Sujet Précédent Sujet Suivant

Infection dnschanger heredis

dobedo -  
 dobedo -
Bonjour,

Mon pc, vista pack 2, avast est très lent et des prgs ne repondent plus:wmp 11, winamp. Trojan remover a trouvé un dnschanger. Je ne sais que faire et j'ai besoin d'aide. Je n'ai jamais utilisé hijackthis et je n'ai aucune connaissance. Merci pour votre aide et votre temps.
A voir également:

16 réponses

Réponse 1 / 16
Utilisateur anonyme
 
Bonsoir dobedo

Lances cet utilitaire de diagnostic stp,

Télécharge RSIT (de random/random) sur le bureau :

- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenu de log.txt plus info.txt (réduit ds la barre de taches) à la fin de l’analyse .

Les rapports sont dans le dossier ici C:\rsit
a+

0
Réponse 2 / 16
dobedo
 
Bonsoir archet9,

Je te remercie pour ta réponse, ton aide et ton temps.
Je te joins le rapport
0
Réponse 3 / 16
dobedo
 
Bonsoir archet9,

Je te remercie pour ta réponse, ton aide et le temps que tu m'accordes.
Un petit raté dans la transmission des infos...
Voilà les rapports que tu m'as demandé:Logfile of random's system information tool 1.06 (written by random/random)
Run by Philippe at 2009-10-07 21:11:59
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 46 GB (16%) free of 296 GB
Total RAM: 3069 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12:21, on 07/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ADOBE\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\ADOBE\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\uTorrent SpeedUp Pro\uTorrent SpeedUp Pro.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Philippe\Contacts\Desktop\RSIT.exe
C:\Program Files\trend micro\Philippe.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:7070
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: SBCONVERT - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: uTorrent SpeedUp Pro.lnk = C:\Program Files\uTorrent SpeedUp Pro\uTorrent SpeedUp Pro.exe
O4 - Startup: WD Anywhere Backup Launcher.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcproxy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcproxy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcproxy.dll
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.34,85.255.112.112
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.34,85.255.112.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34,85.255.112.112
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
O23 - Service: AmplusnetPrivacyTools - Unknown owner - C:\Windows\system32\AmplusnetPrivacyTools.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: EasyHideIP - Unknown owner - C:\Program Files\Easy-Hide-IP\services\EasyHideIp.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
0
Réponse 4 / 16
Utilisateur anonyme
 
Re,

Effectivement,plusieurs infections sur ton pc....

==> Il y aura donc plusieurs opérations à effectuer:

==> poste moi les rapports un par un .

-----------------------------------------------------------------

Impératif sous vista:

desactives tes comptes d'utilisateur:

http://www.zebulon.fr/astuces/220-desactiver-l-uac-dans-vista.htm

1)
[*]Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

[*] Déconnecte-toi et ferme toutes applications en cours

[*]Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
[*]Clique droit sur l'icône [AD-Remover située sur ton Bureau et choisis "Executer en tant qu' administrateur"
[*]Au menu principal, choisis l'option L.[*]Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure

2)
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
TOOLbar-s&d

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 2 (suppression). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)

3)
Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) :

SMITFRAUDFIX

- Enregistre-le sur le bureau

- Clique droit sur SmitfraudFix.exe et choisis "exécuter en tant qu'administrateur"
-Choisis l'option 5 puis "entrée"
- Un rapport sera généré, poste-le dans ta prochaine réponse.

[*] process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus.[*]

Postes le rapport généré....

4)
Fais un scan avec cet antispyware :
Telecharges Malwarebytes + tutoriel

Tu l´installes; mets le a jour...(onglet mise a jour)
Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
Puis click sur "rechercher".
Laisses le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "oui".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
Copies et colles le rapport stp.

Bon courage.....

a+

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 16
dobedo 1 Messages postés 7 Statut Membre
 
Bonjour archet9,

Merci pour ta réponse. Comme convenu, je te joins le rapport AD_R

.
======= RAPPORT D'AD-REMOVER 1.1.4.5_Y | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 08.10.2009 à 19:03
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 8:39:56, 09/10/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 2 v6.0.6002
Nom du PC: DOBEDO | Utilisateur actuel: Philippe
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.

HKCU\Software\Search Settings
HKLM\Software\Classes\SearchSettings.BHO
HKLM\Software\Classes\SearchSettings.BHO.1
HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook
HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1
HKLM\Software\Dealio
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Search Settings
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
.
C:\Users\Philippe\AppData\Roaming\Search Settings
C:\Users\Philippe\AppData\LocalLow\Search Settings
C:\Program Files\Search Settings
C:\Windows\Installer\a15c302.msi
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@ask[1].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@ask[2].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@conduit[2].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@eorezo[2].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@mir0.eorezo[1].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@mir1.eorezo[1].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@pacificpoker[1].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@partypoker[2].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@partypoker[3].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@rotator.adjuggler[2].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@search.conduit[1].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@search.conduit[2].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@search.conduit[4].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@search.conduit[5].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@search.conduit[6].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@search.conduit[7].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@storage.conduit[1].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@www.conduit[2].txt

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.3 [fr] *
.
Nom du profil: a0o6p0xr.default (Philippe)
.
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.1.3");
.
.
* Internet Explorer Version 8.0.6001.18813 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials ... ) ==============
.
C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2NNADEBN\[isoHunt] USB_Flash_Drive_Data_Recovery_v7.0_WinALL-cracked.5087287.TPB[1].torrent
C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\97RWGK6P\Super Internet TV Premium Edition v8.0+serial [mininova][1].torrent
C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PF944QKK\CyberLink PowerDVD 9.1719 Ultra Version Keygen [h33t] - CaZoR[1].torrent
C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SWBMPCZR\Kaspersky With Lifetime Patch (All Windows Versions) [FB92] [h33t] [mininova][1].torrent
C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Philippe\Downloads\Ashampoo Burning Studio 2009 v9.0.3.0 + Keygen [h33t] - CaZoR\Visit h33t.url
C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Philippe\Downloads\DAEMON Tools Pro Advanced Edition 4.10.0218 + Patch [h33t] [CaZoR]\h33t - CaZoR.url
C:\Users\Philippe\AppData\Local\Temp\PDF.Unlocker.v2.0.Cracked.zip [mininova].torrent
C:\Users\Philippe\AppData\Local\Temp\Super Internet TV Premium Edition v8.0+serial [mininova].torrent
C:\Users\Philippe\AppData\Roaming\uTorrent\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS].rar.torrent
C:\Users\Philippe\AppData\Roaming\uTorrent\Winamp.Pro.v5.552.Multi.langues + KeyGen.rar.torrent
C:\Users\Philippe\CrackDown Store\CrackDown.exe
C:\Users\Philippe\Documents\My Completed Downloads\Adobe_Acrobat_9_Pro_Patch.exe
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial.rar
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1.rar
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_.rar
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen_X-caleta_GranMaio.rar
C:\Users\Philippe\Documents\My Completed Downloads\HIDE_IP_PLATINUM_KEYGEN_hack_it_easy.rar
C:\Users\Philippe\Documents\My Completed Downloads\IDM_5.1.1Keygen.exe
C:\Users\Philippe\Documents\My Completed Downloads\keygen rapidshare.exe
C:\Users\Philippe\Documents\My Completed Downloads\KeyGen.PAtcher.Nero.9.ALL.Plugins.rar
C:\Users\Philippe\Documents\My Completed Downloads\Nero9.2.5.0Keygen.exe
C:\Users\Philippe\Documents\My Completed Downloads\Uniblue.Products.Universal.Keygen.v1.0.WinALL.Keygen.Only-BRD.rar
C:\Users\Philippe\Documents\My Completed Downloads\Usenext_Keygen_Account_Faker.rar
C:\Users\Philippe\Documents\My Completed Downloads\winamp.pro.with.keygen.rar
C:\Users\Philippe\Documents\My Completed Downloads\Winamp_Pro_5.xx_Keygen.rar
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen_X-caleta_GranMaio\Hide IP NG 1.29 + New Keygen X-caleta_GranMaio\hideipng.exe
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen_X-caleta_GranMaio\Hide IP NG 1.29 + New Keygen X-caleta_GranMaio\Keygen\Hide IP NG KeyGen Under SEH Team.exe
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen_X-caleta_GranMaio\Hide IP NG 1.29 + New Keygen X-caleta_GranMaio\Keygen\Under SEH Team.nfo
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_\Hide IP NG 1.29 + New Keygen (www.PirataMundo.com)\hideipng.exe
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_\Hide IP NG 1.29 + New Keygen (www.PirataMundo.com)\Mas Descargas.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_\Hide IP NG 1.29 + New Keygen (www.PirataMundo.com)\Keygen\Mas Descargas.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_\Hide IP NG 1.29 + New Keygen (www.PirataMundo.com)\Keygen\Under SEH Team.nfo
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\hideipng.exe
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\Take 2 minutes to read this.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\About cars.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\cours programmation.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\Download more torrents.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\download softwares.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\FREE GIFT FOR LOST FANS.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\listen anashid.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\Play games & wine gifts.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\hideipng.exe
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\Take 2 minutes to read this.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\About cars.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\cours programmation.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\Download more torrents.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\download softwares.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\FREE GIFT FOR LOST FANS.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\listen anashid.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\Play games & wine gifts.url
C:\Users\Philippe\Documents\My Completed Downloads\HIDE_IP_PLATINUM_KEYGEN_hack_it_easy\HIDE_IP_PLATINUM_KEYGEN@hack it easy\hideippla.exe
C:\Users\Philippe\Documents\My Completed Downloads\HIDE_IP_PLATINUM_KEYGEN_hack_it_easy\HIDE_IP_PLATINUM_KEYGEN@hack it easy\hideipplatinumv3keygen.exe
C:\Users\Philippe\Documents\My Completed Downloads\Usenext_Keygen_Account_Faker\Usenext Keygen Account Faker\Usenext Keygen Account Faker\UsenextKeygenAccountFaker_401564f.exe
C:\Users\Philippe\Documents\My Completed Downloads\Winamp_Pro_5.xx_Keygen\Winamp Pro 5.xx Keygen\Winamp Pro 5.xx Keygen.exe
C:\Users\Philippe\Downloads\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS].rar
C:\Users\Philippe\Downloads\Winamp.Pro.v5.552.Multi.langues + KeyGen.rar
C:\Users\Philippe\Downloads\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS]\wga.exe
C:\Users\Philippe\Downloads\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS]\wga2.exe
C:\Users\Philippe\Favorites\Documents\Dr. DivX 2006 pro\keygen.exe
C:\Users\Philippe\Favorites\Documents\HiSoft Crack Downloader v2.2 - Download Cracks Serials for any Software\HiSoft Crack Downloader v2.2 .rar
C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\More Hacking\A Cracking Tutorial\ED!SON.NFO
C:\Users\Philippe\Favorites\Documents\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Trojan Remover v6.7.9.2578.Incl.Crack by FFF.rar
C:\Users\Philippe\Favorites\Documents\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\trjsetup679.exe
C:\Users\Philippe\Favorites\Documents\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Crack\FFF.NFO
C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\Crack.rar
C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\FFF.NFO
C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\trjsetup678.exe
C:\Users\Philippe\Favorites\Documents\USB SONY\Crack_Downlaoder.rar
C:\Users\Philippe\Favorites\Documents\USB SONY\IDM.Internet.Download.Manager.v5.18+Patch_el-cangri_darksiderg.rar
C:\Users\Philippe\Favorites\Documents\UseNeXT\alt.binaries.warez\DVDFab Platinum 6.0.7.0 final multilanuage\Crack\DVDFab.exe
C:\Users\Philippe\Favorites\Links\File download Adobe Acrobat 9 Pro Patch .exe from Rapidshare.url
.
===================================
.
14632 Octet(s) - C:\Ad-Report-CLEAN[1].log
.
1230 Fichier(s) - C:\Users\Philippe\AppData\Local\Temp
1 Fichier(s) - C:\Windows\Temp
.
20 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
22 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 8:56:30 | 09/10/2009 - CLEAN[1]
.
============== E.O.F ==============
.
.
======= RAPPORT D'AD-REMOVER 1.1.4.5_Y | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 08.10.2009 à 19:03
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 8:39:56, 09/10/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 2 v6.0.6002
Nom du PC: DOBEDO | Utilisateur actuel: Philippe
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.

HKCU\Software\Search Settings
HKLM\Software\Classes\SearchSettings.BHO
HKLM\Software\Classes\SearchSettings.BHO.1
HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook
HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1
HKLM\Software\Dealio
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Search Settings
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
.
C:\Users\Philippe\AppData\Roaming\Search Settings
C:\Users\Philippe\AppData\LocalLow\Search Settings
C:\Program Files\Search Settings
C:\Windows\Installer\a15c302.msi
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@ask[1].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@ask[2].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@conduit[2].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@eorezo[2].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@mir0.eorezo[1].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@mir1.eorezo[1].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@pacificpoker[1].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@partypoker[2].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@partypoker[3].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@rotator.adjuggler[2].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@search.conduit[1].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@search.conduit[2].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@search.conduit[4].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@search.conduit[5].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@search.conduit[6].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@search.conduit[7].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@storage.conduit[1].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@www.conduit[2].txt

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.3 [fr] *
.
Nom du profil: a0o6p0xr.default (Philippe)
.
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.1.3");
.
.
* Internet Explorer Version 8.0.6001.18813 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials ... ) ==============
.
C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2NNADEBN\[isoHunt] USB_Flash_Drive_Data_Recovery_v7.0_WinALL-cracked.5087287.TPB[1].torrent
C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\97RWGK6P\Super Internet TV Premium Edition v8.0+serial [mininova][1].torrent
C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PF944QKK\CyberLink PowerDVD 9.1719 Ultra Version Keygen [h33t] - CaZoR[1].torrent
C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SWBMPCZR\Kaspersky With Lifetime Patch (All Windows Versions) [FB92] [h33t] [mininova][1].torrent
C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Philippe\Downloads\Ashampoo Burning Studio 2009 v9.0.3.0 + Keygen [h33t] - CaZoR\Visit h33t.url
C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Philippe\Downloads\DAEMON Tools Pro Advanced Edition 4.10.0218 + Patch [h33t] [CaZoR]\h33t - CaZoR.url
C:\Users\Philippe\AppData\Local\Temp\PDF.Unlocker.v2.0.Cracked.zip [mininova].torrent
C:\Users\Philippe\AppData\Local\Temp\Super Internet TV Premium Edition v8.0+serial [mininova].torrent
C:\Users\Philippe\AppData\Roaming\uTorrent\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS].rar.torrent
C:\Users\Philippe\AppData\Roaming\uTorrent\Winamp.Pro.v5.552.Multi.langues + KeyGen.rar.torrent
C:\Users\Philippe\CrackDown Store\CrackDown.exe
C:\Users\Philippe\Documents\My Completed Downloads\Adobe_Acrobat_9_Pro_Patch.exe
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial.rar
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1.rar
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_.rar
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen_X-caleta_GranMaio.rar
C:\Users\Philippe\Documents\My Completed Downloads\HIDE_IP_PLATINUM_KEYGEN_hack_it_easy.rar
C:\Users\Philippe\Documents\My Completed Downloads\IDM_5.1.1Keygen.exe
C:\Users\Philippe\Documents\My Completed Downloads\keygen rapidshare.exe
C:\Users\Philippe\Documents\My Completed Downloads\KeyGen.PAtcher.Nero.9.ALL.Plugins.rar
C:\Users\Philippe\Documents\My Completed Downloads\Nero9.2.5.0Keygen.exe
C:\Users\Philippe\Documents\My Completed Downloads\Uniblue.Products.Universal.Keygen.v1.0.WinALL.Keygen.Only-BRD.rar
C:\Users\Philippe\Documents\My Completed Downloads\Usenext_Keygen_Account_Faker.rar
C:\Users\Philippe\Documents\My Completed Downloads\winamp.pro.with.keygen.rar
C:\Users\Philippe\Documents\My Completed Downloads\Winamp_Pro_5.xx_Keygen.rar
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen_X-caleta_GranMaio\Hide IP NG 1.29 + New Keygen X-caleta_GranMaio\hideipng.exe
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen_X-caleta_GranMaio\Hide IP NG 1.29 + New Keygen X-caleta_GranMaio\Keygen\Hide IP NG KeyGen Under SEH Team.exe
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen_X-caleta_GranMaio\Hide IP NG 1.29 + New Keygen X-caleta_GranMaio\Keygen\Under SEH Team.nfo
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_\Hide IP NG 1.29 + New Keygen (www.PirataMundo.com)\hideipng.exe
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_\Hide IP NG 1.29 + New Keygen (www.PirataMundo.com)\Mas Descargas.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_\Hide IP NG 1.29 + New Keygen (www.PirataMundo.com)\Keygen\Mas Descargas.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_\Hide IP NG 1.29 + New Keygen (www.PirataMundo.com)\Keygen\Under SEH Team.nfo
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\hideipng.exe
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\Take 2 minutes to read this.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\About cars.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\cours programmation.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\Download more torrents.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\download softwares.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\FREE GIFT FOR LOST FANS.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\listen anashid.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\Play games & wine gifts.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\hideipng.exe
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\Take 2 minutes to read this.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\About cars.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\cours programmation.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\Download more torrents.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\download softwares.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\FREE GIFT FOR LOST FANS.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\listen anashid.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\Play games & wine gifts.url
C:\Users\Philippe\Documents\My Completed Downloads\HIDE_IP_PLATINUM_KEYGEN_hack_it_easy\HIDE_IP_PLATINUM_KEYGEN@hack it easy\hideippla.exe
C:\Users\Philippe\Documents\My Completed Downloads\HIDE_IP_PLATINUM_KEYGEN_hack_it_easy\HIDE_IP_PLATINUM_KEYGEN@hack it easy\hideipplatinumv3keygen.exe
C:\Users\Philippe\Documents\My Completed Downloads\Usenext_Keygen_Account_Faker\Usenext Keygen Account Faker\Usenext Keygen Account Faker\UsenextKeygenAccountFaker_401564f.exe
C:\Users\Philippe\Documents\My Completed Downloads\Winamp_Pro_5.xx_Keygen\Winamp Pro 5.xx Keygen\Winamp Pro 5.xx Keygen.exe
C:\Users\Philippe\Downloads\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS].rar
C:\Users\Philippe\Downloads\Winamp.Pro.v5.552.Multi.langues + KeyGen.rar
C:\Users\Philippe\Downloads\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS]\wga.exe
C:\Users\Philippe\Downloads\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS]\wga2.exe
C:\Users\Philippe\Favorites\Documents\Dr. DivX 2006 pro\keygen.exe
C:\Users\Philippe\Favorites\Documents\HiSoft Crack Downloader v2.2 - Download Cracks Serials for any Software\HiSoft Crack Downloader v2.2 .rar
C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\More Hacking\A Cracking Tutorial\ED!SON.NFO
C:\Users\Philippe\Favorites\Documents\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Trojan Remover v6.7.9.2578.Incl.Crack by FFF.rar
C:\Users\Philippe\Favorites\Documents\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\trjsetup679.exe
C:\Users\Philippe\Favorites\Documents\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Crack\FFF.NFO
C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\Crack.rar
C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\FFF.NFO
C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\trjsetup678.exe
C:\Users\Philippe\Favorites\Documents\USB SONY\Crack_Downlaoder.rar
C:\Users\Philippe\Favorites\Documents\USB SONY\IDM.Internet.Download.Manager.v5.18+Patch_el-cangri_darksiderg.rar
C:\Users\Philippe\Favorites\Documents\UseNeXT\alt.binaries.warez\DVDFab Platinum 6.0.7.0 final multilanuage\Crack\DVDFab.exe
C:\Users\Philippe\Favorites\Links\File download Adobe Acrobat 9 Pro Patch .exe from Rapidshare.url
.
===================================
.
14632 Octet(s) - C:\Ad-Report-CLEAN[1].log
.
1230 Fichier(s) - C:\Users\Philippe\AppData\Local\Temp
1 Fichier(s) - C:\Windows\Temp
.
20 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
22 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 8:56:30 | 09/10/2009 - CLEAN[1]
.
============== E.O.F ==============
.
0
Réponse 6 / 16
dobedo 1 Messages postés 7 Statut Membre
 
Bonjour archet9,

Je te remercie pour ton temps.
Voici le rapport ToolBarSD

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Turion(tm) X2 Ultra Dual-Core Mobile ZM-82 )
BIOS : Default System BIOS
USER : Philippe ( Not Administrator ! )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:288 Go (Free:34 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:1 Go)
E:\ (CD or DVD)
G:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 09/10/2009| 9:07 )

[ UAC => 0 ]
C:\Windows\iun6002.exe

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
Supprime! - C:\Program Files\DAEMON Tools Toolbar\Resources
Supprime! - C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Supprime! - C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
Supprime! - C:\Program Files\P2P_Energy\INSTALL.LOG
Supprime! - C:\Program Files\P2P_Energy\P2P_EnergyToolbarHelper.exe
Supprime! - C:\Program Files\P2P_Energy\tbP2P_.dll
Supprime! - C:\Program Files\P2P_Energy\toolbar.cfg
Supprime! - C:\Program Files\P2P_Energy\UNWISE.EXE
Supprime! - C:\Users\Philippe\FAVORI~1\Fast Torrent Search - Plentyoftorrents.com.url
Supprime! - C:\Windows\iun6002.exe
Supprime! - C:\Program Files\DAEMON Tools Toolbar
Supprime! - C:\Program Files\P2P_Energy

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_page_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_page_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search bar"="http://www.bing.com/spresults.aspx"

--------------------\\ Recherche d'autres infections

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.115.34,85.255.112.112
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.115.34,85.255.112.112
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.115.34,85.255.112.112
[b]==> WAREOUT <==/b

--------------------\\ Cracks & Keygens ..

C:\Users\Philippe\CrackDown Store
C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BU0MCKNP\crackspider_net[1].txt
C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PF944QKK\CyberLink PowerDVD 9.1719 Ultra Version Keygen [h33t] - CaZoR[1].torrent
C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T8UZCR9U\Adobe+Acrobat+Professional+9+3+0+Full+Version+with+Keygen[1].html
C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Philippe\Downloads\Ashampoo Burning Studio 2009 v9.0.3.0 + Keygen [h33t] - CaZoR
C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Philippe\Downloads\Ashampoo Burning Studio 2009 v9.0.3.0 + Keygen [h33t] - CaZoR\Visit h33t.url
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@www.keygen[2].txt
C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Recent\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS].lnk
C:\Users\Philippe\AppData\Roaming\uTorrent\Winamp.Pro.v5.552.Multi.langues + KeyGen.rar.torrent
C:\Users\Philippe\AppData\Roaming\uTorrent\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS].rar.torrent
C:\Users\Philippe\Contacts\Desktop\CrackDown - Raccourci.lnk
C:\Users\Philippe\Contacts\Desktop\CrackDown Store
C:\Users\Philippe\Contacts\Desktop\CrackDown Store(97)
C:\Users\Philippe\Contacts\Desktop\CrackDown Store\Desktop.ini
C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[adobe photoshop cs 4] Serials
C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[easy hide ip] Serials
C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[hide ip ng] Serials
C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[perfectdisk 10 pro] Serials
C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[photoshop cs 4] Serials
C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[photoshop elements] Serials
C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[trojan remover 6.7] Serials
C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[usb disk security] Serials
C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[adobe photoshop cs 4] Serials\['adobe photoshop cs 4'] SN.txt
C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[easy hide ip] Serials\['easy hide ip'] SN.txt
C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[hide ip ng] Serials\['hide ip ng'] SN.txt
C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[perfectdisk 10 pro] Serials\['perfectdisk 10 pro'] SN.txt
C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[photoshop cs 4] Serials\['photoshop cs 4'] SN.txt
C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[photoshop elements] Serials\['photoshop elements'] SN.txt
C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[trojan remover 6.7] Serials\['trojan remover 6.7'] SN.txt
C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[usb disk security] Serials\['usb disk security'] SN.txt
C:\Users\Philippe\CrackDown Store\CrackDown.exe
C:\Users\Philippe\Documents\My Completed Downloads\CyberLink PowerDVD 9.1719 Ultra Version Keygen [h33t] - CaZoR.torrent.dap
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen_X-caleta_GranMaio
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen_X-caleta_GranMaio.rar
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_.rar
C:\Users\Philippe\Documents\My Completed Downloads\HIDE_IP_PLATINUM_KEYGEN_hack_it_easy
C:\Users\Philippe\Documents\My Completed Downloads\HIDE_IP_PLATINUM_KEYGEN_hack_it_easy.rar
C:\Users\Philippe\Documents\My Completed Downloads\IDM_5.1.1Keygen.exe
C:\Users\Philippe\Documents\My Completed Downloads\keygen rapidshare.exe
C:\Users\Philippe\Documents\My Completed Downloads\KeyGen.PAtcher.Nero.9.ALL.Plugins.rar
C:\Users\Philippe\Documents\My Completed Downloads\Nero9.2.5.0Keygen.exe
C:\Users\Philippe\Documents\My Completed Downloads\Uniblue.Products.Universal.Keygen.v1.0.WinALL.Keygen.Only-BRD.rar
C:\Users\Philippe\Documents\My Completed Downloads\Usenext_Keygen_Account_Faker
C:\Users\Philippe\Documents\My Completed Downloads\Usenext_Keygen_Account_Faker.rar
C:\Users\Philippe\Documents\My Completed Downloads\winamp.pro.with.keygen.rar
C:\Users\Philippe\Documents\My Completed Downloads\Winamp_Pro_5.xx_Keygen
C:\Users\Philippe\Documents\My Completed Downloads\Winamp_Pro_5.xx_Keygen.rar
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen_X-caleta_GranMaio\Hide IP NG 1.29 + New Keygen X-caleta_GranMaio
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen_X-caleta_GranMaio\Hide IP NG 1.29 + New Keygen X-caleta_GranMaio\hideipng.exe
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen_X-caleta_GranMaio\Hide IP NG 1.29 + New Keygen X-caleta_GranMaio\Keygen
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen_X-caleta_GranMaio\Hide IP NG 1.29 + New Keygen X-caleta_GranMaio\Keygen\Hide IP NG KeyGen Under SEH Team.exe
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen_X-caleta_GranMaio\Hide IP NG 1.29 + New Keygen X-caleta_GranMaio\Keygen\Under SEH Team.nfo
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_\Hide IP NG 1.29 + New Keygen (www.PirataMundo.com)
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_\Hide IP NG 1.29 + New Keygen (www.PirataMundo.com)\hideipng.exe
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_\Hide IP NG 1.29 + New Keygen (www.PirataMundo.com)\Keygen
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_\Hide IP NG 1.29 + New Keygen (www.PirataMundo.com)\Mas Descargas.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_\Hide IP NG 1.29 + New Keygen (www.PirataMundo.com)\Keygen\Mas Descargas.url
C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_\Hide IP NG 1.29 + New Keygen (www.PirataMundo.com)\Keygen\Under SEH Team.nfo
C:\Users\Philippe\Documents\My Completed Downloads\HIDE_IP_PLATINUM_KEYGEN_hack_it_easy\HIDE_IP_PLATINUM_KEYGEN@hack it easy
C:\Users\Philippe\Documents\My Completed Downloads\HIDE_IP_PLATINUM_KEYGEN_hack_it_easy\HIDE_IP_PLATINUM_KEYGEN@hack it easy\for more cool stuff visit.txt
C:\Users\Philippe\Documents\My Completed Downloads\HIDE_IP_PLATINUM_KEYGEN_hack_it_easy\HIDE_IP_PLATINUM_KEYGEN@hack it easy\hideippla.exe
C:\Users\Philippe\Documents\My Completed Downloads\HIDE_IP_PLATINUM_KEYGEN_hack_it_easy\HIDE_IP_PLATINUM_KEYGEN@hack it easy\hideipplatinumv3keygen.exe
C:\Users\Philippe\Documents\My Completed Downloads\Usenext_Keygen_Account_Faker\Usenext Keygen Account Faker
C:\Users\Philippe\Documents\My Completed Downloads\Usenext_Keygen_Account_Faker\Usenext Keygen Account Faker\om jai jagdish-Lata.mp3
C:\Users\Philippe\Documents\My Completed Downloads\Usenext_Keygen_Account_Faker\Usenext Keygen Account Faker\read me.txt
C:\Users\Philippe\Documents\My Completed Downloads\Usenext_Keygen_Account_Faker\Usenext Keygen Account Faker\Usenext Keygen Account Faker
C:\Users\Philippe\Documents\My Completed Downloads\Usenext_Keygen_Account_Faker\Usenext Keygen Account Faker\Usenext Keygen Account Faker\FAQ.txt
C:\Users\Philippe\Documents\My Completed Downloads\Usenext_Keygen_Account_Faker\Usenext Keygen Account Faker\Usenext Keygen Account Faker\read me.txt
C:\Users\Philippe\Documents\My Completed Downloads\Usenext_Keygen_Account_Faker\Usenext Keygen Account Faker\Usenext Keygen Account Faker\UsenextKeygenAccountFaker_401564f.exe
C:\Users\Philippe\Documents\My Completed Downloads\Winamp_Pro_5.xx_Keygen\Winamp Pro 5.xx Keygen
C:\Users\Philippe\Documents\My Completed Downloads\Winamp_Pro_5.xx_Keygen\Winamp Pro 5.xx Keygen\dummy.bin
C:\Users\Philippe\Documents\My Completed Downloads\Winamp_Pro_5.xx_Keygen\Winamp Pro 5.xx Keygen\Winamp Pro 5.xx Keygen.exe
C:\Users\Philippe\Downloads\Winamp.Pro.v5.552.Multi.langues + KeyGen.rar
C:\Users\Philippe\Downloads\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS]
C:\Users\Philippe\Downloads\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS].rar
C:\Users\Philippe\Downloads\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS]\data2.set
C:\Users\Philippe\Downloads\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS]\GenXP.reg
C:\Users\Philippe\Downloads\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS]\install.bat
C:\Users\Philippe\Downloads\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS]\mmfs2.dll
C:\Users\Philippe\Downloads\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS]\README.txt
C:\Users\Philippe\Downloads\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS]\wga.exe
C:\Users\Philippe\Downloads\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS]\wga2.exe
C:\Users\Philippe\Favorites\Documents\CrackDown Store
C:\Users\Philippe\Favorites\Documents\HiSoft Crack Downloader v2.2 - Download Cracks Serials for any Software
C:\Users\Philippe\Favorites\Documents\Trojan Remover v6.7.9.2578.Incl.Crack by FFF
C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]
C:\Users\Philippe\Favorites\Documents\CrackDown Store\[adobe acrobat 9 pro extended 9.1.3] Serials
C:\Users\Philippe\Favorites\Documents\Dr. DivX 2006 pro\keygen.exe
C:\Users\Philippe\Favorites\Documents\Flight Simulator X Edition Pro Fr\Crack
C:\Users\Philippe\Favorites\Documents\Flight Simulator X Edition Pro Fr\Crack\api.dll
C:\Users\Philippe\Favorites\Documents\Flight Simulator X Edition Pro Fr\Crack\fsui.dll
C:\Users\Philippe\Favorites\Documents\Flight Simulator X Edition Pro Fr\Crack\main.dll
C:\Users\Philippe\Favorites\Documents\HiSoft Crack Downloader v2.2 - Download Cracks Serials for any Software\HiSoft Crack Downloader v2.2 .rar
C:\Users\Philippe\Favorites\Documents\HiSoft Crack Downloader v2.2 - Download Cracks Serials for any Software\tracked_by_h33t_com.txt
C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\Cracking Bios, use the followin' code.txt
C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\Cracking Zip Password Files.txt
C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\Debug, Learn how crack windows.txt
C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\Ebay Hackcracktip.txt
C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\Google Crack Search.txt
C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\How To Download Directly From Crackdb.com.txt
C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\Modify .exe Files And Crack A Program.txt
C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\200 Hacking Tutorials\A Cracking Tutorial
C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\200 Hacking Tutorials\Compression and Cracks for Dummies.txt
C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\200 Hacking Tutorials\Cracking Zip Password Files.txt
C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\200 Hacking Tutorials\Debug, Learn how crack windows.txt
C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\200 Hacking Tutorials\Ebay Hackcracktip.txt
C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\200 Hacking Tutorials\Google Crack Search.txt
C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\200 Hacking Tutorials\A Cracking Tutorial\C101-90.000
C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\200 Hacking Tutorials\A Cracking Tutorial\C101-90.001
C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\200 Hacking Tutorials\A Cracking Tutorial\C101-90.002
C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\200 Hacking Tutorials\A Cracking Tutorial\C101-90.003
C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\200 Hacking Tutorials\A Cracking Tutorial\C101-90.004
C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\More Hacking\A Cracking Tutorial
C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\More Hacking\Compression and Cracks for Dummies.txt
C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\More Hacking\The Cracking Manual.txt
C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\More Hacking\A Cracking Tutorial\C101-90.000
C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\More Hacking\A Cracking Tutorial\C101-90.001
C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\More Hacking\A Cracking Tutorial\C101-90.002
C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\More Hacking\A Cracking Tutorial\C101-90.003
C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\More Hacking\A Cracking Tutorial\C101-90.004
C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\More Hacking\A Cracking Tutorial\ED!SON.NFO
C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\Tutorials - blacksun.box.sk\novell\Novell Netware - Cracking Netware.htm
C:\Users\Philippe\Favorites\Documents\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Trojan Remover v6.7.9.2578.Incl.Crack by FFF
C:\Users\Philippe\Favorites\Documents\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Trojan Remover v6.7.9.2578.Incl.Crack by FFF.rar
C:\Users\Philippe\Favorites\Documents\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Crack
C:\Users\Philippe\Favorites\Documents\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\trjsetup679.exe
C:\Users\Philippe\Favorites\Documents\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Crack\FFF.NFO
C:\Users\Philippe\Favorites\Documents\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Crack\FILE_ID.DIZ
C:\Users\Philippe\Favorites\Documents\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Crack\rmt.dta
C:\Users\Philippe\Favorites\Documents\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Crack\vista_inst.bat
C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\Crack
C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\Crack.rar
C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\FFF.NFO
C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\MAMBO04T.png
C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\Screen.jpg
C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\trjsetup678.exe
C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\Crack\Crack
C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\Crack\Crack\FILE_ID.DIZ
C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\Crack\Crack\rmt.dta
C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\Crack\Crack\vista_inst.bat
C:\Users\Philippe\Favorites\Documents\USB SONY\Crack_Downlaoder.rar
C:\Users\Philippe\Favorites\Documents\UseNeXT\alt.binaries.warez\DVDFab Platinum 6.0.7.0 final multilanuage\Crack
C:\Users\Philippe\Favorites\Documents\UseNeXT\alt.binaries.warez\DVDFab Platinum 6.0.7.0 final multilanuage\Crack\DVDFab.exe
C:\Users\Philippe\Music\Annie Lennox\The Annie Lennox Collection[2009]\09. Pavement Cracks.wma
C:\Users\Philippe\Music\David Bowie - Complete Discography\--- Studio albums ---\1989 - Tin Machine\04 - Crack City.wma
C:\Users\Philippe\Music\Duran Duran\Albums\(1983) Seven and The Ragged Tiger\Tracks\Duran Duran (03) - (I'm Looking For) Cracks in the Pavement.wma
C:\Users\Philippe\Music\Rolling Stones\1977a - Love You Live 2\02 - Cracking Up.mp3
C:\Users\Philippe\Music\Spin Doctors\Pocket Full of Kryptonite [Import]\13 Stepped on a Crack.wma

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - 09/10/2009| 9:09 - Option : [2]

-----------\\ Fin du rapport a 9:09:23,58
0
Réponse 7 / 16
dobedo 1 Messages postés 7 Statut Membre
 
Bonjour archet9,

Je remercie pour ta bienveillance.
Voici le rapport SmitfraudFix

SmitFraudFix v2.424

Scan done at 9:14:32,53, 09/10/2009
Run from C:\Users\Philippe\Contacts\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6002] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix

Description: Realtek RTL8168C/8111C Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
DNS Server Search Order: 212.27.40.240
DNS Server Search Order: 212.27.40.241

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3F4CB240-55AF-48A3-9AD8-F962B07AFE93}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3F4CB240-55AF-48A3-9AD8-F962B07AFE93}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3F4CB240-55AF-48A3-9AD8-F962B07AFE93}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\..\{FC87090E-40BB-4CFC-81E2-8BB1326E83FA}: DhcpNameServer=212.27.40.241 212.27.40.242
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.115.34,85.255.112.112
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.115.34,85.255.112.112
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.242
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.115.34,85.255.112.112

»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix

Description: Realtek RTL8168C/8111C Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
DNS Server Search Order: 212.27.40.240
DNS Server Search Order: 212.27.40.241

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3F4CB240-55AF-48A3-9AD8-F962B07AFE93}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3F4CB240-55AF-48A3-9AD8-F962B07AFE93}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3F4CB240-55AF-48A3-9AD8-F962B07AFE93}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\..\{FC87090E-40BB-4CFC-81E2-8BB1326E83FA}: DhcpNameServer=212.27.40.241 212.27.40.242
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.115.34,85.255.112.112
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.115.34,85.255.112.112
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.242
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.115.34,85.255.112.112
0
Réponse 8 / 16
dobedo 1 Messages postés 7 Statut Membre
 
Bonjour archet9,

Je te remercie pour tes instructions. J'ai toujours préféré LSW à Dark Vador...Tu trouveras le dernier rapport que tu m'a demandé, celui de mbam, meilleur que trojan remover? Une question: qu'en est-il à présent?

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2928
Windows 6.0.6002 Service Pack 2

09/10/2009 09:31:27
mbam-log-2009-10-09 (09-31-27).txt

Type de recherche: Examen rapide
Eléments examinés: 94173
Temps écoulé: 7 minute(s), 14 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 27

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\totalvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegistryDoktorFrNE (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\totalvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Registry_Doktor 2009_is1 (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\totalvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msqpdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.34,85.255.112.112 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.34,85.255.112.112 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.34,85.255.112.112 -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\Registry_Doktor 4.1 (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\definitions (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\totalvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Registry_Doktor 4.1\Cl.exe (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\EngineAP.dll (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\RegistryDoktor.exe (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\ScheduleAP.txt (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\Task.dat (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\task.xml (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\unins000.dat (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\unins000.exe (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\definitions\200812.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\definitions\200901.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\definitions\200902.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\definitions\200903.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\definitions\200904.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\definitions\200905.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\definitions\20090601.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\definitions\20090602.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\definitions\20090603.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\definitions\20090706.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\definitions\20090714.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\definitions\20090721.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\definitions\20090729.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\definitions\20090805.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\definitions\20090819.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\definitions\20090901.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\Registry_Doktor 4.1\definitions\20090921.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
C:\Program Files\totalvid\Uninstall.exe.vir (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Registry Doktor 4.1.lnk (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.

J'ai lu, trop tard que Totalvid et Registry Doktor sont des S...ou des dark vador.
Prends soin de toi.
Dans l'attente de te lire,

Dobedo
0
Réponse 9 / 16
Utilisateur anonyme
 
Re.

Excuses pour le retard, mais boulot oblge je n'ai pas beaucoup de temps en ce moment....

==> Y'a deja eu un super gros ménage de fais !!!!!

Relances un tout nouveau RSIT afin de faire le point stp....

a+
0
Réponse 10 / 16
dobedo 1 Messages postés 7 Statut Membre
 
Bonjour archer9,

Je te remercie de ton mail et de ton aide.
J'ai un msg m'informant depuis plusieurs mois que Amplusnet Privacy Toolls a cessé de fonctionner. Je ne sais pas ce que c'est. Parfois, le pc se déconnecte tout seul du net. Sinon, gain au niveau de la rapidité. Merci.
Je te joins le dernier rapport rsit. Je te souhaite une bonne journée.

Dobedo

Logfile of random's system information tool 1.06 (written by random/random)
Run by Philippe at 2009-10-10 14:21:12
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 28 GB (9%) free of 296 GB
Total RAM: 3069 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:21:23, on 10/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ADOBE\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Program Files\ADOBE\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\uTorrent SpeedUp Pro\uTorrent SpeedUp Pro.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wermgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Philippe\Contacts\Desktop\RSIT.exe
C:\Program Files\trend micro\Philippe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:7070
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll (file missing)
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: SBCONVERT - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: uTorrent SpeedUp Pro.lnk = C:\Program Files\uTorrent SpeedUp Pro\uTorrent SpeedUp Pro.exe
O4 - Startup: WD Anywhere Backup Launcher.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcproxy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcproxy.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pcproxy.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
O23 - Service: AmplusnetPrivacyTools - Unknown owner - C:\Windows\system32\AmplusnetPrivacyTools.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: EasyHideIP - Unknown owner - C:\Program Files\Easy-Hide-IP\services\EasyHideIp.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
0
Réponse 11 / 16
Utilisateur anonyme
 
Re ,

Le pc a maintenant une plus fière allure...

La suite ds l'ordre stp:

Concernant ceci:

Amplusnet Privacy Toolls

Tapes "démarrer" (logo windows) puis ds la fenêtre "rechercher" tapes:

Amplusnet Privacy Toolls et par un clic droit supprimes tout ce que tu y trouves....

ENSUITE:

• Télécharge et installe UsbFix par Chiquitine29

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectés sans les ouvrir

• Double clic sur le raccourci UsbFix présent sur ton bureau .

• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

• Au second menu Choisis l'option " 2 " (suppression) et tape sur [entrée]

• Laisse travailler l'outil.

• Ensuite post le rapport UsbFix.txt qui apparaitra.

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

PUIS:

>Télécharge HiJackThis : https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
- Lance le programme, puis sélectionne < do a system scan only >
Et fix ces lignes:
Tuto : si problème : http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll
O4 - Startup: WD Anywhere Backup Launcher.lnk = ?
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - myBabylon English Toolbar - C:\Program Files\myBabylon_English\tbmyB0.dll [2009-05-20 2085400]
2009-09-24 07:52:32 ----A---- C:\Windows\system32\reg.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-17 39408]
"DownloadAccelerator"=C:\Program Files\DAP\DAP.EXE [2008-12-14 4664832]

*************

Pour finir saches que AVAST n'est plus considérer comme un AV digne de ce nom
car il n'est plus (ou très rarement mis à jour)

http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/avast-protege-sujet_44722_1.htm

==> Si tu souhaites en changer fais moi signe.

==> ENFIN:

J'ESPERE QUE LE PC VA MIEUX TOUT DE MEME ....!!!!

a+

0
Réponse 12 / 16
dobedo 1 Messages postés 7 Statut Membre
 
Bonjour archer9,

Merci pour ta réponse toujours limpide et tes conseils.
Comme convenu, je te joins le rapport UsbFix:

############################## | UsbFix V6.040 |

User : Philippe (Administrateurs) # DOBEDO
Update on 10/10/2009 by Chiquitine29, C_XX & Chimay8
Start at: 09:52:27 | 11/10/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

AMD Turion(tm) X2 Ultra Dual-Core Mobile ZM-82
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18813
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 288,86 Go (52,13 Go free) # NTFS
D:\ -> Disque fixe local # 9,23 Go (1,17 Go free) [HP_RECOVERY] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local # 52,95 Go (4,1 Go free) [Philippe 1] # NTFS
G:\ -> Disque CD-ROM
H:\ -> Disque fixe local # 931,51 Go (557,82 Go free) [WD 2] # NTFS
I:\ -> Disque amovible # 7,47 Go (42,84 Mo free) [USB SONY 8] # FAT32
J:\ -> Disque amovible # 3,77 Go (2,24 Go free) # NTFS
K:\ -> Disque fixe local # 2,93 Go (2,89 Go free) [PQSERVICE] # NTFS
L:\ -> Disque fixe local # 931,51 Go (35,71 Go free) [WD 1] # NTFS
M:\ -> Disque amovible # 7,53 Go (4,09 Go free) # NTFS

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\runonce.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Easy-Hide-IP\services\EasyHideIp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Easy-Hide-IP\services\EasyHideIP-Server2\Easy-Hide-IPS2.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Easy-Hide-IP\services\EasyHideIP-Server2\EasyHideIP-Server2.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Easy-Hide-IP\services\EasyHideIP-Server1\EasyHideIP-Server1.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Windows\system32\AmplusnetPrivacyTools.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WerCon.exe

################## | Fichiers # Dossiers infectieux |

Supprimé ! C:\autorun.inf
Supprimé ! D:\autorun.inf
Supprimé ! D:\desktop.ini
Supprimé ! D:\resycled
Supprimé ! F:\autorun.inf
Supprimé ! I:\autorun.inf
Supprimé ! I:\resycled
Supprimé ! L:\autorun.inf
Supprimé ! L:\resycled

################## | Registre # Clés Run infectieuses |

################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{f3520521-64af-11de-b7f7-00238b02877f}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[09/10/2009 08:56|--a------|14969] C:\Ad-Report-CLEAN[1].log
[09/10/2009 18:17|--a------|11939] C:\Ad-Report-CLEAN[2].log
[11/04/2009 08:36|-rahs----|333257] C:\bootmgr
[18/09/2006 23:43|--a------|10] C:\config.sys
[?|?|?] C:\hiberfil.sys
[27/02/2009 19:21|-rahs----|0] C:\IO.SYS
[03/11/2008 14:45|--ah-----|373] C:\IPH.PH
[27/02/2009 19:21|-rahs----|0] C:\MSDOS.SYS
[?|?|?] C:\pagefile.sys
[09/10/2009 18:23|--a------|1908] C:\rapport.txt
[05/07/2009 21:37|--a------|398] C:\Sys_LogWin.log
[09/10/2009 18:21|--a------|21608] C:\TB.txt
[11/10/2009 10:04|--a------|5080] C:\UsbFix.txt
[03/11/2008 14:42|---hs----|13] D:\BLOCK.RIN
[04/10/2006 00:02|---hs----|438328] D:\bootmgr
[03/11/2008 16:45|--ahs----|22] D:\HPCD.sys
[11/10/2009 10:03|--a------|46] D:\MASTER.LOG
[16/09/2002 15:37|---hs----|181898] D:\protect.chinese hong kong
[16/09/2002 15:37|---hs----|181916] D:\protect.chinese simplified
[16/09/2002 15:37|---hs----|181898] D:\protect.chinese traditional
[27/04/2006 17:19|---hs----|181865] D:\protect.czech
[03/11/2005 16:21|---hs----|181726] D:\protect.danish
[10/09/2002 14:56|---hs----|181605] D:\protect.dutch
[10/09/2002 14:50|---hs----|181651] D:\protect.ed
[22/11/2004 16:28|---hs----|181648] D:\protect.english
[03/11/2005 16:20|---hs----|181673] D:\protect.finnish
[03/11/2005 16:19|---hs----|181736] D:\protect.french
[03/11/2005 16:18|---hs----|181669] D:\protect.german
[23/11/2005 16:56|---hs----|182689] D:\protect.greek
[23/01/2006 10:18|---hs----|182605] D:\protect.hebrew
[28/08/2007 15:58|---hs----|181696] D:\protect.hungarian
[03/11/2005 16:17|---hs----|181554] D:\protect.italian
[19/06/2007 16:22|---hs----|182351] D:\protect.japanese
[24/11/2005 12:24|---hs----|218295] D:\protect.korean
[03/11/2005 16:15|---hs----|181578] D:\protect.norwegian
[25/04/2006 15:44|---hs----|181789] D:\protect.polish
[03/11/2005 16:13|---hs----|181624] D:\protect.portuguese
[27/10/2005 20:24|---hs----|181882] D:\protect.portuguese brazilian
[28/06/2004 09:52|---hs----|211936] D:\protect.russian
[03/11/2005 16:11|---hs----|181586] D:\protect.spanish
[10/09/2002 15:15|---hs----|181602] D:\protect.swedish
[12/08/2003 11:37|---hs----|181783] D:\protect.turkish
[03/11/2008 15:35|-r-hs----|26] D:\RCBoot.sys
[28/03/2009 21:55|--ah-----|4096] I:\._.Trashes
[11/09/2009 19:25|--ah-----|15364] I:\.DS_Store
[02/10/2009 19:13|--a------|982546] I:\USB Disk Security + Serial.rar
[05/10/2009 17:50|--a------|2186743598] I:\La Chute.avi
[02/10/2009 11:19|--a------|14938480] I:\IE8-WindowsVista-x86-FRA.exe
[02/10/2009 19:01|--a------|14320658] I:\Serial Box [10.2009] [MAC] + iSerial Reader [v2.0.7] + SerialSeeker [v1.3.1 (A4)] [MAC] [Universal] [CodeTempest].zip
[06/10/2009 14:39|--a------|735555584] I:\Coco.Avant.Chanel.REPACK.1CD.FRENCH.DVDRip.XviD-GKS.avi
[09/10/2008 16:11|---hs----|2070] I:\AlbumArt_{4CBEE38B-3091-438D-8D63-A1C181B2E3CB}_Small.jpg
[09/10/2008 16:12|---hs----|8049] I:\AlbumArt_{4CBEE38B-3091-438D-8D63-A1C181B2E3CB}_Large.jpg
[09/10/2008 16:12|---hs----|2730] I:\AlbumArt_{BC94D9E4-92C5-4C60-B772-0B2DAB5D8CAA}_Small.jpg
[09/10/2008 16:14|---hs----|11380] I:\AlbumArt_{BC94D9E4-92C5-4C60-B772-0B2DAB5D8CAA}_Large.jpg
[09/10/2008 16:50|---hs----|3529] I:\AlbumArt_{469D093C-9EA2-427D-87C6-6FC427303D26}_Small.jpg
[09/10/2008 16:52|---hs----|15396] I:\AlbumArt_{469D093C-9EA2-427D-87C6-6FC427303D26}_Large.jpg
[09/10/2008 17:08|---hs----|2509] I:\AlbumArt_{67AFC532-030A-468D-B774-61680B339911}_Small.jpg
[09/10/2008 17:19|---hs----|10755] I:\AlbumArt_{67AFC532-030A-468D-B774-61680B339911}_Large.jpg
[22/07/2009 09:24|--a------|20862] J:\224px-Pongo_pygmaeus_%28orangutang%29.jpg
[07/01/2009 10:47|--a------|29506] J:\AA_CH_SIGN_BNP.pdf
[08/10/2009 20:44|--a------|1156764] J:\AD-R.exe
[05/01/2009 11:09|--a------|1860842] J:\Des Hommes en Fuite.pdf
[16/12/2008 17:09|--a------|2087921] J:\fdminst-lite.exe
[16/12/2008 16:41|--a------|5871877] J:\fdminst.exe
[22/07/2009 09:39|--a------|2451456] J:\grippe A et vaccin (Bickel).pps
[08/10/2009 20:48|--a------|4045528] J:\mbam-setup.exe
[05/01/2009 21:49|--a------|712844] J:\MD5Checksum.exe
[04/01/2009 20:53|--a------|29769] J:\MediaCoder-0.6.2.4230.exe
[22/07/2009 09:38|--a------|884561] J:\MiniCV-ADESuresnes.pdf
[22/07/2009 09:41|--a------|19456] J:\permission_sortie_femme.doc
[22/07/2009 09:41|--a------|35376] J:\permission_sortie_mari.doc
[22/07/2009 09:37|--a------|182302] J:\Playmobil.pdf
[16/12/2008 17:40|--a------|6696486] J:\Setup_FreeConverter.exe
[08/10/2009 20:45|--a------|1872472] J:\SmitfraudFix.exe
[08/10/2009 20:44|--a------|343020] J:\ToolBarSD.exe
[25/01/2009 15:06|--a------|733939712] J:\Truands.avi
[30/11/2008 17:11|--a------|579814] J:\Un Clown Lyrique janvier 2008.mht
[22/07/2009 09:36|--a------|590766] J:\untitled 1.bmp
[22/07/2009 09:36|--a------|411454] J:\untitled 1bis.bmp
[22/07/2009 09:35|--a------|709174] J:\untitled.bmp
[06/01/2009 17:47|--a------|22107298] J:\videoconvertersetup.exe
[24/12/2008 00:11|-ra------|528] L:\MediaID.bin

################## | Vaccination |

# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
# F:\autorun.inf -> Folder created by UsbFix.
# H:\autorun.inf -> Folder created by UsbFix.
# I:\autorun.inf -> Folder created by UsbFix.
# J:\autorun.inf -> Folder created by UsbFix.
# K:\autorun.inf -> Folder created by UsbFix.
# L:\autorun.inf -> Folder created by UsbFix.
# M:\autorun.inf -> Folder created by UsbFix.

############################## | UsbFix V6.040 |

User : Philippe (Administrateurs) # DOBEDO
Update on 10/10/2009 by Chiquitine29, C_XX & Chimay8
Start at: 09:52:27 | 11/10/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

AMD Turion(tm) X2 Ultra Dual-Core Mobile ZM-82
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18813
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 288,86 Go (52,13 Go free) # NTFS
D:\ -> Disque fixe local # 9,23 Go (1,17 Go free) [HP_RECOVERY] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local # 52,95 Go (4,1 Go free) [Philippe 1] # NTFS
G:\ -> Disque CD-ROM
H:\ -> Disque fixe local # 931,51 Go (557,82 Go free) [WD 2] # NTFS
I:\ -> Disque amovible # 7,47 Go (42,84 Mo free) [USB SONY 8] # FAT32
J:\ -> Disque amovible # 3,77 Go (2,24 Go free) # NTFS
K:\ -> Disque fixe local # 2,93 Go (2,89 Go free) [PQSERVICE] # NTFS
L:\ -> Disque fixe local # 931,51 Go (35,71 Go free) [WD 1] # NTFS
M:\ -> Disque amovible # 7,53 Go (4,09 Go free) # NTFS

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\runonce.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Easy-Hide-IP\services\EasyHideIp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Easy-Hide-IP\services\EasyHideIP-Server2\Easy-Hide-IPS2.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Easy-Hide-IP\services\EasyHideIP-Server2\EasyHideIP-Server2.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Easy-Hide-IP\services\EasyHideIP-Server1\EasyHideIP-Server1.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Windows\system32\AmplusnetPrivacyTools.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WerCon.exe

################## | Fichiers # Dossiers infectieux |

Supprimé ! C:\autorun.inf
Supprimé ! D:\autorun.inf
Supprimé ! D:\desktop.ini
Supprimé ! D:\resycled
Supprimé ! F:\autorun.inf
Supprimé ! I:\autorun.inf
Supprimé ! I:\resycled
Supprimé ! L:\autorun.inf
Supprimé ! L:\resycled

################## | Registre # Clés Run infectieuses |

################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{f3520521-64af-11de-b7f7-00238b02877f}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[09/10/2009 08:56|--a------|14969] C:\Ad-Report-CLEAN[1].log
[09/10/2009 18:17|--a------|11939] C:\Ad-Report-CLEAN[2].log
[11/04/2009 08:36|-rahs----|333257] C:\bootmgr
[18/09/2006 23:43|--a------|10] C:\config.sys
[?|?|?] C:\hiberfil.sys
[27/02/2009 19:21|-rahs----|0] C:\IO.SYS
[03/11/2008 14:45|--ah-----|373] C:\IPH.PH
[27/02/2009 19:21|-rahs----|0] C:\MSDOS.SYS
[?|?|?] C:\pagefile.sys
[09/10/2009 18:23|--a------|1908] C:\rapport.txt
[05/07/2009 21:37|--a------|398] C:\Sys_LogWin.log
[09/10/2009 18:21|--a------|21608] C:\TB.txt
[11/10/2009 10:04|--a------|5080] C:\UsbFix.txt
[03/11/2008 14:42|---hs----|13] D:\BLOCK.RIN
[04/10/2006 00:02|---hs----|438328] D:\bootmgr
[03/11/2008 16:45|--ahs----|22] D:\HPCD.sys
[11/10/2009 10:03|--a------|46] D:\MASTER.LOG
[16/09/2002 15:37|---hs----|181898] D:\protect.chinese hong kong
[16/09/2002 15:37|---hs----|181916] D:\protect.chinese simplified
[16/09/2002 15:37|---hs----|181898] D:\protect.chinese traditional
[27/04/2006 17:19|---hs----|181865] D:\protect.czech
[03/11/2005 16:21|---hs----|181726] D:\protect.danish
[10/09/2002 14:56|---hs----|181605] D:\protect.dutch
[10/09/2002 14:50|---hs----|181651] D:\protect.ed
[22/11/2004 16:28|---hs----|181648] D:\protect.english
[03/11/2005 16:20|---hs----|181673] D:\protect.finnish
[03/11/2005 16:19|---hs----|181736] D:\protect.french
[03/11/2005 16:18|---hs----|181669] D:\protect.german
[23/11/2005 16:56|---hs----|182689] D:\protect.greek
[23/01/2006 10:18|---hs----|182605] D:\protect.hebrew
[28/08/2007 15:58|---hs----|181696] D:\protect.hungarian
[03/11/2005 16:17|---hs----|181554] D:\protect.italian
[19/06/2007 16:22|---hs----|182351] D:\protect.japanese
[24/11/2005 12:24|---hs----|218295] D:\protect.korean
[03/11/2005 16:15|---hs----|181578] D:\protect.norwegian
[25/04/2006 15:44|---hs----|181789] D:\protect.polish
[03/11/2005 16:13|---hs----|181624] D:\protect.portuguese
[27/10/2005 20:24|---hs----|181882] D:\protect.portuguese brazilian
[28/06/2004 09:52|---hs----|211936] D:\protect.russian
[03/11/2005 16:11|---hs----|181586] D:\protect.spanish
[10/09/2002 15:15|---hs----|181602] D:\protect.swedish
[12/08/2003 11:37|---hs----|181783] D:\protect.turkish
[03/11/2008 15:35|-r-hs----|26] D:\RCBoot.sys
[28/03/2009 21:55|--ah-----|4096] I:\._.Trashes
[11/09/2009 19:25|--ah-----|15364] I:\.DS_Store
[02/10/2009 19:13|--a------|982546] I:\USB Disk Security + Serial.rar
[05/10/2009 17:50|--a------|2186743598] I:\La Chute.avi
[02/10/2009 11:19|--a------|14938480] I:\IE8-WindowsVista-x86-FRA.exe
[02/10/2009 19:01|--a------|14320658] I:\Serial Box [10.2009] [MAC] + iSerial Reader [v2.0.7] + SerialSeeker [v1.3.1 (A4)] [MAC] [Universal] [CodeTempest].zip
[06/10/2009 14:39|--a------|735555584] I:\Coco.Avant.Chanel.REPACK.1CD.FRENCH.DVDRip.XviD-GKS.avi
[09/10/2008 16:11|---hs----|2070] I:\AlbumArt_{4CBEE38B-3091-438D-8D63-A1C181B2E3CB}_Small.jpg
[09/10/2008 16:12|---hs----|8049] I:\AlbumArt_{4CBEE38B-3091-438D-8D63-A1C181B2E3CB}_Large.jpg
[09/10/2008 16:12|---hs----|2730] I:\AlbumArt_{BC94D9E4-92C5-4C60-B772-0B2DAB5D8CAA}_Small.jpg
[09/10/2008 16:14|---hs----|11380] I:\AlbumArt_{BC94D9E4-92C5-4C60-B772-0B2DAB5D8CAA}_Large.jpg
[09/10/2008 16:50|---hs----|3529] I:\AlbumArt_{469D093C-9EA2-427D-87C6-6FC427303D26}_Small.jpg
[09/10/2008 16:52|---hs----|15396] I:\AlbumArt_{469D093C-9EA2-427D-87C6-6FC427303D26}_Large.jpg
[09/10/2008 17:08|---hs----|2509] I:\AlbumArt_{67AFC532-030A-468D-B774-61680B339911}_Small.jpg
[09/10/2008 17:19|---hs----|10755] I:\AlbumArt_{67AFC532-030A-468D-B774-61680B339911}_Large.jpg
[22/07/2009 09:24|--a------|20862] J:\224px-Pongo_pygmaeus_%28orangutang%29.jpg
[07/01/2009 10:47|--a------|29506] J:\AA_CH_SIGN_BNP.pdf
[08/10/2009 20:44|--a------|1156764] J:\AD-R.exe
[05/01/2009 11:09|--a------|1860842] J:\Des Hommes en Fuite.pdf
[16/12/2008 17:09|--a------|2087921] J:\fdminst-lite.exe
[16/12/2008 16:41|--a------|5871877] J:\fdminst.exe
[22/07/2009 09:39|--a------|2451456] J:\grippe A et vaccin (Bickel).pps
[08/10/2009 20:48|--a------|4045528] J:\mbam-setup.exe
[05/01/2009 21:49|--a------|712844] J:\MD5Checksum.exe
[04/01/2009 20:53|--a------|29769] J:\MediaCoder-0.6.2.4230.exe
[22/07/2009 09:38|--a------|884561] J:\MiniCV-ADESuresnes.pdf
[22/07/2009 09:41|--a------|19456] J:\permission_sortie_femme.doc
[22/07/2009 09:41|--a------|35376] J:\permission_sortie_mari.doc
[22/07/2009 09:37|--a------|182302] J:\Playmobil.pdf
[16/12/2008 17:40|--a------|6696486] J:\Setup_FreeConverter.exe
[08/10/2009 20:45|--a------|1872472] J:\SmitfraudFix.exe
[08/10/2009 20:44|--a------|343020] J:\ToolBarSD.exe
[25/01/2009 15:06|--a------|733939712] J:\Truands.avi
[30/11/2008 17:11|--a------|579814] J:\Un Clown Lyrique janvier 2008.mht
[22/07/2009 09:36|--a------|590766] J:\untitled 1.bmp
[22/07/2009 09:36|--a------|411454] J:\untitled 1bis.bmp
[22/07/2009 09:35|--a------|709174] J:\untitled.bmp
[06/01/2009 17:47|--a------|22107298] J:\videoconvertersetup.exe
[24/12/2008 00:11|-ra------|528] L:\MediaID.bin

################## | Vaccination |

# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
# F:\autorun.inf -> Folder created by UsbFix.
# H:\autorun.inf -> Folder created by UsbFix.
# I:\autorun.inf -> Folder created by UsbFix.
# J:\autorun.inf -> Folder created by UsbFix.
# K:\autorun.inf -> Folder created by UsbFix.
# L:\autorun.inf -> Folder created by UsbFix.
# M:\autorun.inf -> Folder created by UsbFix.

############################## | UsbFix V6.040 |

User : Philippe (Administrateurs) # DOBEDO
Update on 10/10/2009 by Chiquitine29, C_XX & Chimay8
Start at: 09:52:27 | 11/10/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

AMD Turion(tm) X2 Ultra Dual-Core Mobile ZM-82
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18813
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 288,86 Go (52,13 Go free) # NTFS
D:\ -> Disque fixe local # 9,23 Go (1,17 Go free) [HP_RECOVERY] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local # 52,95 Go (4,1 Go free) [Philippe 1] # NTFS
G:\ -> Disque CD-ROM
H:\ -> Disque fixe local # 931,51 Go (557,82 Go free) [WD 2] # NTFS
I:\ -> Disque amovible # 7,47 Go (42,84 Mo free) [USB SONY 8] # FAT32
J:\ -> Disque amovible # 3,77 Go (2,24 Go free) # NTFS
K:\ -> Disque fixe local # 2,93 Go (2,89 Go free) [PQSERVICE] # NTFS
L:\ -> Disque fixe local # 931,51 Go (35,71 Go free) [WD 1] # NTFS
M:\ -> Disque amovible # 7,53 Go (4,09 Go free) # NTFS

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\runonce.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Easy-Hide-IP\services\EasyHideIp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Easy-Hide-IP\services\EasyHideIP-Server2\Easy-Hide-IPS2.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Easy-Hide-IP\services\EasyHideIP-Server2\EasyHideIP-Server2.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Easy-Hide-IP\services\EasyHideIP-Server1\EasyHideIP-Server1.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Windows\system32\AmplusnetPrivacyTools.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WerCon.exe

################## | Fichiers # Dossiers infectieux |

Supprimé ! C:\autorun.inf
Supprimé ! D:\autorun.inf
Supprimé ! D:\desktop.ini
Supprimé ! D:\resycled
Supprimé ! F:\autorun.inf
Supprimé ! I:\autorun.inf
Supprimé ! I:\resycled
Supprimé ! L:\autorun.inf
Supprimé ! L:\resycled

################## | Registre # Clés Run infectieuses |

################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{f3520521-64af-11de-b7f7-00238b02877f}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[09/10/2009 08:56|--a------|14969] C:\Ad-Report-CLEAN[1].log
[09/10/2009 18:17|--a------|11939] C:\Ad-Report-CLEAN[2].log
[11/04/2009 08:36|-rahs----|333257] C:\bootmgr
[18/09/2006 23:43|--a------|10] C:\config.sys
[?|?|?] C:\hiberfil.sys
[27/02/2009 19:21|-rahs----|0] C:\IO.SYS
[03/11/2008 14:45|--ah-----|373] C:\IPH.PH
[27/02/2009 19:21|-rahs----|0] C:\MSDOS.SYS
[?|?|?] C:\pagefile.sys
[09/10/2009 18:23|--a------|1908] C:\rapport.txt
[05/07/2009 21:37|--a------|398] C:\Sys_LogWin.log
[09/10/2009 18:21|--a------|21608] C:\TB.txt
[11/10/2009 10:04|--a------|5080] C:\UsbFix.txt
[03/11/2008 14:42|---hs----|13] D:\BLOCK.RIN
[04/10/2006 00:02|---hs----|438328] D:\bootmgr
[03/11/2008 16:45|--ahs----|22] D:\HPCD.sys
[11/10/2009 10:03|--a------|46] D:\MASTER.LOG
[16/09/2002 15:37|---hs----|181898] D:\protect.chinese hong kong
[16/09/2002 15:37|---hs----|181916] D:\protect.chinese simplified
[16/09/2002 15:37|---hs----|181898] D:\protect.chinese traditional
[27/04/2006 17:19|---hs----|181865] D:\protect.czech
[03/11/2005 16:21|---hs----|181726] D:\protect.danish
[10/09/2002 14:56|---hs----|181605] D:\protect.dutch
[10/09/2002 14:50|---hs----|181651] D:\protect.ed
[22/11/2004 16:28|---hs----|181648] D:\protect.english
[03/11/2005 16:20|---hs----|181673] D:\protect.finnish
[03/11/2005 16:19|---hs----|181736] D:\protect.french
[03/11/2005 16:18|---hs----|181669] D:\protect.german
[23/11/2005 16:56|---hs----|182689] D:\protect.greek
[23/01/2006 10:18|---hs----|182605] D:\protect.hebrew
[28/08/2007 15:58|---hs----|181696] D:\protect.hungarian
[03/11/2005 16:17|---hs----|181554] D:\protect.italian
[19/06/2007 16:22|---hs----|182351] D:\protect.japanese
[24/11/2005 12:24|---hs----|218295] D:\protect.korean
[03/11/2005 16:15|---hs----|181578] D:\protect.norwegian
[25/04/2006 15:44|---hs----|181789] D:\protect.polish
[03/11/2005 16:13|---hs----|181624] D:\protect.portuguese
[27/10/2005 20:24|---hs----|181882] D:\protect.portuguese brazilian
[28/06/2004 09:52|---hs----|211936] D:\protect.russian
[03/11/2005 16:11|---hs----|181586] D:\protect.spanish
[10/09/2002 15:15|---hs----|181602] D:\protect.swedish
[12/08/2003 11:37|---hs----|181783] D:\protect.turkish
[03/11/2008 15:35|-r-hs----|26] D:\RCBoot.sys
[28/03/2009 21:55|--ah-----|4096] I:\._.Trashes
[11/09/2009 19:25|--ah-----|15364] I:\.DS_Store
[02/10/2009 19:13|--a------|982546] I:\USB Disk Security + Serial.rar
[05/10/2009 17:50|--a------|2186743598] I:\La Chute.avi
[02/10/2009 11:19|--a------|14938480] I:\IE8-WindowsVista-x86-FRA.exe
[02/10/2009 19:01|--a------|14320658] I:\Serial Box [10.2009] [MAC] + iSerial Reader [v2.0.7] + SerialSeeker [v1.3.1 (A4)] [MAC] [Universal] [CodeTempest].zip
[06/10/2009 14:39|--a------|735555584] I:\Coco.Avant.Chanel.REPACK.1CD.FRENCH.DVDRip.XviD-GKS.avi
[09/10/2008 16:11|---hs----|2070] I:\AlbumArt_{4CBEE38B-3091-438D-8D63-A1C181B2E3CB}_Small.jpg
[09/10/2008 16:12|---hs----|8049] I:\AlbumArt_{4CBEE38B-3091-438D-8D63-A1C181B2E3CB}_Large.jpg
[09/10/2008 16:12|---hs----|2730] I:\AlbumArt_{BC94D9E4-92C5-4C60-B772-0B2DAB5D8CAA}_Small.jpg
[09/10/2008 16:14|---hs----|11380] I:\AlbumArt_{BC94D9E4-92C5-4C60-B772-0B2DAB5D8CAA}_Large.jpg
[09/10/2008 16:50|---hs----|3529] I:\AlbumArt_{469D093C-9EA2-427D-87C6-6FC427303D26}_Small.jpg
[09/10/2008 16:52|---hs----|15396] I:\AlbumArt_{469D093C-9EA2-427D-87C6-6FC427303D26}_Large.jpg
[09/10/2008 17:08|---hs----|2509] I:\AlbumArt_{67AFC532-030A-468D-B774-61680B339911}_Small.jpg
[09/10/2008 17:19|---hs----|10755] I:\AlbumArt_{67AFC532-030A-468D-B774-61680B339911}_Large.jpg
[22/07/2009 09:24|--a------|20862] J:\224px-Pongo_pygmaeus_%28orangutang%29.jpg
[07/01/2009 10:47|--a------|29506] J:\AA_CH_SIGN_BNP.pdf
[08/10/2009 20:44|--a------|1156764] J:\AD-R.exe
[05/01/2009 11:09|--a------|1860842] J:\Des Hommes en Fuite.pdf
[16/12/2008 17:09|--a------|2087921] J:\fdminst-lite.exe
[16/12/2008 16:41|--a------|5871877] J:\fdminst.exe
[22/07/2009 09:39|--a------|2451456] J:\grippe A et vaccin (Bickel).pps
[08/10/2009 20:48|--a------|4045528] J:\mbam-setup.exe
[05/01/2009 21:49|--a------|712844] J:\MD5Checksum.exe
[04/01/2009 20:53|--a------|29769] J:\MediaCoder-0.6.2.4230.exe
[22/07/2009 09:38|--a------|884561] J:\MiniCV-ADESuresnes.pdf
[22/07/2009 09:41|--a------|19456] J:\permission_sortie_femme.doc
[22/07/2009 09:41|--a------|35376] J:\permission_sortie_mari.doc
[22/07/2009 09:37|--a------|182302] J:\Playmobil.pdf
[16/12/2008 17:40|--a------|6696486] J:\Setup_FreeConverter.exe
[08/10/2009 20:45|--a------|1872472] J:\SmitfraudFix.exe
[08/10/2009 20:44|--a------|343020] J:\ToolBarSD.exe
[25/01/2009 15:06|--a------|733939712] J:\Truands.avi
[30/11/2008 17:11|--a------|579814] J:\Un Clown Lyrique janvier 2008.mht
[22/07/2009 09:36|--a------|590766] J:\untitled 1.bmp
[22/07/2009 09:36|--a------|411454] J:\untitled 1bis.bmp
[22/07/2009 09:35|--a------|709174] J:\untitled.bmp
[06/01/2009 17:47|--a------|22107298] J:\videoconvertersetup.exe
[24/12/2008 00:11|-ra------|528] L:\MediaID.bin

################## | Vaccination |

# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.
# F:\autorun.inf -> Folder created by UsbFix.
# H:\autorun.inf -> Folder created by UsbFix.
# I:\autorun.inf -> Folder created by UsbFix.
# J:\autorun.inf -> Folder created by UsbFix.
# K:\autorun.inf -> Folder created by UsbFix.
# L:\autorun.inf -> Folder created by UsbFix.
# M:\autorun.inf -> Folder created by UsbFix.

Je fais les choses une après l'autre. Je reviens vers toi après hijakthis. Sinon, oui si il y a mieux qu'avast je suis preneur; le tout c'est de le désinstaller: ajout/supp prg suffit? J'attends ta réponse en te souhaitant un bon dimanche.

Dobedo
0
Réponse 13 / 16
Utilisateur anonyme
 
Bonjour et bon dimanche également...

Pour désinstaller avast proprement,sers toi de
cet utilitaire:
https://www.avast.com/fr-fr/uninstall-utility

Ensuite intalles ANTIVIR

a+
0
Réponse 14 / 16
dobedo 1 Messages postés 7 Statut Membre
 
Bonsoir archer9,

Merci pour tes réponses toujours claires et merka pour avira. Merci pour le lien avec le tuto; c'est, à présent, une autre présentation avec plus d'options sur la sécurité notement. As-tu des recomendations à ce sujet pour le configurer? Il est en effet plus performant qu'avast; il a trouvé des choses. J'ai désinstallé avast avant d'avoir lu ton mail donc pas proprement. Je me sers de mbam; comment désinstaller trojan remover proprement?
D'autre part, que dois-je faire des prgs installés sur le bureau que tu m'as demander d' installer? Comment pourrai-je les réutiliser si...je ne l'espère pas ou les désinstaller.
Je vais lancer un scan sur C pdt la nuit....et faire de beaux rêves.
Je veux te dire que je suis touché par ta bienveillance et ta disponibilité.

Bonne nuit,

Dobedo
0
Réponse 15 / 16
Utilisateur anonyme
  
As-tu des recomendations à ce sujet pour le configurer?

https://www.commentcamarche.net/faq/16831-tutoriel-configuration-optimale-d-antivir-personal

Ensuite seulement si tu n'as plus de problèmes:

Pour desinstaller les outils utilisés

Telecharge ToolsCleaner2--> http://pc-system.fr/
-Une fois téléchargé, installe-le et lance-le
-Clique sur Recherche et laisse le scan se terminer
-Clique sur SUPPRESSION
-Clique sur Quitter pour que le rapport puisse se créer
-Poste moi le rapport se trouvant ici--> C:\TCleaner.txt

puis

---> Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

* Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
* Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs tant de fois qu il en trouve a l analyse(Sauvegarde la base de registre).
* Décoche la case plus vieux que 48 h

TRES IMPORTANT:

---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger :
XP:
https://www.tayo.fr/desactiver-restauration-systeme-sur-windows-xp-tutoriel.php
VISTA:
https://www.tayo.fr/desactiver-restauration-windows-vista-tutoriel.php

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
https://www.vulgarisation-informatique.com/creer-point-restauration.php

a+

0
Réponse 16 / 16
dobedo
 
Bonjour archet9,

Je te remercie pour ta réponse. Je n'ai pas eu le temps d'appliquer tes instructions plus rapidement faute de temps.J'ai fini l'étape ccleaner. Je vais créer un point de restauration puis purger.
Je te joins le rapport demandé.

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\TB.txt: trouvé !
C:\UsbFix.txt: trouvé !
C:\Toolbar SD: trouvé !
C:\UsbFix: trouvé !
C:\Rsit: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Program Files\Ad-Remover\BACKUP\Ad-R.exe: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !
C:\Program Files\trend micro\HijackThis: trouvé !
C:\Program Files\trend micro\HijackThis\HijackThis.exe: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\Invité\Desktop\HijackThis.lnk: trouvé !
C:\Users\Philippe\Contacts\Desktop\Ad-R.exe: trouvé !
C:\Users\Philippe\Contacts\Desktop\ToolBarSD.exe: trouvé !
C:\Users\Philippe\Contacts\Desktop\UsbFix.exe: trouvé !
C:\Users\Philippe\Contacts\Desktop\Rsit.exe: trouvé !
C:\Users\Philippe\Contacts\Desktop\SmitFraudfix: trouvé !
C:\Users\Philippe\Desktop\HijackThis.lnk: trouvé !
C:\Users\Philippe\Downloads\HJTInstall.exe: trouvé !
C:\Users\Philippe\Downloads\UsbFix_Upload_Me_Dobedo\UsbFix_Upload_Me\UsbFix.txt: trouvé !

---------------------------------
--> Suppression:

C:\Program Files\Ad-Remover\BACKUP\Ad-R.exe: supprimé !
C:\Program Files\trend micro\HijackThis.exe: supprimé !
C:\Program Files\trend micro\HijackThis\HijackThis.exe: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Users\Invité\Desktop\HijackThis.lnk: supprimé !
C:\Users\Philippe\Contacts\Desktop\Ad-R.exe: supprimé !
C:\Users\Philippe\Contacts\Desktop\ToolBarSD.exe: supprimé !
C:\Users\Philippe\Desktop\HijackThis.lnk: supprimé !
C:\Users\Philippe\Downloads\HJTInstall.exe: supprimé !
C:\TB.txt: supprimé !
C:\UsbFix.txt: supprimé !
C:\Program Files\trend micro\hijackthis.log: supprimé !
C:\Users\Philippe\Contacts\Desktop\UsbFix.exe: supprimé !
C:\Users\Philippe\Contacts\Desktop\Rsit.exe: supprimé !
C:\Users\Philippe\Downloads\UsbFix_Upload_Me_Dobedo\UsbFix_Upload_Me\UsbFix.txt: supprimé !
C:\Toolbar SD: supprimé !
C:\UsbFix: supprimé !
C:\Rsit: supprimé !
C:\Program Files\Ad-remover: supprimé !
C:\Program Files\trend micro\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !
C:\Users\Philippe\Contacts\Desktop\SmitFraudfix: supprimé !

Qu'est-ce que cela donne?

A+,

dobedo
0

Discussions similaires

virus DNSChanger
a.richir -
Utilisateur anonyme -

41 réponses
chargement impossible
deprez -
Panth33ra -

1 réponse
problème heredis 8
roseliere -
Dani1 -

14 réponses
infection
gladiator1952 -
gladiator1952 -

6 réponses
Infection pc
Nanie24 -
Nanie24 -

22 réponses