Besoin d'aide ordi infecté + écran noir

lvir -  
 lvir -
Bonjour,
salut
j'ai besoin de votre aide: depuis quelques temps mon écran a des couleurs psychédéliques je pensais qu'il s'agissait d'un simple problème d'écran mais mon écran est devenu tout noir avec uniquement la barre de taches en bas. il faut à que je clique sur le raccourci bureau qui est dans la barre de taches en bas pour pouvoir voir mon bureau mais à chaque fois que j'ouvre quelque chose puis le ferme mon écran est de nouveau noir!
hier windows defender a émis une alerte il y a 1 cheval de troie...! mon anti virus avast n'avait pas réagit! security tool s'est déclanché (je ne savais même pas que j'avais ce truc) et m'a demandé pour s'installer, ce que j'ai fait puis il m'a demandé de l'acheter (j'ai refusé et l'ai désinstallé) je n'ai lu qu'après vos topics là dessus. mon frère m'a conseillé d'installer avira antivir personel et spybot defender. j'ai lancé spybot qui m'a dit "aucun mouchard n'a été trouvé" puis j'ai lancé un scan avec avira qui m'a trouvé non pas 1 mais 2 fichiers avec des cheval de troie. j'ai supprimé ces 2 fichiers et vidé la poubelle. maintenant avira m'affiche que 2 "virus ou programmes indésirables ont été trouvés" mais que dois-je faire? déplacer e, quarantaine, supprimer, renommer, refuser l'accès ou ignorer
objet .................................résultat positif
A0130485.exe.................... ADSPY/Agent.iwk
A01330489.dll ....................ADSPY/MSNSkinner.1

j'ai vu que vous demandiez souvent d'installer hijachthis et le rapport de celui ci, le voici donc

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43:11, on 26/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Iminent\IMBooster\IMBooster.exe
C:\Program Files\Samsung\EmoDio\SMSTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\program files\avira\antivir desktop\avcenter.exe
L:\U Torrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Users\Virginie\Documents\Logitiels\HijackThis.exe

O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 6384 bytes

une fois décidé ce que je dois faire de ces 2 virus ou programmes indésirable, comment faire pour récupérer mon bureau?
merci de votre aide.
Configuration: Windows Vista Internet Explorer 7.0

28 réponses

  • 1
  • 2
Résumé de la discussion

Des signes d’infection surviennent sous Windows Vista: écran décoloré puis totalement noir avec la barre des tâches visible, accompagnés d’alertes de cheval de Troie et de détections antivirales. Les éléments de réponse essentiels suggèrent d’analyser les composants suspects, de désinstaller des outils potentiellement indésirables et d’employer un outil de nettoyage comme UsbFix, exécuté en administrateur. Au besoin, le rapport généré par l’outil doit être partagé et des analyses complémentaires, telles que HijackThis, peuvent identifier des éléments persistants, avec des conseils pour traiter les fichiers A0130485.exe et A01330489.dll. En dernier lieu, la discussion souligne que la suppression des infections et la récupération du bureau peuvent nécessiter une combinaison de nettoyages approfondis, de sauvegardes propres et éventuellement une réinitialisation du système.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Utilisateur anonyme
     
    EDIT : As tu supprimer les Cracks ?

    ▶ Telecharge et install UsbFix par Chiquitine29

    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

    ▶ Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisis "éxécuter en tant qu'administrateur" .

    ▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

    ▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

    ▶ Laisse travailler l outil.

    ▶ Ensuite post le rapport UsbFix.txt qui apparaitra.

    Note : Le rapport UsbFix.txt est sauvegardé à la racine du disque. ( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
    1
    1. lvir
       
      bon j'ai enlevé quelques cracks mais je ne peux pas tous les enlevé sinon certains logiciels ou jeux ne marcheront plus mais dès que mon homme a fini ses jeux je vire les cracks qui vont avec. voici le rapport

      ############################## | UsbFix V6.059 |

      User : Virginie (Administrateurs) # PC-DE-VIRGINIE
      Update on 01/12/2009 by Chiquitine29, C_XX & Chimay8
      Start at: 14:45:26 | 05/12/2009
      Website : http://pagesperso-orange.fr/NosTools/index.html
      Contact : FindyKill.Contact@gmail.com

      AMD Phenom(tm) 9100e Quad-Core Processor
      Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
      Internet Explorer 8.0.6001.18828
      Windows Firewall Status : Enabled

      C:\ -> Disque fixe local # 916,86 Go (650,68 Go free) [OS] # NTFS
      D:\ -> Disque CD-ROM
      E:\ -> Disque amovible
      F:\ -> Disque amovible
      G:\ -> Disque amovible # 488,25 Mo (481,23 Mo free) [CARTE MÉMOI] # FAT
      H:\ -> Disque amovible
      I:\ -> Disque CD-ROM
      J:\ -> Disque amovible # 997,7 Mo (993,23 Mo free) [VIRGINIE L] # FAT32
      L:\ -> Disque fixe local # 111,79 Go (37,7 Go free) [VIRGINIE & MANU FREECOM HDD] # NTFS

      ############################## | Processus actifs |

      C:\Windows\System32\smss.exe 448
      C:\Windows\system32\csrss.exe 532
      C:\Windows\system32\wininit.exe 580
      C:\Windows\system32\csrss.exe 592
      C:\Windows\system32\services.exe 632
      C:\Windows\system32\lsass.exe 644
      C:\Windows\system32\lsm.exe 652
      C:\Windows\system32\svchost.exe 812
      C:\Windows\system32\nvvsvc.exe 900
      C:\Windows\system32\winlogon.exe 948
      C:\Windows\system32\svchost.exe 964
      C:\Windows\System32\svchost.exe 1016
      C:\Windows\system32\Ati2evxx.exe 1084
      C:\Windows\System32\svchost.exe 1104
      C:\Windows\System32\svchost.exe 1188
      C:\Windows\system32\svchost.exe 1204
      C:\Windows\system32\svchost.exe 1344
      C:\Windows\system32\SLsvc.exe 1368
      C:\Windows\system32\svchost.exe 1428
      C:\Windows\system32\rundll32.exe 1512
      C:\Windows\system32\svchost.exe 1624
      C:\Windows\system32\Ati2evxx.exe 1664
      C:\Windows\System32\spoolsv.exe 1916
      C:\Program Files\Avira\AntiVir Desktop\sched.exe 1944
      C:\Windows\system32\svchost.exe 1960
      C:\Windows\system32\Dwm.exe 1636
      C:\Windows\system32\taskeng.exe 1912
      C:\Windows\Explorer.EXE 512
      C:\Program Files\Windows Defender\MSASCui.exe 2132
      C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe 2144
      C:\Windows\RtHDVCpl.exe 2180
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 2192
      C:\Program Files\Samsung\EmoDio\SMSTray.exe 2288
      C:\Program Files\Java\jre6\bin\jusched.exe 2376
      C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 2428
      C:\Windows\ehome\ehtray.exe 2484
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe 2508
      C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe 2532
      C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe 2564
      C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe 2612
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 2712
      C:\Windows\system32\taskeng.exe 2840
      C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe 2892
      C:\Program Files\Avira\AntiVir Desktop\avguard.exe 2952
      C:\Windows\ehome\ehmsas.exe 3004
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 3012
      C:\Program Files\Bonjour\mDNSResponder.exe 3056
      C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe 3100
      C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 3276
      C:\Windows\system32\IoctlSvc.exe 3360
      C:\Windows\system32\PnkBstrA.exe 3396
      C:\Windows\system32\PnkBstrB.exe 3440
      C:\Windows\system32\svchost.exe 3464
      C:\Windows\system32\svchost.exe 3516
      C:\Windows\System32\svchost.exe 3556
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 3600
      C:\Windows\system32\SearchIndexer.exe 3688
      C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe 3808
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe 2404
      C:\Windows\system32\WUDFHost.exe 3040
      C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe 3924
      C:\Program Files\Windows Live\Contacts\wlcomm.exe 2204
      C:\Program Files\Internet Explorer\iexplore.exe 3252
      C:\Program Files\Internet Explorer\iexplore.exe 4464
      \\?\C:\Windows\system32\wbem\WMIADAP.EXE 5208
      C:\Windows\system32\wbem\wmiprvse.exe 5144
      C:\Windows\system32\conime.exe 5040
      C:\Windows\system32\wbem\wmiprvse.exe 3472

      ################## | Fichiers # Dossiers infectieux |


      ################## | Spyware.OnlineGames |


      ################## | Registre # Clés infectieuses |

      [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
      [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
      [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

      ################## | Registre # Mountpoints2 |


      ################## | Cracks / Keygens / Serials |

      "C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\AVS Vid‚o Converter 6\Crack\AVSVideoConverter.exe"
      09/06/2009 18:18 |Size 18501632 |Crc32 e0ff0344 |Md5 5aa714aeaa1174ab7239985cf1cac86d

      "C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\call of duty 4\crack\iw3sp.exe"
      06/11/2007 21:33 |Size 3017216 |Crc32 4614c0e7 |Md5 77d460bfbfff90bcf930ecc654588000

      "C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\dream pinball 3D\DREAM PINBALL 3D\crack (fixed)\dp3d.exe"
      06/10/2009 18:42 |Size 1880064 |Crc32 4091a1d7 |Md5 45992e6a5eded84e6add0fc81ee46d27

      "C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\dream pinball 3D\DREAM PINBALL 3D\patch + no cd pour vista\Dream pinball 1.02(Vista+DualCore patch) + NoCD\Crack\dp3d.exe"
      06/10/2009 18:00 |Size 2064384 |Crc32 d2f1505e |Md5 39cfe03efed15b85c6d0c8b6ccb53abc

      "C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\Far Cry 2 with no CD or activation required crack\FarCry2.exe"
      08/03/2009 12:12 |Size 35270 |Crc32 30b7778d |Md5 e9dba2342e6e52dc203d7c3fda20c47d

      "C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\TMPGEnc Plus v2.512.52.161 Win9xNT (Includes Keygen) + TMPG DVD Author 1.5 (Includes Keygen And Update).rar"
      -> contain : TMPG DVD Author 1.5 (Includes Keygen And Update)\TMPG DVD author keygen.exe

      "C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\TMPGEnc Plus v2.512.52.161 Win9xNT (Includes Keygen) + TMPG DVD Author 1.5 (Includes Keygen And Update).rar"
      -> contain : TMPG DVD Author 1.5 (Includes Keygen And Update)\TDA-1.5.11.37-install-EN.exe

      "C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\TMPGEnc Plus v2.512.52.161 Win9xNT (Includes Keygen) + TMPG DVD Author 1.5 (Includes Keygen And Update).rar"
      -> contain : TMPG DVD Author 1.5 (Includes Keygen And Update)\TDA-1.5.15.49-install-EN UPDATE.exe

      "C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\TMPGEnc Plus v2.512.52.161 Win9xNT (Includes Keygen) + TMPG DVD Author 1.5 (Includes Keygen And Update).rar"
      -> contain : TMPGEnc Plus v2.512.52.161 Win9xNT (Includes Keygen)\keygen.exe

      "C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\TMPGEnc Plus v2.512.52.161 Win9xNT (Includes Keygen) + TMPG DVD Author 1.5 (Includes Keygen And Update).rar"
      -> contain : TMPGEnc Plus v2.512.52.161 Win9xNT (Includes Keygen)\TMPGEnc-2.512.52.161-Plus-EN-Installer-DL.exe


      ################## | ! Fin du rapport # UsbFix V6.059 ! |
      0
  2. Utilisateur anonyme
     
    Salut,

    Hijackthis n'a rien montré ..

    ▶ Télécharge ZHPDiag (de Nicolas Coolman)

    ou :ZHPDiag

    Enregistre le sur ton Bureau.

    Une fois le téléchargement achevé,

    ▶ lance ZHPDiag.exe et clique sur Unzip dans la fenêtre qui s'ouvre.

    ▶ Clique sur la clé à molette puis sur Tous pour cocher toutes les cases des options.

    ▶ Clique sur la loupe pour lancer l'analyse.

    A la fin de l'analyse,

    ▶ clique sur l'appareil photo et enregistre le rapport sur ton Bureau.

    Pour me le transmettre clique sur ce lien :

    http://www.cijoint.fr/

    ▶ Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\.ZHPDiag.txt

    ▶ Clique sur Ouvrir.

    ▶ Clique sur "Cliquez ici pour déposer le fichier".

    Un lien de cette forme :

    http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt

    est ajouté dans la page.

    ▶ Copie ce lien dans ta réponse.
    0
    1. lvir
       
      merci pour ta réponse ultra rapide.
      voici le lien http://www.cijoint.fr/cjlink.php?file=cj200911/cijwSwA2lI.txt
      0
    2. lvir
       
      j'ai oublié de te dire on m'a aussi recomandé de faire un diagnostique avec ZHPDiag voici le rapport peu être que ça t'apportera des infos en plus...et encore merci

      Malwarebytes' Anti-Malware 1.41
      Version de la base de données: 3245
      Windows 6.0.6002 Service Pack 2

      28/11/2009 01:14:54
      mbam-log-2009-11-28 (01-14-38).txt

      Type de recherche: Examen complet (C:\|L:\|)
      Eléments examinés: 353289
      Temps écoulé: 2 hour(s), 46 minute(s), 52 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 1
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 1
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\63651021 (Rogue.Multiple) -> No action taken.

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      C:\ProgramData\63651021 (Rogue.Multiple) -> No action taken.

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)
      0
  3. Utilisateur anonyme
     
    Si tu suit une désinfection autre part je peut pas continuer avec toi ...

    ▶ Télécharge TOOLBAR S&D ( de Eric_71/Team IDN ) sur ton bureau :

    !! Déconnecte toi,desactive tes protections résidentes, et ferme toutes tes applications en cours le temps de la manip. !!

    ▶ Double-clique sur ToolBar SD.exe pour lancer l'outil et laisse toi guider ...

    ▶ option recherche puis [Entrée].

    Un rapport sera généré à la fin du processus : poste son contenu dans ta prochaine réponse

    ( le rapport est en outre sauvegardé ici -> C:\TB.txt )

    Tutoriel

    0
  4. lvir
     
    désolée de t'avoir froissée mais j'avais peur de ne pas avoir de réponse.
    voici le rapport

    -----------\\ ToolBar S&D 1.2.9 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : AMD Phenom(tm) 9100e Quad-Core Processor )
    BIOS : BIOS Date: 12/25/08 18:47:33 Ver: 08.00.14
    USER : Virginie ( Administrator )
    BOOT : Normal boot
    C:\ (Local Disk) - NTFS - Total:916 Go (Free:651 Go)
    D:\ (CD or DVD)
    E:\ (USB)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)
    I:\ (CD or DVD)
    L:\ (Local Disk) - NTFS - Total:111 Go (Free:37 Go)

    "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
    Option : [1] ( 29/11/2009|13:17 )

    [ UAC => 1 ]

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\Program Files\DAEMON Tools Toolbar
    C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    C:\Program Files\DAEMON Tools Toolbar\Resources
    C:\Program Files\DAEMON Tools Toolbar\uninst.exe
    C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
    C:\Program Files\DAEMON Tools Toolbar\Resources\about.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\AboutWindow.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\AddRadioStation.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\as.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\as.png
    C:\Program Files\DAEMON Tools Toolbar\Resources\astro.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\az.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\b1.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\b1.png
    C:\Program Files\DAEMON Tools Toolbar\Resources\BurnImage.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\buy.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond000.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond001.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond003.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond004.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond005.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond006.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond007.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond008.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond009.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond010.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond011.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond019.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond020.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond021.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond022.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond023.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond024.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond025.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond026.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond037.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond038.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond039.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond040.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond041.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond046.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond048.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond050.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond051.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond052.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond053.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond054.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond055.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond056.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond057.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond058.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond059.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond060.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond061.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond062.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond063.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond064.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond065.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond066.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond067.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond068.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond069.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond075.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond076.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond077.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond078.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond079.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond080.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond084.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond085.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond086.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond087.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond088.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond089.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond090.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond091.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond092.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond093.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond094.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond095.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond108.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond109.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond110.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond111.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond112.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond113.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond120.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond121.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond122.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond126.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond127.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond128.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond129.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond130.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond131.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond132.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond133.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond134.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond135.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond136.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond137.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond138.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond140.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond141.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond142.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond143.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond148.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond149.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond152.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond154.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond155.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond156.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\cond157.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\Config.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\d.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\d2.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\daemon.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\ds.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\dsearch.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\dt.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\DTPro.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\Dwnl.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\emulation.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\features.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\GameCentrix.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\gd.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\genre.xml
    C:\Program Files\DAEMON Tools Toolbar\Resources\globe.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\GrabImage.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\hb.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\hb.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\help.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\ip.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\lang.xml
    C:\Program Files\DAEMON Tools Toolbar\Resources\lingvo.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\m.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\mail.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\mailc.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_disable.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_down.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_under.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\mail_disable.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\mail_down.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\mail_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\mail_under.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioConfig.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioStation.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRSCur.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\MenuTr.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\next.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\next_down.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\next_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\next_under.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\none.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\none_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\noW.gif
    C:\Program Files\DAEMON Tools Toolbar\Resources\op.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\play.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\play.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\play_down.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\play_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\play_under.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\pragma.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\prev.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\prev_down.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\prev_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\prev_under.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\prod.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\Radio.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBg.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBg.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBgMask.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_down.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_under.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioE.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioG.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioL.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLDotMask.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLeft.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLeftMask.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLM.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioN.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioR.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioR.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioRM.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioRU.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_down.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_under.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\RadioW.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\refresh.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_down.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_under.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\Rss.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\Rss1.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\rssClose.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\rssL.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\rssOpen.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\size.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\size_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\skins.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\spt.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\stop.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\stop.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\stop_down.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\stop_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\stop_under.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\style.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\SupportRequest.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\time.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\TitleIcon.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\toolbar.xml
    C:\Program Files\DAEMON Tools Toolbar\Resources\trans.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\Trash.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_disable.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_down.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_under.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\u.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\vol.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\vol.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\vol_back.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\vol_down.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\vol_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\vol_under.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\wb.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_down.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_under.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_down.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_m.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_under.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m42.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m43.bmp
    C:\Program Files\DAEMON Tools Toolbar\Resources\wi.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\wi0.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\wi1.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\wi10.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\wi11.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\wi12.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\wi13.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\wi2.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\wi3.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\wi4.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\wi5.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\wi6.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\wi7.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\wi8.ico
    C:\Program Files\DAEMON Tools Toolbar\Resources\wi9.ico
    C:\Program Files\Search Settings
    C:\Program Files\Search Settings\kb128
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\Program Files\Search Settings\kb128\res
    C:\Program Files\Search Settings\kb128\SearchSettings.dll
    C:\Program Files\Search Settings\kb128\SearchSettingsRes409.dll
    C:\Program Files\Search Settings\kb128\temp

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://www.google.fr/?gws_rd=ssl"
    "Default_Page_URL"="http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp32&d=0109&m=imedia_a4730_fr"
    "Local Page"="C:\\Windows\\system32\\blank.htm"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Url"="https://www.msn.com/fr-fr/actualite/"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp32&d=0109&m=imedia_a4730_fr"
    "Default_Page_URL"="http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp32&d=0109&m=imedia_a4730_fr"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Local Page"="C:\\Windows\\System32\\blank.htm"

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\TMPGEnc Plus v2.512.52.161 Win9xNT (Includes Keygen) + TMPG DVD Author 1.5 (Includes Keygen And Update).rar
    C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\AVS Vid‚o Converter 6\Crack
    C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\AVS Vid‚o Converter 6\Crack\AVSVideoConverter.exe
    C:\Users\Virginie\Favorites\crack
    C:\Users\Virginie\Favorites\crack\ GameBurnWorld.url
    C:\Users\Virginie\Favorites\crack\Astalavista.MS .url
    C:\Users\Virginie\Favorites\crack\Crack.MS.url
    C:\Users\Virginie\Favorites\crack\GameCopyWorld.url
    C:\Users\Virginie\Favorites\crack\KEYGEN.MS - Generates cracks serials keygens.url
    C:\Users\Virginie\Favorites\crack\Patch-Fr.com.url
    C:\Users\Virginie\Favorites\crack\SeriaLCrackZ.com.url
    C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Call of duty 4 fr + crack.iso
    C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\Far Cry 2 with no CD or activation required crack
    C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\call of duty 4\crack
    C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\call of duty 4\crack\iw3sp.exe
    C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\dream pinball 3D\DREAM PINBALL 3D\crack (fixed)
    C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\dream pinball 3D\DREAM PINBALL 3D\crack (fixed)\dp3d.exe
    C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\dream pinball 3D\DREAM PINBALL 3D\patch + no cd pour vista\Dream pinball 1.02(Vista+DualCore patch) + NoCD\Crack
    C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\dream pinball 3D\DREAM PINBALL 3D\patch + no cd pour vista\Dream pinball 1.02(Vista+DualCore patch) + NoCD\Crack\dp3d.exe
    C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\Far Cry 2 with no CD or activation required crack\Far cry 2.docx
    C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\Far Cry 2 with no CD or activation required crack\FarCry2-ISO-and-crack.txt
    C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\Far Cry 2 with no CD or activation required crack\FarCry2.exe
    C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\Far Cry 2 with no CD or activation required crack\FARCRY2.iso

    [ UAC => 1 ]

    1 - "C:\ToolBar SD\TB_1.txt" - 29/11/2009|13:18 - Option : [1]

    -----------\\ Fin du rapport a 13:18:19,37
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    Supprime les CRACKS ---> Source d'infections.

    ▶ Relance Toolbar-S&D en double-cliquant sur le raccourci

    ▶ Tape sur "2" puis valide en appuyant sur "Entrée".

    ! Ne ferme pas la fenêtre lors de la suppression !

    Un rapport sera généré,

    ▶ poste son contenu ici.

    NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
    Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
    Tape explorer puis valide.

    0
  7. lvir
     
    voilà le rapport

    -----------\\ ToolBar S&D 1.2.9 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2
    X86-based PC ( Multiprocessor Free : AMD Phenom(tm) 9100e Quad-Core Processor )
    BIOS : BIOS Date: 12/25/08 18:47:33 Ver: 08.00.14
    USER : Virginie ( Administrator )
    BOOT : Normal boot
    C:\ (Local Disk) - NTFS - Total:916 Go (Free:651 Go)
    D:\ (CD or DVD)
    E:\ (USB)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)
    I:\ (CD or DVD)
    L:\ (Local Disk) - NTFS - Total:111 Go (Free:37 Go)

    "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
    Option : [2] ( 29/11/2009|14:12 )

    [ UAC => 1 ]

    -----------\\ SUPPRESSION

    Supprime! - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    Supprime! - C:\Program Files\DAEMON Tools Toolbar\Resources
    Supprime! - C:\Program Files\DAEMON Tools Toolbar\uninst.exe
    Supprime! - C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
    Supprime! - C:\Program Files\Search Settings\kb128
    Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
    Supprime! - C:\Program Files\DAEMON Tools Toolbar
    Supprime! - C:\Program Files\Search Settings

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://www.google.fr/?gws_rd=ssl"
    "Default_Page_URL"="http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp32&d=0109&m=imedia_a4730_fr"
    "Local Page"="C:\\Windows\\system32\\blank.htm"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Url"="https://www.msn.com/fr-fr/actualite/"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://www.msn.com/fr-fr/"
    "Default_Page_URL"="http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp32&d=0109&m=imedia_a4730_fr"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Local Page"="C:\\Windows\\System32\\blank.htm"

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\TMPGEnc Plus v2.512.52.161 Win9xNT (Includes Keygen) + TMPG DVD Author 1.5 (Includes Keygen And Update).rar
    C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\AVS Vid‚o Converter 6\Crack
    C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\AVS Vid‚o Converter 6\Crack\AVSVideoConverter.exe
    C:\Users\Virginie\Favorites\crack
    C:\Users\Virginie\Favorites\crack\ GameBurnWorld.url
    C:\Users\Virginie\Favorites\crack\Astalavista.MS .url
    C:\Users\Virginie\Favorites\crack\Crack.MS.url
    C:\Users\Virginie\Favorites\crack\GameCopyWorld.url
    C:\Users\Virginie\Favorites\crack\KEYGEN.MS - Generates cracks serials keygens.url
    C:\Users\Virginie\Favorites\crack\Patch-Fr.com.url
    C:\Users\Virginie\Favorites\crack\SeriaLCrackZ.com.url
    C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Call of duty 4 fr + crack.iso
    C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\Far Cry 2 with no CD or activation required crack
    C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\call of duty 4\crack
    C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\call of duty 4\crack\iw3sp.exe
    C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\dream pinball 3D\DREAM PINBALL 3D\crack (fixed)
    C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\dream pinball 3D\DREAM PINBALL 3D\crack (fixed)\dp3d.exe
    C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\dream pinball 3D\DREAM PINBALL 3D\patch + no cd pour vista\Dream pinball 1.02(Vista+DualCore patch) + NoCD\Crack
    C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\dream pinball 3D\DREAM PINBALL 3D\patch + no cd pour vista\Dream pinball 1.02(Vista+DualCore patch) + NoCD\Crack\dp3d.exe
    C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\Far Cry 2 with no CD or activation required crack\Far cry 2.docx
    C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\Far Cry 2 with no CD or activation required crack\FarCry2-ISO-and-crack.txt
    C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\Far Cry 2 with no CD or activation required crack\FarCry2.exe
    C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\Far Cry 2 with no CD or activation required crack\FARCRY2.iso

    [ UAC => 1 ]

    1 - "C:\ToolBar SD\TB_1.txt" - 29/11/2009|13:18 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 29/11/2009|14:13 - Option : [2]

    -----------\\ Fin du rapport a 14:13:43,16
    0
  8. Utilisateur anonyme
     
    Tu veux pas supprimer les CRACKS ?

    ▶ Télécharge Superantispyware (SAS)

    ▶ Choisis "enregistrer" et enregistre-le sur ton bureau.

    ▶ Double-clique sur l'icône d'installation qui vient de se créer et suis les instructions.

    ▶ Créé une icône sur le bureau.

    ▶ Double-clique sur l'icône de SAS (une tête dans un cercle rouge barré) pour le lancer.

    ▶- Si l'outil te demande de mettre à jour le programme ("update the program definitions", clique sur yes.
    ▶- Sous Configuration and Preferences, clique sur le bouton "Preferences"
    ▶- Clique sur l'onglet "Scanning Control "
    ▶- Dans "Scanner Options ", assure toi que la case devant lles lignes suivantes est cochée :

    ▶Close browsers before scanning
    ▶Scan for tracking cookies
    ▶Terminate memory threats before quarantining

    ▶ Laisse les autres lignes décochées.

    ▶ Clique sur le bouton "Close" pour quitter l'écran du centre de contrôle.

    ▶ Dans la fenêtre principale, clique, dans "Scan for Harmful Software", sur "Scan your computer".

    ▶ Dans la colonne de gauche, coche C:\Fixed Drive.

    ▶ Dans la colonne de droite, sous "Complete scan", clique sur "Perform Complete Scan"

    ▶ Clique sur "next" pour lancer le scan. Patiente pendant la durée du scan.

    ▶ A la fin du scan, une fenêtre de résultats s'ouvre . Clique sur OK.

    ▶ Assure toi que toutes les lignes de la fenêtre blanche sont cochées et clique sur "Next".

    ▶ Tout ce qui a été trouvé sera mis en quarantaine. S'il t'es demandé de redémarrer l'ordi ("reboot"), clique sur Yes.

    Pour recopier les informations sur le forum, fais ceci :

    ▶ - après le redémarrage de l'ordi, double-clique sur l'icône pour lancer SAS.
    ▶ - Clique sur "Preferences" puis sur l'onglet "Statistics/Logs ".
    ▶- Dans "scanners logs", double-clique sur SUPERAntiSpyware Scan Log.

    ▶ - Le rapport va s'ouvrir dans ton éditeur de texte par défaut.

    ▶ - Copie son contenu dans ta réponse.

    Regarde bien le tuto SUPERAntiSpyware il est très bien expliqué.
    0
    1. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
       
      tiens je reconnais mon canned.
      0
      1. Utilisateur anonyme > pimprenelle27 Messages postés 22182 Statut Contributeur sécurité
         
        Salut,

        C'est le canned de Gen-Hackman. C'est même lui qui me les a passer :))

        Donc j'ai les droits d'auteur ...

        Merci de ne pas perturbé le Topique avec des messages hors sujet.



        0
  9. lvir
     
    en fait beaucoup de programmes installés et des jeux utilisent des cracks. je sais il ne faut pas télécharger mais bon ....lol
    0
  10. Utilisateur anonyme
     
    Comme tu veux ...

    1/ C'est illégal
    2/ C'est infectieux

    Continue la suite.
    0
    1. lvir
       
      voici le rapport de SAS (désolée j'ai mis un peu de temps mais je me suis coincée le dos et j'ai du mal à rester assise devant l'ordi lol)

      SUPERAntiSpyware Scan Log
      https://www.superantispyware.com/

      Generated 11/29/2009 at 09:48 PM

      Application Version : 4.31.1000

      Core Rules Database Version : 4318
      Trace Rules Database Version: 2177

      Scan type : Complete Scan
      Total Scan Time : 02:09:37

      Memory items scanned : 696
      Memory threats detected : 0
      Registry items scanned : 8378
      Registry threats detected : 19
      File items scanned : 31366
      File threats detected : 205

      Adware.Vundo/Variant
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{E54729E8-BB3D-4270-9D49-7389EA579090}
      HKCR\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090}
      HKCR\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090}
      HKCR\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090}\InprocServer32
      HKCR\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090}\InprocServer32#ThreadingModel
      HKCR\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090}\ProgID
      HKCR\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090}\TypeLib
      HKCR\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090}\VersionIndependentProgID
      HKCR\ezUPBHook.ShellObj.1
      HKCR\ezUPBHook.ShellObj.1\CLSID
      HKCR\ezUPBHook.ShellObj
      HKCR\ezUPBHook.ShellObj\CLSID
      HKCR\ezUPBHook.ShellObj\CurVer
      HKCR\TypeLib\{478CAB91-9E28-11D4-97FF-0050047D51FB}
      HKCR\TypeLib\{478CAB91-9E28-11D4-97FF-0050047D51FB}\1.0
      HKCR\TypeLib\{478CAB91-9E28-11D4-97FF-0050047D51FB}\1.0\0
      HKCR\TypeLib\{478CAB91-9E28-11D4-97FF-0050047D51FB}\1.0\0\win32
      HKCR\TypeLib\{478CAB91-9E28-11D4-97FF-0050047D51FB}\1.0\FLAGS
      HKCR\TypeLib\{478CAB91-9E28-11D4-97FF-0050047D51FB}\1.0\HELPDIR
      C:\WINDOWS\SYSTEM32\EZUPBH~1.DLL

      Adware.Tracking Cookie
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@bouyguestelecom.solution.weborama[3].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@weborama[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@serving-sys[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@bs.serving-sys[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@advertstream[3].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@content.yieldmanager[4].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@apmebf[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@content.yieldmanager[5].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@smartadserver[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@fastclick[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@doubleclick[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@ad.zanox[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@atdmt[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@t.bbtrack[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@ad.yieldmanager[3].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@partypoker[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Local\Temp\Low\Cookies\manu@boursoramabanque.solution.weborama[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Local\Temp\Low\Cookies\manu@cetelem.solution.weborama[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Local\Temp\Low\Cookies\manu@smartadserver[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Local\Temp\Low\Cookies\manu@tradedoubler[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Local\Temp\Low\Cookies\manu@weborama[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@680.stats.misstrends[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@extrait-sexe[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@at.atwola[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@teen-sodomisee[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@ad.zanox[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@sexy-matures[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@cetelem.solution.weborama[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@media.carpediem[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@mature.blogsexgratuit[10].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@lesexemature[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@mature.blogsexgratuit[11].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@accrosexe[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@fr.at.atwola[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@rabbitfinder[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@atdmt[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.teen-sodomisee[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@exhibporno[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@clip-sexe-amateurs[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.clip-sexe-amateurs[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@machinasexe[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@mature.blogsexgratuit[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.adult-empire[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@apmebf[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@ehg-aig.hitbox[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@serving-sys[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@mature.blogsexgratuit[8].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@mature.blogsexgratuit[7].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@mature.blogsexgratuit[6].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@mature.blogsexgratuit[5].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@mature.blogsexgratuit[4].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@mature.blogsexgratuit[3].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@mature.blogsexgratuit[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@mature.blogsexgratuit[9].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.photo-sexe[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@atwola[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@smartadserver[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@adtech[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.extrait-sexe[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.sexy-matures[3].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.sexy-matures[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@llsexe[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.lesexemature[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@content.yieldmanager[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@d2.advertserve[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@stat.blogorama[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@tradedoubler[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@photo-sexe[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.googleadservices[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@advertising[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.onsexhibe[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@airsexe[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@accesporno[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@jeune-salope-xxx[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.sexyavenue[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@adserver.aol[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.jeune-salope-xxx[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@bluestreak[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@sexeovore[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@samsung.solution.weborama[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@clickinvideo[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.sexe-sans-censure[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@bouyguestelecom.solution.weborama[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@sexe-libre[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@bs.serving-sys[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@repertoire-porno[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@sexyavenue[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@pornravage[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@weborama[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@galleries.adult-empire[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@sexesursexe[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.sexy-cocktail[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@maxxxblog[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@carasexe[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@adult-empire[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.pornattitude[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.sexeautop[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@6128.stats.misstrends[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@fastclick[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@sexejoursursexe[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.sexe[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@2009.exhibporno[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@2026.stats.misstrends[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@4524.stats.misstrends[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@5504.stats.misstrends[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@663.stats.misstrends[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@689.stats.misstrends[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@ad.yieldmanager[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@ads.canalblog[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@blog-adultes[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@blogadultes.sexy.easysexe[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@boursoramabanque.solution.weborama[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@doubleclick[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@double-sexe[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@easysexe[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@fl01.ct2.comclick[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@flvtools.spacash[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@galleries1.adult-empire[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@hds.carasexe[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@himedia.individuad[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@hitbox[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@onsexhibe[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@nestlewaters.solution.weborama[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@plagesexy[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@pornattitude[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@porn[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@sexeautop[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@stats.canalblog[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@virginmobile.solution.weborama[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@tacoda[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@tracking.publicidees[2].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.accesporno[3].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@xiti[1].txt
      C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\manu@mature.blogsexgratuit[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@advertstream[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@adviva[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@ad.yieldmanager[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@zedo[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@adviva[3].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@ads.sumotorrent[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@xiti[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@xiti[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@showroomprive.solution.weborama[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@weborama[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@statse.webtrendslive[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@boursoramabanque.solution.weborama[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@cetelem.solution.weborama[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@at.atwola[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@weborama[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@t.bbtrack[3].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@t.bbtrack[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@partypoker[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@msnportal.112.2o7[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@ad.zanox[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@advertstream[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@zanox[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@tacoda[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@www.partypoker[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@lascad.solution.weborama[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@serving-sys[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@aimfar.solution.weborama[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@bs.serving-sys[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@interflora2.solution.weborama[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@doubleclick[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@tradedoubler[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@specificclick[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@server.iad.liveperson[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@questionmarket[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@bouyguestelecom.solution.weborama[3].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@bouyguestelecom.solution.weborama[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@ad3.clickhype[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@server.iad.liveperson[3].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@advertising[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@doubleclick[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@apmebf[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@atdmt[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@garnier2009.solution.weborama[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@tracking.publicidees[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@statcounter[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@partyaccount[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@mediaplex[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@cdn5.specificclick[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@adultfriendfinder[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@adtech[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@insightexpressai[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@smartadserver[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@bluestreak[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@adtech[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@bluestreak[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@ads.gamersmedia[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@content.yieldmanager[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@secure.partyaccount[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@smartadserver[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@content.yieldmanager[3].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@ad.yieldmanager[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@fastclick[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@weborama[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@bouyguestelecom.solution.weborama[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@doubleclick[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@apmebf[1].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@content.yieldmanager[2].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@content.yieldmanager[3].txt
      C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@atdmt[2].txt

      Adware.Vundo/Variant-MSFake
      C:\PROGRAM FILES\NAVILOG1\REG.EXE
      0
  11. Utilisateur anonyme
     
    Vide la quarantaine de SAS.


    /!\ ATTENTION SUIVRE SCRUPULEUSEMENT A LA LETTRE CES INDICATIONS/!\

    ▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe"

    _______________________________________________________________
    >Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
    >>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
    ======================================================


    ▶ On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    Avant d'utiliser ComboFix :
    ______________________________________________________________________
    >> referme les fenêtres de tous les programmes en cours.
    >> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
    >>la protection en temps réel de ton Antivirus et de tes Antispywares,
    >>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

    °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°


    ▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!

    ▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    >> Reviens sur le forum, et

    ▶ copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    0
    1. lvir
       
      ComboFix 09-11-30.05 - Virginie 01/12/2009 9:28.1.4 - x86
      Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3326.2499 [GMT 1:00]
      Lancé depuis: c:\users\Virginie\Desktop\virginie.exe
      SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
      SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
      SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\$recycle.bin\S-1-5-21-1276444096-2533757876-1302208105-500
      c:\$recycle.bin\S-1-5-21-2615618031-1473878728-100546447-500
      c:\windows\system32\muzapp.exe
      c:\windows\system32\twain_32.dll

      .
      ((((((((((((((((((((((((((((( Fichiers créés du 2009-11-01 au 2009-12-01 ))))))))))))))))))))))))))))))))))))
      .

      2009-12-01 08:41 . 2009-12-01 08:41 -------- d-----w- c:\users\Default\AppData\Local\temp
      2009-12-01 08:41 . 2009-12-01 08:42 -------- d-----w- c:\users\Virginie\AppData\Local\temp
      2009-12-01 08:41 . 2009-12-01 08:41 -------- d-----w- c:\users\Manu\AppData\Local\temp
      2009-12-01 08:41 . 2009-12-01 08:41 -------- d-----w- c:\users\Manu.PC-de-Virginie\AppData\Local\temp
      2009-11-29 18:31 . 2009-11-29 18:31 117760 ----a-w- c:\users\Virginie\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
      2009-11-29 18:30 . 2009-11-29 18:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
      2009-11-29 18:30 . 2009-11-29 18:30 4096 d-----w- c:\program files\SUPERAntiSpyware
      2009-11-29 18:30 . 2009-11-29 18:30 -------- d-----w- c:\users\Virginie\AppData\Roaming\SUPERAntiSpyware.com
      2009-11-29 12:16 . 2009-11-29 13:13 8192 d-----w- C:\ToolBar SD
      2009-11-28 11:27 . 2009-12-01 07:32 4096 d-----w- c:\program files\Navilog1
      2009-11-28 00:27 . 2009-11-28 00:27 4096 d-----w- c:\program files\ZHPDiag
      2009-11-27 21:24 . 2009-11-27 21:24 -------- d-----w- c:\users\Virginie\AppData\Roaming\Malwarebytes
      2009-11-27 21:24 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2009-11-27 21:24 . 2009-11-27 21:24 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
      2009-11-27 21:24 . 2009-11-27 21:24 -------- d-----w- c:\programdata\Malwarebytes
      2009-11-27 21:24 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
      2009-11-26 19:36 . 2009-11-26 21:55 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
      2009-11-26 19:36 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
      2009-11-26 19:36 . 2009-11-26 19:36 -------- d-----w- c:\programdata\Avira
      2009-11-26 19:36 . 2009-11-26 19:36 -------- d-----w- c:\program files\Avira
      2009-11-26 18:28 . 2009-11-26 22:01 4096 d-----w- c:\programdata\Spybot - Search & Destroy
      2009-11-26 18:28 . 2009-11-26 18:34 8192 d-----w- c:\program files\Spybot - Search & Destroy
      2009-11-26 00:49 . 2009-11-26 00:49 4096 d-----w- c:\users\Virginie\R
      2009-11-25 13:12 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
      2009-11-25 12:00 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
      2009-11-25 12:00 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
      2009-11-22 15:10 . 2009-11-22 15:10 4096 d-----w- c:\program files\AviSynth 2.5
      2009-11-22 14:44 . 2009-11-22 14:44 -------- d-----w- c:\users\Virginie\AppData\Roaming\FreeVideoConverter
      2009-11-20 21:11 . 2009-11-20 21:12 4096 d-----w- c:\program files\QuickTime
      2009-11-19 19:27 . 2009-11-19 19:27 -------- d-----w- c:\users\Manu.PC-de-Virginie\AppData\Roaming\HiYo
      2009-11-12 17:47 . 2009-11-12 17:47 -------- d-----w- C:\Acrobat3
      2009-11-12 17:46 . 1997-06-13 05:46 298496 ----a-w- c:\windows\uninst.exe
      2009-11-11 12:34 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
      2009-11-11 12:34 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
      2009-11-04 05:29 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
      2009-11-04 05:29 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
      2009-11-04 05:29 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
      2009-11-04 05:29 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
      2009-11-04 05:28 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
      2009-11-04 05:28 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
      2009-11-04 05:28 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
      2009-11-04 05:28 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
      2009-11-04 05:28 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
      2009-11-03 17:49 . 2009-11-03 17:49 -------- d-----w- c:\program files\Windows Portable Devices
      2009-11-03 17:43 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
      2009-11-03 17:43 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
      2009-11-03 17:43 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
      2009-11-03 17:41 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
      2009-11-03 17:41 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
      2009-11-03 17:41 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-12-01 08:32 . 2008-01-21 08:40 669328 ----a-w- c:\windows\system32\perfh00C.dat
      2009-12-01 08:32 . 2008-01-21 08:40 123350 ----a-w- c:\windows\system32\perfc00C.dat
      2009-11-30 22:02 . 2009-04-19 16:04 -------- d-----w- c:\program files\Ubisoft
      2009-11-29 18:29 . 2009-03-06 21:17 4096 d-----w- c:\program files\Common Files\Wise Installation Wizard
      2009-11-29 13:49 . 2009-03-01 18:37 24576 d-----w- c:\users\Virginie\AppData\Roaming\uTorrent
      2009-11-27 21:15 . 2009-03-02 21:32 -------- d-----w- c:\program files\Alwil Software
      2009-11-25 17:59 . 2009-04-08 15:44 4096 d-----w- c:\program files\AVS4YOU
      2009-11-25 13:45 . 2009-04-08 15:45 4096 d-----w- c:\program files\Common Files\AVSMedia
      2009-11-20 21:11 . 2009-09-04 17:48 -------- d-----w- c:\programdata\Apple Computer
      2009-11-15 14:58 . 2009-03-13 17:26 350 ----a-w- c:\users\Virginie\AppData\Roaming\wklnhst.dat
      2009-11-13 18:19 . 2009-01-08 05:02 4096 d-----w- c:\program files\Common Files\InstallShield
      2009-11-13 18:19 . 2008-12-16 03:38 20480 d--h--w- c:\program files\InstallShield Installation Information
      2009-11-12 02:21 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
      2009-11-12 02:05 . 2008-12-16 03:21 12288 d-----w- c:\programdata\Microsoft Help
      2009-11-09 19:11 . 2009-09-12 21:15 -------- d-----w- c:\program files\Java
      2009-11-09 18:46 . 2008-12-16 03:34 8192 d-----w- c:\program files\Common Files\Adobe
      2009-11-07 16:54 . 2009-06-25 17:48 -------- d-----w- c:\program files\Micro Application
      2009-11-03 17:49 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
      2009-11-03 17:49 . 2009-11-03 17:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
      2009-11-03 17:49 . 2009-11-03 17:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
      2009-11-02 19:42 . 2009-10-02 16:56 195456 ------w- c:\windows\system32\MpSigStub.exe
      2009-10-18 22:08 . 2009-07-25 21:29 2855 ----a-w- c:\users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
      2009-10-17 01:01 . 2009-10-17 01:01 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
      2009-10-16 17:10 . 2009-03-06 22:25 -------- d-----w- c:\users\Virginie\AppData\Roaming\Games
      2009-10-13 17:07 . 2009-03-09 17:47 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
      2009-10-13 17:07 . 2009-03-09 17:47 22328 ----a-w- c:\users\Virginie\AppData\Roaming\PnkBstrK.sys
      2009-10-13 17:07 . 2009-03-09 17:47 22328 ----a-w- c:\users\Virginie\AppData\Roaming\PnkBstrK.sys
      2009-10-13 17:07 . 2009-03-09 17:47 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
      2009-10-13 17:07 . 2009-03-09 17:47 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
      2009-10-13 16:41 . 2009-03-31 19:08 -------- d-----w- c:\program files\Activision
      2009-10-11 03:17 . 2009-09-12 21:15 411368 ----a-w- c:\windows\system32\deploytk.dll
      2009-10-07 22:59 . 2009-10-07 22:48 4096 d-----w- c:\users\Manu.PC-de-Virginie\AppData\Roaming\dp3d
      2009-10-06 22:05 . 2009-10-06 22:00 4096 d-----w- c:\users\Virginie\AppData\Roaming\dp3d
      2009-10-06 21:55 . 2009-10-06 21:55 -------- d-----w- c:\program files\TopWare
      2009-10-04 09:01 . 2009-10-04 09:01 4096 d-----w- c:\program files\Microsoft Office Outlook Connector
      2009-10-04 09:01 . 2009-03-01 11:22 4096 d-----w- c:\program files\Windows Live
      2009-10-04 08:59 . 2009-10-04 08:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
      2009-10-04 08:58 . 2009-03-01 11:07 -------- d-----w- c:\program files\Microsoft
      2009-10-01 01:02 . 2009-11-03 17:42 2537472 ----a-w- c:\windows\system32\wpdshext.dll
      2009-10-01 01:02 . 2009-11-03 17:42 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
      2009-10-01 01:02 . 2009-11-03 17:42 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
      2009-10-01 01:02 . 2009-11-03 17:42 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
      2009-10-01 01:02 . 2009-11-03 17:42 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
      2009-10-01 01:01 . 2009-11-03 17:42 546816 ----a-w- c:\windows\system32\wpd_ci.dll
      2009-10-01 01:01 . 2009-11-03 17:42 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
      2009-10-01 01:01 . 2009-11-03 17:42 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
      2009-10-01 01:01 . 2009-11-03 17:42 350208 ----a-w- c:\windows\system32\WPDSp.dll
      2009-10-01 01:01 . 2009-11-03 17:42 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
      2009-10-01 01:01 . 2009-11-03 17:42 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
      2009-10-01 01:01 . 2009-11-03 17:42 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
      2009-10-01 01:01 . 2009-11-03 17:42 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
      2009-10-01 01:01 . 2009-11-03 17:42 226816 ----a-w- c:\windows\system32\WpdMtp.dll
      2009-10-01 01:01 . 2009-11-03 17:42 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
      2009-10-01 01:01 . 2009-11-03 17:42 33280 ----a-w- c:\windows\system32\WpdConns.dll
      2009-09-25 02:10 . 2009-11-03 17:42 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
      2009-09-25 02:07 . 2009-11-03 17:42 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
      2009-09-25 02:04 . 2009-11-03 17:42 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
      2009-09-25 01:49 . 2009-11-03 17:42 1554432 ----a-w- c:\windows\system32\xpsservices.dll
      2009-09-25 01:48 . 2009-11-03 17:42 351232 ----a-w- c:\windows\system32\XpsPrint.dll
      2009-09-25 01:38 . 2009-11-03 17:42 847360 ----a-w- c:\windows\system32\OpcServices.dll
      2009-09-25 01:36 . 2009-11-03 17:42 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
      2009-09-25 01:35 . 2009-11-03 17:42 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
      2009-09-25 01:33 . 2009-11-03 17:42 195584 ----a-w- c:\windows\system32\dxdiagn.dll
      2009-09-25 01:33 . 2009-11-03 17:42 829440 ----a-w- c:\windows\system32\d3d10warp.dll
      2009-09-25 01:33 . 2009-11-03 17:42 369664 ----a-w- c:\windows\system32\WMPhoto.dll
      2009-09-25 01:32 . 2009-11-03 17:42 252928 ----a-w- c:\windows\system32\dxdiag.exe
      2009-09-25 01:31 . 2009-11-03 17:42 519680 ----a-w- c:\windows\system32\d3d11.dll
      2009-09-25 01:31 . 2009-11-03 17:42 486912 ----a-w- c:\windows\system32\d3d10level9.dll
      2009-09-25 01:31 . 2009-11-03 17:42 161280 ----a-w- c:\windows\system32\d3d10_1.dll
      2009-09-25 01:31 . 2009-11-03 17:42 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
      2009-09-25 01:31 . 2009-11-03 17:42 1030144 ----a-w- c:\windows\system32\d3d10.dll
      2009-09-25 01:31 . 2009-11-03 17:42 828928 ----a-w- c:\windows\system32\d2d1.dll
      2009-09-25 01:30 . 2009-11-03 17:42 481792 ----a-w- c:\windows\system32\dxgi.dll
      2009-09-25 01:30 . 2009-11-03 17:42 190464 ----a-w- c:\windows\system32\d3d10core.dll
      2009-09-25 01:27 . 2009-11-03 17:42 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
      2009-09-25 01:27 . 2009-11-03 17:42 37888 ----a-w- c:\windows\system32\cdd.dll
      2009-09-25 01:27 . 2009-11-03 17:42 793088 ----a-w- c:\windows\system32\FntCache.dll
      2009-09-25 01:27 . 2009-11-03 17:42 1064448 ----a-w- c:\windows\system32\DWrite.dll
      2009-09-24 22:54 . 2009-11-03 17:42 258048 ----a-w- c:\windows\system32\winspool.drv
      2009-09-24 22:54 . 2009-11-03 17:42 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
      2009-09-24 22:54 . 2009-11-03 17:42 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
      2009-09-14 09:29 . 2009-10-15 03:13 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
      2009-09-10 16:48 . 2009-10-15 03:14 218624 ----a-w- c:\windows\system32\msv1_0.dll
      2009-09-10 14:59 . 2009-10-28 06:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
      2009-09-10 14:58 . 2009-10-28 06:59 310784 ----a-w- c:\windows\system32\unregmp2.exe
      2009-09-09 12:03 . 2009-09-09 12:03 680 ----a-w- c:\users\Virginie\AppData\Local\d3d9caps.dat
      2009-09-09 11:58 . 2009-03-04 17:47 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
      2009-09-04 11:41 . 2009-10-15 03:13 60928 ----a-w- c:\windows\system32\msasn1.dll
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
      2009-04-08 16:34 102912 ----a-w- c:\program files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6E9BAAF-53CD-4575-967B-2AF710A7D21F}]
      2009-02-23 13:12 117248 ----a-w- c:\program files\Iminent\IMBooster\Iminent.LinkToContent.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020" [X]
      "SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
      "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
      "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
      "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
      "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-08-29 160592]
      "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
      "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
      "SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13584928]
      "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-08 24064]
      "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
      "IMBooster"="c:\program files\Iminent\IMBooster\imbooster.exe" [2009-04-08 365568]
      "Iminent.Notifier"="c:\program files\Iminent\SearchTheWeb\Iminent.Notifier.exe" [2009-04-09 496640]
      "SMSTray"="c:\program files\Samsung\EmoDio\SMSTray.exe" [2009-03-21 484888]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
      "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
      "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
      "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
      "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-03-26 5369856]
      "Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableUIADesktopToggle"= 0 (0x0)
      "HideFastUserSwitching"= 0 (0x0)

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
      2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
      @="Service"

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
      "VistaSp2"=hex(b):bb,e5,43,4a,1b,28,ca,01

      R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 08:43 9968]
      R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 08:43 74480]
      R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [26/11/2009 20:36 108289]
      R2 ETService;Empowering Technology Service;c:\program files\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe [08/01/2009 06:08 24576]
      R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:23 21504]
      R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [26/11/2009 19:28 1153368]
      S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [04/03/2009 18:47 721904]
      S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
      S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 03:23 21504]
      S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [08/01/2009 06:06 24064]
      S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 08:43 7408]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      ezSharedSvc
      .
      Contenu du dossier 'Tâches planifiées'

      2009-12-01 c:\windows\Tasks\User_Feed_Synchronization-{2B7BCE5A-CA64-4F9F-91F7-64E1C98DA99C}.job
      - c:\windows\system32\msfeedssync.exe [2009-10-15 03:41]
      .
      .
      ------- Examen supplémentaire -------
      .
      uStart Page = hxxp://www.google.fr/
      mWindow Title =
      uInternet Settings,ProxyOverride = *.local
      IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
      IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
      IE: Enregistrer le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
      IE: Personnaliser le menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
      IE: Remplir le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      HKLM-Run-eRecoveryService - (no file)
      AddRemove-Google Desktop - c:\progra~1\Google\Google Desktop Search\RunCmd.exe Uninstall.cmd
      AddRemove-IMBooster - c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\IMBoosterSetup.exe REMOVE=TRUE MODIFY=FALSE
      AddRemove-NVIDIA Drivers - c:\windows\system32\nvuninst.exe UninstallGUI
      AddRemove-Works9SE - c:\program files\Microsoft Office\RunCmd.exe Works_Uninstall.cmd
      AddRemove-Xvid_is1 - i:\xvid\unins000.exe



      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-12-01 09:42
      Windows 6.0.6002 Service Pack 2 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
      "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
      .
      --------------------- CLES DE REGISTRE BLOQUEES ---------------------

      [HKEY_USERS\S-1-5-21-1276444096-2533757876-1302208105-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
      @Allowed: (Read) (RestrictedCode)
      "??"=hex:dd,23,c3,ab,8d,b2,75,d9,37,8e,32,24,b8,a0,6f,0d,17,37,9d,0d,44,c8,4d,
      cf,d3,96,80,39,f4,29,9d,13,30,37,11,06,0b,3b,6d,e1,f6,55,15,26,84,90,d7,3c,\
      "??"=hex:4a,f1,1b,2b,7f,67,b6,a3,7e,79,92,18,40,0b,92,33

      [HKEY_USERS\S-1-5-21-1276444096-2533757876-1302208105-1000\Software\SecuROM\License information*]
      "datasecu"=hex:d8,bf,ff,0e,4f,53,eb,8f,89,c1,9e,9b,92,01,34,da,be,45,57,7f,39,
      4f,83,46,63,04,9e,cd,80,09,94,9e,f1,3f,0b,ec,f4,8c,78,56,21,75,55,05,5c,0f,\
      "rkeysecu"=hex:a0,66,61,3c,3b,be,22,dc,ee,29,94,b0,36,43,b2,54
      .
      Heure de fin: 2009-12-01 09:44
      ComboFix-quarantined-files.txt 2009-12-01 08:44

      Avant-CF: 695 419 174 912 octets libres
      Après-CF: 705 626 521 600 octets libres

      - - End Of File - - FA544F09EC4538365A11B1BD67D13A19
      0
  12. Utilisateur anonyme
     
    Supprime manuellement ceci :

    c:\program files\Iminent\IMBooster\Iminent.LinkToContent.dll

    ======================================

    Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

    ! Déconnecte toi et FERME TOUTES TES APPLICATIONS EN COURS !

    Double-clique sur " RSIT.exe " pour le lancer .

    ▶ Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

    ▶ Devant l'option "List files/folders created ..." , tu choisis : 2 months

    ▶ clique ensuite sur " Continue " pour lancer l'analyse ...

    ▶ laisse faire le scan et ne touche pas au PC ...

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

    Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

    Important : poste un rapport, puis l'autre dans la réponse suivante
    Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum

    ( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
    0
    1. lvir
       
      euhh j'ai une fenetre qui s'ouvre: fichier ouvert avertissement de sécurité, voulez vous exécuter ce fichier?
      nom:...Users\Virginie\Documents\Logiciels\Virginie.exe
      editeur: Trend Micro, Inc.
      Type : application
      De: C:\users\virginie\documents\logiciels\virginie.e...
      exécuter ou annuler

      que dois je faire?
      0
    2. lvir
       
      que dois je faire avec ma fenetre? executer ou annuler?
      0
  13. gen-hackman
     
    oui c est moi qui l'ai piqué a Pimprenelle ^^
    0
  14. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    je savais bien que c'était toi gen hackman mais c'est pas grave je savais d'où il venait.
    0
  15. Utilisateur anonyme
     
    Bonjour,

    Désactive l'UAC :

    Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

    ▶- Vas dans "Démarrer" puis Panneau de configuration.

    ▶- Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.

    ▶- Clique sur Continuer.

    ▶- Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.

    ▶- Valide par OK et redémarre.

    Tuto

    Et ressaie la manipulation.
    0
    1. lvir
       
      j'ai suivi la procédure, le scan commence à se lancer mais quelques secondes après la même fenetre s'ouvre en me demandant exécuter ou annuler... et si je supprimais l'application qui essai de se mettre en route (je crois que c'est hijackthis mais qui a été renommé virginie)....
      0
  16. Utilisateur anonyme
     
    Supprime Hijackthis et ressaie la manip.
    0
    1. lvir
       
      voici le rapport log

      Logfile of random's system information tool 1.06 (written by random/random)
      Run by Virginie at 2009-12-03 15:20:28
      Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
      System drive C: has 669 GB (71%) free of 939 GB
      Total RAM: 3326 MB (69% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 10:01:22, on 29/11/2009
      Platform: Windows Vista SP2 (WinNT 6.00.1906)
      MSIE: Internet Explorer v8.00 (8.00.6001.18828)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Program Files\Iminent\IMBooster\IMBooster.exe
      C:\Program Files\Samsung\EmoDio\SMSTray.exe
      C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
      C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
      C:\Program Files\DAEMON Tools Lite\daemon.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Windows\System32\mobsync.exe
      C:\Program Files\Windows Live\Contacts\wlcomm.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Users\Virginie\Documents\Logitiels\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/...
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/...
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp32&d=0109&m=imedia_a4730_fr
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
      O1 - Hosts: ::1 localhost
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
      O2 - BHO: CHelperBHO - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Program Files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Iminent.LinkToContent - {A6E9BAAF-53CD-4575-967B-2AF710A7D21F} - C:\Program Files\Iminent\IMBooster\Iminent.LinkToContent.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
      O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
      O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe /warmup
      O4 - HKLM\..\Run: [Iminent.Notifier] C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe
      O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\EmoDio\SMSTray.exe
      O4 - HKLM\..\Run: [Skytel] Skytel.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
      O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
      O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
      O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
      O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
      O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
      O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
      O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
      O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
      O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
      O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
      O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O13 - Gopher Prefix:
      O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
      O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
      O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
      O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
      O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
      O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
      O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
      O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
      O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
      0
    2. lvir
       
      je crois que le rapport info est trop long, il ne s'affiche pas quand je le poste. je vais le couper en 2 et le mettre dans 2 réponses
      0
    3. lvir
       
      info.txt logfile of random's system information tool 1.06 2009-12-03 16:06:52

      ======Uninstall list======

      -->"C:\Program Files\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x040c -removeonly
      -->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
      -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
      -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
      -->C:\Windows\UNNeroShowTime.exe /UNINSTALL
      -->C:\Windows\UNNeroVision.exe /UNINSTALL
      -->C:\Windows\UNRecode.exe /UNINSTALL
      -->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
      -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x40c
      -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x40c /remove
      -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F90CBE30-7269-465D-AB66-0DCF33CE3618}\setup.exe" -l0x40c
      32nd America's Cup 0.2.0.0-->"C:\Users\Virginie\JEUX\Jeux installés\32nd America's Cup\unins000.exe"
      AC-3 ACM Codec-->C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\Windows\INF\AC3ACM.inf
      Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
      Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
      Adobe Acrobat Reader 3.01-->C:\Windows\uninst.exe -fC:\Acrobat3\Reader\DeIsL1.isu
      Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
      Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
      Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
      Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
      Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
      Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
      Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
      Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
      Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
      Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
      Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
      Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
      Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
      Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
      Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
      Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
      Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
      Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
      Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
      Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
      Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
      Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe
      Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}
      Adobe Photoshop Elements 6.0-->msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
      Adobe Reader 9.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001}
      Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}
      Adobe Shockwave Player-->C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
      Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
      Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
      Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
      Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
      Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
      Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
      AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
      AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
      ALUpdate-->"C:\Program Files\ESTsoft\ALUpdate\unins000.exe"
      ALZip-->"C:\Program Files\ESTsoft\ALZip\unins000.exe"
      Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
      Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
      Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
      Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x040c -removeonly
      Assistant de connexion Windows Live ID-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
      Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
      AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
      AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManger\unins000.exe"
      AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
      Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
      Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c
      Call of Juarez - Bound in Blood-->C:\Program Files\InstallShield Installation Information\{FEFAF112-4DA8-479C-89E2-7DE25091711A}\Setup.exe -runfromtemp -l0x040c
      CCE SP Trial Version-->C:\PROGRA~1\CUSTOM~1\CCESPT~1\uinst.exe
      CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
      Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x40c /remove
      Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove
      Dream Pinball 3D-->C:\PROGRA~1\TopWare\DREAMP~1\Unwise.exe /U C:\PROGRA~1\TopWare\DREAMP~1\install.log
      DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
      EasyBits Magic Desktop-->C:\Windows\system32\ezMDUninstall.exe
      EAX4 Unified Redist-->MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
      EmoDio-->"C:\Program Files\InstallShield Installation Information\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\setup.exe" -runfromtemp -l0x040c -removeonly
      EmoDio-->MsiExec.exe /X{C20CE592-B0F8-4D20-BF31-0151CA6331A6}
      eMule-->"C:\Program Files\eMule\Uninstall.exe"
      Far Cry 2-->"C:\Program Files\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x040c -removeonly
      Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
      HDReg France-->MsiExec.exe /I{0ED40D2A-7131-4FE7-941E-5C329336F712}
      HijackThis 2.0.2-->"C:\Users\Virginie\Documents\Logitiels\HijackThis.exe" /uninstall
      Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
      Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
      IMBooster-->C:\ProgramData\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\IMBoosterSetup.exe
      Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
      Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
      Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
      Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
      Lame ACM MP3 Codec-->C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\Windows\INF\LameACM.inf
      Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
      MetaBoli-->"C:\Program Files\InstallShield Installation Information\{709817E4-5439-4206-8738-796B34B623BD}\setup.exe" -runfromtemp -l0x040c -removeonly
      Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
      Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
      Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
      Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
      Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
      Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
      Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
      Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
      Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
      Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
      Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
      Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
      Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
      Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
      Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
      Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
      Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
      Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-040C-0000-0000000FF1CE}
      Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
      Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
      Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
      Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
      Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
      Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
      Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
      Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
      Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
      Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
      Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
      Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
      0
  17. gen-hackman
     
    salut AD-Remover ferait du bon trazvail je pense
    0
  18. Utilisateur anonyme
     
    ▶ Télécharge Ad-remover ( de C_XX ) sur ton bureau :

    ▶ Déconnecte toi et ferme toutes applications en cours !

    ▶ Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

    ▶ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

    ▶ Au menu principal choisis l'option "L" et tape sur [entrée] .

    ▶ Laisse travailler l'outil et ne touche à rien ...

    ▶ Poste le rapport qui apparait à la fin , sur le forum ...

    ( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

    ▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    0
    1. lvir
       
      .
      ======= RAPPORT D'AD-REMOVER 1.1.4.6_D | UNIQUEMENT XP/VISTA/7 =======
      .
      Mit à jour par C_XX le 02.12.2009 à 18:59
      Contact: AdRemover.contact@gmail.com
      Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
      .
      Lancé à: 20:02:04, 03/12/2009 | Mode Normal | Option: CLEAN
      Exécuté de: C:\Program Files\Ad-Remover\
      Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 2 v6.0.6002
      Nom du PC: PC-DE-VIRGINIE | Utilisateur actuel: Virginie
      .
      ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
      .
      C:\ProgramData\Iminent
      C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\IMBooster
      C:\Windows\Installer\{E1B94435-241E-4519-B1C3-C4DD9EB352A2}
      C:\Users\Virginie\AppData\LocalLow\Search Settings
      C:\Program Files\Iminent ... [b]ERREUR SUPPRESSION !![/b]
      C:\Program Files\Mozilla FireFox\searchplugins\SearchTheWeb.xml
      C:\Windows\Installer\10abbb35.msi
      C:\Windows\Installer\bfd64f4.msi
      C:\Users\Virginie\AppData\Roaming\MICROS~1\Windows\Cookies\virginie@iminent[1].txt
      C:\Users\Virginie\AppData\Roaming\MICROS~1\Windows\Cookies\virginie@iminent[2].txt
      C:\Users\Virginie\AppData\Roaming\MICROS~1\Windows\Cookies\virginie@openxweb.iminent[1].txt
      C:\Users\Virginie\AppData\Roaming\MICROS~1\Windows\Cookies\virginie@openxweb.iminent[2].txt

      (!) -- Fichiers temporaires supprimés.

      .
      HKCU\software\Iminent
      HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
      HKLM\Software\Classes\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
      HKLM\Software\Classes\CLSID\{A6E9BAAF-53CD-4575-967B-2AF710A7D21F}
      HKLM\software\classes\IminentBHONavigationError.CHelperBHO.1
      HKLM\software\classes\IminentLinkToContent.LinkToContent
      HKLM\software\classes\IminentLinkToContent.LinkToContent.1
      HKLM\software\classes\installer\Products\53449B1EE14291541B3C4CDDE93B252A
      HKLM\Software\Classes\Interface\{12FB9C3D-0875-4CAA-B3B1-9DCCCE749DE5}
      HKLM\Software\Classes\TypeLib\{587D1093-12E0-4B0E-9426-AF9DC5ABB77D}
      HKLM\Software\Classes\TypeLib\{77860007-19AE-4C29-B26D-AEA48F3A05C5}
      HKLM\software\iAvatars.com
      HKLM\software\Iminent
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6E9BAAF-53CD-4575-967B-2AF710A7D21F}
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\53449B1EE14291541B3C4CDDE93B252A
      HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\IMBooster
      HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Iminent.Notifier
      HKLM\software\microsoft\windows\currentversion\uninstall\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}
      HKLM\software\microsoft\windows\currentversion\uninstall\{E1B94435-241E-4519-B1C3-C4DD9EB352A2}
      .
      ============== Scan additionnel ==============
      .
      .
      * Internet Explorer Version 8.0.6001.18828 *
      .
      [HKEY_CURRENT_USER\..\Internet Explorer\Main]
      .
      Start Page: hxxp://fr.msn.com/
      Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
      .
      [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
      .
      Start Page: hxxp://fr.msn.com/
      Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Search bar: hxxp://search.msn.com/spbasic.htm
      .
      [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
      .
      Tabs: res://ieframe.dll/tabswelcome.htm
      .
      ============== Suspect (Cracks, Serials, ...) ==============
      .
      C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\TMPGEnc Plus v2.512.52.161 Win9xNT (Includes Keygen) + TMPG DVD Author 1.5 (Includes Keygen And Update).rar
      C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\AVS Vid‚o Converter 6\Crack\AVSVideoConverter.exe
      C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\cinema.craft.encoder.sp.v2.67.00.27.&.cce.patcher.v0.5.7\CCE 2.67.00.27\ccspt267.exe
      C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\cinema.craft.encoder.sp.v2.67.00.27.&.cce.patcher.v0.5.7\CCE Patcher 0.5.7\CCE_Patcher.exe
      C:\Users\Virginie\Favorites\crack\ GameBurnWorld.url
      C:\Users\Virginie\Favorites\crack\Astalavista.MS .url
      C:\Users\Virginie\Favorites\crack\Crack.MS.url
      C:\Users\Virginie\Favorites\crack\GameCopyWorld.url
      C:\Users\Virginie\Favorites\crack\KEYGEN.MS - Generates cracks serials keygens.url
      C:\Users\Virginie\Favorites\crack\Patch-Fr.com.url
      C:\Users\Virginie\Favorites\crack\SeriaLCrackZ.com.url
      C:\Users\Virginie\Favorites\Jeu en Fran‡ais\Patch-Fr.com  Liste des patchs francais disponible.url
      C:\Users\Virginie\Favorites\Jeu en Fran‡ais\Patch-Fr.com.url
      C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\call of duty 4\crack\iw3sp.exe
      C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\dream pinball 3D\DREAM PINBALL 3D\crack (fixed)\dp3d.exe
      C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\dream pinball 3D\DREAM PINBALL 3D\patch + no cd pour vista\Dream pinball 1.02(Vista+DualCore patch) + NoCD\DP3D_V-DC_Patch.exe
      C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\dream pinball 3D\DREAM PINBALL 3D\patch + no cd pour vista\Dream pinball 1.02(Vista+DualCore patch) + NoCD\Crack\dp3d.exe
      C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\dream pinball 3D\patch vista\blAde-DP3DVaDCUcrk.rar
      C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\Far Cry 2 with no CD or activation required crack\FarCry2.exe
      .
      ===================================
      .
      5663 Octet(s) - C:\Ad-Report-CLEAN[1].log
      .
      1 Fichier(s) - C:\Users\Virginie\AppData\Local\Temp
      0 Fichier(s) - C:\Windows\Temp
      .
      18 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
      1459 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
      .
      Fin à: 20:19:26 | 03/12/2009 - CLEAN[1]
      .
      ============== E.O.F ==============
      .
      0
  19. Utilisateur anonyme
     
    Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent

    ▶ Télécharge List&Kill'em et enregistre le sur ton bureau

    ▶ dezippe-le , (clic droit/ extraire.....)

    Il ne necessite pas d'installation

    ▶double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

    choisis la langue puis choisis l'option 1 = Mode Recherche

    ▶laisse travailler l'outil

    ▶Poste le contenu du rapport qui s'ouvre

    0
    1. lvir
       
      List'em by g3n-h@ckm@n 1.1.2.0

      Thx to Chiquitine29.....

      User : Virginie (Administrateurs) # PC-DE-VIRGINIE
      Update on 04/12/2009 by g3n-h@ckm@n ::::: 11:30
      Start at: 14:32:28 | 04/12/2009
      Contact : g3n-h@ckm@n sur CCM

      AMD Phenom(tm) 9100e Quad-Core Processor
      Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
      Internet Explorer 8.0.6001.18828
      Windows Firewall Status : Disabled

      C:\ -> Disque fixe local | 916,86 Go (651,46 Go free) [OS] | NTFS
      D:\ -> Disque CD-ROM
      E:\ -> Disque amovible
      F:\ -> Disque amovible
      G:\ -> Disque amovible
      H:\ -> Disque amovible
      I:\ -> Disque CD-ROM
      L:\ -> Disque fixe local | 111,79 Go (37,7 Go free) [VIRGINIE & MANU FREECOM HDD] | NTFS

      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

      C:\Windows\System32\smss.exe 448
      C:\Windows\system32\csrss.exe 520
      C:\Windows\system32\wininit.exe 568
      C:\Windows\system32\csrss.exe 580
      C:\Windows\system32\services.exe 616
      C:\Windows\system32\lsass.exe 628
      C:\Windows\system32\lsm.exe 640
      C:\Windows\system32\svchost.exe 792
      C:\Windows\system32\winlogon.exe 824
      C:\Windows\system32\nvvsvc.exe 912
      C:\Windows\system32\svchost.exe 940
      C:\Windows\System32\svchost.exe 988
      C:\Windows\system32\Ati2evxx.exe 1064
      C:\Windows\System32\svchost.exe 1084
      C:\Windows\System32\svchost.exe 1120
      C:\Windows\system32\svchost.exe 1148
      C:\Windows\system32\svchost.exe 1284
      C:\Windows\system32\SLsvc.exe 1304
      C:\Windows\system32\svchost.exe 1368
      C:\Windows\system32\svchost.exe 1484
      C:\Windows\system32\rundll32.exe 1552
      C:\Windows\system32\Ati2evxx.exe 1676
      C:\Windows\System32\spoolsv.exe 1764
      C:\Program Files\Avira\AntiVir Desktop\sched.exe 1836
      C:\Windows\system32\svchost.exe 1856
      C:\Windows\system32\Dwm.exe 1928
      C:\Windows\system32\taskeng.exe 1808
      C:\Windows\Explorer.EXE 776
      C:\Program Files\Windows Defender\MSASCui.exe 2104
      C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe 2116
      C:\Windows\RtHDVCpl.exe 2156
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 2180
      C:\Program Files\Samsung\EmoDio\SMSTray.exe 2268
      C:\Program Files\Java\jre6\bin\jusched.exe 2320
      C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 2412
      C:\Windows\ehome\ehtray.exe 2468
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe 2492
      C:\Windows\ehome\ehmsas.exe 2536
      C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe 2548
      C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe 2564
      C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe 2580
      C:\Program Files\DAEMON Tools Lite\daemon.exe 2596
      C:\Windows\system32\taskeng.exe 2752
      C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe 2964
      C:\Program Files\Avira\AntiVir Desktop\avguard.exe 3044
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 3056
      C:\Program Files\Bonjour\mDNSResponder.exe 3116
      C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe 3140
      C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 3280
      C:\Windows\system32\IoctlSvc.exe 3376
      C:\Windows\system32\PnkBstrA.exe 3388
      C:\Windows\system32\PnkBstrB.exe 3412
      C:\Windows\system32\svchost.exe 3432
      C:\Windows\system32\svchost.exe 3476
      C:\Windows\System32\svchost.exe 3556
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 3616
      C:\Windows\system32\SearchIndexer.exe 3668
      C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe 3768
      C:\Windows\system32\WUDFHost.exe 2424
      C:\Program Files\Windows Live\Contacts\wlcomm.exe 2648
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe 2136
      C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe 2164
      C:\Program Files\Internet Explorer\iexplore.exe 2228
      C:\Program Files\Internet Explorer\iexplore.exe 1644
      C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe 5296
      C:\Windows\system32\SearchProtocolHost.exe 5824
      C:\Windows\system32\SearchFilterHost.exe 2668
      C:\Users\Virginie\Desktop\List_Killem\List_Kill'em.exe 5788
      C:\Windows\system32\conime.exe 4808
      C:\Windows\system32\cmd.exe 4316
      C:\Windows\system32\wbem\wmiprvse.exe 3784
      C:\Users\Virginie\AppData\Local\temp\1D32.tmp\pv.exe 6012

      ======================
      Keys "Run"
      ======================

      ! REG.EXE VERSION 3.0

      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
      SmpcSys REG_SZ C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
      ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
      msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
      Creative Detector REG_SZ "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
      RoboForm REG_SZ "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
      DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
      SUPERAntiSpyware REG_SZ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater

      ! REG.EXE VERSION 3.0

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
      Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      SmpcSys REG_SZ C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
      NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      RtHDVCpl REG_SZ RtHDVCpl.exe
      Google Desktop Search REG_SZ "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      NBKeyScan REG_SZ "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      SMSTray REG_SZ C:\Program Files\Samsung\EmoDio\SMSTray.exe
      Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      Adobe ARM REG_SZ "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
      QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
      =====================
      Other Keys
      =====================

      ! REG.EXE VERSION 3.0

      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
      ConsentPromptBehaviorAdmin REG_DWORD 0x2
      ConsentPromptBehaviorUser REG_DWORD 0x1
      EnableInstallerDetection REG_DWORD 0x1
      EnableLUA REG_DWORD 0x1
      EnableSecureUIAPaths REG_DWORD 0x1
      EnableVirtualization REG_DWORD 0x1
      PromptOnSecureDesktop REG_DWORD 0x1
      ValidateAdminCodeSignatures REG_DWORD 0x0
      dontdisplaylastusername REG_DWORD 0x0
      legalnoticecaption REG_SZ
      legalnoticetext REG_SZ
      scforceoption REG_DWORD 0x0
      shutdownwithoutlogon REG_DWORD 0x1
      undockwithoutlogon REG_DWORD 0x1
      FilterAdministratorToken REG_DWORD 0x0
      EnableUIADesktopToggle REG_DWORD 0x0
      HideFastUserSwitching REG_DWORD 0x0
      DisableRegistryTools REG_DWORD 0x0

      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI
      ===============
      AppInit_Dlls : C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

      ===============
      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon
      ===============
      BHO :
      ======
      Windows Registry Editor Version 5.00

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
      @="AcroIEHelperStub"
      "NoExplorer"=dword:00000001

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
      @=""

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
      @="RoboForm"

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
      "NoExplorer"=dword:00000001

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
      "NoExplorer"=dword:00000001

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]


      ================
      Internet Explorer :
      ================

      ! REG.EXE VERSION 3.0

      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
      Start Page REG_SZ https://www.msn.com/fr-fr


      ! REG.EXE VERSION 3.0

      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
      Start Page REG_SZ https://www.google.fr/?gws_rd=ssl


      ========
      Services
      ========
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

      Ndisuio : 0x3
      EapHost : 0x3
      Wlansvc : 0x3
      SharedAccess : 0x2
      windefend : 0x2
      wuauserv : 0x2
      =========

      =========================
      Environnement variables :
      =========================

      ALLUSERSPROFILE=C:\ProgramData
      APPDATA=C:\Users\Virginie\AppData\Roaming
      choix=1
      CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
      CommonProgramFiles=C:\Program Files\Common Files
      COMPUTERNAME=PC-DE-VIRGINIE
      ComSpec=C:\Windows\system32\cmd.exe
      DFSTRACINGON=FALSE
      FP_NO_HOST_CHECK=NO
      HOMEDRIVE=C:
      HOMEPATH=\Users\Virginie
      LOCALAPPDATA=C:\Users\Virginie\AppData\Local
      LOGONSERVER=\\PC-DE-VIRGINIE
      NUMBER_OF_PROCESSORS=4
      OS=Windows_NT
      Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem;C:\Program Files\ESTsoft\ALZip;C:\Windows\Microsoft.NET\Framework\v2.0.50727;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files\ESTsoft\ALZip
      PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
      PROCESSOR_ARCHITECTURE=x86
      PROCESSOR_IDENTIFIER=x86 Family 16 Model 2 Stepping 2, AuthenticAMD
      PROCESSOR_LEVEL=16
      PROCESSOR_REVISION=0202
      ProgramData=C:\ProgramData
      ProgramFiles=C:\Program Files
      PROMPT=$P$G
      PUBLIC=C:\Users\Public
      QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
      SystemDrive=C:
      SystemRoot=C:\Windows
      TEMP=C:\Users\Virginie\AppData\Local\Temp
      TMP=C:\Users\Virginie\AppData\Local\Temp
      TRACE_FORMAT_SEARCH_PATH=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
      USERDOMAIN=PC-de-Virginie
      USERNAME=Virginie
      USERPROFILE=C:\Users\Virginie
      windir=C:\Windows


      ¤¤¤¤¤¤¤¤¤¤ Files/folders :

      C:\Windows\mbr.exe
      C:\Windows\system32\MSINET.oca

      ¤¤¤¤¤¤¤¤¤¤ Keys :

      "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}"
      HKCR\.torrent
      HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}

      =========
      Rootkits
      =========

      catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-12-04 14:34:23
      Windows 6.0.6002 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden services & system hive ...

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
      "s1"=dword:2df9c43f
      "s2"=dword:110480d0
      "h0"=dword:00000002

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
      "p0"="C:\Program Files\DAEMON Tools Lite\"
      "h0"=dword:00000001
      "hdf12"=hex:4e,fb,57,f6,58,0a,17,8a,18,0d,89,0d,21,c3,b1,3b,90,88,ec,cd,04,..

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
      "a0"=hex:20,01,00,00,35,a0,93,88,44,13,83,77,b5,a9,e7,06,13,f5,88,15,cb,..
      "hdf12"=hex:8e,64,29,63,50,4e,75,3f,a1,8b,43,9d,25,74,fe,94,5e,c0,d8,11,7a,..

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
      "hdf12"=hex:65,5d,e9,5a,99,e7,5d,16,f4,f0,b8,ae,6c,f5,28,4e,37,65,f9,41,c6,..

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
      "h0"=dword:00000000
      "khjeh"=hex:a6,00,e8,9d,6f,b3,f0,2f,31,6c,27,57,94,b2,79,79,f4,7b,2e,03,e1,..

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
      "khjeh"=hex:5f,15,5a,d8,fe,ea,43,14,4d,1e,cd,b4,38,31,29,4a,60,c3,e9,45,ca,..

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
      "khjeh"=hex:df,4c,d8,cb,3c,4a,89,c7,15,4a,7f,69,8f,e3,fc,d6,83,2f,ce,81,2a,..

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
      "khjeh"=hex:2c,aa,4a,cd,47,2d,b2,02,7a,79,c5,72,02,d5,30,17,ae,c3,6e,64,93,..
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
      "p0"="C:\Program Files\DAEMON Tools Lite\"
      "h0"=dword:00000001
      "hdf12"=hex:4e,fb,57,f6,58,0a,17,8a,18,0d,89,0d,21,c3,b1,3b,90,88,ec,cd,04,..

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
      "a0"=hex:20,01,00,00,35,a0,93,88,44,13,83,77,b5,a9,e7,06,13,f5,88,15,cb,..
      "hdf12"=hex:8e,64,29,63,50,4e,75,3f,a1,8b,43,9d,25,74,fe,94,5e,c0,d8,11,7a,..

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
      "hdf12"=hex:65,5d,e9,5a,99,e7,5d,16,f4,f0,b8,ae,6c,f5,28,4e,37,65,f9,41,c6,..
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
      "h0"=dword:00000000
      "khjeh"=hex:a6,00,e8,9d,6f,b3,f0,2f,31,6c,27,57,94,b2,79,79,f4,7b,2e,03,e1,..

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
      "khjeh"=hex:5f,15,5a,d8,fe,ea,43,14,4d,1e,cd,b4,38,31,29,4a,60,c3,e9,45,ca,..

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
      "khjeh"=hex:df,4c,d8,cb,3c,4a,89,c7,15,4a,7f,69,8f,e3,fc,d6,83,2f,ce,81,2a,..

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
      "khjeh"=hex:2c,aa,4a,cd,47,2d,b2,02,7a,79,c5,72,02,d5,30,17,ae,c3,6e,64,93,..

      scanning hidden registry entries ...

      scanning hidden files ...

      scan completed successfully
      hidden processes: 0
      hidden services: 0
      hidden files: 0


      ¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :

      AD-R.EXE-B1450944.pf
      AgAppLaunch.db
      AgCx_S1_S-1-5-21-1276444096-2533757876-1302208105-1000.snp.db
      AgCx_S2_S-1-5-21-1276444096-2533757876-1302208105-1002.snp.db
      AgCx_SC1.db
      AgCx_SC1.db.trx
      AgCx_SC2.db
      AgCx_SC3_241B6390.db
      AgCx_SC3_4C4CBFCC.db
      AgGlFaultHistory.db
      AgGlFgAppHistory.db
      AgGlGlobalHistory.db
      AgGlUAD_P_S-1-5-21-1276444096-2533757876-1302208105-1000.db
      AgGlUAD_P_S-1-5-21-1276444096-2533757876-1302208105-1002.db
      AgGlUAD_S-1-5-21-1276444096-2533757876-1302208105-1000.db
      AgGlUAD_S-1-5-21-1276444096-2533757876-1302208105-1002.db
      AgRobust.db
      ALBNCOLLECTOR.EXE-4FC09DEB.pf
      ALUPDATE.EXE-0D61E9FA.pf
      ALZIP.EXE-4808CE6A.pf
      ATBROKER.EXE-2E15A492.pf
      ATI2EVXX.EXE-0327F1E7.pf
      ATTRIB.EXE-A990CB86.pf
      AVAST.SETUP-499863F4.pf
      AVNOTIFY.EXE-FEC2FEC4.pf
      AVSCAN.EXE-E289CD20.pf
      AVWSC.EXE-4630B658.pf
      CATCHME.EXE-15F7E0C4.pf
      CHCP.COM-61043047.pf
      CMD.EXE-4A81B364.pf
      CONIME.EXE-9781FD5F.pf
      CONSENT.EXE-531BD9EA.pf
      CONTROL.EXE-817F8F1D.pf
      CSC.EXE-A3B8D95D.pf
      CSCRIPT.EXE-D1EF4768.pf
      CSRSS.EXE-3FE41F7E.pf
      CVTRES.EXE-069169FB.pf
      DEFRAG.EXE-588F90AD.pf
      DFRGNTFS.EXE-7E4077FE.pf
      DLLHOST.EXE-5E46FA0D.pf
      DLLHOST.EXE-6A473D35.pf
      DLLHOST.EXE-6BCB9FAA.pf
      DLLHOST.EXE-766398D2.pf
      DP3D.EXE-5553CFD5.pf
      DWM.EXE-6FFD3DA8.pf
      ERUNT.COM-07498A99.pf
      EXPLORER.EXE-A80E4F97.pf
      FIREWALLSETTINGS.EXE-26A7E14B.pf
      FLASHUTIL10C.EXE-1A30AEBE.pf
      GOOGLEDESKTOP.EXE-8277D278.pf
      GOOGLEDESKTOP.EXE-C9B032BF.pf
      GOOGLEDESKTOPUPDATE.EXE-CF923CE6.pf
      GREP.CFXXE-8A68742E.pf
      GREP.COM-7CEEBED7.pf
      IELOWUTIL.EXE-3885C25E.pf
      IEXPLORE.EXE-908C99F8.pf
      INFOCARD.EXE-ECED8D38.pf
      ISADMIN.COM-34AD35BA.pf
      JAVA.EXE-E27B75C2.pf
      JAVAW.EXE-91B81925.pf
      JAVAWS.EXE-5FA6EB7C.pf
      Layout.ini
      LIST_KILL'EM.EXE-5F012F39.pf
      LOGONUI.EXE-09140401.pf
      MAHJONG.EXE-363636B9.pf
      MODE.COM-DB34C082.pf
      MPAS-D_BD1.EXE-97E29C40.pf
      MPMINISIGSTUB.EXE-E727B21D.pf
      MPSIGSTUB.EXE-6CB27A06.pf
      MSFEEDSSYNC.EXE-6E6FBDF4.pf
      MSNMSGR.EXE-9974F251.pf
      NIRCMD.CFXXE-B6A6E2A1.pf
      NIRCMD.COM-6EFE3EBA.pf
      NMINDEXINGSERVICE.EXE-BAABA37B.pf
      NOTEPAD.EXE-D8414F97.pf
      NTOSBOOT-B00DFAAD.pf
      PEV.CFXXE-DF94C177.pf
      PfSvPerfStats.bin
      PROCESS.COM-70074B9C.pf
      PV.CFXXE-608F92F6.pf
      PV.COM-57B6C3DF.pf
      PV.EXE-2DFAE579.pf
      ReadyBoot
      REG.EXE-5E3E73D1.pf
      REG.EXE-E7E8BD26.pf
      REGDACL.COM-EB6F03CB.pf
      RSIT.EXE-C0603E52.pf
      RUNDLL32.EXE-095C481F.pf
      RUNDLL32.EXE-230FC512.pf
      RUNDLL32.EXE-5338027F.pf
      RUNDLL32.EXE-5CCDECCF.pf
      RUNDLL32.EXE-6BFBA16A.pf
      RUNDLL32.EXE-6E88E69C.pf
      RUNDLL32.EXE-BF1A352E.pf
      RUNDLL32.EXE-CA7E8E01.pf
      RUNDLL32.EXE-DE9673F9.pf
      RUNDLL32.EXE-E8AC3089.pf
      SEARCHFILTERHOST.EXE-77482212.pf
      SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
      SED.COM-2489B655.pf
      SETPATH.COM-A135C716.pf
      SMP.EXE-7254358D.pf
      SMSMAIN.EXE-D7FC8AE1.pf
      SMSS.EXE-E9C28FC6.pf
      SMSTRAY.EXE-F0924830.pf
      SMSUPDATE.EXE-A442172F.pf
      SMSUPDATEMANAGER.EXE-4ABFAF66.pf
      SOLITAIRE.EXE-906D7E29.pf
      SORT.EXE-99A4F778.pf
      SSTEXT3D.SCR-DBBF7C58.pf
      SSUPDATE.EXE-EBF0FD3F.pf
      SSVAGENT.EXE-42E515EF.pf
      SSVAGENT.EXE-D0A26E22.pf
      SVCHOST.EXE-7CFEDEA3.pf
      SWREG.COM-1BB9C479.pf
      SWSC.COM-A28E2091.pf
      SWXCACLS.COM-58F32669.pf
      TASKENG.EXE-48D4E289.pf
      TASKMGR.EXE-5F5F473D.pf
      TRUSTEDINSTALLER.EXE-3CC531E5.pf
      UPDATE.EXE-026DCA13.pf
      USERINIT.EXE-2257A3E7.pf
      VERCLSID.EXE-7C52E31C.pf
      VSSVC.EXE-B8AFC319.pf
      WERCON.EXE-E36BD04E.pf
      WERFAULT.EXE-E69F695A.pf
      WERMGR.EXE-0F2AC88C.pf
      WINLOGON.EXE-B020DC41.pf
      WLCOMM.EXE-272FF9F7.pf
      WMIADAP.EXE-F8DFDFA2.pf
      WMIPRVSE.EXE-1628051C.pf
      WMPLAYER.EXE-BAD6BD53.pf
      WUAUCLT.EXE-70318591.pf
      WUDFHOST.EXE-AFFEF87C.pf




      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
      0
  20. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Bonjour je passais par là ba dite donc y en a des cracks là dedans ça m'éttonne pas qu'il y ait des virus dans le pc.
    0
    1. lvir
       
      et oui je sais j'ai le droit à une fessée !! lol
      0
  21. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    A supprimer tout ces craks bien sur.
    0
  • 1
  • 2