Besoin d'aide ordi infecté + écran noir

lvir -  
 lvir -
Bonjour,
salut
j'ai besoin de votre aide: depuis quelques temps mon écran a des couleurs psychédéliques je pensais qu'il s'agissait d'un simple problème d'écran mais mon écran est devenu tout noir avec uniquement la barre de taches en bas. il faut à que je clique sur le raccourci bureau qui est dans la barre de taches en bas pour pouvoir voir mon bureau mais à chaque fois que j'ouvre quelque chose puis le ferme mon écran est de nouveau noir!
hier windows defender a émis une alerte il y a 1 cheval de troie...! mon anti virus avast n'avait pas réagit! security tool s'est déclanché (je ne savais même pas que j'avais ce truc) et m'a demandé pour s'installer, ce que j'ai fait puis il m'a demandé de l'acheter (j'ai refusé et l'ai désinstallé) je n'ai lu qu'après vos topics là dessus. mon frère m'a conseillé d'installer avira antivir personel et spybot defender. j'ai lancé spybot qui m'a dit "aucun mouchard n'a été trouvé" puis j'ai lancé un scan avec avira qui m'a trouvé non pas 1 mais 2 fichiers avec des cheval de troie. j'ai supprimé ces 2 fichiers et vidé la poubelle. maintenant avira m'affiche que 2 "virus ou programmes indésirables ont été trouvés" mais que dois-je faire? déplacer e, quarantaine, supprimer, renommer, refuser l'accès ou ignorer
objet .................................résultat positif
A0130485.exe.................... ADSPY/Agent.iwk
A01330489.dll ....................ADSPY/MSNSkinner.1

j'ai vu que vous demandiez souvent d'installer hijachthis et le rapport de celui ci, le voici donc

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43:11, on 26/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Iminent\IMBooster\IMBooster.exe
C:\Program Files\Samsung\EmoDio\SMSTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\program files\avira\antivir desktop\avcenter.exe
L:\U Torrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Users\Virginie\Documents\Logitiels\HijackThis.exe

O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
A voir également:

28 réponses

  • 1
  • 2
Réponse 1 / 28
Utilisateur anonyme
 
EDIT : As tu supprimer les Cracks ?

▶ Telecharge et install UsbFix par Chiquitine29

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir


▶ Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisis "éxécuter en tant qu'administrateur" .

▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

▶ Laisse travailler l outil.

▶ Ensuite post le rapport UsbFix.txt qui apparaitra.

Note : Le rapport UsbFix.txt est sauvegardé à la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
1
lvir
 
bon j'ai enlevé quelques cracks mais je ne peux pas tous les enlevé sinon certains logiciels ou jeux ne marcheront plus mais dès que mon homme a fini ses jeux je vire les cracks qui vont avec. voici le rapport

############################## | UsbFix V6.059 |

User : Virginie (Administrateurs) # PC-DE-VIRGINIE
Update on 01/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 14:45:26 | 05/12/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Phenom(tm) 9100e Quad-Core Processor
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18828
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 916,86 Go (650,68 Go free) [OS] # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible # 488,25 Mo (481,23 Mo free) [CARTE MÉMOI] # FAT
H:\ -> Disque amovible
I:\ -> Disque CD-ROM
J:\ -> Disque amovible # 997,7 Mo (993,23 Mo free) [VIRGINIE L] # FAT32
L:\ -> Disque fixe local # 111,79 Go (37,7 Go free) [VIRGINIE & MANU FREECOM HDD] # NTFS

############################## | Processus actifs |

C:\Windows\System32\smss.exe 448
C:\Windows\system32\csrss.exe 532
C:\Windows\system32\wininit.exe 580
C:\Windows\system32\csrss.exe 592
C:\Windows\system32\services.exe 632
C:\Windows\system32\lsass.exe 644
C:\Windows\system32\lsm.exe 652
C:\Windows\system32\svchost.exe 812
C:\Windows\system32\nvvsvc.exe 900
C:\Windows\system32\winlogon.exe 948
C:\Windows\system32\svchost.exe 964
C:\Windows\System32\svchost.exe 1016
C:\Windows\system32\Ati2evxx.exe 1084
C:\Windows\System32\svchost.exe 1104
C:\Windows\System32\svchost.exe 1188
C:\Windows\system32\svchost.exe 1204
C:\Windows\system32\svchost.exe 1344
C:\Windows\system32\SLsvc.exe 1368
C:\Windows\system32\svchost.exe 1428
C:\Windows\system32\rundll32.exe 1512
C:\Windows\system32\svchost.exe 1624
C:\Windows\system32\Ati2evxx.exe 1664
C:\Windows\System32\spoolsv.exe 1916
C:\Program Files\Avira\AntiVir Desktop\sched.exe 1944
C:\Windows\system32\svchost.exe 1960
C:\Windows\system32\Dwm.exe 1636
C:\Windows\system32\taskeng.exe 1912
C:\Windows\Explorer.EXE 512
C:\Program Files\Windows Defender\MSASCui.exe 2132
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe 2144
C:\Windows\RtHDVCpl.exe 2180
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 2192
C:\Program Files\Samsung\EmoDio\SMSTray.exe 2288
C:\Program Files\Java\jre6\bin\jusched.exe 2376
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 2428
C:\Windows\ehome\ehtray.exe 2484
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 2508
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe 2532
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe 2564
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe 2612
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 2712
C:\Windows\system32\taskeng.exe 2840
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe 2892
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 2952
C:\Windows\ehome\ehmsas.exe 3004
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 3012
C:\Program Files\Bonjour\mDNSResponder.exe 3056
C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe 3100
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 3276
C:\Windows\system32\IoctlSvc.exe 3360
C:\Windows\system32\PnkBstrA.exe 3396
C:\Windows\system32\PnkBstrB.exe 3440
C:\Windows\system32\svchost.exe 3464
C:\Windows\system32\svchost.exe 3516
C:\Windows\System32\svchost.exe 3556
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 3600
C:\Windows\system32\SearchIndexer.exe 3688
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe 3808
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe 2404
C:\Windows\system32\WUDFHost.exe 3040
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe 3924
C:\Program Files\Windows Live\Contacts\wlcomm.exe 2204
C:\Program Files\Internet Explorer\iexplore.exe 3252
C:\Program Files\Internet Explorer\iexplore.exe 4464
\\?\C:\Windows\system32\wbem\WMIADAP.EXE 5208
C:\Windows\system32\wbem\wmiprvse.exe 5144
C:\Windows\system32\conime.exe 5040
C:\Windows\system32\wbem\wmiprvse.exe 3472

################## | Fichiers # Dossiers infectieux |


################## | Spyware.OnlineGames |


################## | Registre # Clés infectieuses |

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Registre # Mountpoints2 |


################## | Cracks / Keygens / Serials |

"C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\AVS Vid‚o Converter 6\Crack\AVSVideoConverter.exe"
09/06/2009 18:18 |Size 18501632 |Crc32 e0ff0344 |Md5 5aa714aeaa1174ab7239985cf1cac86d

"C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\call of duty 4\crack\iw3sp.exe"
06/11/2007 21:33 |Size 3017216 |Crc32 4614c0e7 |Md5 77d460bfbfff90bcf930ecc654588000

"C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\dream pinball 3D\DREAM PINBALL 3D\crack (fixed)\dp3d.exe"
06/10/2009 18:42 |Size 1880064 |Crc32 4091a1d7 |Md5 45992e6a5eded84e6add0fc81ee46d27

"C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\dream pinball 3D\DREAM PINBALL 3D\patch + no cd pour vista\Dream pinball 1.02(Vista+DualCore patch) + NoCD\Crack\dp3d.exe"
06/10/2009 18:00 |Size 2064384 |Crc32 d2f1505e |Md5 39cfe03efed15b85c6d0c8b6ccb53abc

"C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\Far Cry 2 with no CD or activation required crack\FarCry2.exe"
08/03/2009 12:12 |Size 35270 |Crc32 30b7778d |Md5 e9dba2342e6e52dc203d7c3fda20c47d

"C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\TMPGEnc Plus v2.512.52.161 Win9xNT (Includes Keygen) + TMPG DVD Author 1.5 (Includes Keygen And Update).rar"
-> contain : TMPG DVD Author 1.5 (Includes Keygen And Update)\TMPG DVD author keygen.exe

"C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\TMPGEnc Plus v2.512.52.161 Win9xNT (Includes Keygen) + TMPG DVD Author 1.5 (Includes Keygen And Update).rar"
-> contain : TMPG DVD Author 1.5 (Includes Keygen And Update)\TDA-1.5.11.37-install-EN.exe

"C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\TMPGEnc Plus v2.512.52.161 Win9xNT (Includes Keygen) + TMPG DVD Author 1.5 (Includes Keygen And Update).rar"
-> contain : TMPG DVD Author 1.5 (Includes Keygen And Update)\TDA-1.5.15.49-install-EN UPDATE.exe

"C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\TMPGEnc Plus v2.512.52.161 Win9xNT (Includes Keygen) + TMPG DVD Author 1.5 (Includes Keygen And Update).rar"
-> contain : TMPGEnc Plus v2.512.52.161 Win9xNT (Includes Keygen)\keygen.exe

"C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\TMPGEnc Plus v2.512.52.161 Win9xNT (Includes Keygen) + TMPG DVD Author 1.5 (Includes Keygen And Update).rar"
-> contain : TMPGEnc Plus v2.512.52.161 Win9xNT (Includes Keygen)\TMPGEnc-2.512.52.161-Plus-EN-Installer-DL.exe


################## | ! Fin du rapport # UsbFix V6.059 ! |
0
Réponse 2 / 28
Utilisateur anonyme
 
Salut,

Hijackthis n'a rien montré ..

▶ Télécharge ZHPDiag (de Nicolas Coolman)

ou :ZHPDiag

Enregistre le sur ton Bureau.

Une fois le téléchargement achevé,

▶ lance ZHPDiag.exe et clique sur Unzip dans la fenêtre qui s'ouvre.

▶ Clique sur la clé à molette puis sur Tous pour cocher toutes les cases des options.

▶ Clique sur la loupe pour lancer l'analyse.

A la fin de l'analyse,

▶ clique sur l'appareil photo et enregistre le rapport sur ton Bureau.

Pour me le transmettre clique sur ce lien :

http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\.ZHPDiag.txt

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.
0
lvir
 
merci pour ta réponse ultra rapide.
voici le lien http://www.cijoint.fr/cjlink.php?file=cj200911/cijwSwA2lI.txt
0
lvir
 
j'ai oublié de te dire on m'a aussi recomandé de faire un diagnostique avec ZHPDiag voici le rapport peu être que ça t'apportera des infos en plus...et encore merci

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3245
Windows 6.0.6002 Service Pack 2

28/11/2009 01:14:54
mbam-log-2009-11-28 (01-14-38).txt

Type de recherche: Examen complet (C:\|L:\|)
Eléments examinés: 353289
Temps écoulé: 2 hour(s), 46 minute(s), 52 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\63651021 (Rogue.Multiple) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\ProgramData\63651021 (Rogue.Multiple) -> No action taken.

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 3 / 28
Utilisateur anonyme
 
Si tu suit une désinfection autre part je peut pas continuer avec toi ...

▶ Télécharge TOOLBAR S&D ( de Eric_71/Team IDN ) sur ton bureau :


!! Déconnecte toi,desactive tes protections résidentes, et ferme toutes tes applications en cours le temps de la manip. !!

▶ Double-clique sur ToolBar SD.exe pour lancer l'outil et laisse toi guider ...

▶ option recherche puis [Entrée].

Un rapport sera généré à la fin du processus : poste son contenu dans ta prochaine réponse

( le rapport est en outre sauvegardé ici -> C:\TB.txt )

Tutoriel





0
Réponse 4 / 28
lvir
 
désolée de t'avoir froissée mais j'avais peur de ne pas avoir de réponse.
voici le rapport

-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Phenom(tm) 9100e Quad-Core Processor )
BIOS : BIOS Date: 12/25/08 18:47:33 Ver: 08.00.14
USER : Virginie ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:916 Go (Free:651 Go)
D:\ (CD or DVD)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (CD or DVD)
L:\ (Local Disk) - NTFS - Total:111 Go (Free:37 Go)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 29/11/2009|13:17 )

[ UAC => 1 ]

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\DAEMON Tools Toolbar
C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
C:\Program Files\DAEMON Tools Toolbar\Resources
C:\Program Files\DAEMON Tools Toolbar\uninst.exe
C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\about.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\AboutWindow.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\AddRadioStation.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\as.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\as.png
C:\Program Files\DAEMON Tools Toolbar\Resources\astro.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\az.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\b1.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\b1.png
C:\Program Files\DAEMON Tools Toolbar\Resources\BurnImage.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\buy.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\cond000.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond001.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond003.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond004.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond005.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond006.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond007.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond008.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond009.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond010.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond011.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond019.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond020.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond021.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond022.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond023.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond024.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond025.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond026.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond037.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond038.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond039.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond040.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond041.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond046.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond048.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond050.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond051.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond052.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond053.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond054.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond055.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond056.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond057.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond058.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond059.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond060.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond061.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond062.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond063.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond064.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond065.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond066.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond067.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond068.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond069.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond075.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond076.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond077.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond078.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond079.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond080.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond084.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond085.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond086.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond087.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond088.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond089.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond090.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond091.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond092.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond093.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond094.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond095.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond108.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond109.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond110.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond111.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond112.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond113.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond120.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond121.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond122.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond126.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond127.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond128.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond129.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond130.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond131.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond132.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond133.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond134.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond135.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond136.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond137.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond138.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond140.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond141.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond142.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond143.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond148.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond149.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond152.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond154.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond155.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond156.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\cond157.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\Config.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\d.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\d2.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\daemon.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\ds.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dsearch.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\dt.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\DTPro.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Dwnl.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\emulation.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\features.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\GameCentrix.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\gd.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\genre.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\globe.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\GrabImage.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\hb.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\hb.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\help.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\ip.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\lang.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\lingvo.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\m.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\mail.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_disable.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mailc_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_disable.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\mail_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioConfig.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRadioStation.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuRSCur.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\MenuTr.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\next.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\next_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\next_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\next_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\none.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\none_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\noW.gif
C:\Program Files\DAEMON Tools Toolbar\Resources\op.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\play.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\play.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\play_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\play_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\play_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\pragma.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\prev.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prev_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prev_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prev_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\prod.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Radio.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBg.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBg.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioBgMask.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDisp_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioDown_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioE.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioG.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioL.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLDotMask.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLeft.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLeftMask.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioLM.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioN.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioR.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioR.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioRM.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioRU.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioVolume_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\RadioW.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\refresh_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Rss.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Rss1.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\rssClose.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\rssL.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\rssOpen.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\size.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\size_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\skins.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\spt.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\stop.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\stop.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\stop_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\stop_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\stop_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\style.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\SupportRequest.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\time.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\TitleIcon.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\toolbar.xml
C:\Program Files\DAEMON Tools Toolbar\Resources\trans.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_disable.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Trash_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\u.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\vol.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_back.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_dott_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\vol_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wb.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtClose_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_down.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_m.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wBtText_under.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m42.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\Weather_m43.bmp
C:\Program Files\DAEMON Tools Toolbar\Resources\wi.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi0.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi1.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi10.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi11.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi12.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi13.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi2.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi3.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi4.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi5.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi6.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi7.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi8.ico
C:\Program Files\DAEMON Tools Toolbar\Resources\wi9.ico
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb128
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb128\res
C:\Program Files\Search Settings\kb128\SearchSettings.dll
C:\Program Files\Search Settings\kb128\SearchSettingsRes409.dll
C:\Program Files\Search Settings\kb128\temp

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Default_Page_URL"="http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp32&d=0109&m=imedia_a4730_fr"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp32&d=0109&m=imedia_a4730_fr"
"Default_Page_URL"="http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp32&d=0109&m=imedia_a4730_fr"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\Windows\\System32\\blank.htm"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\TMPGEnc Plus v2.512.52.161 Win9xNT (Includes Keygen) + TMPG DVD Author 1.5 (Includes Keygen And Update).rar
C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\AVS Vid‚o Converter 6\Crack
C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\AVS Vid‚o Converter 6\Crack\AVSVideoConverter.exe
C:\Users\Virginie\Favorites\crack
C:\Users\Virginie\Favorites\crack\ GameBurnWorld.url
C:\Users\Virginie\Favorites\crack\Astalavista.MS .url
C:\Users\Virginie\Favorites\crack\Crack.MS.url
C:\Users\Virginie\Favorites\crack\GameCopyWorld.url
C:\Users\Virginie\Favorites\crack\KEYGEN.MS - Generates cracks serials keygens.url
C:\Users\Virginie\Favorites\crack\Patch-Fr.com.url
C:\Users\Virginie\Favorites\crack\SeriaLCrackZ.com.url
C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Call of duty 4 fr + crack.iso
C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\Far Cry 2 with no CD or activation required crack
C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\call of duty 4\crack
C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\call of duty 4\crack\iw3sp.exe
C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\dream pinball 3D\DREAM PINBALL 3D\crack (fixed)
C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\dream pinball 3D\DREAM PINBALL 3D\crack (fixed)\dp3d.exe
C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\dream pinball 3D\DREAM PINBALL 3D\patch + no cd pour vista\Dream pinball 1.02(Vista+DualCore patch) + NoCD\Crack
C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\dream pinball 3D\DREAM PINBALL 3D\patch + no cd pour vista\Dream pinball 1.02(Vista+DualCore patch) + NoCD\Crack\dp3d.exe
C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\Far Cry 2 with no CD or activation required crack\Far cry 2.docx
C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\Far Cry 2 with no CD or activation required crack\FarCry2-ISO-and-crack.txt
C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\Far Cry 2 with no CD or activation required crack\FarCry2.exe
C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\Far Cry 2 with no CD or activation required crack\FARCRY2.iso


[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 29/11/2009|13:18 - Option : [1]

-----------\\ Fin du rapport a 13:18:19,37
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 28
Utilisateur anonyme
 
Supprime les CRACKS ---> Source d'infections.

▶ Relance Toolbar-S&D en double-cliquant sur le raccourci

▶ Tape sur "2" puis valide en appuyant sur "Entrée".

! Ne ferme pas la fenêtre lors de la suppression !

Un rapport sera généré,

▶ poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

0
Réponse 6 / 28
lvir
 
voilà le rapport


-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Phenom(tm) 9100e Quad-Core Processor )
BIOS : BIOS Date: 12/25/08 18:47:33 Ver: 08.00.14
USER : Virginie ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:916 Go (Free:651 Go)
D:\ (CD or DVD)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (CD or DVD)
L:\ (Local Disk) - NTFS - Total:111 Go (Free:37 Go)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 29/11/2009|14:12 )

[ UAC => 1 ]

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
Supprime! - C:\Program Files\DAEMON Tools Toolbar\Resources
Supprime! - C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Supprime! - C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
Supprime! - C:\Program Files\Search Settings\kb128
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\Program Files\DAEMON Tools Toolbar
Supprime! - C:\Program Files\Search Settings

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Default_Page_URL"="http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp32&d=0109&m=imedia_a4730_fr"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Page_URL"="http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp32&d=0109&m=imedia_a4730_fr"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\Windows\\System32\\blank.htm"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\TMPGEnc Plus v2.512.52.161 Win9xNT (Includes Keygen) + TMPG DVD Author 1.5 (Includes Keygen And Update).rar
C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\AVS Vid‚o Converter 6\Crack
C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\AVS Vid‚o Converter 6\Crack\AVSVideoConverter.exe
C:\Users\Virginie\Favorites\crack
C:\Users\Virginie\Favorites\crack\ GameBurnWorld.url
C:\Users\Virginie\Favorites\crack\Astalavista.MS .url
C:\Users\Virginie\Favorites\crack\Crack.MS.url
C:\Users\Virginie\Favorites\crack\GameCopyWorld.url
C:\Users\Virginie\Favorites\crack\KEYGEN.MS - Generates cracks serials keygens.url
C:\Users\Virginie\Favorites\crack\Patch-Fr.com.url
C:\Users\Virginie\Favorites\crack\SeriaLCrackZ.com.url
C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Call of duty 4 fr + crack.iso
C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\Far Cry 2 with no CD or activation required crack
C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\call of duty 4\crack
C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\call of duty 4\crack\iw3sp.exe
C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\dream pinball 3D\DREAM PINBALL 3D\crack (fixed)
C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\dream pinball 3D\DREAM PINBALL 3D\crack (fixed)\dp3d.exe
C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\dream pinball 3D\DREAM PINBALL 3D\patch + no cd pour vista\Dream pinball 1.02(Vista+DualCore patch) + NoCD\Crack
C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\dream pinball 3D\DREAM PINBALL 3D\patch + no cd pour vista\Dream pinball 1.02(Vista+DualCore patch) + NoCD\Crack\dp3d.exe
C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\Far Cry 2 with no CD or activation required crack\Far cry 2.docx
C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\Far Cry 2 with no CD or activation required crack\FarCry2-ISO-and-crack.txt
C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\Far Cry 2 with no CD or activation required crack\FarCry2.exe
C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\Far Cry 2 with no CD or activation required crack\FARCRY2.iso


[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 29/11/2009|13:18 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 29/11/2009|14:13 - Option : [2]

-----------\\ Fin du rapport a 14:13:43,16
0
Réponse 7 / 28
Utilisateur anonyme
 
Tu veux pas supprimer les CRACKS ?

▶ Télécharge Superantispyware (SAS)

▶ Choisis "enregistrer" et enregistre-le sur ton bureau.

▶ Double-clique sur l'icône d'installation qui vient de se créer et suis les instructions.

▶ Créé une icône sur le bureau.

▶ Double-clique sur l'icône de SAS (une tête dans un cercle rouge barré) pour le lancer.

▶- Si l'outil te demande de mettre à jour le programme ("update the program definitions", clique sur yes.
▶- Sous Configuration and Preferences, clique sur le bouton "Preferences"
▶- Clique sur l'onglet "Scanning Control "
▶- Dans "Scanner Options ", assure toi que la case devant lles lignes suivantes est cochée :

▶Close browsers before scanning
▶Scan for tracking cookies
▶Terminate memory threats before quarantining

▶ Laisse les autres lignes décochées.

▶ Clique sur le bouton "Close" pour quitter l'écran du centre de contrôle.

▶ Dans la fenêtre principale, clique, dans "Scan for Harmful Software", sur "Scan your computer".

▶ Dans la colonne de gauche, coche C:\Fixed Drive.

▶ Dans la colonne de droite, sous "Complete scan", clique sur "Perform Complete Scan"

▶ Clique sur "next" pour lancer le scan. Patiente pendant la durée du scan.

▶ A la fin du scan, une fenêtre de résultats s'ouvre . Clique sur OK.

▶ Assure toi que toutes les lignes de la fenêtre blanche sont cochées et clique sur "Next".

▶ Tout ce qui a été trouvé sera mis en quarantaine. S'il t'es demandé de redémarrer l'ordi ("reboot"), clique sur Yes.

Pour recopier les informations sur le forum, fais ceci :

▶ - après le redémarrage de l'ordi, double-clique sur l'icône pour lancer SAS.
▶ - Clique sur "Preferences" puis sur l'onglet "Statistics/Logs ".
▶- Dans "scanners logs", double-clique sur SUPERAntiSpyware Scan Log.

▶ - Le rapport va s'ouvrir dans ton éditeur de texte par défaut.

▶ - Copie son contenu dans ta réponse.


Regarde bien le tuto SUPERAntiSpyware il est très bien expliqué.
0
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
tiens je reconnais mon canned.
0
Utilisateur anonyme > pimprenelle27 Messages postés 22182 Statut Contributeur sécurité
 
Salut,

C'est le canned de Gen-Hackman. C'est même lui qui me les a passer :))

Donc j'ai les droits d'auteur ...

Merci de ne pas perturbé le Topique avec des messages hors sujet.



0
Réponse 8 / 28
lvir
 
en fait beaucoup de programmes installés et des jeux utilisent des cracks. je sais il ne faut pas télécharger mais bon ....lol
0
Réponse 9 / 28
Utilisateur anonyme
 
Comme tu veux ...

1/ C'est illégal
2/ C'est infectieux

Continue la suite.
0
lvir
 
voici le rapport de SAS (désolée j'ai mis un peu de temps mais je me suis coincée le dos et j'ai du mal à rester assise devant l'ordi lol)

SUPERAntiSpyware Scan Log
https://www.superantispyware.com/

Generated 11/29/2009 at 09:48 PM

Application Version : 4.31.1000

Core Rules Database Version : 4318
Trace Rules Database Version: 2177

Scan type : Complete Scan
Total Scan Time : 02:09:37

Memory items scanned : 696
Memory threats detected : 0
Registry items scanned : 8378
Registry threats detected : 19
File items scanned : 31366
File threats detected : 205

Adware.Vundo/Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{E54729E8-BB3D-4270-9D49-7389EA579090}
HKCR\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090}
HKCR\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090}
HKCR\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090}\InprocServer32
HKCR\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090}\InprocServer32#ThreadingModel
HKCR\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090}\ProgID
HKCR\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090}\TypeLib
HKCR\CLSID\{E54729E8-BB3D-4270-9D49-7389EA579090}\VersionIndependentProgID
HKCR\ezUPBHook.ShellObj.1
HKCR\ezUPBHook.ShellObj.1\CLSID
HKCR\ezUPBHook.ShellObj
HKCR\ezUPBHook.ShellObj\CLSID
HKCR\ezUPBHook.ShellObj\CurVer
HKCR\TypeLib\{478CAB91-9E28-11D4-97FF-0050047D51FB}
HKCR\TypeLib\{478CAB91-9E28-11D4-97FF-0050047D51FB}\1.0
HKCR\TypeLib\{478CAB91-9E28-11D4-97FF-0050047D51FB}\1.0\0
HKCR\TypeLib\{478CAB91-9E28-11D4-97FF-0050047D51FB}\1.0\0\win32
HKCR\TypeLib\{478CAB91-9E28-11D4-97FF-0050047D51FB}\1.0\FLAGS
HKCR\TypeLib\{478CAB91-9E28-11D4-97FF-0050047D51FB}\1.0\HELPDIR
C:\WINDOWS\SYSTEM32\EZUPBH~1.DLL

Adware.Tracking Cookie
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@bouyguestelecom.solution.weborama[3].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@weborama[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@serving-sys[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@bs.serving-sys[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@advertstream[3].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@content.yieldmanager[4].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@apmebf[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@content.yieldmanager[5].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@smartadserver[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@fastclick[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@doubleclick[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@ad.zanox[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@atdmt[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@t.bbtrack[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@ad.yieldmanager[3].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@partypoker[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Local\Temp\Low\Cookies\manu@boursoramabanque.solution.weborama[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Local\Temp\Low\Cookies\manu@cetelem.solution.weborama[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Local\Temp\Low\Cookies\manu@smartadserver[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Local\Temp\Low\Cookies\manu@tradedoubler[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Local\Temp\Low\Cookies\manu@weborama[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@680.stats.misstrends[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@extrait-sexe[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@at.atwola[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@teen-sodomisee[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@ad.zanox[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@sexy-matures[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@cetelem.solution.weborama[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@media.carpediem[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@mature.blogsexgratuit[10].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@lesexemature[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@mature.blogsexgratuit[11].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@accrosexe[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@fr.at.atwola[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@rabbitfinder[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@atdmt[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.teen-sodomisee[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@exhibporno[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@clip-sexe-amateurs[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.clip-sexe-amateurs[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@machinasexe[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@mature.blogsexgratuit[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.adult-empire[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@apmebf[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@ehg-aig.hitbox[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@serving-sys[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@mature.blogsexgratuit[8].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@mature.blogsexgratuit[7].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@mature.blogsexgratuit[6].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@mature.blogsexgratuit[5].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@mature.blogsexgratuit[4].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@mature.blogsexgratuit[3].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@mature.blogsexgratuit[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@mature.blogsexgratuit[9].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.photo-sexe[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@atwola[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@smartadserver[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@adtech[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.extrait-sexe[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.sexy-matures[3].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.sexy-matures[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@llsexe[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.lesexemature[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@content.yieldmanager[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@d2.advertserve[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@stat.blogorama[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@tradedoubler[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@photo-sexe[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.googleadservices[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@advertising[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.onsexhibe[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@airsexe[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@accesporno[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@jeune-salope-xxx[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.sexyavenue[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@adserver.aol[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.jeune-salope-xxx[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@bluestreak[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@sexeovore[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@samsung.solution.weborama[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@clickinvideo[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.sexe-sans-censure[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@bouyguestelecom.solution.weborama[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@sexe-libre[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@bs.serving-sys[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@repertoire-porno[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@sexyavenue[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@pornravage[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@weborama[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@galleries.adult-empire[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@sexesursexe[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.sexy-cocktail[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@maxxxblog[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@carasexe[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@adult-empire[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.pornattitude[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.sexeautop[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@6128.stats.misstrends[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@fastclick[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@sexejoursursexe[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.sexe[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@2009.exhibporno[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@2026.stats.misstrends[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@4524.stats.misstrends[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@5504.stats.misstrends[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@663.stats.misstrends[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@689.stats.misstrends[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@ad.yieldmanager[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@ads.canalblog[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@blog-adultes[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@blogadultes.sexy.easysexe[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@boursoramabanque.solution.weborama[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@doubleclick[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@double-sexe[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@easysexe[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@fl01.ct2.comclick[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@flvtools.spacash[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@galleries1.adult-empire[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@hds.carasexe[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@himedia.individuad[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@hitbox[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@onsexhibe[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@nestlewaters.solution.weborama[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@plagesexy[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@pornattitude[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@porn[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@sexeautop[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@stats.canalblog[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@virginmobile.solution.weborama[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@tacoda[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@tracking.publicidees[2].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@www.accesporno[3].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\manu@xiti[1].txt
C:\Users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Cookies\manu@mature.blogsexgratuit[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@advertstream[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@adviva[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@ad.yieldmanager[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@zedo[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@adviva[3].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@ads.sumotorrent[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@xiti[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@xiti[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@showroomprive.solution.weborama[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@weborama[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@statse.webtrendslive[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@boursoramabanque.solution.weborama[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@cetelem.solution.weborama[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@at.atwola[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@weborama[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@t.bbtrack[3].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@t.bbtrack[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@partypoker[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@msnportal.112.2o7[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@ad.zanox[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@advertstream[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@zanox[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@tacoda[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@www.partypoker[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@lascad.solution.weborama[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@serving-sys[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@aimfar.solution.weborama[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@bs.serving-sys[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@interflora2.solution.weborama[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@doubleclick[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@tradedoubler[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@specificclick[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@server.iad.liveperson[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@questionmarket[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@bouyguestelecom.solution.weborama[3].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@bouyguestelecom.solution.weborama[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@ad3.clickhype[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@server.iad.liveperson[3].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@advertising[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@doubleclick[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@apmebf[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@atdmt[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@garnier2009.solution.weborama[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@tracking.publicidees[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@statcounter[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@partyaccount[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@mediaplex[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@cdn5.specificclick[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@adultfriendfinder[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@adtech[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@insightexpressai[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@smartadserver[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@bluestreak[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@adtech[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@bluestreak[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@ads.gamersmedia[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@content.yieldmanager[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@secure.partyaccount[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@smartadserver[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\Low\virginie@content.yieldmanager[3].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@ad.yieldmanager[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@fastclick[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@weborama[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@bouyguestelecom.solution.weborama[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@doubleclick[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@apmebf[1].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@content.yieldmanager[2].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@content.yieldmanager[3].txt
C:\Users\Virginie\AppData\Roaming\Microsoft\Windows\Cookies\virginie@atdmt[2].txt

Adware.Vundo/Variant-MSFake
C:\PROGRAM FILES\NAVILOG1\REG.EXE
0
Réponse 10 / 28
Utilisateur anonyme
 
Vide la quarantaine de SAS.


/!\ ATTENTION SUIVRE SCRUPULEUSEMENT A LA LETTRE CES INDICATIONS/!\

▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe"

_______________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
======================================================

▶ On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


Avant d'utiliser ComboFix :
______________________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°

▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!

▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

>> Reviens sur le forum, et

▶ copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

0
lvir
 
ComboFix 09-11-30.05 - Virginie 01/12/2009 9:28.1.4 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3326.2499 [GMT 1:00]
Lancé depuis: c:\users\Virginie\Desktop\virginie.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1276444096-2533757876-1302208105-500
c:\$recycle.bin\S-1-5-21-2615618031-1473878728-100546447-500
c:\windows\system32\muzapp.exe
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-11-01 au 2009-12-01 ))))))))))))))))))))))))))))))))))))
.

2009-12-01 08:41 . 2009-12-01 08:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-01 08:41 . 2009-12-01 08:42 -------- d-----w- c:\users\Virginie\AppData\Local\temp
2009-12-01 08:41 . 2009-12-01 08:41 -------- d-----w- c:\users\Manu\AppData\Local\temp
2009-12-01 08:41 . 2009-12-01 08:41 -------- d-----w- c:\users\Manu.PC-de-Virginie\AppData\Local\temp
2009-11-29 18:31 . 2009-11-29 18:31 117760 ----a-w- c:\users\Virginie\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-29 18:30 . 2009-11-29 18:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-11-29 18:30 . 2009-11-29 18:30 4096 d-----w- c:\program files\SUPERAntiSpyware
2009-11-29 18:30 . 2009-11-29 18:30 -------- d-----w- c:\users\Virginie\AppData\Roaming\SUPERAntiSpyware.com
2009-11-29 12:16 . 2009-11-29 13:13 8192 d-----w- C:\ToolBar SD
2009-11-28 11:27 . 2009-12-01 07:32 4096 d-----w- c:\program files\Navilog1
2009-11-28 00:27 . 2009-11-28 00:27 4096 d-----w- c:\program files\ZHPDiag
2009-11-27 21:24 . 2009-11-27 21:24 -------- d-----w- c:\users\Virginie\AppData\Roaming\Malwarebytes
2009-11-27 21:24 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-27 21:24 . 2009-11-27 21:24 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-27 21:24 . 2009-11-27 21:24 -------- d-----w- c:\programdata\Malwarebytes
2009-11-27 21:24 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-26 19:36 . 2009-11-26 21:55 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-26 19:36 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-26 19:36 . 2009-11-26 19:36 -------- d-----w- c:\programdata\Avira
2009-11-26 19:36 . 2009-11-26 19:36 -------- d-----w- c:\program files\Avira
2009-11-26 18:28 . 2009-11-26 22:01 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-26 18:28 . 2009-11-26 18:34 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-26 00:49 . 2009-11-26 00:49 4096 d-----w- c:\users\Virginie\R
2009-11-25 13:12 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 12:00 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 12:00 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-22 15:10 . 2009-11-22 15:10 4096 d-----w- c:\program files\AviSynth 2.5
2009-11-22 14:44 . 2009-11-22 14:44 -------- d-----w- c:\users\Virginie\AppData\Roaming\FreeVideoConverter
2009-11-20 21:11 . 2009-11-20 21:12 4096 d-----w- c:\program files\QuickTime
2009-11-19 19:27 . 2009-11-19 19:27 -------- d-----w- c:\users\Manu.PC-de-Virginie\AppData\Roaming\HiYo
2009-11-12 17:47 . 2009-11-12 17:47 -------- d-----w- C:\Acrobat3
2009-11-12 17:46 . 1997-06-13 05:46 298496 ----a-w- c:\windows\uninst.exe
2009-11-11 12:34 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 12:34 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-04 05:29 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-11-04 05:29 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-11-04 05:29 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-04 05:29 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-11-04 05:28 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-11-04 05:28 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-11-04 05:28 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-04 05:28 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-04 05:28 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-11-03 17:49 . 2009-11-03 17:49 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-03 17:43 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-03 17:43 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-03 17:43 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-03 17:41 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-03 17:41 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-03 17:41 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-01 08:32 . 2008-01-21 08:40 669328 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-01 08:32 . 2008-01-21 08:40 123350 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-30 22:02 . 2009-04-19 16:04 -------- d-----w- c:\program files\Ubisoft
2009-11-29 18:29 . 2009-03-06 21:17 4096 d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-29 13:49 . 2009-03-01 18:37 24576 d-----w- c:\users\Virginie\AppData\Roaming\uTorrent
2009-11-27 21:15 . 2009-03-02 21:32 -------- d-----w- c:\program files\Alwil Software
2009-11-25 17:59 . 2009-04-08 15:44 4096 d-----w- c:\program files\AVS4YOU
2009-11-25 13:45 . 2009-04-08 15:45 4096 d-----w- c:\program files\Common Files\AVSMedia
2009-11-20 21:11 . 2009-09-04 17:48 -------- d-----w- c:\programdata\Apple Computer
2009-11-15 14:58 . 2009-03-13 17:26 350 ----a-w- c:\users\Virginie\AppData\Roaming\wklnhst.dat
2009-11-13 18:19 . 2009-01-08 05:02 4096 d-----w- c:\program files\Common Files\InstallShield
2009-11-13 18:19 . 2008-12-16 03:38 20480 d--h--w- c:\program files\InstallShield Installation Information
2009-11-12 02:21 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-12 02:05 . 2008-12-16 03:21 12288 d-----w- c:\programdata\Microsoft Help
2009-11-09 19:11 . 2009-09-12 21:15 -------- d-----w- c:\program files\Java
2009-11-09 18:46 . 2008-12-16 03:34 8192 d-----w- c:\program files\Common Files\Adobe
2009-11-07 16:54 . 2009-06-25 17:48 -------- d-----w- c:\program files\Micro Application
2009-11-03 17:49 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-03 17:49 . 2009-11-03 17:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-03 17:49 . 2009-11-03 17:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-02 19:42 . 2009-10-02 16:56 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-18 22:08 . 2009-07-25 21:29 2855 ----a-w- c:\users\Manu.PC-de-Virginie\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
2009-10-17 01:01 . 2009-10-17 01:01 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-10-16 17:10 . 2009-03-06 22:25 -------- d-----w- c:\users\Virginie\AppData\Roaming\Games
2009-10-13 17:07 . 2009-03-09 17:47 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-13 17:07 . 2009-03-09 17:47 22328 ----a-w- c:\users\Virginie\AppData\Roaming\PnkBstrK.sys
2009-10-13 17:07 . 2009-03-09 17:47 22328 ----a-w- c:\users\Virginie\AppData\Roaming\PnkBstrK.sys
2009-10-13 17:07 . 2009-03-09 17:47 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-13 17:07 . 2009-03-09 17:47 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-13 16:41 . 2009-03-31 19:08 -------- d-----w- c:\program files\Activision
2009-10-11 03:17 . 2009-09-12 21:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-07 22:59 . 2009-10-07 22:48 4096 d-----w- c:\users\Manu.PC-de-Virginie\AppData\Roaming\dp3d
2009-10-06 22:05 . 2009-10-06 22:00 4096 d-----w- c:\users\Virginie\AppData\Roaming\dp3d
2009-10-06 21:55 . 2009-10-06 21:55 -------- d-----w- c:\program files\TopWare
2009-10-04 09:01 . 2009-10-04 09:01 4096 d-----w- c:\program files\Microsoft Office Outlook Connector
2009-10-04 09:01 . 2009-03-01 11:22 4096 d-----w- c:\program files\Windows Live
2009-10-04 08:59 . 2009-10-04 08:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-04 08:58 . 2009-03-01 11:07 -------- d-----w- c:\program files\Microsoft
2009-10-01 01:02 . 2009-11-03 17:42 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-03 17:42 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-03 17:42 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-03 17:42 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-03 17:42 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-03 17:42 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-03 17:42 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-03 17:42 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-03 17:42 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-03 17:42 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-03 17:42 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-03 17:42 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-03 17:42 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-03 17:42 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-03 17:42 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-03 17:42 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10 . 2009-11-03 17:42 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-03 17:42 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-03 17:42 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-03 17:42 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-03 17:42 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-03 17:42 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-03 17:42 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-03 17:42 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-03 17:42 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-03 17:42 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-03 17:42 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-03 17:42 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-03 17:42 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-03 17:42 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-03 17:42 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-03 17:42 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-03 17:42 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-03 17:42 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-03 17:42 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-03 17:42 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-03 17:42 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-03 17:42 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-03 17:42 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-03 17:42 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-03 17:42 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-03 17:42 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-03 17:42 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-14 09:29 . 2009-10-15 03:13 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 16:48 . 2009-10-15 03:14 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 14:59 . 2009-10-28 06:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-09-10 14:58 . 2009-10-28 06:59 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-09-09 12:03 . 2009-09-09 12:03 680 ----a-w- c:\users\Virginie\AppData\Local\d3d9caps.dat
2009-09-09 11:58 . 2009-03-04 17:47 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-04 11:41 . 2009-10-15 03:13 60928 ----a-w- c:\windows\system32\msasn1.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
2009-04-08 16:34 102912 ----a-w- c:\program files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6E9BAAF-53CD-4575-967B-2AF710A7D21F}]
2009-02-23 13:12 117248 ----a-w- c:\program files\Iminent\IMBooster\Iminent.LinkToContent.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020" [X]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-08-29 160592]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13584928]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-08 24064]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"IMBooster"="c:\program files\Iminent\IMBooster\imbooster.exe" [2009-04-08 365568]
"Iminent.Notifier"="c:\program files\Iminent\SearchTheWeb\Iminent.Notifier.exe" [2009-04-09 496640]
"SMSTray"="c:\program files\Samsung\EmoDio\SMSTray.exe" [2009-03-21 484888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-03-26 5369856]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):bb,e5,43,4a,1b,28,ca,01

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 08:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 08:43 74480]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [26/11/2009 20:36 108289]
R2 ETService;Empowering Technology Service;c:\program files\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe [08/01/2009 06:08 24576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 03:23 21504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [26/11/2009 19:28 1153368]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [04/03/2009 18:47 721904]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 03:23 21504]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [08/01/2009 06:06 24064]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 08:43 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'

2009-12-01 c:\windows\Tasks\User_Feed_Synchronization-{2B7BCE5A-CA64-4F9F-91F7-64E1C98DA99C}.job
- c:\windows\system32\msfeedssync.exe [2009-10-15 03:41]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: Barre RoboForm - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Enregistrer le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Personnaliser le menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Remplir le formulaire - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-eRecoveryService - (no file)
AddRemove-Google Desktop - c:\progra~1\Google\Google Desktop Search\RunCmd.exe Uninstall.cmd
AddRemove-IMBooster - c:\programdata\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\IMBoosterSetup.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-NVIDIA Drivers - c:\windows\system32\nvuninst.exe UninstallGUI
AddRemove-Works9SE - c:\program files\Microsoft Office\RunCmd.exe Works_Uninstall.cmd
AddRemove-Xvid_is1 - i:\xvid\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-01 09:42
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1276444096-2533757876-1302208105-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:dd,23,c3,ab,8d,b2,75,d9,37,8e,32,24,b8,a0,6f,0d,17,37,9d,0d,44,c8,4d,
cf,d3,96,80,39,f4,29,9d,13,30,37,11,06,0b,3b,6d,e1,f6,55,15,26,84,90,d7,3c,\
"??"=hex:4a,f1,1b,2b,7f,67,b6,a3,7e,79,92,18,40,0b,92,33

[HKEY_USERS\S-1-5-21-1276444096-2533757876-1302208105-1000\Software\SecuROM\License information*]
"datasecu"=hex:d8,bf,ff,0e,4f,53,eb,8f,89,c1,9e,9b,92,01,34,da,be,45,57,7f,39,
4f,83,46,63,04,9e,cd,80,09,94,9e,f1,3f,0b,ec,f4,8c,78,56,21,75,55,05,5c,0f,\
"rkeysecu"=hex:a0,66,61,3c,3b,be,22,dc,ee,29,94,b0,36,43,b2,54
.
Heure de fin: 2009-12-01 09:44
ComboFix-quarantined-files.txt 2009-12-01 08:44

Avant-CF: 695 419 174 912 octets libres
Après-CF: 705 626 521 600 octets libres

- - End Of File - - FA544F09EC4538365A11B1BD67D13A19
0
Réponse 11 / 28
Utilisateur anonyme
 
Supprime manuellement ceci :

c:\program files\Iminent\IMBooster\Iminent.LinkToContent.dll

======================================

Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

! Déconnecte toi et FERME TOUTES TES APPLICATIONS EN COURS !

Double-clique sur " RSIT.exe " pour le lancer .

▶ Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

▶ Devant l'option "List files/folders created ..." , tu choisis : 2 months

▶ clique ensuite sur " Continue " pour lancer l'analyse ...


▶ laisse faire le scan et ne touche pas au PC ...


Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum


( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
0
lvir
 
euhh j'ai une fenetre qui s'ouvre: fichier ouvert avertissement de sécurité, voulez vous exécuter ce fichier?
nom:...Users\Virginie\Documents\Logiciels\Virginie.exe
editeur: Trend Micro, Inc.
Type : application
De: C:\users\virginie\documents\logiciels\virginie.e...
exécuter ou annuler

que dois je faire?
0
lvir
 
que dois je faire avec ma fenetre? executer ou annuler?
0
Réponse 12 / 28
Utilisateur anonyme
 
oui c est moi qui l'ai piqué a Pimprenelle ^^
0
Réponse 13 / 28
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
je savais bien que c'était toi gen hackman mais c'est pas grave je savais d'où il venait.
0
Réponse 14 / 28
Utilisateur anonyme
 
Bonjour,

Désactive l'UAC :

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

▶- Vas dans "Démarrer" puis Panneau de configuration.

▶- Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs.

▶- Clique sur Continuer.

▶- Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.

▶- Valide par OK et redémarre.

Tuto

Et ressaie la manipulation.
0
lvir
 
j'ai suivi la procédure, le scan commence à se lancer mais quelques secondes après la même fenetre s'ouvre en me demandant exécuter ou annuler... et si je supprimais l'application qui essai de se mettre en route (je crois que c'est hijackthis mais qui a été renommé virginie)....
0
Réponse 15 / 28
Utilisateur anonyme
 
Supprime Hijackthis et ressaie la manip.
0
lvir
 
voici le rapport log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Virginie at 2009-12-03 15:20:28
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 669 GB (71%) free of 939 GB
Total RAM: 3326 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:22, on 29/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Iminent\IMBooster\IMBooster.exe
C:\Program Files\Samsung\EmoDio\SMSTray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Virginie\Documents\Logitiels\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=1&o=vp32&d=0109&m=imedia_a4730_fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: CHelperBHO - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - C:\Program Files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Iminent.LinkToContent - {A6E9BAAF-53CD-4575-967B-2AF710A7D21F} - C:\Program Files\Iminent\IMBooster\Iminent.LinkToContent.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe /warmup
O4 - HKLM\..\Run: [Iminent.Notifier] C:\Program Files\Iminent\SearchTheWeb\Iminent.Notifier.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\EmoDio\SMSTray.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
0
lvir
 
je crois que le rapport info est trop long, il ne s'affiche pas quand je le poste. je vais le couper en 2 et le mettre dans 2 réponses
0
lvir
 
info.txt logfile of random's system information tool 1.06 2009-12-03 16:06:52

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{8F1B6239-FEA0-450A-A950-B05276CE177C}\setup.exe" -runfromtemp -l0x040c -removeonly
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F90CBE30-7269-465D-AB66-0DCF33CE3618}\setup.exe" -l0x40c
32nd America's Cup 0.2.0.0-->"C:\Users\Virginie\JEUX\Jeux installés\32nd America's Cup\unins000.exe"
AC-3 ACM Codec-->C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\Windows\INF\AC3ACM.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Acrobat Reader 3.01-->C:\Windows\uninst.exe -fC:\Acrobat3\Reader\DeIsL1.isu
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}
Adobe Photoshop Elements 6.0-->msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Reader 9.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001}
Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}
Adobe Shockwave Player-->C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
ALUpdate-->"C:\Program Files\ESTsoft\ALUpdate\unins000.exe"
ALZip-->"C:\Program Files\ESTsoft\ALZip\unins000.exe"
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x040c -removeonly
Assistant de connexion Windows Live ID-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManger\unins000.exe"
AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c
Call of Juarez - Bound in Blood-->C:\Program Files\InstallShield Installation Information\{FEFAF112-4DA8-479C-89E2-7DE25091711A}\Setup.exe -runfromtemp -l0x040c
CCE SP Trial Version-->C:\PROGRA~1\CUSTOM~1\CCESPT~1\uinst.exe
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x40c /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x40c /remove
Dream Pinball 3D-->C:\PROGRA~1\TopWare\DREAMP~1\Unwise.exe /U C:\PROGRA~1\TopWare\DREAMP~1\install.log
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
EasyBits Magic Desktop-->C:\Windows\system32\ezMDUninstall.exe
EAX4 Unified Redist-->MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
EmoDio-->"C:\Program Files\InstallShield Installation Information\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\setup.exe" -runfromtemp -l0x040c -removeonly
EmoDio-->MsiExec.exe /X{C20CE592-B0F8-4D20-BF31-0151CA6331A6}
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Far Cry 2-->"C:\Program Files\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x040c -removeonly
Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
HDReg France-->MsiExec.exe /I{0ED40D2A-7131-4FE7-941E-5C329336F712}
HijackThis 2.0.2-->"C:\Users\Virginie\Documents\Logitiels\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
IMBooster-->C:\ProgramData\{3AB7D18B-6873-453C-A0C7-D330283EDE14}\IMBoosterSetup.exe
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Lame ACM MP3 Codec-->C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\Windows\INF\LameACM.inf
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MetaBoli-->"C:\Program Files\InstallShield Installation Information\{709817E4-5439-4206-8738-796B34B623BD}\setup.exe" -runfromtemp -l0x040c -removeonly
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
0
Réponse 16 / 28
Utilisateur anonyme
 
salut AD-Remover ferait du bon trazvail je pense
0
Réponse 17 / 28
Utilisateur anonyme
 
▶ Télécharge Ad-remover ( de C_XX ) sur ton bureau :


▶ Déconnecte toi et ferme toutes applications en cours !

▶ Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

▶ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

▶ Au menu principal choisis l'option "L" et tape sur [entrée] .

▶ Laisse travailler l'outil et ne touche à rien ...

▶ Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
lvir
 
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_D | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 02.12.2009 à 18:59
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 20:02:04, 03/12/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 2 v6.0.6002
Nom du PC: PC-DE-VIRGINIE | Utilisateur actuel: Virginie
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
C:\ProgramData\Iminent
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\IMBooster
C:\Windows\Installer\{E1B94435-241E-4519-B1C3-C4DD9EB352A2}
C:\Users\Virginie\AppData\LocalLow\Search Settings
C:\Program Files\Iminent ... [b]ERREUR SUPPRESSION !![/b]
C:\Program Files\Mozilla FireFox\searchplugins\SearchTheWeb.xml
C:\Windows\Installer\10abbb35.msi
C:\Windows\Installer\bfd64f4.msi
C:\Users\Virginie\AppData\Roaming\MICROS~1\Windows\Cookies\virginie@iminent[1].txt
C:\Users\Virginie\AppData\Roaming\MICROS~1\Windows\Cookies\virginie@iminent[2].txt
C:\Users\Virginie\AppData\Roaming\MICROS~1\Windows\Cookies\virginie@openxweb.iminent[1].txt
C:\Users\Virginie\AppData\Roaming\MICROS~1\Windows\Cookies\virginie@openxweb.iminent[2].txt

(!) -- Fichiers temporaires supprimés.

.
HKCU\software\Iminent
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
HKLM\Software\Classes\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
HKLM\Software\Classes\CLSID\{A6E9BAAF-53CD-4575-967B-2AF710A7D21F}
HKLM\software\classes\IminentBHONavigationError.CHelperBHO.1
HKLM\software\classes\IminentLinkToContent.LinkToContent
HKLM\software\classes\IminentLinkToContent.LinkToContent.1
HKLM\software\classes\installer\Products\53449B1EE14291541B3C4CDDE93B252A
HKLM\Software\Classes\Interface\{12FB9C3D-0875-4CAA-B3B1-9DCCCE749DE5}
HKLM\Software\Classes\TypeLib\{587D1093-12E0-4B0E-9426-AF9DC5ABB77D}
HKLM\Software\Classes\TypeLib\{77860007-19AE-4C29-B26D-AEA48F3A05C5}
HKLM\software\iAvatars.com
HKLM\software\Iminent
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6E9BAAF-53CD-4575-967B-2AF710A7D21F}
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\53449B1EE14291541B3C4CDDE93B252A
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\IMBooster
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Iminent.Notifier
HKLM\software\microsoft\windows\currentversion\uninstall\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}
HKLM\software\microsoft\windows\currentversion\uninstall\{E1B94435-241E-4519-B1C3-C4DD9EB352A2}
.
============== Scan additionnel ==============
.
.
* Internet Explorer Version 8.0.6001.18828 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\TMPGEnc Plus v2.512.52.161 Win9xNT (Includes Keygen) + TMPG DVD Author 1.5 (Includes Keygen And Update).rar
C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\AVS Vid‚o Converter 6\Crack\AVSVideoConverter.exe
C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\cinema.craft.encoder.sp.v2.67.00.27.&.cce.patcher.v0.5.7\CCE 2.67.00.27\ccspt267.exe
C:\Users\Virginie\Documents\Logitiels\logitiels pour copie de DVD\cinema.craft.encoder.sp.v2.67.00.27.&.cce.patcher.v0.5.7\CCE Patcher 0.5.7\CCE_Patcher.exe
C:\Users\Virginie\Favorites\crack\ GameBurnWorld.url
C:\Users\Virginie\Favorites\crack\Astalavista.MS .url
C:\Users\Virginie\Favorites\crack\Crack.MS.url
C:\Users\Virginie\Favorites\crack\GameCopyWorld.url
C:\Users\Virginie\Favorites\crack\KEYGEN.MS - Generates cracks serials keygens.url
C:\Users\Virginie\Favorites\crack\Patch-Fr.com.url
C:\Users\Virginie\Favorites\crack\SeriaLCrackZ.com.url
C:\Users\Virginie\Favorites\Jeu en Fran‡ais\Patch-Fr.com  Liste des patchs francais disponible.url
C:\Users\Virginie\Favorites\Jeu en Fran‡ais\Patch-Fr.com.url
C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\call of duty 4\crack\iw3sp.exe
C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\dream pinball 3D\DREAM PINBALL 3D\crack (fixed)\dp3d.exe
C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\dream pinball 3D\DREAM PINBALL 3D\patch + no cd pour vista\Dream pinball 1.02(Vista+DualCore patch) + NoCD\DP3D_V-DC_Patch.exe
C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\dream pinball 3D\DREAM PINBALL 3D\patch + no cd pour vista\Dream pinball 1.02(Vista+DualCore patch) + NoCD\Crack\dp3d.exe
C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\dream pinball 3D\patch vista\blAde-DP3DVaDCUcrk.rar
C:\Users\Virginie\JEUX\Fini de t‚l‚charg‚\Manu\Far Cry 2 with no CD or activation required crack\FarCry2.exe
.
===================================
.
5663 Octet(s) - C:\Ad-Report-CLEAN[1].log
.
1 Fichier(s) - C:\Users\Virginie\AppData\Local\Temp
0 Fichier(s) - C:\Windows\Temp
.
18 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
1459 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 20:19:26 | 03/12/2009 - CLEAN[1]
.
============== E.O.F ==============
.
0
Réponse 18 / 28
Utilisateur anonyme
 
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent

▶ Télécharge List&Kill'em et enregistre le sur ton bureau

▶ dezippe-le , (clic droit/ extraire.....)

Il ne necessite pas d'installation

▶double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

choisis la langue puis choisis l'option 1 = Mode Recherche

▶laisse travailler l'outil

▶Poste le contenu du rapport qui s'ouvre

0
lvir
 
List'em by g3n-h@ckm@n 1.1.2.0

Thx to Chiquitine29.....

User : Virginie (Administrateurs) # PC-DE-VIRGINIE
Update on 04/12/2009 by g3n-h@ckm@n ::::: 11:30
Start at: 14:32:28 | 04/12/2009
Contact : g3n-h@ckm@n sur CCM

AMD Phenom(tm) 9100e Quad-Core Processor
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18828
Windows Firewall Status : Disabled

C:\ -> Disque fixe local | 916,86 Go (651,46 Go free) [OS] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque CD-ROM
L:\ -> Disque fixe local | 111,79 Go (37,7 Go free) [VIRGINIE & MANU FREECOM HDD] | NTFS

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Windows\System32\smss.exe 448
C:\Windows\system32\csrss.exe 520
C:\Windows\system32\wininit.exe 568
C:\Windows\system32\csrss.exe 580
C:\Windows\system32\services.exe 616
C:\Windows\system32\lsass.exe 628
C:\Windows\system32\lsm.exe 640
C:\Windows\system32\svchost.exe 792
C:\Windows\system32\winlogon.exe 824
C:\Windows\system32\nvvsvc.exe 912
C:\Windows\system32\svchost.exe 940
C:\Windows\System32\svchost.exe 988
C:\Windows\system32\Ati2evxx.exe 1064
C:\Windows\System32\svchost.exe 1084
C:\Windows\System32\svchost.exe 1120
C:\Windows\system32\svchost.exe 1148
C:\Windows\system32\svchost.exe 1284
C:\Windows\system32\SLsvc.exe 1304
C:\Windows\system32\svchost.exe 1368
C:\Windows\system32\svchost.exe 1484
C:\Windows\system32\rundll32.exe 1552
C:\Windows\system32\Ati2evxx.exe 1676
C:\Windows\System32\spoolsv.exe 1764
C:\Program Files\Avira\AntiVir Desktop\sched.exe 1836
C:\Windows\system32\svchost.exe 1856
C:\Windows\system32\Dwm.exe 1928
C:\Windows\system32\taskeng.exe 1808
C:\Windows\Explorer.EXE 776
C:\Program Files\Windows Defender\MSASCui.exe 2104
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe 2116
C:\Windows\RtHDVCpl.exe 2156
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 2180
C:\Program Files\Samsung\EmoDio\SMSTray.exe 2268
C:\Program Files\Java\jre6\bin\jusched.exe 2320
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 2412
C:\Windows\ehome\ehtray.exe 2468
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 2492
C:\Windows\ehome\ehmsas.exe 2536
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe 2548
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe 2564
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe 2580
C:\Program Files\DAEMON Tools Lite\daemon.exe 2596
C:\Windows\system32\taskeng.exe 2752
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe 2964
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 3044
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 3056
C:\Program Files\Bonjour\mDNSResponder.exe 3116
C:\Program Files\Packard Bell\Packard Bell Recovery Management\Service\ETService.exe 3140
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 3280
C:\Windows\system32\IoctlSvc.exe 3376
C:\Windows\system32\PnkBstrA.exe 3388
C:\Windows\system32\PnkBstrB.exe 3412
C:\Windows\system32\svchost.exe 3432
C:\Windows\system32\svchost.exe 3476
C:\Windows\System32\svchost.exe 3556
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 3616
C:\Windows\system32\SearchIndexer.exe 3668
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe 3768
C:\Windows\system32\WUDFHost.exe 2424
C:\Program Files\Windows Live\Contacts\wlcomm.exe 2648
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe 2136
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe 2164
C:\Program Files\Internet Explorer\iexplore.exe 2228
C:\Program Files\Internet Explorer\iexplore.exe 1644
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe 5296
C:\Windows\system32\SearchProtocolHost.exe 5824
C:\Windows\system32\SearchFilterHost.exe 2668
C:\Users\Virginie\Desktop\List_Killem\List_Kill'em.exe 5788
C:\Windows\system32\conime.exe 4808
C:\Windows\system32\cmd.exe 4316
C:\Windows\system32\wbem\wmiprvse.exe 3784
C:\Users\Virginie\AppData\Local\temp\1D32.tmp\pv.exe 6012

======================
Keys "Run"
======================

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SmpcSys REG_SZ C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
Creative Detector REG_SZ "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
RoboForm REG_SZ "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
SUPERAntiSpyware REG_SZ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
SmpcSys REG_SZ C:\Program Files\Packard Bell\SetupMyPC\SmpSys.exe
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
RtHDVCpl REG_SZ RtHDVCpl.exe
Google Desktop Search REG_SZ "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
NBKeyScan REG_SZ "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
SMSTray REG_SZ C:\Program Files\Samsung\EmoDio\SMSTray.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
=====================
Other Keys
=====================

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
ConsentPromptBehaviorAdmin REG_DWORD 0x2
ConsentPromptBehaviorUser REG_DWORD 0x1
EnableInstallerDetection REG_DWORD 0x1
EnableLUA REG_DWORD 0x1
EnableSecureUIAPaths REG_DWORD 0x1
EnableVirtualization REG_DWORD 0x1
PromptOnSecureDesktop REG_DWORD 0x1
ValidateAdminCodeSignatures REG_DWORD 0x0
dontdisplaylastusername REG_DWORD 0x0
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0x0
shutdownwithoutlogon REG_DWORD 0x1
undockwithoutlogon REG_DWORD 0x1
FilterAdministratorToken REG_DWORD 0x0
EnableUIADesktopToggle REG_DWORD 0x0
HideFastUserSwitching REG_DWORD 0x0
DisableRegistryTools REG_DWORD 0x0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI
===============
AppInit_Dlls : C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

===============
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon
===============
BHO :
======
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
@="AcroIEHelperStub"
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
@="RoboForm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
"NoExplorer"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]


================
Internet Explorer :
================

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main
Start Page REG_SZ https://www.msn.com/fr-fr


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Start Page REG_SZ https://www.google.fr/?gws_rd=ssl


========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3
EapHost : 0x3
Wlansvc : 0x3
SharedAccess : 0x2
windefend : 0x2
wuauserv : 0x2
=========

=========================
Environnement variables :
=========================

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Virginie\AppData\Roaming
choix=1
CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PC-DE-VIRGINIE
ComSpec=C:\Windows\system32\cmd.exe
DFSTRACINGON=FALSE
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Virginie
LOCALAPPDATA=C:\Users\Virginie\AppData\Local
LOGONSERVER=\\PC-DE-VIRGINIE
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem;C:\Program Files\ESTsoft\ALZip;C:\Windows\Microsoft.NET\Framework\v2.0.50727;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files\ESTsoft\ALZip
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 16 Model 2 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=16
PROCESSOR_REVISION=0202
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Virginie\AppData\Local\Temp
TMP=C:\Users\Virginie\AppData\Local\Temp
TRACE_FORMAT_SEARCH_PATH=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
USERDOMAIN=PC-de-Virginie
USERNAME=Virginie
USERPROFILE=C:\Users\Virginie
windir=C:\Windows


¤¤¤¤¤¤¤¤¤¤ Files/folders :

C:\Windows\mbr.exe
C:\Windows\system32\MSINET.oca

¤¤¤¤¤¤¤¤¤¤ Keys :

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}"
HKCR\.torrent
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.torrent
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}

=========
Rootkits
=========

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-04 14:34:23
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000001
"hdf12"=hex:4e,fb,57,f6,58,0a,17,8a,18,0d,89,0d,21,c3,b1,3b,90,88,ec,cd,04,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,35,a0,93,88,44,13,83,77,b5,a9,e7,06,13,f5,88,15,cb,..
"hdf12"=hex:8e,64,29,63,50,4e,75,3f,a1,8b,43,9d,25,74,fe,94,5e,c0,d8,11,7a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:65,5d,e9,5a,99,e7,5d,16,f4,f0,b8,ae,6c,f5,28,4e,37,65,f9,41,c6,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:a6,00,e8,9d,6f,b3,f0,2f,31,6c,27,57,94,b2,79,79,f4,7b,2e,03,e1,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:5f,15,5a,d8,fe,ea,43,14,4d,1e,cd,b4,38,31,29,4a,60,c3,e9,45,ca,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:df,4c,d8,cb,3c,4a,89,c7,15,4a,7f,69,8f,e3,fc,d6,83,2f,ce,81,2a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:2c,aa,4a,cd,47,2d,b2,02,7a,79,c5,72,02,d5,30,17,ae,c3,6e,64,93,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000001
"hdf12"=hex:4e,fb,57,f6,58,0a,17,8a,18,0d,89,0d,21,c3,b1,3b,90,88,ec,cd,04,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,35,a0,93,88,44,13,83,77,b5,a9,e7,06,13,f5,88,15,cb,..
"hdf12"=hex:8e,64,29,63,50,4e,75,3f,a1,8b,43,9d,25,74,fe,94,5e,c0,d8,11,7a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:65,5d,e9,5a,99,e7,5d,16,f4,f0,b8,ae,6c,f5,28,4e,37,65,f9,41,c6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:a6,00,e8,9d,6f,b3,f0,2f,31,6c,27,57,94,b2,79,79,f4,7b,2e,03,e1,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:5f,15,5a,d8,fe,ea,43,14,4d,1e,cd,b4,38,31,29,4a,60,c3,e9,45,ca,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:df,4c,d8,cb,3c,4a,89,c7,15,4a,7f,69,8f,e3,fc,d6,83,2f,ce,81,2a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:2c,aa,4a,cd,47,2d,b2,02,7a,79,c5,72,02,d5,30,17,ae,c3,6e,64,93,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :

AD-R.EXE-B1450944.pf
AgAppLaunch.db
AgCx_S1_S-1-5-21-1276444096-2533757876-1302208105-1000.snp.db
AgCx_S2_S-1-5-21-1276444096-2533757876-1302208105-1002.snp.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgCx_SC2.db
AgCx_SC3_241B6390.db
AgCx_SC3_4C4CBFCC.db
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-1276444096-2533757876-1302208105-1000.db
AgGlUAD_P_S-1-5-21-1276444096-2533757876-1302208105-1002.db
AgGlUAD_S-1-5-21-1276444096-2533757876-1302208105-1000.db
AgGlUAD_S-1-5-21-1276444096-2533757876-1302208105-1002.db
AgRobust.db
ALBNCOLLECTOR.EXE-4FC09DEB.pf
ALUPDATE.EXE-0D61E9FA.pf
ALZIP.EXE-4808CE6A.pf
ATBROKER.EXE-2E15A492.pf
ATI2EVXX.EXE-0327F1E7.pf
ATTRIB.EXE-A990CB86.pf
AVAST.SETUP-499863F4.pf
AVNOTIFY.EXE-FEC2FEC4.pf
AVSCAN.EXE-E289CD20.pf
AVWSC.EXE-4630B658.pf
CATCHME.EXE-15F7E0C4.pf
CHCP.COM-61043047.pf
CMD.EXE-4A81B364.pf
CONIME.EXE-9781FD5F.pf
CONSENT.EXE-531BD9EA.pf
CONTROL.EXE-817F8F1D.pf
CSC.EXE-A3B8D95D.pf
CSCRIPT.EXE-D1EF4768.pf
CSRSS.EXE-3FE41F7E.pf
CVTRES.EXE-069169FB.pf
DEFRAG.EXE-588F90AD.pf
DFRGNTFS.EXE-7E4077FE.pf
DLLHOST.EXE-5E46FA0D.pf
DLLHOST.EXE-6A473D35.pf
DLLHOST.EXE-6BCB9FAA.pf
DLLHOST.EXE-766398D2.pf
DP3D.EXE-5553CFD5.pf
DWM.EXE-6FFD3DA8.pf
ERUNT.COM-07498A99.pf
EXPLORER.EXE-A80E4F97.pf
FIREWALLSETTINGS.EXE-26A7E14B.pf
FLASHUTIL10C.EXE-1A30AEBE.pf
GOOGLEDESKTOP.EXE-8277D278.pf
GOOGLEDESKTOP.EXE-C9B032BF.pf
GOOGLEDESKTOPUPDATE.EXE-CF923CE6.pf
GREP.CFXXE-8A68742E.pf
GREP.COM-7CEEBED7.pf
IELOWUTIL.EXE-3885C25E.pf
IEXPLORE.EXE-908C99F8.pf
INFOCARD.EXE-ECED8D38.pf
ISADMIN.COM-34AD35BA.pf
JAVA.EXE-E27B75C2.pf
JAVAW.EXE-91B81925.pf
JAVAWS.EXE-5FA6EB7C.pf
Layout.ini
LIST_KILL'EM.EXE-5F012F39.pf
LOGONUI.EXE-09140401.pf
MAHJONG.EXE-363636B9.pf
MODE.COM-DB34C082.pf
MPAS-D_BD1.EXE-97E29C40.pf
MPMINISIGSTUB.EXE-E727B21D.pf
MPSIGSTUB.EXE-6CB27A06.pf
MSFEEDSSYNC.EXE-6E6FBDF4.pf
MSNMSGR.EXE-9974F251.pf
NIRCMD.CFXXE-B6A6E2A1.pf
NIRCMD.COM-6EFE3EBA.pf
NMINDEXINGSERVICE.EXE-BAABA37B.pf
NOTEPAD.EXE-D8414F97.pf
NTOSBOOT-B00DFAAD.pf
PEV.CFXXE-DF94C177.pf
PfSvPerfStats.bin
PROCESS.COM-70074B9C.pf
PV.CFXXE-608F92F6.pf
PV.COM-57B6C3DF.pf
PV.EXE-2DFAE579.pf
ReadyBoot
REG.EXE-5E3E73D1.pf
REG.EXE-E7E8BD26.pf
REGDACL.COM-EB6F03CB.pf
RSIT.EXE-C0603E52.pf
RUNDLL32.EXE-095C481F.pf
RUNDLL32.EXE-230FC512.pf
RUNDLL32.EXE-5338027F.pf
RUNDLL32.EXE-5CCDECCF.pf
RUNDLL32.EXE-6BFBA16A.pf
RUNDLL32.EXE-6E88E69C.pf
RUNDLL32.EXE-BF1A352E.pf
RUNDLL32.EXE-CA7E8E01.pf
RUNDLL32.EXE-DE9673F9.pf
RUNDLL32.EXE-E8AC3089.pf
SEARCHFILTERHOST.EXE-77482212.pf
SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
SED.COM-2489B655.pf
SETPATH.COM-A135C716.pf
SMP.EXE-7254358D.pf
SMSMAIN.EXE-D7FC8AE1.pf
SMSS.EXE-E9C28FC6.pf
SMSTRAY.EXE-F0924830.pf
SMSUPDATE.EXE-A442172F.pf
SMSUPDATEMANAGER.EXE-4ABFAF66.pf
SOLITAIRE.EXE-906D7E29.pf
SORT.EXE-99A4F778.pf
SSTEXT3D.SCR-DBBF7C58.pf
SSUPDATE.EXE-EBF0FD3F.pf
SSVAGENT.EXE-42E515EF.pf
SSVAGENT.EXE-D0A26E22.pf
SVCHOST.EXE-7CFEDEA3.pf
SWREG.COM-1BB9C479.pf
SWSC.COM-A28E2091.pf
SWXCACLS.COM-58F32669.pf
TASKENG.EXE-48D4E289.pf
TASKMGR.EXE-5F5F473D.pf
TRUSTEDINSTALLER.EXE-3CC531E5.pf
UPDATE.EXE-026DCA13.pf
USERINIT.EXE-2257A3E7.pf
VERCLSID.EXE-7C52E31C.pf
VSSVC.EXE-B8AFC319.pf
WERCON.EXE-E36BD04E.pf
WERFAULT.EXE-E69F695A.pf
WERMGR.EXE-0F2AC88C.pf
WINLOGON.EXE-B020DC41.pf
WLCOMM.EXE-272FF9F7.pf
WMIADAP.EXE-F8DFDFA2.pf
WMIPRVSE.EXE-1628051C.pf
WMPLAYER.EXE-BAD6BD53.pf
WUAUCLT.EXE-70318591.pf
WUDFHOST.EXE-AFFEF87C.pf




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 19 / 28
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
Bonjour je passais par là ba dite donc y en a des cracks là dedans ça m'éttonne pas qu'il y ait des virus dans le pc.
0
lvir
 
et oui je sais j'ai le droit à une fessée !! lol
0
Réponse 20 / 28
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 502
 
A supprimer tout ces craks bien sur.
0

Discussions similaires

Discord se lance mais l'écran se reste gris et rien ne se passe
Azo23 -
theo -

42 réponses
La moitié de l'écran de ma smart tv est sombre sur une moiti
6rizzzly -
MPMP10 -

7 réponses
J'ai une tâche noir sur l'écran de mon iPhone
sashzara -
ka -

8 réponses