0000005a
    "Position73"=dword:00000049
    "Visible73"=dword:00000000
    "Width73"=dword:00000050
    "Position74"=dword:0000004a
    "Visible74"=dword:00000000
    "Width74"=dword:0000004b
    "Position75"=dword:0000004b
    "Visible75"=dword:00000000
    "Width75"=dword:00000050
    "Position76"=dword:0000004c
    "Visible76"=dword:00000000
    "Width76"=dword:0000005a
    "Position77"=dword:0000004d
    "Visible77"=dword:00000000
    "Width77"=dword:00000041
    "Position78"=dword:0000004e
    "Visible78"=dword:00000000
    "Width78"=dword:00000041
    "Position79"=dword:0000004f
    "Visible79"=dword:00000000
    "Width79"=dword:00000041
    "Position80"=dword:00000050
    "Visible80"=dword:00000000
    "Width80"=dword:00000041
    "Position81"=dword:00000051
    "Visible81"=dword:00000000
    "Width81"=dword:00000041
    "Position82"=dword:00000052
    "Visible82"=dword:00000000
    "Width82"=dword:00000041
    "Position83"=dword:00000053
    "Visible83"=dword:00000000
    "Width83"=dword:00000041
    "Position84"=dword:00000054
    "Visible84"=dword:00000000
    "Width84"=dword:00000041
    "Position85"=dword:00000055
    "Visible85"=dword:00000000
    "Width85"=dword:00000041
    "Position86"=dword:00000056
    "Visible86"=dword:00000000
    "Width86"=dword:00000050

    [HKEY_USERS\S-1-5-21-1644491937-1580818891-725345543-1003\Software\G*e*n*i*e*"!\FM Genie Scout 2008\Rating Coefficients]
    "GKWeightCoef"=dword:00000064
    "GKCurrentAbilityCoef"=dword:00000000
    "GKCornersCoef"=dword:00000000
    "GKCrossingCoef"=dword:00000000
    "GKDribblingCoef"=dword:00000000
    "GKFinishingCoef"=dword:00000000
    "GKFirstTouchCoef"=dword:00000000
    "GKFreeKicksCoef"=dword:00000000
    "GKHeadingCoef"=dword:00000000
    "GKLongShotsCoef"=dword:00000000
    "GKLongThrowsCoef"=dword:00000000
    "GKMarkingCoef"=dword:00000000
    "GKPassingCoef"=dword:00000000
    "GKPenaltiesCoef"=dword:00000000
    "GKTacklingCoef"=dword:00000005
    "GKTechniqueCoef"=dword:00000000
    "GKLeftFootCoef"=dword:00000000
    "GKRightFootCoef"=dword:00000000
    "GKAggressionCoef"=dword:0000000a
    "GKAnticipationCoef"=dword:00000005
    "GKBraveryCoef"=dword:00000014
    "GKComposureCoef"=dword:00000014
    "GKConcentrationCoef"=dword:0000000a
    "GKConsistencyCoef"=dword:0000000a
    "GKCreativityCoef"=dword:00000000
    "GKDecisionsCoef"=dword:00000014
    "GKDeterminationCoef"=dword:0000000a
    "GKDirtinessCoef"=dword:fffffffb
    "GKFlairCoef"=dword:00000000
    "GKImportantMatchesCoef"=dword:0000000a
    "GKInfluenceCoef"=dword:0000000a
    "GKOffTheBallCoef"=dword:00000000
    "GKPositioningCoef"=dword:00000050
    "GKTeamworkCoef"=dword:00000005
    "GKWorkRateCoef"=dword:00000000
    "GKAccelerationCoef"=dword:00000005
    "GKAgilityCoef"=dword:0000000a
    "GKBalanceCoef"=dword:0000000a
    "GKInjuryPronenessCoef"=dword:fffffffb
    "GKJumpingCoef"=dword:00000050
    "GKNaturalFitnessCoef"=dword:00000005
    "GKPaceCoef"=dword:00000000
    "GKStaminaCoef"=dword:00000000
    "GKStrengthCoef"=dword:0000000a
    "GKVersatilityCoef"=dword:00000000
    "GKAerialAbilityCoef"=dword:00000032
    "GKCommandOfAreaCoef"=dword:00000014
    "GKCommunicationCoef"=dword:00000032
    "GKEccentricityCoef"=dword:ffffffec
    "GKHandlingCoef"=dword:00000064
    "GKKickingCoef"=dword:0000000a
    "GKOneOnOnesCoef"=dword:00000032
    "GKReflexesCoef"=dword:00000064
    "GKRushingOutCoef"=dword:00000014
    "GKTendencyToPunchCoef"=dword:fffffff6
    "GKThrowingCoef"=dword:0000000a
    "GKAdaptabilityCoef"=dword:00000005
    "GKAmbitionCoef"=dword:0000000a
    "GKControversyCoef"=dword:fffffffb
    "GKLoyalityCoef"=dword:00000005
    "GKPressureCoef"=dword:00000005
    "GKProfessionalismCoef"=dword:00000005
    "GKSportsmanshipCoef"=dword:00000005
    "GKTemperamentCoef"=dword:00000005
    "SWWeightCoef"=dword:00000066
    "SWCurrentAbilityCoef"=dword:00000000
    "SWCornersCoef"=dword:00000000
    "SWCrossingCoef"=dword:00000000
    "SWDribblingCoef"=dword:00000000
    "SWFinishingCoef"=dword:00000000
    "SWFirstTouchCoef"=dword:00000014
    "SWFreeKicksCoef"=dword:0000000a
    "SWHeadingCoef"=dword:00000064
    "SWLongShotsCoef"=dword:0000000a
    "SWLongThrowsCoef"=dword:00000000
    "SWMarkingCoef"=dword:00000064
    "SWPassingCoef"=dword:0000000a
    "SWPenaltiesCoef"=dword:00000005
    "SWTacklingCoef"=dword:00000064
    "SWTechniqueCoef"=dword:0000000a
    "SWLeftFootCoef"=dword:00000005
    "SWRightFootCoef"=dword:00000005
    "SWAggressionCoef"=dword:00000014
    "SWAnticipationCoef"=dword:00000014
    "SWBraveryCoef"=dword:00000028
    "SWComposureCoef"=dword:00000028
    "SWConcentrationCoef"=dword:0000003c
    "SWConsistencyCoef"=dword:0000000a
    "SWCreativityCoef"=dword:0000000a
    "SWDecisionsCoef"=dword:00000014
    "SWDeterminationCoef"=dword:0000000a
    "SWDirtinessCoef"=dword:ffffffe7
    "SWFlairCoef"=dword:00000000
    "SWImportantMatchesCoef"=dword:0000000a
    "SWInfluenceCoef"=dword:0000000a
    "SWOffTheBallCoef"=dword:0000000a
    "SWPositioningCoef"=dword:00000064
    "SWTeamworkCoef"=dword:00000028
    "SWWorkRateCoef"=dword:00000014
    "SWAccelerationCoef"=dword:0000001e
    "SWAgilityCoef"=dword:0000000a
    "SWBalanceCoef"=dword:00000014
    "SWInjuryPronenessCoef"=dword:fffffffb
    "SWJumpingCoef"=dword:00000064
    "SWNaturalFitnessCoef"=dword:00000005
    "SWPaceCoef"=dword:00000014
    "SWStaminaCoef"=dword:0000000a
    "SWStrengthCoef"=dword:00000050
    "SWVersatilityCoef"=dword:00000005
    "SWAerialAbilityCoef"=dword:00000000
    "SWCommandOfAreaCoef"=dword:00000000
    "SWCommunicationCoef"=dword:00000000
    "SWEccentricityCoef"=dword:00000000
    "SWHandlingCoef"=dword:00000000
    "SWKickingCoef"=dword:00000000
    "SWOneOnOnesCoef"=dword:00000005
    "SWReflexesCoef"=dword:00000005
    "SWRushingOutCoef"=dword:00000000
    "SWTendencyToPunchCoef"=dword:00000000
    "SWThrowingCoef"=dword:00000000
    "SWAdaptabilityCoef"=dword:00000005
    "SWAmbitionCoef"=dword:0000000a
    "SWControversyCoef"=dword:fffffffb
    "SWLoyalityCoef"=dword:00000005
    "SWPressureCoef"=dword:00000005
    "SWProfessionalismCoef"=dword:00000005
    "SWSportsmanshipCoef"=dword:00000005
    "SWTemperamentCoef"=dword:00000005
    "CBWeightCoef"=dword:00000064
    "CBCurrentAbilityCoef"=dword:00000000
    "CBCornersCoef"=dword:00000000
    "CBCrossingCoef"=dword:00000000
    "CBDribblingCoef"=dword:00000000
    "CBFinishingCoef"=dword:00000000
    "CBFirstTouchCoef"=dword:00000014
    "CBFreeKicksCoef"=dword:0000000a
    "CBHeadingCoef"=dword:00000064
    "CBLongShotsCoef"=dword:0000000a
    "CBLongThrowsCoef"=dword:00000000
    "CBMarkingCoef"=dword:00000050
    "CBPassingCoef"=dword:00000014
    "CBPenaltiesCoef"=dword:00000005
    "CBTacklingCoef"=dword:00000064
    "CBTechniqueCoef"=dword:0000000a
    "CBLeftFootCoef"=dword:00000005
    "CBRightFootCoef"=dword:00000005
    "CBAggressionCoef"=dword:00000014
    "CBAnticipationCoef"=dword:00000014
    "CBBraveryCoef"=dword:00000028
    "CBComposureCoef"=dword:00000014
    "CBConcentrationCoef"=dword:00000028
    "CBConsistencyCoef"=dword:0000000a
    "CBCreativityCoef"=dword:0000000a
    "CBDecisionsCoef"=dword:00000014
    "CBDeterminationCoef"=dword:0000000a
    "CBDirtinessCoef"=dword:ffffffec
    "CBFlairCoef"=dword:00000000
    "CBImportantMatchesCoef"=dword:0000000a
    "CBInfluenceCoef"=dword:0000000a
    "CBOffTheBallCoef"=dword:0000000a
    "CBPositioningCoef"=dword:00000050
    "CBTeamworkCoef"=dword:00000028
    "CBWorkRateCoef"=dword:00000014
    "CBAccelerationCoef"=dword:00000028
    "CBAgilityCoef"=dword:0000000a
    "CBBalanceCoef"=dword:00000014
    "CBInjuryPronenessCoef"=dword:fffffffb
    "CBJumpingCoef"=dword:00000064
    "CBNaturalFitnessCoef"=dword:00000005
    "CBPaceCoef"=dword:0000001e
    "CBStaminaCoef"=dword:0000000a
    "CBStrengthCoef"=dword:0000003c
    "CBVersatilityCoef"=dword:00000005
    "CBAerialAbilityCoef"=dword:00000000
    "CBCommandOfAreaCoef"=dword:00000000
    "CBCommunicationCoef"=dword:00000000
    "CBEccentricityCoef"=dword:00000000
    "CBHandlingCoef"=dword:00000000
    "CBKickingCoef"=dword:00000000
    "CBOneOnOnesCoef"=dword:00000005
    "CBReflexesCoef"=dword:00000005
    "CBRushingOutCoef&quo
    0
  8. Utilisateur anonyme
     
    Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent

    ▶ Télécharge:List&Kill'em et enregistre le sur ton bureau</gras>

    Il ne necessite pas d'installation

    ▶double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

    choisis la langue puis choisis l'option 1 = Mode Recheche

    ▶laisse travailler l'outil

    le rapport va s'afficher , une fois le scan fini

    ▶colle le contenu dans ta prochaine réponse
    0
  9. phabryss
     
    List'em by g3n-h@ckm@n 1.0.3.0

    updated on 03.09.2009 ::::: 0.25

    Microsoft Windows XP [version 5.1.2600]

    05/09/2009 22:57:12,79

    Nom de l'h“te: PCFABRICE
    Nom du systŠme d'exploitation: Microsoft Windows XP Professionnel
    Version du systŠme: 5.1.2600 Service Pack 2 version 2600
    Fabricant du systŠme d'exploitation: Microsoft Corporation
    Configuration du systŠme d'exploitation: Station de travail autonome
    Type de version du systŠme d'exploitation: Multiprocessor Free
    Propri‚taire enregistr‚ÿ: Fabrice
    Organisation enregistr‚eÿ:
    Identificateur de produit: 55274-642-3428963-23553
    Date d'installation originale: 20/03/2008, 02:39:19
    Dur‚e d'activit‚ systŠme: 0 jours, 1 heures, 7 minutes, 7 secondes
    Fabricant du systŠme: LENOVO
    ModŠle du systŠme: 0769A44
    Type du systŠme: X86-based PC
    Processeur(s): 2 processeur(s) install‚(s).
    [01]: x86 Family 6 Model 15 Stepping 13 GenuineIntel ~1463 MHz
    [02]: x86 Family 6 Model 15 Stepping 13 GenuineIntel ~1462 MHz
    Version du BIOS: LENOVO - 6040000
    R‚pertoire Windows: C:\WINDOWS
    R‚pertoire systŠme: C:\WINDOWS\system32
    P‚riph‚rique d'amor‡age: \Device\HarddiskVolume2
    Option r‚gionale du systŠme: fr;Fran‡ais (France)
    ParamŠtres r‚gionaux d'entr‚eÿ: fr;Fran‡ais (France)
    Fuseau horaire: N/D
    M‚moire physique totale: 2ÿ046 Mo
    M‚moire physique disponible: 1ÿ353 Mo
    M‚moire virtuelle : taille maximale: 2ÿ048 Mo
    M‚moire virtuelle : disponible: 2ÿ006 Mo
    M‚moire virtuelle : en cours d'utilisation: 42 Mo
    Emplacements des fichiers d'‚change: C:\pagefile.sys
    Domaine: HOME
    Serveur d'ouverture de session: \\PCFABRICE
    Correctif(s): 186 Corrections install‚es.
    [01]: File 1
    [02]: File 1
    [03]: File 1
    [04]: File 1
    [05]: File 1
    [06]: File 1
    [07]: File 1
    [08]: File 1
    [09]: File 1
    [10]: File 1
    [11]: File 1
    [12]: File 1
    [13]: File 1
    [14]: File 1
    [15]: File 1
    [16]: File 1
    [17]: File 1
    [18]: File 1
    [19]: File 1
    [20]: File 1
    [21]: File 1
    [22]: File 1
    [23]: File 1
    [24]: File 1
    [25]: File 1
    [26]: File 1
    [27]: File 1
    [28]: File 1
    [29]: File 1
    [30]: File 1
    [31]: File 1
    [32]: File 1
    [33]: File 1
    [34]: File 1
    [35]: File 1
    [36]: File 1
    [37]: File 1
    [38]: File 1
    [39]: File 1
    [40]: File 1
    [41]: File 1
    [42]: File 1
    [43]: File 1
    [44]: File 1
    [45]: File 1
    [46]: File 1
    [47]: File 1
    [48]: File 1
    [49]: File 1
    [50]: File 1
    [51]: File 1
    [52]: File 1
    [53]: File 1
    [54]: File 1
    [55]: File 1
    [56]: File 1
    [57]: File 1
    [58]: File 1
    [59]: File 1
    [60]: File 1
    [61]: File 1
    [62]: File 1
    [63]: File 1
    [64]: File 1
    [65]: File 1
    [66]: File 1
    [67]: File 1
    [68]: File 1
    [69]: File 1
    [70]: File 1
    [71]: File 1
    [72]: File 1
    [73]: File 1
    [74]: File 1
    [75]: File 1
    [76]: File 1
    [77]: File 1
    [78]: File 1
    [79]: File 1
    [80]: File 1
    [81]: File 1
    [82]: File 1
    [83]: File 1
    [84]: File 1
    [85]: File 1
    [86]: File 1
    [87]: File 1
    [88]: File 1
    [89]: File 1
    [90]: File 1
    [91]: File 1
    [92]: File 1
    [93]: File 1
    [94]: Q147222
    [95]: M886903 - Update
    [96]: S867460 - Update
    [97]: KB917283 - Update
    [98]: KB922770 - Update
    [99]: Q927978
    [100]: IDNMitigationAPIs
    [101]: NLSDownlevelMapping
    [102]: KB911565
    [103]: KB925398_WMP64
    [104]: MSCompPackV1 - Update
    [105]: KB885222
    [106]: KB890859
    [107]: KB893756
    [108]: KB893803v2
    [109]: KB894391
    [110]: KB896256 - Update
    [111]: KB896344 - Update
    [112]: KB896358
    [113]: KB896423
    [114]: KB896424
    [115]: KB896428
    [116]: KB896626
    [117]: KB897338
    [118]: KB897663
    [119]: KB898461
    [120]: KB899271
    [121]: KB899587
    [122]: KB899588
    [123]: KB899591
    [124]: KB900485
    [125]: KB900725
    [126]: KB901017
    [127]: KB901190
    [128]: KB901214
    [129]: KB902400
    [130]: KB903234
    [131]: KB904412
    [132]: KB904706
    [133]: KB904942
    [134]: KB905414
    [135]: KB905749
    [136]: KB906569
    [137]: KB907265
    [138]: KB907865
    [139]: KB908519
    [140]: KB908521
    [141]: KB908531
    [142]: KB909441
    [143]: KB910437
    [144]: KB911280
    [145]: KB911562
    [146]: KB911927
    [147]: KB912461
    [148]: KB912919
    [149]: KB913580
    [150]: KB914388
    [151]: KB914389
    [152]: KB914440
    [153]: KB914841
    [154]: KB915865
    [155]: KB916595
    [156]: KB916846
    [157]: KB917021
    [158]: KB917537
    [159]: KB917730
    [160]: KB918439
    [161]: KB919007
    [162]: KB920213 - Update
    [163]: KB920214
    [164]: KB920342
    [165]: KB920670
    [166]: KB920683
    [167]: KB920685
    [168]: KB920872
    [169]: KB921398
    [170]: KB922582
    [171]: KB922616
    [172]: KB922760
    [173]: KB922819
    [174]: KB923191
    [175]: KB923414
    [176]: KB923694
    [177]: KB923980
    [178]: KB924191
    [179]: KB924270
    [180]: KB924867
    [181]: KB925486
    [182]: KB926140
    [183]: KB926239 - Update
    [184]: KB926255
    [185]: KB928388 - Update
    [186]: KB929120
    Carte(s) r‚seau: 3 carte(s) r‚seau install‚e(s).
    [01]: Carte r‚seau 1394
    Nom de la connexion : Connexion 1394
    DHCP activ‚ : Oui
    Serveur DHCP : N/D
    Adresse(s) IP
    [02]: Pilote de serveur d'accŠs au r‚seau local Bluetooth
    Nom de la connexion : Connexion au r‚seau local
    tat : Support d‚connect‚
    [03]: Intel(R) PRO/Wireless 3945ABG Network Connection
    Nom de la connexion : Connexion r‚seau sans fil
    DHCP activ‚ : Oui
    Serveur DHCP : 192.168.1.1
    Adresse(s) IP
    [01] : 192.168.1.11

    Nom de l'image PIDÿ Nom de la sessio Num‚ro d Utilisation
    ========================= ====== ================ ======== ============
    System Idle Process 0 Console 0 16 Ko
    System 4 Console 0 220 Ko
    smss.exe 1140 Console 0 396 Ko
    csrss.exe 1252 Console 0 3ÿ060 Ko
    winlogon.exe 1380 Console 0 7ÿ952 Ko
    services.exe 1440 Console 0 3ÿ684 Ko
    lsass.exe 1452 Console 0 8ÿ296 Ko
    svchost.exe 1636 Console 0 5ÿ196 Ko
    svchost.exe 1684 Console 0 4ÿ520 Ko
    svchost.exe 1740 Console 0 27ÿ996 Ko
    btwdins.exe 1768 Console 0 2ÿ468 Ko
    EvtEng.exe 1828 Console 0 11ÿ824 Ko
    S24EvMon.exe 268 Console 0 10ÿ780 Ko
    svchost.exe 508 Console 0 5ÿ740 Ko
    svchost.exe 560 Console 0 3ÿ932 Ko
    WLTRYSVC.EXE 844 Console 0 1ÿ736 Ko
    BCMWLTRY.EXE 856 Console 0 7ÿ200 Ko
    spoolsv.exe 904 Console 0 6ÿ904 Ko
    sched.exe 1000 Console 0 388 Ko
    avguard.exe 1080 Console 0 13ÿ060 Ko
    mDNSResponder.exe 1124 Console 0 3ÿ536 Ko
    webstarterGS.exe 1200 Console 0 19ÿ840 Ko
    jqs.exe 1348 Console 0 1ÿ384 Ko
    GoogleCrashHandler.exe 1904 Console 0 544 Ko
    msftesql.exe 760 Console 0 4ÿ896 Ko
    sqlservr.exe 832 Console 0 2ÿ112 Ko
    sqlservr.exe 1588 Console 0 7ÿ060 Ko
    sqlservr.exe 148 Console 0 2ÿ112 Ko
    nvsvc32.exe 600 Console 0 4ÿ892 Ko
    RegSrvc.exe 1012 Console 0 3ÿ080 Ko
    sqlbrowser.exe 2160 Console 0 2ÿ360 Ko
    sqlwriter.exe 2252 Console 0 3ÿ572 Ko
    StarWindServiceAE.exe 2356 Console 0 3ÿ980 Ko
    svchost.exe 2428 Console 0 4ÿ336 Ko
    SUService.exe 2488 Console 0 11ÿ600 Ko
    TUProgSt.exe 3744 Console 0 5ÿ292 Ko
    tvtsched.exe 3808 Console 0 5ÿ788 Ko
    ULCDRSvr.exe 3924 Console 0 884 Ko
    wmiapsrv.exe 2344 Console 0 4ÿ508 Ko
    alg.exe 3244 Console 0 3ÿ600 Ko
    RTHDCPL.exe 1400 Console 0 19ÿ852 Ko
    WLTRAY.EXE 3564 Console 0 5ÿ676 Ko
    NielsenOnline.exe 3632 Console 0 10ÿ740 Ko
    avgnt.exe 3848 Console 0 2ÿ876 Ko
    NielsenOnline.exe 3896 Console 0 23ÿ008 Ko
    scheduler_proxy.exe 4044 Console 0 3ÿ552 Ko
    jusched.exe 2072 Console 0 2ÿ548 Ko
    BTTray.exe 2268 Console 0 7ÿ936 Ko
    soffice.exe 3088 Console 0 2ÿ240 Ko
    BTSTAC~1.EXE 3828 Console 0 8ÿ984 Ko
    soffice.bin 2900 Console 0 24ÿ308 Ko
    explorer.exe 2536 Console 0 40ÿ600 Ko
    notepad.exe 2868 Console 0 680 Ko
    chrome.exe 964 Console 0 14ÿ924 Ko
    chrome.exe 3456 Console 0 16ÿ972 Ko
    chrome.exe 2792 Console 0 27ÿ360 Ko
    chrome.exe 784 Console 0 31ÿ736 Ko
    chrome.exe 172 Console 0 4ÿ264 Ko
    chrome.exe 256 Console 0 25ÿ032 Ko
    List_Killem.exe 584 Console 0 6ÿ020 Ko
    cmd.exe 4052 Console 0 1ÿ796 Ko
    wmiprvse.exe 1312 Console 0 7ÿ940 Ko
    wmiprvse.exe 2564 Console 0 4ÿ756 Ko
    tasklist.exe 1320 Console 0 5ÿ364 Ko

    Infections :
    ==========

    ¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

    "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
    "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"
    "C:\WINDOWS\System32\prnjobs.vbs"
    C:\WINDOWS\System32\SET5B.tmp

    ¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

    ¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch :

    ALCMTR.EXE-01A7139B.pf
    ALG.EXE-275708CF.pf
    ATTRIB.CFXXE-1334C304.pf
    ATTRIB.CFXXE-2659F53E.pf
    ATTRIB.EXE-15ACDFFE.pf
    AVCENTER.EXE-0EE40991.pf
    AVGARKT.EXE-11059116.pf
    AVGNT.EXE-24287AD0.pf
    AVNOTIFY.EXE-05C5A637.pf
    AZMIXERSEL.EXE-0057985F.pf
    BTSTAC~1.EXE-1802E163.pf
    BTTRAY.EXE-3B352DC0.pf
    CATCHME.CFXXE-34F10BBC.pf
    CATCHME.TMP-1C9402FA.pf
    CF24440.EXE-09258DE4.pf
    CHCP.COM-17EDBDC9.pf
    CHROME.EXE-0BB6A59C.pf
    CMD.EXE-034B0549.pf
    CMD.EXECF-04239AFE.pf
    COMBOFIX-DOWNLOAD.CFXXE-2BE3D9AE.pf
    COMBOFIX.EXE-2A4865F4.pf
    CSCRIPT.EXE-0A13A05C.pf
    CTFMON.EXE-05E57A5E.pf
    DUMPHIVE.CFXXE-0FFD4E49.pf
    ERUNT.CFXXE-1101DA25.pf
    EXPLORER.EXE-02121B1A.pf
    EY5WCLMHI.EXE-0E44CCD9.pf
    F97VLWM3GC.EXE-001CCAD3.pf
    FINDSTR.CFXXE-128A9760.pf
    FOXITR~1.EXE-245B4279.pf
    FXUNPCPBVN.EXE-09ADE645.pf
    GOOGLECRASHHANDLER.EXE-010C3C76.pf
    GOOGLECRASHHANDLER.EXE-2FB258D9.pf
    GOOGLETOOLBARNOTIFIER.EXE-0047A1C5.pf
    GOOGLEUPDATE.EXE-06BA906D.pf
    GOOGLEUPDATE.EXE-160E1F62.pf
    GOOGLEUPDATERSERVICE.EXE-2F4A2F77.pf
    GRABIT.EXE-38E3753B.pf
    GREP.CFXXE-058D1CFD.pf
    GREP.CFXXE-1143901C.pf
    GREP.EXE-1C6A2624.pf
    GRPCONV.EXE-375690AD.pf
    GSAR.CFXXE-064080BD.pf
    GSAR.CFXXE-301E7415.pf
    GUARDGUI.EXE-0C9FDE58.pf
    HANDLE.CFXXE-1ABC4A3B.pf
    HIDEC.EXE-110154A1.pf
    HIDEC.EXE-2888B6D9.pf
    HIJACKTHIS.EXE-12EFA3B0.pf
    IEXPLORE.EXE-030260BF.pf
    IPCONFIG.EXE-05D7908C.pf
    JAVA.EXE-24B0B58D.pf
    JAVA.EXE-32FD225F.pf
    JUSCHED.EXE-04A13915.pf
    KTN.EXE-1C767721.pf
    Layout.ini
    LIST_KILLEM.EXE-166B939E.pf
    LOGONUI.EXE-312BE1BF.pf
    MODE.COM-318FFE37.pf
    MSFEEDSSYNC.EXE-05335A39.pf
    MSNMSGR.EXE-3744B6D8.pf
    MTEE.CFXXE-1381448E.pf
    N.PIF-2ACDD654.pf
    NIELSENONLINE.EXE-1C4869D3.pf
    NIRCMD.CFXXE-13FF818C.pf
    NIRCMD.CFXXE-258F36B6.pf
    NIRCMD.EXE-3789D3CC.pf
    NIRCMDB.EXE-1464644A.pf
    NIRCMDB.EXE-2F733B3E.pf
    NIRCMDC.CFXXE-1A723DB9.pf
    NIRCMDC.CFXXE-1EF93FDF.pf
    NOTEPAD.EXE-2F2D61E1.pf
    NPIPTOOL.EXE-1FB17EE5.pf
    NTOSBOOT-B00DFAAD.pf
    NWIZ.EXE-2D374245.pf
    OTM.EXE-2684D825.pf
    PDFILL.EXE-09A510C0.pf
    PDFILL_PDF_TOOLS.EXE-371C69B9.pf
    PEV.CFXXE-163A75C2.pf
    PEV.CFXXE-234F95B8.pf
    PEV.EXE-0AB51BE4.pf
    PEV.EXE-2D02605A.pf
    PING.EXE-30F9CA9D.pf
    PV.CFXXE-0E10E3CC.pf
    PV.CFXXE-22055E2E.pf
    QTTASK.EXE-1876A1A1.pf
    QUICKSTART.EXE-33E8A351.pf
    RE5057~1.SCR-37DBF517.pf
    REGEDIT.EXE-2AE3423E.pf
    REGT.CFXXE-1BAC62A7.pf
    ROOTER.EXE-15EF0051.pf
    RTHDCPL.EXE-005A6E31.pf
    RUNDLL32.EXE-3C500167.pf
    RUNDLL32.EXE-3F17F011.pf
    RUNDLL32.EXE-4853FA67.pf
    RUNDLL32.EXE-4D5D6CC3.pf
    RUNDLL32.EXE-4FF9832D.pf
    RUNDLL32.EXE-50E8D616.pf
    RUNDLL32.EXE-52381468.pf
    RUNDLL32.EXE-57C8756E.pf
    RUNDLL32.EXE-5F120771.pf
    RUNDLL32.EXE-60A59F38.pf
    RUNDLL32.EXE-6ACD0C83.pf
    RUNONCE.EXE-01CA3A2F.pf
    SCHEDULER_PROXY.EXE-13D010E5.pf
    SED.CFXXE-13206BAB.pf
    SED.CFXXE-26699FCF.pf
    SED.EXE-1EFB2ADD.pf
    SKYTEL.EXE-15B3DBDE.pf
    SNDVOL32.EXE-0EC6FD20.pf
    SOFFICE.BIN-091CC27D.pf
    SOFFICE.EXE-012D2D56.pf
    SORT.EXE-19728AC5.pf
    SPYBOTSD.EXE-1702AD5F.pf
    SWREG.CFXXE-2EA30468.pf
    SWREG.EXE-20DD5B9B.pf
    SWREG.EXE-2E6304DD.pf
    SWSC.CFXXE-1BF2C69F.pf
    SWXCACLS.CFXXE-082AB030.pf
    SWXCACLS.CFXXE-1399F302.pf
    TASKMGR.EXE-06144C13.pf
    TEATIMER.EXE-0390E8A7.pf
    THUNDERBIRD.EXE-1BF62657.pf
    UPDATE.EXE-2F5EF2F5.pf
    VERCLSID.EXE-28F52AD2.pf
    VLC.EXE-02F29DFD.pf
    WLTRAY.EXE-0D3A5A80.pf
    WMIPRVSE.EXE-0D449B4F.pf
    WUAUCLT.EXE-1360D60A.pf

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  10. Utilisateur anonyme
     
    Désinfection

    Ferme toutes tes fenetres(y compris internet et windows live messenger) , puis :

    ▶ Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),

    mais cette fois-ci :

    ▶ choisis l'option 2 = Mode Destruction

    laisse travailler l'outil

    ▶ colle le contenu du rapport qui s'ouvre
    **********************************************************************
    • Bonjour

    • Télécharge et installe : Malwarebyte’s Anti-Malware
    • (NB : S'il te manque"COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/
    • A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
    • Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
    • Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
    • Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
    • A la fin du scan, clique sur Afficher les résultats
    • Coche tous les éléments détectés puis clique sur Supprimer la sélection
    • Enregistre le rapport
    • S'il t'est demandé de redémarrer, clique sur Yes
    • Poste le rapport de scan après la suppression ici
    • Si tu as besoin d’aide regarde ce tutorial
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    0
  11. phabryss
     
    Infections :
    ==========

    ¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

    "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
    "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"
    "C:\WINDOWS\System32\prnjobs.vbs"

    ¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

    ¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch :

    Layout.ini
    NTOSBOOT-B00DFAAD.pf

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  12. phabryss
     
    Malwarebytes' Anti-Malware 1.40
    Version de la base de données: 2551
    Windows 5.1.2600 Service Pack 2

    06/09/2009 01:46:21
    mbam-log-2009-09-06 (01-46-21).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 257108
    Temps écoulé: 57 minute(s), 9 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  13. Utilisateur anonyme
     
    Bonjour

    • Télécharge : http://images.malwareremoval.com/random/RSIT.exe
    /!\ Important (Sous Vista) /!\
    Vous devez exécuter RSIT avec les droits d'administrateur, pour cela Clique droit sur RSIT et "Lancer en tant qu'administrateur"
    • Double clique sur RSIT.exe pour lancer l'outil.
    • Clique sur 'Continue' à l'écran Disclaimer.
    • Si l'outil Hijackthis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
    • Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports.
    ( C:\RSIT\log.txt et C:\RSIT\info.txt )
    • CTRL A pour sélectionner tout, CTRL C pour copier et puis CTRL V pour coller
    0
  14. phabryss
     
    et d'un :

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Fabrice at 2009-09-06 11:05:43
    Microsoft Windows XP Professionnel Service Pack 2
    System drive C: has 8 GB (8%) free of 109 GB
    Total RAM: 2046 MB (67% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:05:55, on 06/09/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\RCS\GSelector\WebStarterGS\WebStarterGS.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    c:\program files\lenovo\system update\suservice.exe
    C:\WINDOWS\System32\TUProgSt.exe
    C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
    C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\PROGRA~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Fabrice\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Fabrice\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Fabrice\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Fabrice\Mes documents\Downloads\RSIT.exe
    C:\Documents and Settings\Fabrice\Bureau\fichiers téléchargés\Fabrice.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-21-1644491937-1580818891-725345543-1005\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'GSelectorSQLAdmin')
    O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
    O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GSelectorWebService - Unknown owner - C:\Program Files\RCS\GSelector\WebStarterGS\WebStarterGS.exe
    O23 - Service: Service Google Update (gupdate1ca065363ad5965) (gupdate1ca065363ad5965) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe
    O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
    0
  15. Utilisateur anonyme
     
    • Rends toi sur le site https://www.virustotal.com/gui/
    analyses les deux dossiers
    • Clique sur Parcourir, et navigue jusqu'au fichier suivant et valide :
    c:\documents and settings\Fabrice\Application Data\GrabIt
    c:\documents and settings\Fabrice\Application Data\StumbleUpon
    • Clique sur "Envoyer le fichier" : s'il a déjà été analysé, demande une nouvelle analyse.
    • Fais un copier/coller du rapport sur le forum.
    0
  16. Utilisateur anonyme
     
    * Télécharge OtmoveIT (de Old_Timer) sur ton Bureau
    http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/ (de OldTimer) sur ton Bureau
    * Double-clique sur OTMoveIt.exe pour le lancer.
    * Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.
    * copie la liste en gras ci-dessous et colle la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.

    :processes
    explorer.exe

    :services
    autochk

    :files
    C:\WINDOWS\TEMP\fxunpcpbvn.exe
    c:\documents and settings\fabrice\protect.dll
    c:\windows\system32\autochk.dll

    :reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "autochk"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "autochk"=-


    :commands
    [emptytemp]
    [purity]
    [start explorer]
    [reboot]

    -----------------------------

    * clique sur MoveIt! pour lancer la suppression.
    * Le résultat apparaitra dans le cadre "Results".
    * Clique sur Exit pour fermer.
    * Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
    * Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
    0
  17. phabryss
     
    ========== PROCESSES ==========
    Process explorer.exe killed successfully!
    ========== SERVICES/DRIVERS ==========
    Service\Driver autochk not found.
    Service\Driver autochk not found.
    ========== FILES ==========
    File/Folder C:\WINDOWS\TEMP\fxunpcpbvn.exe not found.
    File/Folder c:\documents and settings\fabrice\protect.dll not found.
    File/Folder c:\windows\system32\autochk.dll not found.
    ========== REGISTRY ==========
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \Run not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\autochk not found.

    OTM by OldTimer - Version 3.0.0.6 log created on 09062009_153713
    0
  18. phabryss
     
    Après une dernière alerte de mon antivirus (antivir) cet après-midi, plus rien et mon pc fonctionne de nouveau normalement... apparemment tout est rentré dans l'ordre.

    Merci
    0