Infection dnschanger heredis

dobedo -  
 dobedo -
Bonjour,

Mon pc, vista pack 2, avast est très lent et des prgs ne repondent plus:wmp 11, winamp. Trojan remover a trouvé un dnschanger. Je ne sais que faire et j'ai besoin d'aide. Je n'ai jamais utilisé hijackthis et je n'ai aucune connaissance. Merci pour votre aide et votre temps.
Configuration: Windows Vista
Firefox 3.5.3, IE et safari

16 réponses

  1. archet9
     
    Bonsoir dobedo

    Lances cet utilitaire de diagnostic stp,

    Télécharge RSIT (de random/random) sur le bureau :

    - Double clique sur RSIT.exe qui est sur le bureau
    - Clique sur Continue dans la fenêtre
    - RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
    - Poste le contenu de log.txt plus info.txt (réduit ds la barre de taches) à la fin de l’analyse .

    Les rapports sont dans le dossier ici C:\rsit
    a+

    0
  2. dobedo
     
    Bonsoir archet9,

    Je te remercie pour ta réponse, ton aide et ton temps.
    Je te joins le rapport
    0
  3. dobedo
     
    Bonsoir archet9,

    Je te remercie pour ta réponse, ton aide et le temps que tu m'accordes.
    Un petit raté dans la transmission des infos...
    Voilà les rapports que tu m'as demandé:Logfile of random's system information tool 1.06 (written by random/random)
    Run by Philippe at 2009-10-07 21:11:59
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
    System drive C: has 46 GB (16%) free of 296 GB
    Total RAM: 3069 MB (53% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:12:21, on 07/10/2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18813)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\ADOBE\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files\ADOBE\Photoshop Elements 6.0\apdproxy.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\USB Disk Security\USBGuard.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\uTorrent SpeedUp Pro\uTorrent SpeedUp Pro.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Users\Philippe\Contacts\Desktop\RSIT.exe
    C:\Program Files\trend micro\Philippe.exe
    C:\Windows\system32\SearchFilterHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:7070
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
    R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll
    R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
    O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
    O2 - BHO: SBCONVERT - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
    O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
    O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
    O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
    O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
    O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
    O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
    O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
    O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: uTorrent SpeedUp Pro.lnk = C:\Program Files\uTorrent SpeedUp Pro\uTorrent SpeedUp Pro.exe
    O4 - Startup: WD Anywhere Backup Launcher.lnk = ?
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
    O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
    O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\pcproxy.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\pcproxy.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\pcproxy.dll
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.34,85.255.112.112
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.34,85.255.112.112
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.34,85.255.112.112
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
    O23 - Service: AmplusnetPrivacyTools - Unknown owner - C:\Windows\system32\AmplusnetPrivacyTools.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: EasyHideIP - Unknown owner - C:\Program Files\Easy-Hide-IP\services\EasyHideIp.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
    O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
    O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
    0
  4. archet9
     
    Re,

    Effectivement,plusieurs infections sur ton pc....

    ==> Il y aura donc plusieurs opérations à effectuer:

    ==> poste moi les rapports un par un .

    -----------------------------------------------------------------

    Impératif sous vista:

    desactives tes comptes d'utilisateur:


    http://www.zebulon.fr/astuces/220-desactiver-l-uac-dans-vista.htm

    1)
    [*]Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

    [*] Déconnecte-toi et ferme toutes applications en cours

    [*]Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
    [*]Clique droit sur l'icône [AD-Remover située sur ton Bureau et choisis "Executer en tant qu' administrateur"
    [*]Au menu principal, choisis l'option L.[*]Poste le rapport qui apparaît à la fin.

    (Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)

    (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

    Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure

    2)
    Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
    TOOLbar-s&d

    * Lance l'installation du programme en exécutant le fichier téléchargé.
    * Double-clique maintenant sur le raccourci de Toolbar-S&D.
    * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    * Choisis maintenant l'option 2 (suppression). Patiente jusqu'à la fin de la recherche.
    * Poste le rapport généré. (C:\TB.txt)

    3)
    Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) :

    SMITFRAUDFIX

    - Enregistre-le sur le bureau

    - Clique droit sur SmitfraudFix.exe et choisis "exécuter en tant qu'administrateur"
    -Choisis l'option 5 puis "entrée"
    - Un rapport sera généré, poste-le dans ta prochaine réponse.

    [*] process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus.[*]

    Postes le rapport généré....

    4)
    Fais un scan avec cet antispyware :
    Telecharges Malwarebytes + tutoriel

    Tu l´installes; mets le a jour...(onglet mise a jour)
    Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
    Puis click sur "rechercher".
    Laisses le scanner le pc...
    Si des elements on ete trouvés > click sur supprimer la selection.
    si il t´es demandé de redemarrer > click sur "oui".
    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
    Copies et colles le rapport stp.

    Bon courage.....

    a+

    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. dobedo 1 Messages postés 7 Statut Membre
     
    Bonjour archet9,

    Merci pour ta réponse. Comme convenu, je te joins le rapport AD_R

    .
    ======= RAPPORT D'AD-REMOVER 1.1.4.5_Y | UNIQUEMENT XP/VISTA/7 =======
    .
    Mit à jour par C_XX le 08.10.2009 à 19:03
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 8:39:56, 09/10/2009 | Mode Normal | Option: CLEAN
    Exécuté de: C:\Program Files\Ad-Remover\
    Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 2 v6.0.6002
    Nom du PC: DOBEDO | Utilisateur actuel: Philippe
    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .

    HKCU\Software\Search Settings
    HKLM\Software\Classes\SearchSettings.BHO
    HKLM\Software\Classes\SearchSettings.BHO.1
    HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook
    HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1
    HKLM\Software\Dealio
    HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKLM\Software\Search Settings
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKCU\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
    HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
    .
    C:\Users\Philippe\AppData\Roaming\Search Settings
    C:\Users\Philippe\AppData\LocalLow\Search Settings
    C:\Program Files\Search Settings
    C:\Windows\Installer\a15c302.msi
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@ask[1].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@ask[2].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@conduit[2].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@eorezo[2].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@mir0.eorezo[1].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@mir1.eorezo[1].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@pacificpoker[1].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@partypoker[2].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@partypoker[3].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@rotator.adjuggler[2].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@search.conduit[1].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@search.conduit[2].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@search.conduit[4].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@search.conduit[5].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@search.conduit[6].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@search.conduit[7].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@storage.conduit[1].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@www.conduit[2].txt

    (!) -- Fichiers temporaires supprimés.

    .
    ============== Scan additionnel ==============
    .
    .
    * Mozilla FireFox Version 3.5.3 [fr] *
    .
    Nom du profil: a0o6p0xr.default (Philippe)
    .
    (Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.1.3");
    .
    .
    * Internet Explorer Version 8.0.6001.18813 *
    .
    [HKEY_CURRENT_USER\..\Internet Explorer\Main]
    .
    Start Page: hxxp://fr.msn.com/
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
    .
    Start Page: hxxp://fr.msn.com/
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Search bar: hxxp://search.msn.com/spbasic.htm
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    .
    ============== Suspect (Cracks, Serials ... ) ==============
    .
    C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2NNADEBN\[isoHunt] USB_Flash_Drive_Data_Recovery_v7.0_WinALL-cracked.5087287.TPB[1].torrent
    C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\97RWGK6P\Super Internet TV Premium Edition v8.0+serial [mininova][1].torrent
    C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PF944QKK\CyberLink PowerDVD 9.1719 Ultra Version Keygen [h33t] - CaZoR[1].torrent
    C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SWBMPCZR\Kaspersky With Lifetime Patch (All Windows Versions) [FB92] [h33t] [mininova][1].torrent
    C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Philippe\Downloads\Ashampoo Burning Studio 2009 v9.0.3.0 + Keygen [h33t] - CaZoR\Visit h33t.url
    C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Philippe\Downloads\DAEMON Tools Pro Advanced Edition 4.10.0218 + Patch [h33t] [CaZoR]\h33t - CaZoR.url
    C:\Users\Philippe\AppData\Local\Temp\PDF.Unlocker.v2.0.Cracked.zip [mininova].torrent
    C:\Users\Philippe\AppData\Local\Temp\Super Internet TV Premium Edition v8.0+serial [mininova].torrent
    C:\Users\Philippe\AppData\Roaming\uTorrent\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS].rar.torrent
    C:\Users\Philippe\AppData\Roaming\uTorrent\Winamp.Pro.v5.552.Multi.langues + KeyGen.rar.torrent
    C:\Users\Philippe\CrackDown Store\CrackDown.exe
    C:\Users\Philippe\Documents\My Completed Downloads\Adobe_Acrobat_9_Pro_Patch.exe
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial.rar
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1.rar
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_.rar
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen_X-caleta_GranMaio.rar
    C:\Users\Philippe\Documents\My Completed Downloads\HIDE_IP_PLATINUM_KEYGEN_hack_it_easy.rar
    C:\Users\Philippe\Documents\My Completed Downloads\IDM_5.1.1Keygen.exe
    C:\Users\Philippe\Documents\My Completed Downloads\keygen rapidshare.exe
    C:\Users\Philippe\Documents\My Completed Downloads\KeyGen.PAtcher.Nero.9.ALL.Plugins.rar
    C:\Users\Philippe\Documents\My Completed Downloads\Nero9.2.5.0Keygen.exe
    C:\Users\Philippe\Documents\My Completed Downloads\Uniblue.Products.Universal.Keygen.v1.0.WinALL.Keygen.Only-BRD.rar
    C:\Users\Philippe\Documents\My Completed Downloads\Usenext_Keygen_Account_Faker.rar
    C:\Users\Philippe\Documents\My Completed Downloads\winamp.pro.with.keygen.rar
    C:\Users\Philippe\Documents\My Completed Downloads\Winamp_Pro_5.xx_Keygen.rar
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen_X-caleta_GranMaio\Hide IP NG 1.29 + New Keygen X-caleta_GranMaio\hideipng.exe
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen_X-caleta_GranMaio\Hide IP NG 1.29 + New Keygen X-caleta_GranMaio\Keygen\Hide IP NG KeyGen Under SEH Team.exe
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen_X-caleta_GranMaio\Hide IP NG 1.29 + New Keygen X-caleta_GranMaio\Keygen\Under SEH Team.nfo
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_\Hide IP NG 1.29 + New Keygen (www.PirataMundo.com)\hideipng.exe
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_\Hide IP NG 1.29 + New Keygen (www.PirataMundo.com)\Mas Descargas.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_\Hide IP NG 1.29 + New Keygen (www.PirataMundo.com)\Keygen\Mas Descargas.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_\Hide IP NG 1.29 + New Keygen (www.PirataMundo.com)\Keygen\Under SEH Team.nfo
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\hideipng.exe
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\Take 2 minutes to read this.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\About cars.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\cours programmation.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\Download more torrents.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\download softwares.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\FREE GIFT FOR LOST FANS.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\listen anashid.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\Play games & wine gifts.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\hideipng.exe
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\Take 2 minutes to read this.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\About cars.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\cours programmation.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\Download more torrents.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\download softwares.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\FREE GIFT FOR LOST FANS.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\listen anashid.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\Play games & wine gifts.url
    C:\Users\Philippe\Documents\My Completed Downloads\HIDE_IP_PLATINUM_KEYGEN_hack_it_easy\HIDE_IP_PLATINUM_KEYGEN@hack it easy\hideippla.exe
    C:\Users\Philippe\Documents\My Completed Downloads\HIDE_IP_PLATINUM_KEYGEN_hack_it_easy\HIDE_IP_PLATINUM_KEYGEN@hack it easy\hideipplatinumv3keygen.exe
    C:\Users\Philippe\Documents\My Completed Downloads\Usenext_Keygen_Account_Faker\Usenext Keygen Account Faker\Usenext Keygen Account Faker\UsenextKeygenAccountFaker_401564f.exe
    C:\Users\Philippe\Documents\My Completed Downloads\Winamp_Pro_5.xx_Keygen\Winamp Pro 5.xx Keygen\Winamp Pro 5.xx Keygen.exe
    C:\Users\Philippe\Downloads\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS].rar
    C:\Users\Philippe\Downloads\Winamp.Pro.v5.552.Multi.langues + KeyGen.rar
    C:\Users\Philippe\Downloads\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS]\wga.exe
    C:\Users\Philippe\Downloads\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS]\wga2.exe
    C:\Users\Philippe\Favorites\Documents\Dr. DivX 2006 pro\keygen.exe
    C:\Users\Philippe\Favorites\Documents\HiSoft Crack Downloader v2.2 - Download Cracks Serials for any Software\HiSoft Crack Downloader v2.2 .rar
    C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\More Hacking\A Cracking Tutorial\ED!SON.NFO
    C:\Users\Philippe\Favorites\Documents\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Trojan Remover v6.7.9.2578.Incl.Crack by FFF.rar
    C:\Users\Philippe\Favorites\Documents\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\trjsetup679.exe
    C:\Users\Philippe\Favorites\Documents\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Crack\FFF.NFO
    C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\Crack.rar
    C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\FFF.NFO
    C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\trjsetup678.exe
    C:\Users\Philippe\Favorites\Documents\USB SONY\Crack_Downlaoder.rar
    C:\Users\Philippe\Favorites\Documents\USB SONY\IDM.Internet.Download.Manager.v5.18+Patch_el-cangri_darksiderg.rar
    C:\Users\Philippe\Favorites\Documents\UseNeXT\alt.binaries.warez\DVDFab Platinum 6.0.7.0 final multilanuage\Crack\DVDFab.exe
    C:\Users\Philippe\Favorites\Links\File download Adobe Acrobat 9 Pro Patch .exe from Rapidshare.url
    .
    ===================================
    .
    14632 Octet(s) - C:\Ad-Report-CLEAN[1].log
    .
    1230 Fichier(s) - C:\Users\Philippe\AppData\Local\Temp
    1 Fichier(s) - C:\Windows\Temp
    .
    20 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
    22 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
    .
    Fin à: 8:56:30 | 09/10/2009 - CLEAN[1]
    .
    ============== E.O.F ==============
    .
    .
    ======= RAPPORT D'AD-REMOVER 1.1.4.5_Y | UNIQUEMENT XP/VISTA/7 =======
    .
    Mit à jour par C_XX le 08.10.2009 à 19:03
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 8:39:56, 09/10/2009 | Mode Normal | Option: CLEAN
    Exécuté de: C:\Program Files\Ad-Remover\
    Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 2 v6.0.6002
    Nom du PC: DOBEDO | Utilisateur actuel: Philippe
    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .

    HKCU\Software\Search Settings
    HKLM\Software\Classes\SearchSettings.BHO
    HKLM\Software\Classes\SearchSettings.BHO.1
    HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook
    HKLM\Software\Classes\urlsearchhook.toolbarurlsearchhook.1
    HKLM\Software\Dealio
    HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKLM\Software\Search Settings
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKCU\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
    HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
    .
    C:\Users\Philippe\AppData\Roaming\Search Settings
    C:\Users\Philippe\AppData\LocalLow\Search Settings
    C:\Program Files\Search Settings
    C:\Windows\Installer\a15c302.msi
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@ask[1].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@ask[2].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@conduit[2].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@eorezo[2].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@mir0.eorezo[1].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@mir1.eorezo[1].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@pacificpoker[1].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@partypoker[2].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@partypoker[3].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@rotator.adjuggler[2].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@search.conduit[1].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@search.conduit[2].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@search.conduit[4].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@search.conduit[5].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@search.conduit[6].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@search.conduit[7].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@storage.conduit[1].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@www.conduit[2].txt

    (!) -- Fichiers temporaires supprimés.

    .
    ============== Scan additionnel ==============
    .
    .
    * Mozilla FireFox Version 3.5.3 [fr] *
    .
    Nom du profil: a0o6p0xr.default (Philippe)
    .
    (Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.1.3");
    .
    .
    * Internet Explorer Version 8.0.6001.18813 *
    .
    [HKEY_CURRENT_USER\..\Internet Explorer\Main]
    .
    Start Page: hxxp://fr.msn.com/
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
    .
    Start Page: hxxp://fr.msn.com/
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Search bar: hxxp://search.msn.com/spbasic.htm
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    .
    ============== Suspect (Cracks, Serials ... ) ==============
    .
    C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2NNADEBN\[isoHunt] USB_Flash_Drive_Data_Recovery_v7.0_WinALL-cracked.5087287.TPB[1].torrent
    C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\97RWGK6P\Super Internet TV Premium Edition v8.0+serial [mininova][1].torrent
    C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PF944QKK\CyberLink PowerDVD 9.1719 Ultra Version Keygen [h33t] - CaZoR[1].torrent
    C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SWBMPCZR\Kaspersky With Lifetime Patch (All Windows Versions) [FB92] [h33t] [mininova][1].torrent
    C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Philippe\Downloads\Ashampoo Burning Studio 2009 v9.0.3.0 + Keygen [h33t] - CaZoR\Visit h33t.url
    C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Philippe\Downloads\DAEMON Tools Pro Advanced Edition 4.10.0218 + Patch [h33t] [CaZoR]\h33t - CaZoR.url
    C:\Users\Philippe\AppData\Local\Temp\PDF.Unlocker.v2.0.Cracked.zip [mininova].torrent
    C:\Users\Philippe\AppData\Local\Temp\Super Internet TV Premium Edition v8.0+serial [mininova].torrent
    C:\Users\Philippe\AppData\Roaming\uTorrent\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS].rar.torrent
    C:\Users\Philippe\AppData\Roaming\uTorrent\Winamp.Pro.v5.552.Multi.langues + KeyGen.rar.torrent
    C:\Users\Philippe\CrackDown Store\CrackDown.exe
    C:\Users\Philippe\Documents\My Completed Downloads\Adobe_Acrobat_9_Pro_Patch.exe
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial.rar
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1.rar
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_.rar
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen_X-caleta_GranMaio.rar
    C:\Users\Philippe\Documents\My Completed Downloads\HIDE_IP_PLATINUM_KEYGEN_hack_it_easy.rar
    C:\Users\Philippe\Documents\My Completed Downloads\IDM_5.1.1Keygen.exe
    C:\Users\Philippe\Documents\My Completed Downloads\keygen rapidshare.exe
    C:\Users\Philippe\Documents\My Completed Downloads\KeyGen.PAtcher.Nero.9.ALL.Plugins.rar
    C:\Users\Philippe\Documents\My Completed Downloads\Nero9.2.5.0Keygen.exe
    C:\Users\Philippe\Documents\My Completed Downloads\Uniblue.Products.Universal.Keygen.v1.0.WinALL.Keygen.Only-BRD.rar
    C:\Users\Philippe\Documents\My Completed Downloads\Usenext_Keygen_Account_Faker.rar
    C:\Users\Philippe\Documents\My Completed Downloads\winamp.pro.with.keygen.rar
    C:\Users\Philippe\Documents\My Completed Downloads\Winamp_Pro_5.xx_Keygen.rar
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen_X-caleta_GranMaio\Hide IP NG 1.29 + New Keygen X-caleta_GranMaio\hideipng.exe
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen_X-caleta_GranMaio\Hide IP NG 1.29 + New Keygen X-caleta_GranMaio\Keygen\Hide IP NG KeyGen Under SEH Team.exe
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen_X-caleta_GranMaio\Hide IP NG 1.29 + New Keygen X-caleta_GranMaio\Keygen\Under SEH Team.nfo
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_\Hide IP NG 1.29 + New Keygen (www.PirataMundo.com)\hideipng.exe
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_\Hide IP NG 1.29 + New Keygen (www.PirataMundo.com)\Mas Descargas.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_\Hide IP NG 1.29 + New Keygen (www.PirataMundo.com)\Keygen\Mas Descargas.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_\Hide IP NG 1.29 + New Keygen (www.PirataMundo.com)\Keygen\Under SEH Team.nfo
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\hideipng.exe
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\Take 2 minutes to read this.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\About cars.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\cours programmation.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\Download more torrents.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\download softwares.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\FREE GIFT FOR LOST FANS.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\listen anashid.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\Play games & wine gifts.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\hideipng.exe
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\Take 2 minutes to read this.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\About cars.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\cours programmation.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\Download more torrents.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\download softwares.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\FREE GIFT FOR LOST FANS.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\listen anashid.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG__Next_Generation____serial_1\Hide IP NG (Next Generation) + serial\More Downloads & Additional Resources\Play games & wine gifts.url
    C:\Users\Philippe\Documents\My Completed Downloads\HIDE_IP_PLATINUM_KEYGEN_hack_it_easy\HIDE_IP_PLATINUM_KEYGEN@hack it easy\hideippla.exe
    C:\Users\Philippe\Documents\My Completed Downloads\HIDE_IP_PLATINUM_KEYGEN_hack_it_easy\HIDE_IP_PLATINUM_KEYGEN@hack it easy\hideipplatinumv3keygen.exe
    C:\Users\Philippe\Documents\My Completed Downloads\Usenext_Keygen_Account_Faker\Usenext Keygen Account Faker\Usenext Keygen Account Faker\UsenextKeygenAccountFaker_401564f.exe
    C:\Users\Philippe\Documents\My Completed Downloads\Winamp_Pro_5.xx_Keygen\Winamp Pro 5.xx Keygen\Winamp Pro 5.xx Keygen.exe
    C:\Users\Philippe\Downloads\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS].rar
    C:\Users\Philippe\Downloads\Winamp.Pro.v5.552.Multi.langues + KeyGen.rar
    C:\Users\Philippe\Downloads\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS]\wga.exe
    C:\Users\Philippe\Downloads\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS]\wga2.exe
    C:\Users\Philippe\Favorites\Documents\Dr. DivX 2006 pro\keygen.exe
    C:\Users\Philippe\Favorites\Documents\HiSoft Crack Downloader v2.2 - Download Cracks Serials for any Software\HiSoft Crack Downloader v2.2 .rar
    C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\More Hacking\A Cracking Tutorial\ED!SON.NFO
    C:\Users\Philippe\Favorites\Documents\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Trojan Remover v6.7.9.2578.Incl.Crack by FFF.rar
    C:\Users\Philippe\Favorites\Documents\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\trjsetup679.exe
    C:\Users\Philippe\Favorites\Documents\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Crack\FFF.NFO
    C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\Crack.rar
    C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\FFF.NFO
    C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\trjsetup678.exe
    C:\Users\Philippe\Favorites\Documents\USB SONY\Crack_Downlaoder.rar
    C:\Users\Philippe\Favorites\Documents\USB SONY\IDM.Internet.Download.Manager.v5.18+Patch_el-cangri_darksiderg.rar
    C:\Users\Philippe\Favorites\Documents\UseNeXT\alt.binaries.warez\DVDFab Platinum 6.0.7.0 final multilanuage\Crack\DVDFab.exe
    C:\Users\Philippe\Favorites\Links\File download Adobe Acrobat 9 Pro Patch .exe from Rapidshare.url
    .
    ===================================
    .
    14632 Octet(s) - C:\Ad-Report-CLEAN[1].log
    .
    1230 Fichier(s) - C:\Users\Philippe\AppData\Local\Temp
    1 Fichier(s) - C:\Windows\Temp
    .
    20 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
    22 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
    .
    Fin à: 8:56:30 | 09/10/2009 - CLEAN[1]
    .
    ============== E.O.F ==============
    .
    0
  7. dobedo 1 Messages postés 7 Statut Membre
     
    Bonjour archet9,

    Je te remercie pour ton temps.
    Voici le rapport ToolBarSD

    -----------\\ ToolBar S&D 1.2.9 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : AMD Turion(tm) X2 Ultra Dual-Core Mobile ZM-82 )
    BIOS : Default System BIOS
    USER : Philippe ( Not Administrator ! )
    BOOT : Normal boot
    C:\ (Local Disk) - NTFS - Total:288 Go (Free:34 Go)
    D:\ (Local Disk) - NTFS - Total:9 Go (Free:1 Go)
    E:\ (CD or DVD)
    G:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
    Option : [2] ( 09/10/2009| 9:07 )

    [ UAC => 0 ]
    C:\Windows\iun6002.exe

    -----------\\ SUPPRESSION

    Supprime! - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    Supprime! - C:\Program Files\DAEMON Tools Toolbar\Resources
    Supprime! - C:\Program Files\DAEMON Tools Toolbar\uninst.exe
    Supprime! - C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
    Supprime! - C:\Program Files\P2P_Energy\INSTALL.LOG
    Supprime! - C:\Program Files\P2P_Energy\P2P_EnergyToolbarHelper.exe
    Supprime! - C:\Program Files\P2P_Energy\tbP2P_.dll
    Supprime! - C:\Program Files\P2P_Energy\toolbar.cfg
    Supprime! - C:\Program Files\P2P_Energy\UNWISE.EXE
    Supprime! - C:\Users\Philippe\FAVORI~1\Fast Torrent Search - Plentyoftorrents.com.url
    Supprime! - C:\Windows\iun6002.exe
    Supprime! - C:\Program Files\DAEMON Tools Toolbar
    Supprime! - C:\Program Files\P2P_Energy

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://www.msn.com/fr-fr"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Default_page_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Search bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Url"="https://www.msn.com/fr-fr/actualite/"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://www.msn.com/fr-fr/"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Default_page_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Search bar"="http://www.bing.com/spresults.aspx"

    --------------------\\ Recherche d'autres infections

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
    NameServer REG_SZ 85.255.115.34,85.255.112.112
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters]
    NameServer REG_SZ 85.255.115.34,85.255.112.112
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
    NameServer REG_SZ 85.255.115.34,85.255.112.112
    [b]==> WAREOUT <==/b

    --------------------\\ Cracks & Keygens ..

    C:\Users\Philippe\CrackDown Store
    C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BU0MCKNP\crackspider_net[1].txt
    C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PF944QKK\CyberLink PowerDVD 9.1719 Ultra Version Keygen [h33t] - CaZoR[1].torrent
    C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T8UZCR9U\Adobe+Acrobat+Professional+9+3+0+Full+Version+with+Keygen[1].html
    C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Philippe\Downloads\Ashampoo Burning Studio 2009 v9.0.3.0 + Keygen [h33t] - CaZoR
    C:\Users\Philippe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Philippe\Downloads\Ashampoo Burning Studio 2009 v9.0.3.0 + Keygen [h33t] - CaZoR\Visit h33t.url
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Cookies\Low\philippe@www.keygen[2].txt
    C:\Users\Philippe\AppData\Roaming\Microsoft\Windows\Recent\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS].lnk
    C:\Users\Philippe\AppData\Roaming\uTorrent\Winamp.Pro.v5.552.Multi.langues + KeyGen.rar.torrent
    C:\Users\Philippe\AppData\Roaming\uTorrent\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS].rar.torrent
    C:\Users\Philippe\Contacts\Desktop\CrackDown - Raccourci.lnk
    C:\Users\Philippe\Contacts\Desktop\CrackDown Store
    C:\Users\Philippe\Contacts\Desktop\CrackDown Store(97)
    C:\Users\Philippe\Contacts\Desktop\CrackDown Store\Desktop.ini
    C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[adobe photoshop cs 4] Serials
    C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[easy hide ip] Serials
    C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[hide ip ng] Serials
    C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[perfectdisk 10 pro] Serials
    C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[photoshop cs 4] Serials
    C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[photoshop elements] Serials
    C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[trojan remover 6.7] Serials
    C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[usb disk security] Serials
    C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[adobe photoshop cs 4] Serials\['adobe photoshop cs 4'] SN.txt
    C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[easy hide ip] Serials\['easy hide ip'] SN.txt
    C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[hide ip ng] Serials\['hide ip ng'] SN.txt
    C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[perfectdisk 10 pro] Serials\['perfectdisk 10 pro'] SN.txt
    C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[photoshop cs 4] Serials\['photoshop cs 4'] SN.txt
    C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[photoshop elements] Serials\['photoshop elements'] SN.txt
    C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[trojan remover 6.7] Serials\['trojan remover 6.7'] SN.txt
    C:\Users\Philippe\Contacts\Desktop\CrackDown Store\[usb disk security] Serials\['usb disk security'] SN.txt
    C:\Users\Philippe\CrackDown Store\CrackDown.exe
    C:\Users\Philippe\Documents\My Completed Downloads\CyberLink PowerDVD 9.1719 Ultra Version Keygen [h33t] - CaZoR.torrent.dap
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen_X-caleta_GranMaio
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen_X-caleta_GranMaio.rar
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_.rar
    C:\Users\Philippe\Documents\My Completed Downloads\HIDE_IP_PLATINUM_KEYGEN_hack_it_easy
    C:\Users\Philippe\Documents\My Completed Downloads\HIDE_IP_PLATINUM_KEYGEN_hack_it_easy.rar
    C:\Users\Philippe\Documents\My Completed Downloads\IDM_5.1.1Keygen.exe
    C:\Users\Philippe\Documents\My Completed Downloads\keygen rapidshare.exe
    C:\Users\Philippe\Documents\My Completed Downloads\KeyGen.PAtcher.Nero.9.ALL.Plugins.rar
    C:\Users\Philippe\Documents\My Completed Downloads\Nero9.2.5.0Keygen.exe
    C:\Users\Philippe\Documents\My Completed Downloads\Uniblue.Products.Universal.Keygen.v1.0.WinALL.Keygen.Only-BRD.rar
    C:\Users\Philippe\Documents\My Completed Downloads\Usenext_Keygen_Account_Faker
    C:\Users\Philippe\Documents\My Completed Downloads\Usenext_Keygen_Account_Faker.rar
    C:\Users\Philippe\Documents\My Completed Downloads\winamp.pro.with.keygen.rar
    C:\Users\Philippe\Documents\My Completed Downloads\Winamp_Pro_5.xx_Keygen
    C:\Users\Philippe\Documents\My Completed Downloads\Winamp_Pro_5.xx_Keygen.rar
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen_X-caleta_GranMaio\Hide IP NG 1.29 + New Keygen X-caleta_GranMaio
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen_X-caleta_GranMaio\Hide IP NG 1.29 + New Keygen X-caleta_GranMaio\hideipng.exe
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen_X-caleta_GranMaio\Hide IP NG 1.29 + New Keygen X-caleta_GranMaio\Keygen
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen_X-caleta_GranMaio\Hide IP NG 1.29 + New Keygen X-caleta_GranMaio\Keygen\Hide IP NG KeyGen Under SEH Team.exe
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen_X-caleta_GranMaio\Hide IP NG 1.29 + New Keygen X-caleta_GranMaio\Keygen\Under SEH Team.nfo
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_\Hide IP NG 1.29 + New Keygen (www.PirataMundo.com)
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_\Hide IP NG 1.29 + New Keygen (www.PirataMundo.com)\hideipng.exe
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_\Hide IP NG 1.29 + New Keygen (www.PirataMundo.com)\Keygen
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_\Hide IP NG 1.29 + New Keygen (www.PirataMundo.com)\Mas Descargas.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_\Hide IP NG 1.29 + New Keygen (www.PirataMundo.com)\Keygen\Mas Descargas.url
    C:\Users\Philippe\Documents\My Completed Downloads\Hide_IP_NG_1.29___New_Keygen__www.PirataMundo.com_\Hide IP NG 1.29 + New Keygen (www.PirataMundo.com)\Keygen\Under SEH Team.nfo
    C:\Users\Philippe\Documents\My Completed Downloads\HIDE_IP_PLATINUM_KEYGEN_hack_it_easy\HIDE_IP_PLATINUM_KEYGEN@hack it easy
    C:\Users\Philippe\Documents\My Completed Downloads\HIDE_IP_PLATINUM_KEYGEN_hack_it_easy\HIDE_IP_PLATINUM_KEYGEN@hack it easy\for more cool stuff visit.txt
    C:\Users\Philippe\Documents\My Completed Downloads\HIDE_IP_PLATINUM_KEYGEN_hack_it_easy\HIDE_IP_PLATINUM_KEYGEN@hack it easy\hideippla.exe
    C:\Users\Philippe\Documents\My Completed Downloads\HIDE_IP_PLATINUM_KEYGEN_hack_it_easy\HIDE_IP_PLATINUM_KEYGEN@hack it easy\hideipplatinumv3keygen.exe
    C:\Users\Philippe\Documents\My Completed Downloads\Usenext_Keygen_Account_Faker\Usenext Keygen Account Faker
    C:\Users\Philippe\Documents\My Completed Downloads\Usenext_Keygen_Account_Faker\Usenext Keygen Account Faker\om jai jagdish-Lata.mp3
    C:\Users\Philippe\Documents\My Completed Downloads\Usenext_Keygen_Account_Faker\Usenext Keygen Account Faker\read me.txt
    C:\Users\Philippe\Documents\My Completed Downloads\Usenext_Keygen_Account_Faker\Usenext Keygen Account Faker\Usenext Keygen Account Faker
    C:\Users\Philippe\Documents\My Completed Downloads\Usenext_Keygen_Account_Faker\Usenext Keygen Account Faker\Usenext Keygen Account Faker\FAQ.txt
    C:\Users\Philippe\Documents\My Completed Downloads\Usenext_Keygen_Account_Faker\Usenext Keygen Account Faker\Usenext Keygen Account Faker\read me.txt
    C:\Users\Philippe\Documents\My Completed Downloads\Usenext_Keygen_Account_Faker\Usenext Keygen Account Faker\Usenext Keygen Account Faker\UsenextKeygenAccountFaker_401564f.exe
    C:\Users\Philippe\Documents\My Completed Downloads\Winamp_Pro_5.xx_Keygen\Winamp Pro 5.xx Keygen
    C:\Users\Philippe\Documents\My Completed Downloads\Winamp_Pro_5.xx_Keygen\Winamp Pro 5.xx Keygen\dummy.bin
    C:\Users\Philippe\Documents\My Completed Downloads\Winamp_Pro_5.xx_Keygen\Winamp Pro 5.xx Keygen\Winamp Pro 5.xx Keygen.exe
    C:\Users\Philippe\Downloads\Winamp.Pro.v5.552.Multi.langues + KeyGen.rar
    C:\Users\Philippe\Downloads\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS]
    C:\Users\Philippe\Downloads\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS].rar
    C:\Users\Philippe\Downloads\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS]\data2.set
    C:\Users\Philippe\Downloads\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS]\GenXP.reg
    C:\Users\Philippe\Downloads\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS]\install.bat
    C:\Users\Philippe\Downloads\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS]\mmfs2.dll
    C:\Users\Philippe\Downloads\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS]\README.txt
    C:\Users\Philippe\Downloads\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS]\wga.exe
    C:\Users\Philippe\Downloads\[WGA.CRACK.UNIVERSAL.WINDOWS.GENUINE.ADVANTAGE.NOTIFICATION.CRACK.ALL.VERSIONS]\wga2.exe
    C:\Users\Philippe\Favorites\Documents\CrackDown Store
    C:\Users\Philippe\Favorites\Documents\HiSoft Crack Downloader v2.2 - Download Cracks Serials for any Software
    C:\Users\Philippe\Favorites\Documents\Trojan Remover v6.7.9.2578.Incl.Crack by FFF
    C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]
    C:\Users\Philippe\Favorites\Documents\CrackDown Store\[adobe acrobat 9 pro extended 9.1.3] Serials
    C:\Users\Philippe\Favorites\Documents\Dr. DivX 2006 pro\keygen.exe
    C:\Users\Philippe\Favorites\Documents\Flight Simulator X Edition Pro Fr\Crack
    C:\Users\Philippe\Favorites\Documents\Flight Simulator X Edition Pro Fr\Crack\api.dll
    C:\Users\Philippe\Favorites\Documents\Flight Simulator X Edition Pro Fr\Crack\fsui.dll
    C:\Users\Philippe\Favorites\Documents\Flight Simulator X Edition Pro Fr\Crack\main.dll
    C:\Users\Philippe\Favorites\Documents\HiSoft Crack Downloader v2.2 - Download Cracks Serials for any Software\HiSoft Crack Downloader v2.2 .rar
    C:\Users\Philippe\Favorites\Documents\HiSoft Crack Downloader v2.2 - Download Cracks Serials for any Software\tracked_by_h33t_com.txt
    C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\Cracking Bios, use the followin' code.txt
    C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\Cracking Zip Password Files.txt
    C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\Debug, Learn how crack windows.txt
    C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\Ebay Hackcracktip.txt
    C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\Google Crack Search.txt
    C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\How To Download Directly From Crackdb.com.txt
    C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\Modify .exe Files And Crack A Program.txt
    C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\200 Hacking Tutorials\A Cracking Tutorial
    C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\200 Hacking Tutorials\Compression and Cracks for Dummies.txt
    C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\200 Hacking Tutorials\Cracking Zip Password Files.txt
    C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\200 Hacking Tutorials\Debug, Learn how crack windows.txt
    C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\200 Hacking Tutorials\Ebay Hackcracktip.txt
    C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\200 Hacking Tutorials\Google Crack Search.txt
    C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\200 Hacking Tutorials\A Cracking Tutorial\C101-90.000
    C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\200 Hacking Tutorials\A Cracking Tutorial\C101-90.001
    C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\200 Hacking Tutorials\A Cracking Tutorial\C101-90.002
    C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\200 Hacking Tutorials\A Cracking Tutorial\C101-90.003
    C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\200 Hacking Tutorials\A Cracking Tutorial\C101-90.004
    C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\More Hacking\A Cracking Tutorial
    C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\More Hacking\Compression and Cracks for Dummies.txt
    C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\More Hacking\The Cracking Manual.txt
    C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\More Hacking\A Cracking Tutorial\C101-90.000
    C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\More Hacking\A Cracking Tutorial\C101-90.001
    C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\More Hacking\A Cracking Tutorial\C101-90.002
    C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\More Hacking\A Cracking Tutorial\C101-90.003
    C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\More Hacking\A Cracking Tutorial\C101-90.004
    C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\More Hacking\A Cracking Tutorial\ED!SON.NFO
    C:\Users\Philippe\Favorites\Documents\My Completed Downloads\1\1000_Hacking_Tutorials_-_The_Best_of_2008\1000 Hacking Tutorials - The Best of 2008\Tutorials - blacksun.box.sk\novell\Novell Netware - Cracking Netware.htm
    C:\Users\Philippe\Favorites\Documents\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Trojan Remover v6.7.9.2578.Incl.Crack by FFF
    C:\Users\Philippe\Favorites\Documents\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Trojan Remover v6.7.9.2578.Incl.Crack by FFF.rar
    C:\Users\Philippe\Favorites\Documents\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Crack
    C:\Users\Philippe\Favorites\Documents\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\trjsetup679.exe
    C:\Users\Philippe\Favorites\Documents\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Crack\FFF.NFO
    C:\Users\Philippe\Favorites\Documents\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Crack\FILE_ID.DIZ
    C:\Users\Philippe\Favorites\Documents\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Crack\rmt.dta
    C:\Users\Philippe\Favorites\Documents\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Trojan Remover v6.7.9.2578.Incl.Crack by FFF\Crack\vista_inst.bat
    C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\Crack
    C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\Crack.rar
    C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\FFF.NFO
    C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\MAMBO04T.png
    C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\Screen.jpg
    C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\trjsetup678.exe
    C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\Crack\Crack
    C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\Crack\Crack\FILE_ID.DIZ
    C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\Crack\Crack\rmt.dta
    C:\Users\Philippe\Favorites\Documents\Trojan.Remover.v6.7.8.Build.2572.Incl.Crack-FFF [h33t][MAMBO04]\Crack\Crack\vista_inst.bat
    C:\Users\Philippe\Favorites\Documents\USB SONY\Crack_Downlaoder.rar
    C:\Users\Philippe\Favorites\Documents\UseNeXT\alt.binaries.warez\DVDFab Platinum 6.0.7.0 final multilanuage\Crack
    C:\Users\Philippe\Favorites\Documents\UseNeXT\alt.binaries.warez\DVDFab Platinum 6.0.7.0 final multilanuage\Crack\DVDFab.exe
    C:\Users\Philippe\Music\Annie Lennox\The Annie Lennox Collection[2009]\09. Pavement Cracks.wma
    C:\Users\Philippe\Music\David Bowie - Complete Discography\--- Studio albums ---\1989 - Tin Machine\04 - Crack City.wma
    C:\Users\Philippe\Music\Duran Duran\Albums\(1983) Seven and The Ragged Tiger\Tracks\Duran Duran (03) - (I'm Looking For) Cracks in the Pavement.wma
    C:\Users\Philippe\Music\Rolling Stones\1977a - Love You Live 2\02 - Cracking Up.mp3
    C:\Users\Philippe\Music\Spin Doctors\Pocket Full of Kryptonite [Import]\13 Stepped on a Crack.wma

    [ UAC => 1 ]

    1 - "C:\ToolBar SD\TB_1.txt" - 09/10/2009| 9:09 - Option : [2]

    -----------\\ Fin du rapport a 9:09:23,58
    0
  8. dobedo 1 Messages postés 7 Statut Membre
     
    Bonjour archet9,

    Je remercie pour ta bienveillance.
    Voici le rapport SmitfraudFix

    SmitFraudFix v2.424

    Scan done at 9:14:32,53, 09/10/2009
    Run from C:\Users\Philippe\Contacts\Desktop\SmitfraudFix
    OS: Microsoft Windows [version 6.0.6002] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix

    Description: Realtek RTL8168C/8111C Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
    DNS Server Search Order: 212.27.40.240
    DNS Server Search Order: 212.27.40.241

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{3F4CB240-55AF-48A3-9AD8-F962B07AFE93}: DhcpNameServer=212.27.40.240 212.27.40.241
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{3F4CB240-55AF-48A3-9AD8-F962B07AFE93}: DhcpNameServer=212.27.40.240 212.27.40.241
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{3F4CB240-55AF-48A3-9AD8-F962B07AFE93}: DhcpNameServer=212.27.40.240 212.27.40.241
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{FC87090E-40BB-4CFC-81E2-8BB1326E83FA}: DhcpNameServer=212.27.40.241 212.27.40.242
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.115.34,85.255.112.112
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.115.34,85.255.112.112
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.242
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.115.34,85.255.112.112

    »»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix

    Description: Realtek RTL8168C/8111C Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
    DNS Server Search Order: 212.27.40.240
    DNS Server Search Order: 212.27.40.241

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{3F4CB240-55AF-48A3-9AD8-F962B07AFE93}: DhcpNameServer=212.27.40.240 212.27.40.241
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{3F4CB240-55AF-48A3-9AD8-F962B07AFE93}: DhcpNameServer=212.27.40.240 212.27.40.241
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{3F4CB240-55AF-48A3-9AD8-F962B07AFE93}: DhcpNameServer=212.27.40.240 212.27.40.241
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{FC87090E-40BB-4CFC-81E2-8BB1326E83FA}: DhcpNameServer=212.27.40.241 212.27.40.242
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.115.34,85.255.112.112
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.115.34,85.255.112.112
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.242
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.115.34,85.255.112.112
    0
  9. dobedo 1 Messages postés 7 Statut Membre
     
    Bonjour archet9,

    Je te remercie pour tes instructions. J'ai toujours préféré LSW à Dark Vador...Tu trouveras le dernier rapport que tu m'a demandé, celui de mbam, meilleur que trojan remover? Une question: qu'en est-il à présent?

    Malwarebytes' Anti-Malware 1.41
    Version de la base de données: 2928
    Windows 6.0.6002 Service Pack 2

    09/10/2009 09:31:27
    mbam-log-2009-10-09 (09-31-27).txt

    Type de recherche: Examen rapide
    Eléments examinés: 94173
    Temps écoulé: 7 minute(s), 14 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 7
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 3
    Dossier(s) infecté(s): 4
    Fichier(s) infecté(s): 27

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\totalvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\RegistryDoktorFrNE (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\totalvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Registry_Doktor 2009_is1 (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\totalvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msqpdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.34,85.255.112.112 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.34,85.255.112.112 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.34,85.255.112.112 -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Program Files\Registry_Doktor 4.1 (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
    C:\Program Files\Registry_Doktor 4.1\definitions (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
    C:\Program Files\totalvid (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Program Files\Registry_Doktor 4.1\Cl.exe (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
    C:\Program Files\Registry_Doktor 4.1\EngineAP.dll (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
    C:\Program Files\Registry_Doktor 4.1\RegistryDoktor.exe (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
    C:\Program Files\Registry_Doktor 4.1\ScheduleAP.txt (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
    C:\Program Files\Registry_Doktor 4.1\Task.dat (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
    C:\Program Files\Registry_Doktor 4.1\task.xml (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
    C:\Program Files\Registry_Doktor 4.1\unins000.dat (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
    C:\Program Files\Registry_Doktor 4.1\unins000.exe (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
    C:\Program Files\Registry_Doktor 4.1\definitions\200812.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
    C:\Program Files\Registry_Doktor 4.1\definitions\200901.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
    C:\Program Files\Registry_Doktor 4.1\definitions\200902.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
    C:\Program Files\Registry_Doktor 4.1\definitions\200903.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
    C:\Program Files\Registry_Doktor 4.1\definitions\200904.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
    C:\Program Files\Registry_Doktor 4.1\definitions\200905.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
    C:\Program Files\Registry_Doktor 4.1\definitions\20090601.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
    C:\Program Files\Registry_Doktor 4.1\definitions\20090602.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
    C:\Program Files\Registry_Doktor 4.1\definitions\20090603.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
    C:\Program Files\Registry_Doktor 4.1\definitions\20090706.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
    C:\Program Files\Registry_Doktor 4.1\definitions\20090714.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
    C:\Program Files\Registry_Doktor 4.1\definitions\20090721.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
    C:\Program Files\Registry_Doktor 4.1\definitions\20090729.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
    C:\Program Files\Registry_Doktor 4.1\definitions\20090805.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
    C:\Program Files\Registry_Doktor 4.1\definitions\20090819.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
    C:\Program Files\Registry_Doktor 4.1\definitions\20090901.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
    C:\Program Files\Registry_Doktor 4.1\definitions\20090921.cab (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
    C:\Program Files\totalvid\Uninstall.exe.vir (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Users\Philippe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Registry Doktor 4.1.lnk (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.

    J'ai lu, trop tard que Totalvid et Registry Doktor sont des S...ou des dark vador.
    Prends soin de toi.
    Dans l'attente de te lire,

    Dobedo
    0
  10. archet9
     
    Re.

    Excuses pour le retard, mais boulot oblge je n'ai pas beaucoup de temps en ce moment....

    ==> Y'a deja eu un super gros ménage de fais !!!!!

    Relances un tout nouveau RSIT afin de faire le point stp....

    a+
    0
  11. dobedo 1 Messages postés 7 Statut Membre
     
    Bonjour archer9,

    Je te remercie de ton mail et de ton aide.
    J'ai un msg m'informant depuis plusieurs mois que Amplusnet Privacy Toolls a cessé de fonctionner. Je ne sais pas ce que c'est. Parfois, le pc se déconnecte tout seul du net. Sinon, gain au niveau de la rapidité. Merci.
    Je te joins le dernier rapport rsit. Je te souhaite une bonne journée.

    Dobedo

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Philippe at 2009-10-10 14:21:12
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
    System drive C: has 28 GB (9%) free of 296 GB
    Total RAM: 3069 MB (50% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:21:23, on 10/10/2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18813)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
    C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
    C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\ADOBE\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
    C:\Program Files\ADOBE\Photoshop Elements 6.0\apdproxy.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\USB Disk Security\USBGuard.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Winamp Remote\bin\OrbTray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\uTorrent SpeedUp Pro\uTorrent SpeedUp Pro.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\wermgr.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Philippe\Contacts\Desktop\RSIT.exe
    C:\Program Files\trend micro\Philippe.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:7070
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll
    R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll (file missing)
    R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
    O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
    O2 - BHO: SBCONVERT - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
    O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
    O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre0.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
    O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
    O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
    O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
    O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
    O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
    O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
    O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: uTorrent SpeedUp Pro.lnk = C:\Program Files\uTorrent SpeedUp Pro\uTorrent SpeedUp Pro.exe
    O4 - Startup: WD Anywhere Backup Launcher.lnk = ?
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
    O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
    O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
    O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\pcproxy.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\pcproxy.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\pcproxy.dll
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
    O23 - Service: AmplusnetPrivacyTools - Unknown owner - C:\Windows\system32\AmplusnetPrivacyTools.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: EasyHideIP - Unknown owner - C:\Program Files\Easy-Hide-IP\services\EasyHideIp.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
    O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
    O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
    0
  12. archet9
     
    Re ,

    Le pc a maintenant une plus fière allure...

    La suite ds l'ordre stp:

    Concernant ceci:

    Amplusnet Privacy Toolls

    Tapes "démarrer" (logo windows) puis ds la fenêtre "rechercher" tapes:

    Amplusnet Privacy Toolls et par un clic droit supprimes tout ce que tu y trouves....

    ENSUITE:

    • Télécharge et installe UsbFix par Chiquitine29

    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectés sans les ouvrir

    • Double clic sur le raccourci UsbFix présent sur ton bureau .

    • Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

    • Au second menu Choisis l'option " 2 " (suppression) et tape sur [entrée]

    • Laisse travailler l'outil.

    • Ensuite post le rapport UsbFix.txt qui apparaitra.

    • Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    • Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    PUIS:

    >Télécharge HiJackThis : https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
    - Lance le programme, puis sélectionne < do a system scan only >
    Et fix ces lignes:
    Tuto : si problème : http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll
    O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll
    O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll
    O4 - Startup: WD Anywhere Backup Launcher.lnk = ?
    O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
    {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - myBabylon English Toolbar - C:\Program Files\myBabylon_English\tbmyB0.dll [2009-05-20 2085400]
    2009-09-24 07:52:32 ----A---- C:\Windows\system32\reg.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    "HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-17 39408]
    "DownloadAccelerator"=C:\Program Files\DAP\DAP.EXE [2008-12-14 4664832]

    *************

    Pour finir saches que AVAST n'est plus considérer comme un AV digne de ce nom
    car il n'est plus (ou très rarement mis à jour)

    http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/avast-protege-sujet_44722_1.htm

    ==> Si tu souhaites en changer fais moi signe.

    ==> ENFIN:

    J'ESPERE QUE LE PC VA MIEUX TOUT DE MEME ....!!!!

    a+

    0
  13. dobedo 1 Messages postés 7 Statut Membre
     
    Bonjour archer9,

    Merci pour ta réponse toujours limpide et tes conseils.
    Comme convenu, je te joins le rapport UsbFix:

    ############################## | UsbFix V6.040 |

    User : Philippe (Administrateurs) # DOBEDO
    Update on 10/10/2009 by Chiquitine29, C_XX & Chimay8
    Start at: 09:52:27 | 11/10/2009
    Website : http://pagesperso-orange.fr/NosTools/index.html

    AMD Turion(tm) X2 Ultra Dual-Core Mobile ZM-82
    Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
    Internet Explorer 8.0.6001.18813
    Windows Firewall Status : Enabled

    C:\ -> Disque fixe local # 288,86 Go (52,13 Go free) # NTFS
    D:\ -> Disque fixe local # 9,23 Go (1,17 Go free) [HP_RECOVERY] # NTFS
    E:\ -> Disque CD-ROM
    F:\ -> Disque fixe local # 52,95 Go (4,1 Go free) [Philippe 1] # NTFS
    G:\ -> Disque CD-ROM
    H:\ -> Disque fixe local # 931,51 Go (557,82 Go free) [WD 2] # NTFS
    I:\ -> Disque amovible # 7,47 Go (42,84 Mo free) [USB SONY 8] # FAT32
    J:\ -> Disque amovible # 3,77 Go (2,24 Go free) # NTFS
    K:\ -> Disque fixe local # 2,93 Go (2,89 Go free) [PQSERVICE] # NTFS
    L:\ -> Disque fixe local # 931,51 Go (35,71 Go free) [WD 1] # NTFS
    M:\ -> Disque amovible # 7,53 Go (4,09 Go free) # NTFS

    ############################## | Processus actifs |

    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\LogonUI.exe
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\setup\avast.setup
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
    C:\Windows\system32\runonce.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Easy-Hide-IP\services\EasyHideIp.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Easy-Hide-IP\services\EasyHideIP-Server2\Easy-Hide-IPS2.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files\Easy-Hide-IP\services\EasyHideIP-Server2\EasyHideIP-Server2.exe
    C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Easy-Hide-IP\services\EasyHideIP-Server1\EasyHideIP-Server1.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    C:\Windows\SMINST\BLService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
    C:\Windows\System32\vds.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
    C:\Windows\system32\AmplusnetPrivacyTools.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\WerCon.exe

    ################## | Fichiers # Dossiers infectieux |

    Supprimé ! C:\autorun.inf
    Supprimé ! D:\autorun.inf
    Supprimé ! D:\desktop.ini
    Supprimé ! D:\resycled
    Supprimé ! F:\autorun.inf
    Supprimé ! I:\autorun.inf
    Supprimé ! I:\resycled
    Supprimé ! L:\autorun.inf
    Supprimé ! L:\resycled

    ################## | Registre # Clés Run infectieuses |

    ################## | Registre # Mountpoints2 |

    Supprimé ! HKCU\...\Explorer\MountPoints2\{f3520521-64af-11de-b7f7-00238b02877f}\Shell\AutoRun\Command

    ################## | Listing des fichiers présent |

    [09/10/2009 08:56|--a------|14969] C:\Ad-Report-CLEAN[1].log
    [09/10/2009 18:17|--a------|11939] C:\Ad-Report-CLEAN[2].log
    [11/04/2009 08:36|-rahs----|333257] C:\bootmgr
    [18/09/2006 23:43|--a------|10] C:\config.sys
    [?|?|?] C:\hiberfil.sys
    [27/02/2009 19:21|-rahs----|0] C:\IO.SYS
    [03/11/2008 14:45|--ah-----|373] C:\IPH.PH
    [27/02/2009 19:21|-rahs----|0] C:\MSDOS.SYS
    [?|?|?] C:\pagefile.sys
    [09/10/2009 18:23|--a------|1908] C:\rapport.txt
    [05/07/2009 21:37|--a------|398] C:\Sys_LogWin.log
    [09/10/2009 18:21|--a------|21608] C:\TB.txt
    [11/10/2009 10:04|--a------|5080] C:\UsbFix.txt
    [03/11/2008 14:42|---hs----|13] D:\BLOCK.RIN
    [04/10/2006 00:02|---hs----|438328] D:\bootmgr
    [03/11/2008 16:45|--ahs----|22] D:\HPCD.sys
    [11/10/2009 10:03|--a------|46] D:\MASTER.LOG
    [16/09/2002 15:37|---hs----|181898] D:\protect.chinese hong kong
    [16/09/2002 15:37|---hs----|181916] D:\protect.chinese simplified
    [16/09/2002 15:37|---hs----|181898] D:\protect.chinese traditional
    [27/04/2006 17:19|---hs----|181865] D:\protect.czech
    [03/11/2005 16:21|---hs----|181726] D:\protect.danish
    [10/09/2002 14:56|---hs----|181605] D:\protect.dutch
    [10/09/2002 14:50|---hs----|181651] D:\protect.ed
    [22/11/2004 16:28|---hs----|181648] D:\protect.english
    [03/11/2005 16:20|---hs----|181673] D:\protect.finnish
    [03/11/2005 16:19|---hs----|181736] D:\protect.french
    [03/11/2005 16:18|---hs----|181669] D:\protect.german
    [23/11/2005 16:56|---hs----|182689] D:\protect.greek
    [23/01/2006 10:18|---hs----|182605] D:\protect.hebrew
    [28/08/2007 15:58|---hs----|181696] D:\protect.hungarian
    [03/11/2005 16:17|---hs----|181554] D:\protect.italian
    [19/06/2007 16:22|---hs----|182351] D:\protect.japanese
    [24/11/2005 12:24|---hs----|218295] D:\protect.korean
    [03/11/2005 16:15|---hs----|181578] D:\protect.norwegian
    [25/04/2006 15:44|---hs----|181789] D:\protect.polish
    [03/11/2005 16:13|---hs----|181624] D:\protect.portuguese
    [27/10/2005 20:24|---hs----|181882] D:\protect.portuguese brazilian
    [28/06/2004 09:52|---hs----|211936] D:\protect.russian
    [03/11/2005 16:11|---hs----|181586] D:\protect.spanish
    [10/09/2002 15:15|---hs----|181602] D:\protect.swedish
    [12/08/2003 11:37|---hs----|181783] D:\protect.turkish
    [03/11/2008 15:35|-r-hs----|26] D:\RCBoot.sys
    [28/03/2009 21:55|--ah-----|4096] I:\._.Trashes
    [11/09/2009 19:25|--ah-----|15364] I:\.DS_Store
    [02/10/2009 19:13|--a------|982546] I:\USB Disk Security + Serial.rar
    [05/10/2009 17:50|--a------|2186743598] I:\La Chute.avi
    [02/10/2009 11:19|--a------|14938480] I:\IE8-WindowsVista-x86-FRA.exe
    [02/10/2009 19:01|--a------|14320658] I:\Serial Box [10.2009] [MAC] + iSerial Reader [v2.0.7] + SerialSeeker [v1.3.1 (A4)] [MAC] [Universal] [CodeTempest].zip
    [06/10/2009 14:39|--a------|735555584] I:\Coco.Avant.Chanel.REPACK.1CD.FRENCH.DVDRip.XviD-GKS.avi
    [09/10/2008 16:11|---hs----|2070] I:\AlbumArt_{4CBEE38B-3091-438D-8D63-A1C181B2E3CB}_Small.jpg
    [09/10/2008 16:12|---hs----|8049] I:\AlbumArt_{4CBEE38B-3091-438D-8D63-A1C181B2E3CB}_Large.jpg
    [09/10/2008 16:12|---hs----|2730] I:\AlbumArt_{BC94D9E4-92C5-4C60-B772-0B2DAB5D8CAA}_Small.jpg
    [09/10/2008 16:14|---hs----|11380] I:\AlbumArt_{BC94D9E4-92C5-4C60-B772-0B2DAB5D8CAA}_Large.jpg
    [09/10/2008 16:50|---hs----|3529] I:\AlbumArt_{469D093C-9EA2-427D-87C6-6FC427303D26}_Small.jpg
    [09/10/2008 16:52|---hs----|15396] I:\AlbumArt_{469D093C-9EA2-427D-87C6-6FC427303D26}_Large.jpg
    [09/10/2008 17:08|---hs----|2509] I:\AlbumArt_{67AFC532-030A-468D-B774-61680B339911}_Small.jpg
    [09/10/2008 17:19|---hs----|10755] I:\AlbumArt_{67AFC532-030A-468D-B774-61680B339911}_Large.jpg
    [22/07/2009 09:24|--a------|20862] J:\224px-Pongo_pygmaeus_%28orangutang%29.jpg
    [07/01/2009 10:47|--a------|29506] J:\AA_CH_SIGN_BNP.pdf
    [08/10/2009 20:44|--a------|1156764] J:\AD-R.exe
    [05/01/2009 11:09|--a------|1860842] J:\Des Hommes en Fuite.pdf
    [16/12/2008 17:09|--a------|2087921] J:\fdminst-lite.exe
    [16/12/2008 16:41|--a------|5871877] J:\fdminst.exe
    [22/07/2009 09:39|--a------|2451456] J:\grippe A et vaccin (Bickel).pps
    [08/10/2009 20:48|--a------|4045528] J:\mbam-setup.exe
    [05/01/2009 21:49|--a------|712844] J:\MD5Checksum.exe
    [04/01/2009 20:53|--a------|29769] J:\MediaCoder-0.6.2.4230.exe
    [22/07/2009 09:38|--a------|884561] J:\MiniCV-ADESuresnes.pdf
    [22/07/2009 09:41|--a------|19456] J:\permission_sortie_femme.doc
    [22/07/2009 09:41|--a------|35376] J:\permission_sortie_mari.doc
    [22/07/2009 09:37|--a------|182302] J:\Playmobil.pdf
    [16/12/2008 17:40|--a------|6696486] J:\Setup_FreeConverter.exe
    [08/10/2009 20:45|--a------|1872472] J:\SmitfraudFix.exe
    [08/10/2009 20:44|--a------|343020] J:\ToolBarSD.exe
    [25/01/2009 15:06|--a------|733939712] J:\Truands.avi
    [30/11/2008 17:11|--a------|579814] J:\Un Clown Lyrique janvier 2008.mht
    [22/07/2009 09:36|--a------|590766] J:\untitled 1.bmp
    [22/07/2009 09:36|--a------|411454] J:\untitled 1bis.bmp
    [22/07/2009 09:35|--a------|709174] J:\untitled.bmp
    [06/01/2009 17:47|--a------|22107298] J:\videoconvertersetup.exe
    [24/12/2008 00:11|-ra------|528] L:\MediaID.bin

    ################## | Vaccination |

    # C:\autorun.inf -> Folder created by UsbFix.
    # D:\autorun.inf -> Folder created by UsbFix.
    # F:\autorun.inf -> Folder created by UsbFix.
    # H:\autorun.inf -> Folder created by UsbFix.
    # I:\autorun.inf -> Folder created by UsbFix.
    # J:\autorun.inf -> Folder created by UsbFix.
    # K:\autorun.inf -> Folder created by UsbFix.
    # L:\autorun.inf -> Folder created by UsbFix.
    # M:\autorun.inf -> Folder created by UsbFix.

    ############################## | UsbFix V6.040 |

    User : Philippe (Administrateurs) # DOBEDO
    Update on 10/10/2009 by Chiquitine29, C_XX & Chimay8
    Start at: 09:52:27 | 11/10/2009
    Website : http://pagesperso-orange.fr/NosTools/index.html

    AMD Turion(tm) X2 Ultra Dual-Core Mobile ZM-82
    Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
    Internet Explorer 8.0.6001.18813
    Windows Firewall Status : Enabled

    C:\ -> Disque fixe local # 288,86 Go (52,13 Go free) # NTFS
    D:\ -> Disque fixe local # 9,23 Go (1,17 Go free) [HP_RECOVERY] # NTFS
    E:\ -> Disque CD-ROM
    F:\ -> Disque fixe local # 52,95 Go (4,1 Go free) [Philippe 1] # NTFS
    G:\ -> Disque CD-ROM
    H:\ -> Disque fixe local # 931,51 Go (557,82 Go free) [WD 2] # NTFS
    I:\ -> Disque amovible # 7,47 Go (42,84 Mo free) [USB SONY 8] # FAT32
    J:\ -> Disque amovible # 3,77 Go (2,24 Go free) # NTFS
    K:\ -> Disque fixe local # 2,93 Go (2,89 Go free) [PQSERVICE] # NTFS
    L:\ -> Disque fixe local # 931,51 Go (35,71 Go free) [WD 1] # NTFS
    M:\ -> Disque amovible # 7,53 Go (4,09 Go free) # NTFS

    ############################## | Processus actifs |

    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\LogonUI.exe
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\setup\avast.setup
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
    C:\Windows\system32\runonce.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Easy-Hide-IP\services\EasyHideIp.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Easy-Hide-IP\services\EasyHideIP-Server2\Easy-Hide-IPS2.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files\Easy-Hide-IP\services\EasyHideIP-Server2\EasyHideIP-Server2.exe
    C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Easy-Hide-IP\services\EasyHideIP-Server1\EasyHideIP-Server1.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    C:\Windows\SMINST\BLService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
    C:\Windows\System32\vds.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
    C:\Windows\system32\AmplusnetPrivacyTools.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\WerCon.exe

    ################## | Fichiers # Dossiers infectieux |

    Supprimé ! C:\autorun.inf
    Supprimé ! D:\autorun.inf
    Supprimé ! D:\desktop.ini
    Supprimé ! D:\resycled
    Supprimé ! F:\autorun.inf
    Supprimé ! I:\autorun.inf
    Supprimé ! I:\resycled
    Supprimé ! L:\autorun.inf
    Supprimé ! L:\resycled

    ################## | Registre # Clés Run infectieuses |

    ################## | Registre # Mountpoints2 |

    Supprimé ! HKCU\...\Explorer\MountPoints2\{f3520521-64af-11de-b7f7-00238b02877f}\Shell\AutoRun\Command

    ################## | Listing des fichiers présent |

    [09/10/2009 08:56|--a------|14969] C:\Ad-Report-CLEAN[1].log
    [09/10/2009 18:17|--a------|11939] C:\Ad-Report-CLEAN[2].log
    [11/04/2009 08:36|-rahs----|333257] C:\bootmgr
    [18/09/2006 23:43|--a------|10] C:\config.sys
    [?|?|?] C:\hiberfil.sys
    [27/02/2009 19:21|-rahs----|0] C:\IO.SYS
    [03/11/2008 14:45|--ah-----|373] C:\IPH.PH
    [27/02/2009 19:21|-rahs----|0] C:\MSDOS.SYS
    [?|?|?] C:\pagefile.sys
    [09/10/2009 18:23|--a------|1908] C:\rapport.txt
    [05/07/2009 21:37|--a------|398] C:\Sys_LogWin.log
    [09/10/2009 18:21|--a------|21608] C:\TB.txt
    [11/10/2009 10:04|--a------|5080] C:\UsbFix.txt
    [03/11/2008 14:42|---hs----|13] D:\BLOCK.RIN
    [04/10/2006 00:02|---hs----|438328] D:\bootmgr
    [03/11/2008 16:45|--ahs----|22] D:\HPCD.sys
    [11/10/2009 10:03|--a------|46] D:\MASTER.LOG
    [16/09/2002 15:37|---hs----|181898] D:\protect.chinese hong kong
    [16/09/2002 15:37|---hs----|181916] D:\protect.chinese simplified
    [16/09/2002 15:37|---hs----|181898] D:\protect.chinese traditional
    [27/04/2006 17:19|---hs----|181865] D:\protect.czech
    [03/11/2005 16:21|---hs----|181726] D:\protect.danish
    [10/09/2002 14:56|---hs----|181605] D:\protect.dutch
    [10/09/2002 14:50|---hs----|181651] D:\protect.ed
    [22/11/2004 16:28|---hs----|181648] D:\protect.english
    [03/11/2005 16:20|---hs----|181673] D:\protect.finnish
    [03/11/2005 16:19|---hs----|181736] D:\protect.french
    [03/11/2005 16:18|---hs----|181669] D:\protect.german
    [23/11/2005 16:56|---hs----|182689] D:\protect.greek
    [23/01/2006 10:18|---hs----|182605] D:\protect.hebrew
    [28/08/2007 15:58|---hs----|181696] D:\protect.hungarian
    [03/11/2005 16:17|---hs----|181554] D:\protect.italian
    [19/06/2007 16:22|---hs----|182351] D:\protect.japanese
    [24/11/2005 12:24|---hs----|218295] D:\protect.korean
    [03/11/2005 16:15|---hs----|181578] D:\protect.norwegian
    [25/04/2006 15:44|---hs----|181789] D:\protect.polish
    [03/11/2005 16:13|---hs----|181624] D:\protect.portuguese
    [27/10/2005 20:24|---hs----|181882] D:\protect.portuguese brazilian
    [28/06/2004 09:52|---hs----|211936] D:\protect.russian
    [03/11/2005 16:11|---hs----|181586] D:\protect.spanish
    [10/09/2002 15:15|---hs----|181602] D:\protect.swedish
    [12/08/2003 11:37|---hs----|181783] D:\protect.turkish
    [03/11/2008 15:35|-r-hs----|26] D:\RCBoot.sys
    [28/03/2009 21:55|--ah-----|4096] I:\._.Trashes
    [11/09/2009 19:25|--ah-----|15364] I:\.DS_Store
    [02/10/2009 19:13|--a------|982546] I:\USB Disk Security + Serial.rar
    [05/10/2009 17:50|--a------|2186743598] I:\La Chute.avi
    [02/10/2009 11:19|--a------|14938480] I:\IE8-WindowsVista-x86-FRA.exe
    [02/10/2009 19:01|--a------|14320658] I:\Serial Box [10.2009] [MAC] + iSerial Reader [v2.0.7] + SerialSeeker [v1.3.1 (A4)] [MAC] [Universal] [CodeTempest].zip
    [06/10/2009 14:39|--a------|735555584] I:\Coco.Avant.Chanel.REPACK.1CD.FRENCH.DVDRip.XviD-GKS.avi
    [09/10/2008 16:11|---hs----|2070] I:\AlbumArt_{4CBEE38B-3091-438D-8D63-A1C181B2E3CB}_Small.jpg
    [09/10/2008 16:12|---hs----|8049] I:\AlbumArt_{4CBEE38B-3091-438D-8D63-A1C181B2E3CB}_Large.jpg
    [09/10/2008 16:12|---hs----|2730] I:\AlbumArt_{BC94D9E4-92C5-4C60-B772-0B2DAB5D8CAA}_Small.jpg
    [09/10/2008 16:14|---hs----|11380] I:\AlbumArt_{BC94D9E4-92C5-4C60-B772-0B2DAB5D8CAA}_Large.jpg
    [09/10/2008 16:50|---hs----|3529] I:\AlbumArt_{469D093C-9EA2-427D-87C6-6FC427303D26}_Small.jpg
    [09/10/2008 16:52|---hs----|15396] I:\AlbumArt_{469D093C-9EA2-427D-87C6-6FC427303D26}_Large.jpg
    [09/10/2008 17:08|---hs----|2509] I:\AlbumArt_{67AFC532-030A-468D-B774-61680B339911}_Small.jpg
    [09/10/2008 17:19|---hs----|10755] I:\AlbumArt_{67AFC532-030A-468D-B774-61680B339911}_Large.jpg
    [22/07/2009 09:24|--a------|20862] J:\224px-Pongo_pygmaeus_%28orangutang%29.jpg
    [07/01/2009 10:47|--a------|29506] J:\AA_CH_SIGN_BNP.pdf
    [08/10/2009 20:44|--a------|1156764] J:\AD-R.exe
    [05/01/2009 11:09|--a------|1860842] J:\Des Hommes en Fuite.pdf
    [16/12/2008 17:09|--a------|2087921] J:\fdminst-lite.exe
    [16/12/2008 16:41|--a------|5871877] J:\fdminst.exe
    [22/07/2009 09:39|--a------|2451456] J:\grippe A et vaccin (Bickel).pps
    [08/10/2009 20:48|--a------|4045528] J:\mbam-setup.exe
    [05/01/2009 21:49|--a------|712844] J:\MD5Checksum.exe
    [04/01/2009 20:53|--a------|29769] J:\MediaCoder-0.6.2.4230.exe
    [22/07/2009 09:38|--a------|884561] J:\MiniCV-ADESuresnes.pdf
    [22/07/2009 09:41|--a------|19456] J:\permission_sortie_femme.doc
    [22/07/2009 09:41|--a------|35376] J:\permission_sortie_mari.doc
    [22/07/2009 09:37|--a------|182302] J:\Playmobil.pdf
    [16/12/2008 17:40|--a------|6696486] J:\Setup_FreeConverter.exe
    [08/10/2009 20:45|--a------|1872472] J:\SmitfraudFix.exe
    [08/10/2009 20:44|--a------|343020] J:\ToolBarSD.exe
    [25/01/2009 15:06|--a------|733939712] J:\Truands.avi
    [30/11/2008 17:11|--a------|579814] J:\Un Clown Lyrique janvier 2008.mht
    [22/07/2009 09:36|--a------|590766] J:\untitled 1.bmp
    [22/07/2009 09:36|--a------|411454] J:\untitled 1bis.bmp
    [22/07/2009 09:35|--a------|709174] J:\untitled.bmp
    [06/01/2009 17:47|--a------|22107298] J:\videoconvertersetup.exe
    [24/12/2008 00:11|-ra------|528] L:\MediaID.bin

    ################## | Vaccination |

    # C:\autorun.inf -> Folder created by UsbFix.
    # D:\autorun.inf -> Folder created by UsbFix.
    # F:\autorun.inf -> Folder created by UsbFix.
    # H:\autorun.inf -> Folder created by UsbFix.
    # I:\autorun.inf -> Folder created by UsbFix.
    # J:\autorun.inf -> Folder created by UsbFix.
    # K:\autorun.inf -> Folder created by UsbFix.
    # L:\autorun.inf -> Folder created by UsbFix.
    # M:\autorun.inf -> Folder created by UsbFix.

    ############################## | UsbFix V6.040 |

    User : Philippe (Administrateurs) # DOBEDO
    Update on 10/10/2009 by Chiquitine29, C_XX & Chimay8
    Start at: 09:52:27 | 11/10/2009
    Website : http://pagesperso-orange.fr/NosTools/index.html

    AMD Turion(tm) X2 Ultra Dual-Core Mobile ZM-82
    Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
    Internet Explorer 8.0.6001.18813
    Windows Firewall Status : Enabled

    C:\ -> Disque fixe local # 288,86 Go (52,13 Go free) # NTFS
    D:\ -> Disque fixe local # 9,23 Go (1,17 Go free) [HP_RECOVERY] # NTFS
    E:\ -> Disque CD-ROM
    F:\ -> Disque fixe local # 52,95 Go (4,1 Go free) [Philippe 1] # NTFS
    G:\ -> Disque CD-ROM
    H:\ -> Disque fixe local # 931,51 Go (557,82 Go free) [WD 2] # NTFS
    I:\ -> Disque amovible # 7,47 Go (42,84 Mo free) [USB SONY 8] # FAT32
    J:\ -> Disque amovible # 3,77 Go (2,24 Go free) # NTFS
    K:\ -> Disque fixe local # 2,93 Go (2,89 Go free) [PQSERVICE] # NTFS
    L:\ -> Disque fixe local # 931,51 Go (35,71 Go free) [WD 1] # NTFS
    M:\ -> Disque amovible # 7,53 Go (4,09 Go free) # NTFS

    ############################## | Processus actifs |

    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\LogonUI.exe
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\setup\avast.setup
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
    C:\Windows\system32\runonce.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Easy-Hide-IP\services\EasyHideIp.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Easy-Hide-IP\services\EasyHideIP-Server2\Easy-Hide-IPS2.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Program Files\Easy-Hide-IP\services\EasyHideIP-Server2\EasyHideIP-Server2.exe
    C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Easy-Hide-IP\services\EasyHideIP-Server1\EasyHideIP-Server1.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    C:\Windows\SMINST\BLService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
    C:\Windows\System32\vds.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
    C:\Windows\system32\AmplusnetPrivacyTools.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\WerCon.exe

    ################## | Fichiers # Dossiers infectieux |

    Supprimé ! C:\autorun.inf
    Supprimé ! D:\autorun.inf
    Supprimé ! D:\desktop.ini
    Supprimé ! D:\resycled
    Supprimé ! F:\autorun.inf
    Supprimé ! I:\autorun.inf
    Supprimé ! I:\resycled
    Supprimé ! L:\autorun.inf
    Supprimé ! L:\resycled

    ################## | Registre # Clés Run infectieuses |

    ################## | Registre # Mountpoints2 |

    Supprimé ! HKCU\...\Explorer\MountPoints2\{f3520521-64af-11de-b7f7-00238b02877f}\Shell\AutoRun\Command

    ################## | Listing des fichiers présent |

    [09/10/2009 08:56|--a------|14969] C:\Ad-Report-CLEAN[1].log
    [09/10/2009 18:17|--a------|11939] C:\Ad-Report-CLEAN[2].log
    [11/04/2009 08:36|-rahs----|333257] C:\bootmgr
    [18/09/2006 23:43|--a------|10] C:\config.sys
    [?|?|?] C:\hiberfil.sys
    [27/02/2009 19:21|-rahs----|0] C:\IO.SYS
    [03/11/2008 14:45|--ah-----|373] C:\IPH.PH
    [27/02/2009 19:21|-rahs----|0] C:\MSDOS.SYS
    [?|?|?] C:\pagefile.sys
    [09/10/2009 18:23|--a------|1908] C:\rapport.txt
    [05/07/2009 21:37|--a------|398] C:\Sys_LogWin.log
    [09/10/2009 18:21|--a------|21608] C:\TB.txt
    [11/10/2009 10:04|--a------|5080] C:\UsbFix.txt
    [03/11/2008 14:42|---hs----|13] D:\BLOCK.RIN
    [04/10/2006 00:02|---hs----|438328] D:\bootmgr
    [03/11/2008 16:45|--ahs----|22] D:\HPCD.sys
    [11/10/2009 10:03|--a------|46] D:\MASTER.LOG
    [16/09/2002 15:37|---hs----|181898] D:\protect.chinese hong kong
    [16/09/2002 15:37|---hs----|181916] D:\protect.chinese simplified
    [16/09/2002 15:37|---hs----|181898] D:\protect.chinese traditional
    [27/04/2006 17:19|---hs----|181865] D:\protect.czech
    [03/11/2005 16:21|---hs----|181726] D:\protect.danish
    [10/09/2002 14:56|---hs----|181605] D:\protect.dutch
    [10/09/2002 14:50|---hs----|181651] D:\protect.ed
    [22/11/2004 16:28|---hs----|181648] D:\protect.english
    [03/11/2005 16:20|---hs----|181673] D:\protect.finnish
    [03/11/2005 16:19|---hs----|181736] D:\protect.french
    [03/11/2005 16:18|---hs----|181669] D:\protect.german
    [23/11/2005 16:56|---hs----|182689] D:\protect.greek
    [23/01/2006 10:18|---hs----|182605] D:\protect.hebrew
    [28/08/2007 15:58|---hs----|181696] D:\protect.hungarian
    [03/11/2005 16:17|---hs----|181554] D:\protect.italian
    [19/06/2007 16:22|---hs----|182351] D:\protect.japanese
    [24/11/2005 12:24|---hs----|218295] D:\protect.korean
    [03/11/2005 16:15|---hs----|181578] D:\protect.norwegian
    [25/04/2006 15:44|---hs----|181789] D:\protect.polish
    [03/11/2005 16:13|---hs----|181624] D:\protect.portuguese
    [27/10/2005 20:24|---hs----|181882] D:\protect.portuguese brazilian
    [28/06/2004 09:52|---hs----|211936] D:\protect.russian
    [03/11/2005 16:11|---hs----|181586] D:\protect.spanish
    [10/09/2002 15:15|---hs----|181602] D:\protect.swedish
    [12/08/2003 11:37|---hs----|181783] D:\protect.turkish
    [03/11/2008 15:35|-r-hs----|26] D:\RCBoot.sys
    [28/03/2009 21:55|--ah-----|4096] I:\._.Trashes
    [11/09/2009 19:25|--ah-----|15364] I:\.DS_Store
    [02/10/2009 19:13|--a------|982546] I:\USB Disk Security + Serial.rar
    [05/10/2009 17:50|--a------|2186743598] I:\La Chute.avi
    [02/10/2009 11:19|--a------|14938480] I:\IE8-WindowsVista-x86-FRA.exe
    [02/10/2009 19:01|--a------|14320658] I:\Serial Box [10.2009] [MAC] + iSerial Reader [v2.0.7] + SerialSeeker [v1.3.1 (A4)] [MAC] [Universal] [CodeTempest].zip
    [06/10/2009 14:39|--a------|735555584] I:\Coco.Avant.Chanel.REPACK.1CD.FRENCH.DVDRip.XviD-GKS.avi
    [09/10/2008 16:11|---hs----|2070] I:\AlbumArt_{4CBEE38B-3091-438D-8D63-A1C181B2E3CB}_Small.jpg
    [09/10/2008 16:12|---hs----|8049] I:\AlbumArt_{4CBEE38B-3091-438D-8D63-A1C181B2E3CB}_Large.jpg
    [09/10/2008 16:12|---hs----|2730] I:\AlbumArt_{BC94D9E4-92C5-4C60-B772-0B2DAB5D8CAA}_Small.jpg
    [09/10/2008 16:14|---hs----|11380] I:\AlbumArt_{BC94D9E4-92C5-4C60-B772-0B2DAB5D8CAA}_Large.jpg
    [09/10/2008 16:50|---hs----|3529] I:\AlbumArt_{469D093C-9EA2-427D-87C6-6FC427303D26}_Small.jpg
    [09/10/2008 16:52|---hs----|15396] I:\AlbumArt_{469D093C-9EA2-427D-87C6-6FC427303D26}_Large.jpg
    [09/10/2008 17:08|---hs----|2509] I:\AlbumArt_{67AFC532-030A-468D-B774-61680B339911}_Small.jpg
    [09/10/2008 17:19|---hs----|10755] I:\AlbumArt_{67AFC532-030A-468D-B774-61680B339911}_Large.jpg
    [22/07/2009 09:24|--a------|20862] J:\224px-Pongo_pygmaeus_%28orangutang%29.jpg
    [07/01/2009 10:47|--a------|29506] J:\AA_CH_SIGN_BNP.pdf
    [08/10/2009 20:44|--a------|1156764] J:\AD-R.exe
    [05/01/2009 11:09|--a------|1860842] J:\Des Hommes en Fuite.pdf
    [16/12/2008 17:09|--a------|2087921] J:\fdminst-lite.exe
    [16/12/2008 16:41|--a------|5871877] J:\fdminst.exe
    [22/07/2009 09:39|--a------|2451456] J:\grippe A et vaccin (Bickel).pps
    [08/10/2009 20:48|--a------|4045528] J:\mbam-setup.exe
    [05/01/2009 21:49|--a------|712844] J:\MD5Checksum.exe
    [04/01/2009 20:53|--a------|29769] J:\MediaCoder-0.6.2.4230.exe
    [22/07/2009 09:38|--a------|884561] J:\MiniCV-ADESuresnes.pdf
    [22/07/2009 09:41|--a------|19456] J:\permission_sortie_femme.doc
    [22/07/2009 09:41|--a------|35376] J:\permission_sortie_mari.doc
    [22/07/2009 09:37|--a------|182302] J:\Playmobil.pdf
    [16/12/2008 17:40|--a------|6696486] J:\Setup_FreeConverter.exe
    [08/10/2009 20:45|--a------|1872472] J:\SmitfraudFix.exe
    [08/10/2009 20:44|--a------|343020] J:\ToolBarSD.exe
    [25/01/2009 15:06|--a------|733939712] J:\Truands.avi
    [30/11/2008 17:11|--a------|579814] J:\Un Clown Lyrique janvier 2008.mht
    [22/07/2009 09:36|--a------|590766] J:\untitled 1.bmp
    [22/07/2009 09:36|--a------|411454] J:\untitled 1bis.bmp
    [22/07/2009 09:35|--a------|709174] J:\untitled.bmp
    [06/01/2009 17:47|--a------|22107298] J:\videoconvertersetup.exe
    [24/12/2008 00:11|-ra------|528] L:\MediaID.bin

    ################## | Vaccination |

    # C:\autorun.inf -> Folder created by UsbFix.
    # D:\autorun.inf -> Folder created by UsbFix.
    # F:\autorun.inf -> Folder created by UsbFix.
    # H:\autorun.inf -> Folder created by UsbFix.
    # I:\autorun.inf -> Folder created by UsbFix.
    # J:\autorun.inf -> Folder created by UsbFix.
    # K:\autorun.inf -> Folder created by UsbFix.
    # L:\autorun.inf -> Folder created by UsbFix.
    # M:\autorun.inf -> Folder created by UsbFix.

    Je fais les choses une après l'autre. Je reviens vers toi après hijakthis. Sinon, oui si il y a mieux qu'avast je suis preneur; le tout c'est de le désinstaller: ajout/supp prg suffit? J'attends ta réponse en te souhaitant un bon dimanche.

    Dobedo
    0
  14. dobedo 1 Messages postés 7 Statut Membre
     
    Bonsoir archer9,

    Merci pour tes réponses toujours claires et merka pour avira. Merci pour le lien avec le tuto; c'est, à présent, une autre présentation avec plus d'options sur la sécurité notement. As-tu des recomendations à ce sujet pour le configurer? Il est en effet plus performant qu'avast; il a trouvé des choses. J'ai désinstallé avast avant d'avoir lu ton mail donc pas proprement. Je me sers de mbam; comment désinstaller trojan remover proprement?
    D'autre part, que dois-je faire des prgs installés sur le bureau que tu m'as demander d' installer? Comment pourrai-je les réutiliser si...je ne l'espère pas ou les désinstaller.
    Je vais lancer un scan sur C pdt la nuit....et faire de beaux rêves.
    Je veux te dire que je suis touché par ta bienveillance et ta disponibilité.

    Bonne nuit,

    Dobedo
    0
  15. archet9
     
    As-tu des recomendations à ce sujet pour le configurer?

    https://www.commentcamarche.net/faq/16831-tutoriel-configuration-optimale-d-antivir-personal

    Ensuite seulement si tu n'as plus de problèmes:

    Pour desinstaller les outils utilisés

    Telecharge ToolsCleaner2--> http://pc-system.fr/
    -Une fois téléchargé, installe-le et lance-le
    -Clique sur Recherche et laisse le scan se terminer
    -Clique sur SUPPRESSION
    -Clique sur Quitter pour que le rapport puisse se créer
    -Poste moi le rapport se trouvant ici--> C:\TCleaner.txt

    puis

    ---> Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    * Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
    * Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
    * Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs tant de fois qu il en trouve a l analyse(Sauvegarde la base de registre).
    * Décoche la case plus vieux que 48 h

    TRES IMPORTANT:

    ---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger :
    XP:
    https://www.tayo.fr/desactiver-restauration-systeme-sur-windows-xp-tutoriel.php
    VISTA:
    https://www.tayo.fr/desactiver-restauration-windows-vista-tutoriel.php

    ---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
    https://www.vulgarisation-informatique.com/creer-point-restauration.php

    a+

    0
  16. dobedo
     
    Bonjour archet9,

    Je te remercie pour ta réponse. Je n'ai pas eu le temps d'appliquer tes instructions plus rapidement faute de temps.J'ai fini l'étape ccleaner. Je vais créer un point de restauration puis purger.
    Je te joins le rapport demandé.

    [ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

    --> Recherche:

    C:\TB.txt: trouvé !
    C:\UsbFix.txt: trouvé !
    C:\Toolbar SD: trouvé !
    C:\UsbFix: trouvé !
    C:\Rsit: trouvé !
    C:\Program Files\Ad-remover: trouvé !
    C:\Program Files\Ad-Remover\BACKUP\Ad-R.exe: trouvé !
    C:\Program Files\trend micro\HijackThis.exe: trouvé !
    C:\Program Files\trend micro\hijackthis.log: trouvé !
    C:\Program Files\trend micro\HijackThis: trouvé !
    C:\Program Files\trend micro\HijackThis\HijackThis.exe: trouvé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
    C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
    C:\Users\Invité\Desktop\HijackThis.lnk: trouvé !
    C:\Users\Philippe\Contacts\Desktop\Ad-R.exe: trouvé !
    C:\Users\Philippe\Contacts\Desktop\ToolBarSD.exe: trouvé !
    C:\Users\Philippe\Contacts\Desktop\UsbFix.exe: trouvé !
    C:\Users\Philippe\Contacts\Desktop\Rsit.exe: trouvé !
    C:\Users\Philippe\Contacts\Desktop\SmitFraudfix: trouvé !
    C:\Users\Philippe\Desktop\HijackThis.lnk: trouvé !
    C:\Users\Philippe\Downloads\HJTInstall.exe: trouvé !
    C:\Users\Philippe\Downloads\UsbFix_Upload_Me_Dobedo\UsbFix_Upload_Me\UsbFix.txt: trouvé !

    ---------------------------------
    --> Suppression:

    C:\Program Files\Ad-Remover\BACKUP\Ad-R.exe: supprimé !
    C:\Program Files\trend micro\HijackThis.exe: supprimé !
    C:\Program Files\trend micro\HijackThis\HijackThis.exe: supprimé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
    C:\Users\Invité\Desktop\HijackThis.lnk: supprimé !
    C:\Users\Philippe\Contacts\Desktop\Ad-R.exe: supprimé !
    C:\Users\Philippe\Contacts\Desktop\ToolBarSD.exe: supprimé !
    C:\Users\Philippe\Desktop\HijackThis.lnk: supprimé !
    C:\Users\Philippe\Downloads\HJTInstall.exe: supprimé !
    C:\TB.txt: supprimé !
    C:\UsbFix.txt: supprimé !
    C:\Program Files\trend micro\hijackthis.log: supprimé !
    C:\Users\Philippe\Contacts\Desktop\UsbFix.exe: supprimé !
    C:\Users\Philippe\Contacts\Desktop\Rsit.exe: supprimé !
    C:\Users\Philippe\Downloads\UsbFix_Upload_Me_Dobedo\UsbFix_Upload_Me\UsbFix.txt: supprimé !
    C:\Toolbar SD: supprimé !
    C:\UsbFix: supprimé !
    C:\Rsit: supprimé !
    C:\Program Files\Ad-remover: supprimé !
    C:\Program Files\trend micro\HijackThis: supprimé !
    C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !
    C:\Users\Philippe\Contacts\Desktop\SmitFraudfix: supprimé !

    Qu'est-ce que cela donne?

    A+,

    dobedo
    0