Ordinateur qui rame

balico -  
 balico06 -
Bonjour,

Mon PC rame depuis quelques temps sans toutefois me bloquer totalement.
Il est vrai qu'il a 4 ans et que j'ai empilé un nombre incroyable de logiciels, programmes, utilitaires etc...

N'étant pas un pro de l'informatique mais un lecteur régulier de votre site je me lance et poste le fameux rapport Hijackthis.

Merci pour votre assistance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:55, on 07/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Balico\Mes documents\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfree.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfree.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [MailNotifierSessionManager] C:\Program Files\Orange\Notification Mail\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Balico\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol 52\axcmd.exe" /automount
O4 - HKUS\S-1-5-21-2119481020-3562625198-1139210170-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f006.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8001DE01-8B64-42D0-A0DB-7618DC0AF72D}: NameServer = 192.168.1.1,80.10.246.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{90093DB8-745E-40BA-9619-3D078DF4E4F1}: NameServer = 192.168.1.1,80.10.246.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FB87DFC-19EC-4AF0-9661-BA62417C648E}: NameServer = 192.168.1.1,80.10.246.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 11190 bytes
Configuration: Windows XP
Firefox 3.5.5

43 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Un PC sous Windows XP SP3 présente des lenteurs sans blocage total et le rapport HijackThis répertorie de nombreuses entrées démarrées et des composants susceptibles d'être indésirables. Pour autant, plusieurs éléments signalés concernent des barres d'outils et des composants de navigation (Google Toolbar, Windows Live Toolbar, free-downloads), des modules BHO et des programmes tiers chargés au démarrage. D'autres entrées concernent des services légitimes comme Avira, Logitech, iPod et StarWind, mais certaines dépendances ou logiciels obsolètes pourraient ralentir l'ordinateur et nécessiter un nettoyage ciblé. En cas de manipulation, il est utile de sauvegarder les données, de désactiver les éléments de démarrage non essentiels et d'effectuer des scans complémentaires avec un antivirus à jour et un outil anti-malware.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    bonjour

    Télechargez Smitfraudfix.exe
    http://siri.urz.free.fr/Fix/SmitfraudFix.php

    Regardez le tuto:
    http://www.malekal.com/tutorial_SmitFraudfix.php

    Exécutez le en choisissant l’option 1

    l’outil va générer un rapport

    Copie/colle le rapport sur un forum .

    note: Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus, etc...) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    Site officiel: http://siri.urz.free.fr/Fix/SmitfraudFix.php

    1
  2. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    oublie le post 3

    es tu bien chez Orange ?

    fais ceci

    • Télécharge Random's System Information Tool (RSIT) de Random/Random.

    http://images.malwareremoval.com/random/RSIT.exe

    • Enregistre le sur ton Bureau.

    • Double clique sur RSIT.exe pour lancer l'outil.

    • Clique sur "Continue" à l'écran Disclaimer.

    • Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande)

    et tu devras accepter la licence.

    • Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp

    Les rapports se trouvent à cet endroit:
    C:\rsit\info.txt
    C:\rsit\log.txt

    1
    1. balico
       
      oui je suis bien chez Orange.
      0
  3. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    ok

    redemarre le pc
    puis

    1) Désactiver le TeaTimer de Spybot (Merci à Nico et nathandre):
    Pour désactiver le TeaTimer :
    => Ouvrir Spybot S&D
    => Dans le menu "Mode", séléctionner le mode avancé.
    => Une fenêtre demande confirmation cliquer sur "oui".
    => Une fois le mode avancé actif, ouvrir l'onglet "Outils".
    => Cliquer sur Résident.
    => La partie Résident comporte deux lignes qui sont normalement cochées :
    *Résident "SDHelper" (bloqueur de téléchargements nuisibles pour Internet Explorer) actif.
    * Résident "TeaTimer" (Protection des réglages système fondamentaux) actif
    => Décocher la ligne TeaTimer.
    => Redémarrer Spybot (le fermer et le réouvrir)
    => Retourner dans le menu Résident et vérifier qu'il soit bien désactivé

    Spybot va géner les outils

    2) Téléchargez USBFIX de Chiquitine29, C_xx

    http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
    ou
    https://www.ionos.fr/?affiliate_id=77097

    /!\ Utilisateur de vista et windows 7 :
    ne pas oublier de désactiver Le contrôle des comptes utilisateurs
    https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

    /!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

    • Double clic sur le raccourci UsbFix présent sur le bureau .

    • Choisir l'option 1 (Recherche)
    (d’autres options disponibles, voir le tutoriel).
    • Laissez travailler l'outil.

    • Ensuite postez le rapport UsbFix.txt qui apparaîtra.

    • Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

    • Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    • Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html

    1
    1. balico
       
      l'analyse est bloquée à 50 % depuis un petit moment ?
      0
  4. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    joli collection de cracks...surtout pour un AV

    supprimes les

    1) ● Relance UsbFix

    ● Dans le menu principale cette fois choisit l'option2

    Le menu démarrer et les icônes vont à nouveau disparaître.. c'est normal.

    Si un message te demande de redémarrer l'ordinateur fais le ...

    ● Au redémarrage, le fix se relance... laisses l'opération s'effectuer.

    ● Le bloc note s'ouvre avec un rapport, envoies le dans la prochaine réponse

    ...................................

    2) Téléchargez MalwareByte's Anti-Malware
    https://www.majorgeeks.com/files/details/malwarebytes_anti_malware.html

    . Sur la page cliques sur Télécharger Malwarebyte's Anti-Malware
    . Enregistres le sur le bureau
    . Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
    . Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
    . Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
    . Une fois la mise à jour terminé
    . Rend-toi dans l'onglet, Recherche
    . Sélectionnes Exécuter un examen complet
    . Cliques sur Rechercher
    . Le scan démarre.
    . A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    . Cliques sur Ok pour poursuivre.
    . Si des malwares ont été détectés, clique sur Afficher les résultats
    . Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
    . Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
    . Rends toi dans l'onglet rapport/log
    . Tu cliques dessus pour l'afficher, une fois affiché
    . Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous
    . Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
    . tu cliques droit dans le cadre de la reponse et coller

    Si tu as besoin d'aide regarde ces tutoriels :
    Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam

    1
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    refais un nouveau RSIT de contrôle et postes juste le log
    1
  7. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    reste deux petite cochonneries

    Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent

    ▶ Télécharge List&Kill'em et enregistre le sur ton bureau

    http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem.zip

    Il ne necessite pas d'installation

    ▶double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

    choisis la langue puis choisis l'option 1 = Mode Recherche

    ▶laisse travailler l'outil

    à la fin du scan la fenêtre se referme seule.

    ouvre C:\List'em.txt

    ▶colle le contenu dans ta prochaine réponse
    1
  8. balico
     
    SmitFraudFix v2.424

    Rapport fait à 11:53:17,46, 07/12/2009
    Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Mozilla Firefox\SmitfraudFix\Policies.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Balico

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Balico\LOCALS~1\Temp

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Balico\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Balico\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    Agent.OMZ.Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="wbsys.dll"

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: SiS191 100/10 Ethernet Device - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{750D2D6C-FA05-4714-884F-EA1C6597E5E7}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{8001DE01-8B64-42D0-A0DB-7618DC0AF72D}: NameServer=192.168.1.1,80.10.246.2
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{90093DB8-745E-40BA-9619-3D078DF4E4F1}: NameServer=192.168.1.1,80.10.246.2
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{9FB87DFC-19EC-4AF0-9661-BA62417C648E}: NameServer=192.168.1.1,80.10.246.2
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{DFE949B4-CBEC-4A9F-845E-0D197D63734B}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{F2DB99C4-312E-419F-9118-CCEC8A2CCC8F}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{6D10CB95-C462-41C9-9C49-0A3371F559A9}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{8001DE01-8B64-42D0-A0DB-7618DC0AF72D}: NameServer=192.168.1.1,80.10.246.2
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{90093DB8-745E-40BA-9619-3D078DF4E4F1}: NameServer=192.168.1.1,80.10.246.2
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{9FB87DFC-19EC-4AF0-9661-BA62417C648E}: NameServer=192.168.1.1,80.10.246.2
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{8001DE01-8B64-42D0-A0DB-7618DC0AF72D}: NameServer=192.168.1.1,80.10.246.2
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{90093DB8-745E-40BA-9619-3D078DF4E4F1}: NameServer=192.168.1.1,80.10.246.2
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{9FB87DFC-19EC-4AF0-9661-BA62417C648E}: NameServer=192.168.1.1,80.10.246.2
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  9. balico
     
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Balico at 2009-12-07 13:40:44
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 30 GB (13%) free of 238 GB
    Total RAM: 1023 MB (44% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:41:06, on 07/12/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\Balico\Mes documents\RSIT.exe
    C:\Documents and Settings\Balico\Mes documents\Balico.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O2 - BHO: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfree.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfree.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [MailNotifierSessionManager] C:\Program Files\Orange\Notification Mail\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Balico\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol 52\axcmd.exe" /automount
    O4 - HKUS\S-1-5-21-2119481020-3562625198-1139210170-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f006.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8001DE01-8B64-42D0-A0DB-7618DC0AF72D}: NameServer = 192.168.1.1,80.10.246.2
    O17 - HKLM\System\CCS\Services\Tcpip\..\{90093DB8-745E-40BA-9619-3D078DF4E4F1}: NameServer = 192.168.1.1,80.10.246.2
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9FB87DFC-19EC-4AF0-9661-BA62417C648E}: NameServer = 192.168.1.1,80.10.246.2
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
    O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe
    0
  10. balico
     
    ############################## | UsbFix V6.059 |

    User : Balico (Administrateurs) # CASA
    Update on 01/12/2009 by Chiquitine29, C_XX & Chimay8
    Start at: 14:11:02 | 07/12/2009
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    Intel(R) Pentium(R) 4 CPU 3.06GHz
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Enabled
    AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

    C:\ -> Disque fixe local # 232,88 Go (29,14 Go free) [446513] # NTFS
    D:\ -> Disque CD-ROM
    E:\ -> Disque CD-ROM # 682,24 Mo (0 Mo free) [Mon disque] # CDFS
    F:\ -> Disque amovible
    G:\ -> Disque amovible
    H:\ -> Disque amovible
    I:\ -> Disque amovible
    J:\ -> Disque fixe local # 298,09 Go (111,97 Go free) [Elements] # NTFS
    K:\ -> Disque amovible

    ############################## | Processus actifs |

    C:\WINDOWS\System32\smss.exe 980
    C:\WINDOWS\system32\csrss.exe 1124
    C:\WINDOWS\system32\winlogon.exe 1224
    C:\WINDOWS\system32\services.exe 1284
    C:\WINDOWS\system32\lsass.exe 1296
    C:\WINDOWS\system32\Ati2evxx.exe 1524
    C:\WINDOWS\system32\svchost.exe 1540
    C:\WINDOWS\system32\svchost.exe 1624
    C:\WINDOWS\System32\svchost.exe 1736
    C:\WINDOWS\system32\svchost.exe 1836
    C:\WINDOWS\system32\svchost.exe 1900
    C:\WINDOWS\system32\Ati2evxx.exe 2036
    C:\WINDOWS\system32\spoolsv.exe 260
    C:\Program Files\Avira\AntiVir Desktop\sched.exe 396
    C:\WINDOWS\system32\svchost.exe 504
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe 924
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 936
    C:\WINDOWS\system32\svchost.exe 1040
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe 1076
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE 1068
    C:\WINDOWS\System32\svchost.exe 1472
    C:\WINDOWS\System32\svchost.exe 1576
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1640
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 1724
    C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe 1812
    C:\WINDOWS\system32\svchost.exe 1864
    C:\WINDOWS\system32\SearchIndexer.exe 144
    C:\WINDOWS\System32\alg.exe 2432
    C:\WINDOWS\Explorer.EXE 3488
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe 3940
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 3972
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 4040
    C:\WINDOWS\system32\ctfmon.exe 2088
    C:\Program Files\Mozilla Firefox\firefox.exe 3612
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe 1876
    C:\Program Files\Spybot - Search & Destroy 2\SpybotSD.exe 464
    C:\WINDOWS\system32\wbem\wmiprvse.exe 2136

    ################## | Fichiers # Dossiers infectieux |

    C:\WINDOWS\System32\autorun.inf
    C:\DOCUME~1\Balico\LOCALS~1\Temp\aax111.tmp.exe
    E:\autorun.inf
    E:\autorun.ini
    J:\autorun.inf

    ################## | Spyware.OnlineGames |

    ################## | Registre # Clés infectieuses |

    [HKCU\SOFTWARE\MediaSolaris]
    [HKCU\SOFTWARE\TurboNet]

    ################## | Registre # Mountpoints2 |

    HKCU\..\..\Explorer\MountPoints2\{1f80ca41-5558-11dd-a897-0060b3f537fc}
    Shell\AutoRun\command =L:\InstallTomTomHOME.exe

    ################## | Cracks / Keygens / Serials |

    "C:\Documents and Settings\Balico\Mes documents\Programmes\keygen.exe"
    25/11/2006 00:23 |Size 118784 |Crc32 52ce3b97 |Md5 a2fcfa38b381163e372a3f195541a848

    "C:\Documents and Settings\THOMAS\Mes documents\Crack\Ad-Aware2007.exe"
    13/06/2007 13:40 |Size 4452352 |Crc32 e5e85934 |Md5 9f6360e28d56ae0fed9e2aeb22e0a24f

    "C:\Documents and Settings\THOMAS\Mes documents\Crack\Ad-Watch2007.exe"
    13/06/2007 13:18 |Size 4177920 |Crc32 c7c69398 |Md5 67f518dbd7de862056e93b719b6822eb

    "C:\Documents and Settings\THOMAS\Mes documents\Crack\HostFileEditor.exe"
    13/06/2007 13:31 |Size 3629056 |Crc32 26019cf4 |Md5 4e535d6cf6494a98c5f190ea15d75236

    "C:\Documents and Settings\THOMAS\Mes documents\Crack\LSUpdateManager.exe"
    13/06/2007 12:41 |Size 1771664 |Crc32 98cbee9a |Md5 34ed43a5dbc2a835322d47e69e370cd8

    "C:\Documents and Settings\THOMAS\Mes documents\Crack\ProcessWatch.exe"
    13/06/2007 13:38 |Size 3706880 |Crc32 ce019c71 |Md5 1b69c06901b4f8fcd0e6ecedc8e47e77

    "C:\Documents and Settings\THOMAS\Mes documents\Crack\update-cracked.exe"
    13/06/2007 13:10 |Size 3158016 |Crc32 af4838cb |Md5 92ba6611261664b91d49b0dbeb73fe53

    "C:\Documents and Settings\THOMAS\Mes documents\mes jeux\Mx vs Atv Unleashed\Crack Mx vs atv unleashed\MXvsATV.exe"
    19/09/2009 14:32 |Size 18935808 |Crc32 a1e6c82b |Md5 2ae77ef8d2cfe6aff07fc0320948103f

    "C:\Program Files\Lavasoft\Ad-Aware 2007\Crack\Ad-Aware2007.exe"
    13/06/2007 13:40 |Size 4452352 |Crc32 e5e85934 |Md5 9f6360e28d56ae0fed9e2aeb22e0a24f

    "C:\Program Files\Lavasoft\Ad-Aware 2007\Crack\Ad-Watch2007.exe"
    13/06/2007 13:18 |Size 4177920 |Crc32 c7c69398 |Md5 67f518dbd7de862056e93b719b6822eb

    "C:\Program Files\Lavasoft\Ad-Aware 2007\Crack\HostFileEditor.exe"
    13/06/2007 13:31 |Size 3629056 |Crc32 26019cf4 |Md5 4e535d6cf6494a98c5f190ea15d75236

    "C:\Program Files\Lavasoft\Ad-Aware 2007\Crack\LSUpdateManager.exe"
    13/06/2007 12:41 |Size 1771664 |Crc32 98cbee9a |Md5 34ed43a5dbc2a835322d47e69e370cd8

    "C:\Program Files\Lavasoft\Ad-Aware 2007\Crack\ProcessWatch.exe"
    13/06/2007 13:38 |Size 3706880 |Crc32 ce019c71 |Md5 1b69c06901b4f8fcd0e6ecedc8e47e77

    "C:\Program Files\Lavasoft\Ad-Aware 2007\Crack\update-cracked.exe"
    13/06/2007 13:10 |Size 3158016 |Crc32 af4838cb |Md5 92ba6611261664b91d49b0dbeb73fe53

    "J:\Balico\Programmes\keygen.exe"
    25/11/2006 00:23 |Size 118784 |Crc32 52ce3b97 |Md5 a2fcfa38b381163e372a3f195541a848

    "J:\Program Files\Lavasoft\Ad-Aware 2007\Crack\Ad-Aware2007.exe"
    13/06/2007 13:40 |Size 4452352 |Crc32 e5e85934 |Md5 9f6360e28d56ae0fed9e2aeb22e0a24f

    "J:\Program Files\Lavasoft\Ad-Aware 2007\Crack\Ad-Watch2007.exe"
    13/06/2007 13:18 |Size 4177920 |Crc32 c7c69398 |Md5 67f518dbd7de862056e93b719b6822eb

    "J:\Program Files\Lavasoft\Ad-Aware 2007\Crack\HostFileEditor.exe"
    13/06/2007 13:31 |Size 3629056 |Crc32 26019cf4 |Md5 4e535d6cf6494a98c5f190ea15d75236

    "J:\Program Files\Lavasoft\Ad-Aware 2007\Crack\LSUpdateManager.exe"
    13/06/2007 12:41 |Size 1771664 |Crc32 98cbee9a |Md5 34ed43a5dbc2a835322d47e69e370cd8

    "J:\Program Files\Lavasoft\Ad-Aware 2007\Crack\ProcessWatch.exe"
    13/06/2007 13:38 |Size 3706880 |Crc32 ce019c71 |Md5 1b69c06901b4f8fcd0e6ecedc8e47e77

    "J:\Program Files\Lavasoft\Ad-Aware 2007\Crack\update-cracked.exe"
    13/06/2007 13:10 |Size 3158016 |Crc32 af4838cb |Md5 92ba6611261664b91d49b0dbeb73fe53

    ################## | ! Fin du rapport # UsbFix V6.059 ! |
    0
  11. balico
     
    ############################## | UsbFix V6.059 |

    User : Balico (Administrateurs) # CASA
    Update on 01/12/2009 by Chiquitine29, C_XX & Chimay8
    Start at: 15:10:44 | 07/12/2009
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    Intel(R) Pentium(R) 4 CPU 3.06GHz
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Enabled
    AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

    C:\ -> Disque fixe local # 232,88 Go (32,08 Go free) [446513] # NTFS
    D:\ -> Disque CD-ROM
    E:\ -> Disque CD-ROM
    F:\ -> Disque amovible
    G:\ -> Disque amovible
    H:\ -> Disque amovible
    I:\ -> Disque amovible
    J:\ -> Disque fixe local # 298,09 Go (113,64 Go free) [WD Disque dur externe] # NTFS
    K:\ -> Disque amovible

    ############################## | Processus actifs |

    C:\WINDOWS\System32\smss.exe 980
    C:\WINDOWS\system32\csrss.exe 1224
    C:\WINDOWS\system32\winlogon.exe 1320
    C:\WINDOWS\system32\services.exe 1380
    C:\WINDOWS\system32\lsass.exe 1392
    C:\WINDOWS\system32\Ati2evxx.exe 1620
    C:\WINDOWS\system32\svchost.exe 1640
    C:\WINDOWS\system32\svchost.exe 1720
    C:\WINDOWS\System32\svchost.exe 1832
    C:\WINDOWS\system32\svchost.exe 1924
    C:\WINDOWS\system32\svchost.exe 2028
    C:\WINDOWS\system32\logonui.exe 188
    C:\WINDOWS\system32\Ati2evxx.exe 232
    C:\WINDOWS\system32\spoolsv.exe 396
    C:\Program Files\Avira\AntiVir Desktop\sched.exe 488
    C:\WINDOWS\system32\svchost.exe 608
    C:\WINDOWS\Explorer.EXE 1152
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1356
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1460
    C:\WINDOWS\system32\svchost.exe 1744
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe 1800
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE 480
    C:\WINDOWS\System32\svchost.exe 528
    C:\WINDOWS\System32\svchost.exe 568
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 580
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 808
    C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe 852
    C:\WINDOWS\system32\svchost.exe 868
    C:\WINDOWS\system32\SearchIndexer.exe 1056
    C:\WINDOWS\system32\wuauclt.exe 1200
    C:\WINDOWS\System32\alg.exe 2832
    C:\WINDOWS\system32\wbem\wmiprvse.exe 2896

    ################## | Fichiers # Dossiers infectieux |

    Supprimé ! C:\WINDOWS\System32\autorun.inf
    Supprimé ! C:\DOCUME~1\Balico\LOCALS~1\Temp\aax111.tmp.exe
    Supprimé ! J:\autorun.inf

    ################## | Spyware.OnlineGames |

    ################## | Registre # Clés infectieuses |

    Supprimé ! [HKCU\SOFTWARE\MediaSolaris]
    Supprimé ! [HKCU\SOFTWARE\TurboNet]

    ################## | Registre # Mountpoints2 |

    Supprimé ! HKCU\...\Explorer\MountPoints2\{1f80ca41-5558-11dd-a897-0060b3f537fc}\Shell\AutoRun\Command

    ################## | Listing des fichiers présent |

    [06/02/2006 23:28|--a------|983] C:\868000446513.dat
    [21/06/2000 05:27|--a------|22469] C:\ackfont.pcx
    [11/02/2002 09:22|--a------|18182] C:\acknex.mdf
    [01/06/2002 03:09|--a------|76459] C:\acknex.wdf
    [27/03/2002 05:35|--a------|1063596] C:\ak47.mdl
    [22/04/2002 21:23|--a------|4056] C:\ak47.wav
    [08/04/2002 00:42|--a------|1401992] C:\ak74.mdl
    [15/05/2000 11:08|--a------|134656] C:\alien
    [16/04/2002 01:28|--a------|2175432] C:\asylumlogo.avi
    [16/11/2009 10:00|--a------|100] C:\AUTOEXEC.BAT
    [23/04/2002 18:46|--a------|291656] C:\baum1_0.wmb
    [23/04/2002 19:22|--a------|92288] C:\baum2_0.wmb
    [24/04/2002 21:48|--a------|48336] C:\baum3_0.wmb
    [07/12/2009 09:14|---hs----|216] C:\boot.ini
    [14/04/2008 13:00|-rahs----|4952] C:\Bootfont.bin
    [24/04/2002 02:07|--a------|34609] C:\bu5_0.pcx
    [30/04/2001 03:27|--a------|322] C:\bulhole.pcx
    [03/11/2005 12:56|--a------|14950] C:\button-Menue12.bmp
    [03/11/2005 12:57|--a------|14950] C:\button-Menue12a.bmp
    [03/11/2005 12:57|--a------|14950] C:\button-Menue13.bmp
    [03/11/2005 12:57|--a------|14950] C:\button-Menue13a.bmp
    [03/11/2005 12:58|--a------|14950] C:\button-Menue15.bmp
    [03/11/2005 12:58|--a------|14950] C:\button-Menue15a.bmp
    [03/11/2005 13:00|--a------|14950] C:\button-Menue16.bmp
    [03/11/2005 13:00|--a------|14950] C:\button-Menue16a.bmp
    [03/11/2005 13:00|--a------|14950] C:\button-Menue17.bmp
    [03/11/2005 13:00|--a------|14950] C:\button-Menue17a.bmp
    [03/11/2005 13:01|--a------|14950] C:\button-Menue18.bmp
    [03/11/2005 13:01|--a------|14950] C:\button-Menue18a.bmp
    [28/05/2002 22:01|--a------|230456] C:\cast.bmp
    [31/12/2006 16:49|--a------|4096] C:\cdcops.log
    [08/02/2001 20:11|--a------|16944] C:\click_one.wav
    [08/02/2001 20:11|--a------|46580] C:\click_two.wav
    [06/04/2007 18:55|--a------|35] C:\CommMgr.log
    [07/02/2006 15:19|--a------|0] C:\CONFIG.SYS
    [14/03/2006 19:49|--a------|140] C:\config.txt
    [02/12/2006 18:41|--a------|0] C:\conmgr.log
    [02/05/2002 03:01|--a------|63030] C:\Courie14.bmp
    [14/05/2002 05:23|--a------|88632] C:\Courie24.bmp
    [09/05/2002 22:15|--a------|29750] C:\Courier9_rot.bmp
    [12/05/2002 23:06|--a------|600056] C:\credit_back.bmp
    [09/01/2004 22:33|--a------|3239936] C:\CT3.exe
    [29/12/2006 10:46|--a------|1512856] C:\daemon-tools_daemon_tools_4.0.8_anglais_10729.exe
    [14/05/2002 23:23|--a------|94068] C:\door1.wav
    [06/11/2003 00:42|--a------|4050924] C:\dschungel.wmb
    [02/06/2002 23:20|--a------|7655844] C:\dschungel_lager.wmb
    [30/05/2002 06:06|--a------|8842] C:\einstellungen.wdl
    [21/05/2002 22:05|--a------|15924] C:\electro1.mdl
    [21/05/2002 22:05|--a------|13188] C:\electro2.mdl
    [21/05/2002 22:05|--a------|25572] C:\electro3.mdl
    [11/03/2006 17:42|--a------|27] C:\expand.txt
    [25/03/2002 21:23|--a------|49306] C:\explo4.pcx
    [03/05/2002 21:39|--a------|76152] C:\explos1.wav
    [16/02/2007 18:25|--a------|3410] C:\ExtractLog.txt
    [20/03/2002 19:37|--a------|685] C:\fadenkreuz.pcx
    [14/05/2002 20:34|--a------|198056] C:\fahrs.wmb
    [04/03/2001 23:59|--a------|18054] C:\flare0.pcx
    [04/03/2001 23:59|--a------|46069] C:\flare1.pcx
    [05/03/2001 00:01|--a------|32708] C:\flare2.pcx
    [05/03/2001 00:08|--a------|15090] C:\flare3.pcx
    [15/04/2002 06:44|--a------|89463] C:\gras_0.pcx
    [18/05/2002 00:45|--a------|302328] C:\hochsi.wmb
    [30/05/2002 00:20|--a------|59672] C:\holz2.wmb
    [01/05/2001 20:02|--a------|138788] C:\hueybody.mdl
    [17/05/2001 22:08|--a------|133892] C:\huprop.mdl
    [17/05/2001 22:09|--a------|134156] C:\hutprop.mdl
    [21/05/2002 22:27|--a------|6564] C:\h_lampe1.mdl
    [21/05/2002 22:27|--a------|6564] C:\h_lampe2.mdl
    [05/04/2006 05:54|--a------|282] C:\IComTracer.log
    [03/06/2002 02:07|--a------|3718400] C:\imsteutzpunkt.wmb
    [14/05/2002 06:44|--a------|1373] C:\info.wdl
    [17/02/2009 21:17|--a------|439] C:\INSTALL.LOG
    [12/05/2002 00:07|--a------|26456] C:\invert_back_0.bmp
    [12/05/2002 00:06|--a------|26456] C:\invert_back_1.bmp
    [07/02/2006 15:19|-rahs----|0] C:\IO.SYS
    [21/05/2002 01:29|--a------|414486] C:\jungle.wav
    [06/11/2003 01:08|--a------|30851] C:\ki.wdl
    [01/05/2001 02:40|--a------|35284] C:\knochen2_0.mdl
    [22/05/2002 19:52|--a------|336] C:\knopf.bmp
    [03/06/2002 02:17|--a------|9047232] C:\lagerhaus.wmb
    [29/04/2002 22:50|--a------|20948] C:\lampe1_0.wmb
    [11/10/2004 06:18|--a------|19] C:\LANG.TXT
    [09/04/2003 09:44|--a------|10] C:\Language.txt
    [30/04/2002 00:23|--a------|12056] C:\leben.bmp
    [06/05/2002 22:48|--a------|45636] C:\level_schalter.wmb
    [22/04/2002 06:44|--a------|5658] C:\lflare.wdl
    [09/11/1999 02:50|--a------|17826] C:\licht.mdl
    [07/05/2002 12:46|--a------|262688] C:\licht8.mdl
    [21/05/2002 22:17|--a------|276404] C:\lift2.wmb
    [28/05/2002 22:02|--a------|230456] C:\load.bmp
    [12/05/2002 09:26|--a------|360056] C:\load_back.bmp
    [03/11/2005 13:43|--a------|921654] C:\load_spiel_6.bmp
    [03/11/2005 13:44|--a------|1440054] C:\load_spiel_7.bmp
    [03/11/2005 13:45|--a------|2359350] C:\load_spiel_8.bmp
    [31/05/2002 01:10|--a------|15142552] C:\logo.avi
    [28/01/2001 01:51|--a------|921656] C:\logodark.bmp
    [14/04/2002 03:15|--a------|1177068] C:\m16.mdl
    [05/05/2002 02:03|--a------|1053076] C:\m16_solo.mdl
    [29/04/2002 22:45|--a------|15500] C:\m1_10_1024.bmp
    [29/04/2002 22:46|--a------|15500] C:\m1_1_1024.bmp
    [29/04/2002 22:46|--a------|15500] C:\m1_2_1024.bmp
    [29/04/2002 22:46|--a------|15500] C:\m1_3_1024.bmp
    [29/04/2002 22:46|--a------|15500] C:\m1_4_1024.bmp
    [29/04/2002 22:46|--a------|15500] C:\m1_5_1024.bmp
    [29/04/2002 22:45|--a------|15500] C:\m1_6_1024.bmp
    [29/04/2002 22:45|--a------|15500] C:\m1_7_1024.bmp
    [29/04/2002 22:45|--a------|15500] C:\m1_8_1024.bmp
    [29/04/2002 22:45|--a------|15500] C:\m1_9_1024.bmp
    [29/04/2002 22:51|--a------|15500] C:\m2_10_1024.bmp
    [29/04/2002 22:53|--a------|15500] C:\m2_1_1024.bmp
    [29/04/2002 22:53|--a------|15500] C:\m2_2_1024.bmp
    [29/04/2002 22:52|--a------|15500] C:\m2_3_1024.bmp
    [29/04/2002 22:52|--a------|15500] C:\m2_4_1024.bmp
    [29/04/2002 22:52|--a------|15500] C:\m2_5_1024.bmp
    [29/04/2002 22:52|--a------|15500] C:\m2_6_1024.bmp
    [29/04/2002 22:52|--a------|15500] C:\m2_7_1024.bmp
    [29/04/2002 22:52|--a------|15500] C:\m2_8_1024.bmp
    [29/04/2002 22:52|--a------|15500] C:\m2_9_1024.bmp
    [29/04/2002 23:55|--a------|15500] C:\m3_1_1024.bmp
    [29/04/2002 23:55|--a------|15500] C:\m3_2_1024.bmp
    [29/04/2002 23:56|--a------|15500] C:\m3_3_1024.bmp
    [21/05/2002 05:28|--a------|1049932] C:\magazin2.MDL
    [09/04/2002 23:21|--a------|1356308] C:\magnum.mdl
    [23/04/2002 22:56|--a------|36132] C:\magnum_solo.MDL
    [14/11/2005 10:49|--a------|168130] C:\Manual.pdf
    [08/05/2002 02:35|--a------|1256] C:\maus.bmp
    [01/05/2001 01:42|--a------|133172] C:\medbox.mdl
    [07/05/2002 19:47|--a------|1440054] C:\Menuback.bmp
    [01/05/2001 02:38|--a------|37052] C:\microuzi.mdl
    [31/05/2002 04:06|--a------|47404] C:\mine.wmb
    [02/12/2006 22:14|--a------|17873] C:\MP4debug.log
    [07/02/2006 15:19|-rahs----|0] C:\MSDOS.SYS
    [29/05/2002 00:08|--a------|1121762] C:\musik2.wav
    [29/04/2002 23:50|--a------|15500] C:\m_leer.bmp
    [14/04/2008 13:00|-rahs----|47564] C:\NTDETECT.COM
    [14/04/2008 13:00|-rahs----|252240] C:\ntldr
    [04/08/2004 13:00|--a------|2] C:\oem.tag
    [01/05/2001 01:43|--a------|131924] C:\oildrum.mdl
    [28/05/2002 22:02|--a------|230456] C:\options.bmp
    [?|?|?] C:\pagefile.sys
    [20/12/1998 06:03|--a------|954] C:\palette.pcx
    [06/11/2003 00:42|--a------|768] C:\PALETTE.RAW
    [26/05/2002 02:51|--a------|50984] C:\palm1_0.mdl
    [15/04/2002 06:00|--a------|93723] C:\palme1_0.pcx
    [15/04/2002 06:00|--a------|106865] C:\palme2_0.pcx
    [06/11/2003 00:54|--a------|85433] C:\panels.wdl
    [20/12/1998 06:06|--a------|945] C:\particle.pcx
    [21/03/2002 03:44|--a------|925] C:\particle2.pcx
    [07/04/2002 21:39|--a------|16292] C:\patrone1.bmp
    [14/04/2002 07:14|--a------|23606] C:\pfl2_0.pcx
    [14/04/2002 09:36|--a------|4664] C:\pfl2_1.pcx
    [14/04/2002 10:25|--a------|13996] C:\pflanze.pcx
    [14/04/2002 06:57|--a------|13996] C:\pfl_0.pcx
    [28/01/2008 19:15|--a------|1691] C:\photodex-presenter-install.log
    [10/04/2002 22:23|--a------|21284] C:\plant1.mdl
    [25/04/2002 00:02|--a------|28540] C:\plant2_0.mdl
    [25/04/2002 00:15|--a------|11788] C:\plant3_0.mdl
    [25/04/2002 08:17|--a------|70624] C:\plant4_0.mdl
    [25/04/2002 08:21|--a------|34784] C:\plant5_0.mdl
    [25/04/2002 23:12|--a------|50824] C:\plant6_0.mdl
    [06/02/2006 23:28|--ah-----|16249] C:\Prodlog.txt
    [07/12/2009 11:55|--a------|6276] C:\rapport.txt
    [01/05/2001 02:39|--a------|37104] C:\schadel_0.mdl
    [29/04/2002 03:51|--a------|29424] C:\schalter_1.wmb
    [29/04/2002 03:52|--a------|29424] C:\schalter_2.wmb
    [22/05/2002 00:01|--a------|36632] C:\schluessel.MDL
    [25/04/2002 00:50|--a------|15732] C:\schmerz1.wav
    [25/04/2002 00:52|--a------|15222] C:\schmerz2.wav
    [25/04/2002 00:52|--a------|18548] C:\schmerz3.wav
    [21/05/2002 22:36|--a------|26284] C:\schreibtisch1.mdl
    [12/05/2002 22:26|--a------|23816] C:\schrift_pan.bmp
    [14/05/2002 18:28|--a------|12660] C:\schritt_holz_1.wav
    [14/05/2002 18:28|--a------|7028] C:\schritt_holz_2.wav
    [14/05/2002 03:14|--a------|6966] C:\schritt_kies_1.wav
    [14/05/2002 03:14|--a------|7412] C:\schritt_kies_2.wav
    [14/05/2002 18:30|--a------|6804] C:\schritt_metal_1.wav
    [14/05/2002 18:30|--a------|8148] C:\schritt_metal_2.wav
    [20/05/2002 21:46|--a------|8340] C:\schritt_stein_1.wav
    [20/05/2002 21:46|--a------|10932] C:\schritt_stein_2.wav
    [14/05/2002 01:43|--a------|15540] C:\schritt_wald_1.wav
    [14/05/2002 01:44|--a------|17140] C:\schritt_wald_2.wav
    [14/05/2002 01:44|--a------|14580] C:\schritt_wald_3.wav
    [21/03/2002 04:20|--a------|1413] C:\schuss.pcx
    [23/04/2002 00:25|--a------|697] C:\schuss_punkt.pcx
    [28/05/2002 03:33|--a------|2359352] C:\schwarz.bmp
    [22/11/2009 14:46|--a------|159] C:\Setup.log
    [19/04/2002 02:40|--a------|983094] C:\sky09.bmp
    [26/05/2002 01:33|--a------|983096] C:\sky09_n.bmp
    [22/05/2002 19:50|--a------|26456] C:\slider_back.bmp
    [12/04/2002 00:47|--a------|1461124] C:\sniper.mdl
    [02/06/2002 22:24|--a------|1084836] C:\sniper_solo.MDL
    [01/05/2002 21:39|--a------|782960] C:\sniper_zoom.pcx
    [03/05/2002 01:58|--a------|1016172] C:\soldat.MDL
    [03/05/2002 01:59|--a------|1016172] C:\soldat2.MDL
    [02/05/2001 01:34|--a------|197388] C:\soldat3.mdl
    [07/02/2006 15:59|--a------|164] C:\soundmax.log
    [28/05/2002 00:28|--a------|17680] C:\spieler.wdl
    [28/05/2002 23:55|--a------|176196] C:\stein1.wmb
    [26/05/2002 22:55|--a------|47220] C:\stein2.wmb
    [22/05/2002 21:28|--a------|37756] C:\sterben.wav
    [21/05/2002 22:36|--a------|35744] C:\strassenlampe1.mdl
    [31/10/2005 16:56|--a------|700416] C:\StubInstaller.exe
    [21/05/2002 22:30|--a------|10684] C:\stuhl1.mdl
    [15/11/2006 19:54|--a------|940] C:\t3r8
    [15/11/2006 19:54|--a------|6416] C:\t3r8.1
    [13/11/2006 07:43|--a------|940] C:\t51k
    [13/11/2006 07:43|--a------|6416] C:\t51k.1
    [03/11/2005 13:06|--a------|14950] C:\tastatur.bmp
    [03/11/2005 13:06|--a------|14950] C:\tastatur_a.bmp
    [13/04/2002 03:18|--a------|45636] C:\teur1.wmb
    [21/05/2002 04:47|--a------|23876] C:\teur2.wmb
    [09/05/2002 04:26|--a------|26456] C:\text_leiste.bmp
    [21/05/2002 19:01|--a------|46356] C:\trep_beg.wmb
    [03/06/2002 00:43|--a------|2846860] C:\tunnelsystem.wmb
    [17/05/2002 00:16|--a------|22094] C:\turbine_k.wav
    [09/04/2009 19:51|--a------|1501] C:\updatedatfix.log
    [07/12/2009 15:25|--a------|14470] C:\UsbFix.txt
    [23/04/2002 23:05|--a------|1174632] C:\uzi.mdl
    [23/04/2002 23:05|--a------|37052] C:\uzi_solo.MDL
    [22/05/2002 21:54|--a------|251958] C:\Verdan22.bmp
    [22/05/2002 19:33|--a------|31030] C:\Verdana8.bmp
    [26/05/2002 20:49|--a------|31030] C:\Verdana8_braun.bmp
    [13/05/2002 01:17|--a------|37804] C:\waffe1.wav
    [16/05/2002 23:46|--a------|84464] C:\waffe1_nachladen.wav
    [13/05/2002 01:11|--a------|6172] C:\waffe2.wav
    [16/05/2002 23:46|--a------|82800] C:\waffe2_nachladen.wav
    [13/05/2002 01:18|--a------|6890] C:\waffe3.wav
    [16/05/2002 23:56|--a------|74608] C:\waffe3_nachladen.wav
    [07/04/2002 23:36|--a------|15076] C:\waffe4.wav
    [08/04/2002 00:45|--a------|81908] C:\waffe4_nachladen.wav
    [13/05/2002 01:16|--a------|25330] C:\waffe5.wav
    [16/05/2002 23:54|--a------|79784] C:\waffe5_nachladen.wav
    [02/06/2002 21:03|--a------|20693] C:\waffen.wdl
    [03/05/2002 23:54|--a------|41596] C:\waffe_aufheben.wav
    [23/05/2002 19:25|--a------|45636] C:\wand.wmb
    [20/05/2002 20:43|--a------|45924] C:\wand1.wmb
    [06/11/2003 22:50|--a------|540672] C:\WAR-Soldiers.exe
    [06/11/2003 22:49|--a------|10266] C:\war-soldiers.wdl
    [15/04/2002 20:53|--a------|375564] C:\warlock.mdl
    [25/04/2002 00:42|--a------|45636] C:\wasser.wmb
    [21/05/2002 22:27|--a------|136916] C:\wcrat2_0.mdl
    [21/05/2002 22:27|--a------|131508] C:\wcrate1.mdl
    [21/05/2002 22:27|--a------|136916] C:\wcrate2.mdl
    [21/05/2002 22:27|--a------|131508] C:\wcrat_0.mdl
    [03/06/2002 01:55|--a------|14071] C:\welt.wdl
    [20/01/1999 08:45|--a------|28992] C:\wham.wav

    ################## | Vaccination |

    # C:\autorun.inf -> Dossier créé par UsbFix.
    # J:\autorun.inf -> Dossier créé par UsbFix.

    ################## | Cracks / Keygens / Serials |

    "C:\Documents and Settings\Balico\Mes documents\Programmes\keygen.exe"
    25/11/2006 00:23 |Size 118784 |Crc32 52ce3b97 |Md5 a2fcfa38b381163e372a3f195541a848

    "C:\Documents and Settings\THOMAS\Mes documents\Crack\Ad-Aware2007.exe"
    13/06/2007 13:40 |Size 4452352 |Crc32 e5e85934 |Md5 9f6360e28d56ae0fed9e2aeb22e0a24f

    "C:\Documents and Settings\THOMAS\Mes documents\Crack\Ad-Watch2007.exe"
    13/06/2007 13:18 |Size 4177920 |Crc32 c7c69398 |Md5 67f518dbd7de862056e93b719b6822eb

    "C:\Documents and Settings\THOMAS\Mes documents\Crack\HostFileEditor.exe"
    13/06/2007 13:31 |Size 3629056 |Crc32 26019cf4 |Md5 4e535d6cf6494a98c5f190ea15d75236

    "C:\Documents and Settings\THOMAS\Mes documents\Crack\LSUpdateManager.exe"
    13/06/2007 12:41 |Size 1771664 |Crc32 98cbee9a |Md5 34ed43a5dbc2a835322d47e69e370cd8

    "C:\Documents and Settings\THOMAS\Mes documents\Crack\ProcessWatch.exe"
    13/06/2007 13:38 |Size 3706880 |Crc32 ce019c71 |Md5 1b69c06901b4f8fcd0e6ecedc8e47e77

    "C:\Documents and Settings\THOMAS\Mes documents\Crack\update-cracked.exe"
    13/06/2007 13:10 |Size 3158016 |Crc32 af4838cb |Md5 92ba6611261664b91d49b0dbeb73fe53

    "C:\Documents and Settings\THOMAS\Mes documents\mes jeux\Mx vs Atv Unleashed\Crack Mx vs atv unleashed\MXvsATV.exe"
    19/09/2009 14:32 |Size 18935808 |Crc32 a1e6c82b |Md5 2ae77ef8d2cfe6aff07fc0320948103f

    "C:\Program Files\Lavasoft\Ad-Aware 2007\Crack\Ad-Aware2007.exe"
    13/06/2007 13:40 |Size 4452352 |Crc32 e5e85934 |Md5 9f6360e28d56ae0fed9e2aeb22e0a24f

    "C:\Program Files\Lavasoft\Ad-Aware 2007\Crack\Ad-Watch2007.exe"
    13/06/2007 13:18 |Size 4177920 |Crc32 c7c69398 |Md5 67f518dbd7de862056e93b719b6822eb

    "C:\Program Files\Lavasoft\Ad-Aware 2007\Crack\HostFileEditor.exe"
    13/06/2007 13:31 |Size 3629056 |Crc32 26019cf4 |Md5 4e535d6cf6494a98c5f190ea15d75236

    "C:\Program Files\Lavasoft\Ad-Aware 2007\Crack\LSUpdateManager.exe"
    13/06/2007 12:41 |Size 1771664 |Crc32 98cbee9a |Md5 34ed43a5dbc2a835322d47e69e370cd8

    "C:\Program Files\Lavasoft\Ad-Aware 2007\Crack\ProcessWatch.exe"
    13/06/2007 13:38 |Size 3706880 |Crc32 ce019c71 |Md5 1b69c06901b4f8fcd0e6ecedc8e47e77

    "C:\Program Files\Lavasoft\Ad-Aware 2007\Crack\update-cracked.exe"
    13/06/2007 13:10 |Size 3158016 |Crc32 af4838cb |Md5 92ba6611261664b91d49b0dbeb73fe53

    "J:\Balico\Programmes\keygen.exe"
    25/11/2006 00:23 |Size 118784 |Crc32 52ce3b97 |Md5 a2fcfa38b381163e372a3f195541a848

    "J:\Program Files\Lavasoft\Ad-Aware 2007\Crack\Ad-Aware2007.exe"
    13/06/2007 13:40 |Size 4452352 |Crc32 e5e85934 |Md5 9f6360e28d56ae0fed9e2aeb22e0a24f

    "J:\Program Files\Lavasoft\Ad-Aware 2007\Crack\Ad-Watch2007.exe"
    13/06/2007 13:18 |Size 4177920 |Crc32 c7c69398 |Md5 67f518dbd7de862056e93b719b6822eb

    "J:\Program Files\Lavasoft\Ad-Aware 2007\Crack\HostFileEditor.exe"
    13/06/2007 13:31 |Size 3629056 |Crc32 26019cf4 |Md5 4e535d6cf6494a98c5f190ea15d75236

    "J:\Program Files\Lavasoft\Ad-Aware 2007\Crack\LSUpdateManager.exe"
    13/06/2007 12:41 |Size 1771664 |Crc32 98cbee9a |Md5 34ed43a5dbc2a835322d47e69e370cd8

    "J:\Program Files\Lavasoft\Ad-Aware 2007\Crack\ProcessWatch.exe"
    13/06/2007 13:38 |Size 3706880 |Crc32 ce019c71 |Md5 1b69c06901b4f8fcd0e6ecedc8e47e77

    "J:\Program Files\Lavasoft\Ad-Aware 2007\Crack\update-cracked.exe"
    13/06/2007 13:10 |Size 3158016 |Crc32 af4838cb |Md5 92ba6611261664b91d49b0dbeb73fe53
    0
  12. balico
     
    Malwarebytes' Anti-Malware 1.42
    Version de la base de données: 3321
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    07/12/2009 17:16:49
    mbam-log-2009-12-07 (17-16-49).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 256317
    Temps écoulé: 1 hour(s), 43 minute(s), 17 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  13. balico
     
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Balico at 2009-12-07 20:25:14
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 37 GB (15%) free of 238 GB
    Total RAM: 1023 MB (45% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:25:29, on 07/12/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\Balico\Mes documents\RSIT(2).exe
    C:\Documents and Settings\Balico\Mes documents\Balico.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O2 - BHO: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfree.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfree.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [MailNotifierSessionManager] C:\Program Files\Orange\Notification Mail\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Balico\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol 52\axcmd.exe" /automount
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f006.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8001DE01-8B64-42D0-A0DB-7618DC0AF72D}: NameServer = 192.168.1.1,80.10.246.2
    O17 - HKLM\System\CCS\Services\Tcpip\..\{90093DB8-745E-40BA-9619-3D078DF4E4F1}: NameServer = 192.168.1.1,80.10.246.2
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9FB87DFC-19EC-4AF0-9661-BA62417C648E}: NameServer = 192.168.1.1,80.10.246.2
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
    O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe
    0
  14. balico
     
    List'em by g3n-h@ckm@n 1.1.3.1

    Thx to Chiquitine29.....& CCM team

    User : Balico (Administrateurs) # CASA
    Update on 08/12/2009 by g3n-h@ckm@n ::::: 12:30
    Start at: 22:18:41 | 07/12/2009
    Contact : g3n-h@ckm@n sur CCM

    Intel(R) Pentium(R) 4 CPU 3.06GHz
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Disabled
    AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]

    C:\ -> Disque fixe local | 232,88 Go (34,96 Go free) [446513] | NTFS
    D:\ -> Disque CD-ROM
    E:\ -> Disque CD-ROM
    F:\ -> Disque amovible
    G:\ -> Disque amovible
    H:\ -> Disque amovible
    I:\ -> Disque amovible
    K:\ -> Disque amovible

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\WINDOWS\System32\smss.exe 980
    C:\WINDOWS\system32\csrss.exe 1224
    C:\WINDOWS\system32\winlogon.exe 1320
    C:\WINDOWS\system32\services.exe 1380
    C:\WINDOWS\system32\lsass.exe 1392
    C:\WINDOWS\system32\Ati2evxx.exe 1620
    C:\WINDOWS\system32\svchost.exe 1640
    C:\WINDOWS\system32\svchost.exe 1720
    C:\WINDOWS\System32\svchost.exe 1832
    C:\WINDOWS\system32\svchost.exe 1924
    C:\WINDOWS\system32\svchost.exe 2028
    C:\WINDOWS\system32\Ati2evxx.exe 232
    C:\WINDOWS\system32\spoolsv.exe 396
    C:\Program Files\Avira\AntiVir Desktop\sched.exe 488
    C:\WINDOWS\system32\svchost.exe 608
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1356
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1460
    C:\WINDOWS\system32\svchost.exe 1744
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe 1800
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE 480
    C:\WINDOWS\System32\svchost.exe 528
    C:\WINDOWS\System32\svchost.exe 568
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 580
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 808
    C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe 852
    C:\WINDOWS\system32\svchost.exe 868
    C:\WINDOWS\system32\SearchIndexer.exe 1056
    C:\WINDOWS\System32\alg.exe 2832
    C:\WINDOWS\explorer.exe 3220
    C:\WINDOWS\system32\ctfmon.exe 2544
    C:\Program Files\Avira\AntiVir Desktop\avcenter.exe 2236
    C:\WINDOWS\system32\wscntfy.exe 2800
    C:\Program Files\Mozilla Firefox\firefox.exe 3916
    C:\Documents and Settings\Balico\Bureau\List_Kill'em.exe 3776
    C:\WINDOWS\system32\cmd.exe 3444
    C:\WINDOWS\system32\SearchProtocolHost.exe 3696
    C:\WINDOWS\system32\SearchFilterHost.exe 1340
    C:\WINDOWS\system32\wbem\wmiprvse.exe 2504
    C:\Documents and Settings\Balico\Local Settings\Temp\F6.tmp\pv.exe 3392

    ======================
    Keys "Run"
    ======================
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
    Google Update REG_SZ "C:\Documents and Settings\Balico\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    AlcoholAutomount REG_SZ "C:\Program Files\Alcohol 52\axcmd.exe" /automount

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    MailNotifierSessionManager REG_SZ C:\Program Files\Orange\Notification Mail\SessionManager\SessionManager.exe
    LogitechVideoRepair REG_SZ C:\Program Files\Logitech\Video\ISStart.exe
    SoundMAXPnP REG_SZ C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    StartCCC REG_SZ "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    AppleSyncNotifier REG_SZ C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    Malwarebytes' Anti-Malware REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

    =====================
    Other Keys
    =====================
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    dontdisplaylastusername REG_DWORD 0 (0x0)
    legalnoticecaption REG_SZ
    legalnoticetext REG_SZ
    shutdownwithoutlogon REG_DWORD 1 (0x1)
    undockwithoutlogon REG_DWORD 1 (0x1)

    ===============
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoDriveTypeAutoRun REG_DWORD 145 (0x91)
    NoDriveAutoRun REG_DWORD 145 (0x91)
    HonorAutoRunSetting REG_DWORD 0 (0x0)

    ===============
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    HonorAutoRunSetting REG_DWORD 0 (0x0)
    NoDriveAutoRun REG_DWORD 145 (0x91)
    NoDriveTypeAutoRun REG_DWORD 145 (0x91)

    ===============
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLS REG_SZ wbsys.dll

    ===============
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

    ===============
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
    %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Program Files\uTorrent\uTorrent.exe REG_SZ C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
    C:\Documents and Settings\Balico\Mes documents\BitTorrent Downloads\fscommand\Vividas_ep18.exe REG_SZ C:\Documents and Settings\Balico\Mes documents\BitTorrent Downloads\fscommand\Vividas_ep18.exe:*:Disabled:Vividas Player
    C:\Documents and Settings\Balico\Mes documents\BitTorrent Downloads\dora léon le lion du cirque.zip\fscommand\Vividas_ep18.exe REG_SZ C:\Documents and Settings\Balico\Mes documents\BitTorrent Downloads\dora léon le lion du cirque.zip\fscommand\Vividas_ep18.exe:*:Disabled:Vividas Player
    C:\Documents and Settings\Balico\Mes documents\BitTorrent Downloads\dora léon le lion du cirque.zip\dora JEU PC léon le lion du cirque\fscommand\Vividas_ep18.exe REG_SZ C:\Documents and Settings\Balico\Mes documents\BitTorrent Downloads\dora léon le lion du cirque.zip\dora JEU PC léon le lion du cirque\fscommand\Vividas_ep18.exe:*:Enabled:Vividas Player
    C:\Documents and Settings\Balico\Mes documents\BitTorrent Downloads\DORA clique et crée N°8 la famille buzza buzza\fscommand\Vividas_ep8.exe REG_SZ C:\Documents and Settings\Balico\Mes documents\BitTorrent Downloads\DORA clique et crée N°8 la famille buzza buzza\fscommand\Vividas_ep8.exe:*:Enabled:Vividas Player
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger
    C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
    C:\Program Files\Scrabble2009\ScrabblePCR.exe REG_SZ C:\Program Files\Scrabble2009\ScrabblePCR.exe:*:Enabled:Scrabble™ Interactif Edition 2009
    C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
    %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Program Files\Scrabble2009\ScrabblePCR.exe REG_SZ C:\Program Files\Scrabble2009\ScrabblePCR.exe:*:Enabled:ScrabblePCR
    C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe

    ===============
    BHO :
    ======
    [<NO NAME> REG_SZ ]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0347C33E-8762-4905-BF09-768834316C61}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d3e23b4b-f153-4687-82c2-816319dd3c5a}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

    ================
    Internet Explorer :
    ================
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.msn.com/fr-fr

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

    ========
    Services
    ========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

    Ndisuio : 0x3
    EapHost : 0x3
    SharedAccess : 0x2
    wuauserv : 0x2

    =========

    =======
    Drive :
    =======

    D‚fragmenteur de disque Windows
    Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

    Rapport d'analyse
    233 Go total, 34,97 Go libre (15%), 4% fragment‚ (fragmentation du fichier 9%)

    Il ne vous est pas n‚cessaire de d‚fragmenter ce volume.

    ==========
    Programs
    ==========

    3GP Video Converter 3
    7-Zip
    a-squared Free
    a2FreeSetup.exe
    Ad-Aware
    AdbeRdr810_en_US.exe
    Adobe
    Alcohol 52
    Alcohol Soft
    Alcohol52_FE_1.9.6.5429.exe
    Analog Devices
    Apple Software Update
    ATI Technologies
    Audacity
    AutoGK
    AUTORUN.INF
    Avira
    AviSynth 2.5
    Ballance.ico
    Barbie(TM)
    Bonjour
    BSplayer
    CCleaner
    ccleaner.setup140.exe
    CleanUp!
    Common Files
    ComPlus Applications
    CyberLink
    data1.cab
    data1.hdr
    data2.cab
    directx
    DivX
    DNA
    Dsetup.dll
    Eidos Interactive
    eMule
    Extras
    EZFace
    Fichiers communs
    free-downloads
    Freez 3GP Video Converter
    GameHouse
    Google
    help
    Hewlett-Packard
    HP
    ImTOO
    Install.exe
    InstallShield Installation Information
    install_flash_player.exe
    Intel
    Internet Explorer
    InterVideo
    iPod
    iTunes
    Java
    Kellogg's Asie
    Kodak
    Launch.exe
    Launch.ini
    Lavalys
    Lavasoft
    LG Electronics
    LG PC Suite
    Lilo & Stitch Ouragan sur Hawa‹
    Logiciel Photo Orange
    Logitech
    Malwarebytes' Anti-Malware
    Media Player Classic
    mes donn‚es
    Messenger
    Messenger Plus! Live
    MessengerPlus! 3
    Microsoft
    Microsoft CAPICOM 2.1.0.2
    microsoft frontpage
    Microsoft Office
    Microsoft Silverlight
    Microsoft SQL Server Compact Edition
    Microsoft Sync Framework
    Microsoft Visual Studio
    Microsoft Works
    Mindscape
    Movie Maker
    Mozilla Firefox
    MSBuild
    MSN
    MSN Apps
    MSN Gaming Zone
    MSXML 4.0
    Multi_Media_France
    Nero
    NetMeeting
    Network Stumbler
    NFO viewer
    Online Services
    orange
    OrangeHSS
    Outlook Express
    PeerGuardian2
    perfect disk d‚fragmenteur
    Photo Mixer 3.0
    Photodex
    PhotoFiltre Studio
    PIXELA
    QuickTime
    Raccourcis de programmes
    Raxco
    Real
    Real Alternative
    Reference Assemblies
    Rockstar Games
    SAGEM WiFi manager
    Samsung
    Satsuki Decoder Pack
    scrabble
    Scrabble2009
    SCRABBLE© Interactif EDITION 2007
    Securitoo
    Services en ligne
    Session 1
    Setup
    Skype
    Sony Corporation
    Sony Print Service
    SopCast
    Spybot - Search & Destroy
    Spybot - Search & Destroy 2
    Stardock
    startup.exe
    SUPER
    THQ
    TmNationsForever
    TomTom DesktopSuite
    TomTom HOME 2
    TomTom International B.V
    Tomtomax Maxi-Box
    Trend Micro
    TribalWeb.net
    TVAnts
    Ubi Soft
    Unlocker
    uTorrent
    VideoLAN
    VirtualDub
    VLC
    vso
    Wanadoo
    Web Media Player
    Winamp
    WinAVI MP4 Converter
    Windows Desktop Search
    Windows Live
    Windows Live Safety Center
    Windows Live SkyDrive
    Windows Media Connect 2
    Windows Media Player
    Windows NT
    WindowsUpdate
    WinRAR
    wmp11-windowsxp-x86-FR-FR.exe
    xerox
    [C51].nfo

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    C:\Program Files\Multi_Media_France
    C:\Program Files\VLC
    C:\WINDOWS\iun6002.exe
    C:\WINDOWS\system32\404Fix.exe
    C:\WINDOWS\System32\ACTSKN43.ocx
    C:\WINDOWS\System32\drivers\etc\hosts.msn
    C:\WINDOWS\System32\drivers\lvuvc.hs
    C:\WINDOWS\system32\drivers\Sonyhcp.dll
    C:\WINDOWS\system32\dumphive.exe
    C:\WINDOWS\system32\IEDFix.exe
    C:\WINDOWS\system32\Process.exe
    C:\WINDOWS\system32\SrchSTS.exe
    C:\WINDOWS\system32\tmp.reg
    C:\WINDOWS\system32\VACFix.exe
    C:\WINDOWS\system32\VCCLSID.exe
    C:\WINDOWS\system32\WS2Fix.exe
    C:\Documents and Settings\Balico\LOCAL Settings\Temp\ttmax_maxibox_v2.0.19.exe
    C:\Documents and Settings\Balico\LOCAL Settings\Temp\_is1.exe
    C:\Documents and Settings\Balico\LOCAL Settings\Temp\_is5.exe
    C:\Documents and Settings\Balico\LOCAL Settings\Temp\_is6.exe
    C:\Documents and Settings\Balico\LOCAL Settings\Temp\_is7.exe
    C:\Documents and Settings\Balico\LOCAL Settings\Temp\{8ED75F97-106A-7C76-4EC8-80850588D7C2}-msa.exe
    C:\Documents and Settings\Balico\LOCAL Settings\Temp\tmp28.tmp

    ¤¤¤¤¤¤¤¤¤¤ Keys :

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
    "HKLM\Software\Trymedia Systems"

    =========
    Rootkits
    =========

    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-12-07 22:21:08
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000000
    "ujdew"=hex:d2,7b,5a,a2,53,9d,d9,90,7b,88,6d,6d,a5,bb,c7,0a,01,a4,8a,7e,14,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000001
    "khjeh"=hex:86,33,76,d1,05,cc,91,c2,d4,1c,78,9f,98,22,dc,37,cc,18,24,a9,5f,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000000
    "ujdew"=hex:44,14,f8,ee,7f,9f,16,99,0d,ef,06,13,43,1f,75,73,c3,bc,57,9f,60,..
    "p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000001
    "khjeh"=hex:b6,35,ec,ca,9f,0c,38,48,70,5f,90,9c,20,4b,2e,c3,dc,fa,87,d7,75,..
    "p0"="C:\Program Files\DAEMON Tools Lite\"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,31,e9,2e,59,bf,a7,c8,c0,59,00,56,2a,6f,5f,28,c2,97,..
    "khjeh"=hex:0a,25,ae,ab,5e,a6,39,c1,bc,f0,23,b9,62,59,74,8c,d3,19,42,27,e5,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:8b,92,6c,85,72,ec,83,47,b2,dd,6c,4c,76,8f,28,eb,5d,24,86,44,8a,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000000
    "ujdew"=hex:40,26,55,97,e8,1a,a4,94,49,e8,da,7d,20,4e,66,af,4b,a6,05,dd,ed,..
    "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000001
    "khjeh"=hex:b6,35,ec,ca,9f,0c,38,48,70,5f,90,9c,20,4b,2e,c3,dc,fa,87,d7,75,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000000
    "ujdew"=hex:44,14,f8,ee,7f,9f,16,99,0d,ef,06,13,43,1f,75,73,c3,bc,57,9f,60,..
    "p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000001
    "khjeh"=hex:b6,35,ec,ca,9f,0c,38,48,70,5f,90,9c,20,4b,2e,c3,dc,fa,87,d7,75,..
    "p0"="C:\Program Files\DAEMON Tools Lite\"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,31,e9,2e,59,bf,a7,c8,c0,59,00,56,2a,6f,5f,28,c2,97,..
    "khjeh"=hex:0a,25,ae,ab,5e,a6,39,c1,bc,f0,23,b9,62,59,74,8c,d3,19,42,27,e5,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:8b,92,6c,85,72,ec,83,47,b2,dd,6c,4c,76,8f,28,eb,5d,24,86,44,8a,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000000
    "ujdew"=hex:44,14,f8,ee,7f,9f,16,99,0d,ef,06,13,43,1f,75,73,c3,bc,57,9f,60,..
    "p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000001
    "khjeh"=hex:b6,35,ec,ca,9f,0c,38,48,70,5f,90,9c,20,4b,2e,c3,dc,fa,87,d7,75,..
    "p0"="C:\Program Files\DAEMON Tools Lite\"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,31,e9,2e,59,bf,a7,c8,c0,59,00,56,2a,6f,5f,28,c2,97,..
    "khjeh"=hex:0a,25,ae,ab,5e,a6,39,c1,bc,f0,23,b9,62,59,74,8c,d3,19,42,27,e5,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:8b,92,6c,85,72,ec,83,47,b2,dd,6c,4c,76,8f,28,eb,5d,24,86,44,8a,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000000
    "ujdew"=hex:44,14,f8,ee,7f,9f,16,99,0d,ef,06,13,43,1f,75,73,c3,bc,57,9f,60,..
    "p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000001
    "khjeh"=hex:b6,35,ec,ca,9f,0c,38,48,70,5f,90,9c,20,4b,2e,c3,dc,fa,87,d7,75,..
    "p0"="C:\Program Files\DAEMON Tools Lite\"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,31,e9,2e,59,bf,a7,c8,c0,59,00,56,2a,6f,5f,28,c2,97,..
    "khjeh"=hex:0a,25,ae,ab,5e,a6,39,c1,bc,f0,23,b9,62,59,74,8c,d3,19,42,27,e5,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:8b,92,6c,85,72,ec,83,47,b2,dd,6c,4c,76,8f,28,eb,5d,24,86,44,8a,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000000
    "ujdew"=hex:44,14,f8,ee,7f,9f,16,99,0d,ef,06,13,43,1f,75,73,c3,bc,57,9f,60,..
    "p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000001
    "khjeh"=hex:b6,35,ec,ca,9f,0c,38,48,70,5f,90,9c,20,4b,2e,c3,dc,fa,87,d7,75,..
    "p0"="C:\Program Files\DAEMON Tools Lite\"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,31,e9,2e,59,bf,a7,c8,c0,59,00,56,2a,6f,5f,28,c2,97,..
    "khjeh"=hex:0a,25,ae,ab,5e,a6,39,c1,bc,f0,23,b9,62,59,74,8c,d3,19,42,27,e5,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:8b,92,6c,85,72,ec,83,47,b2,dd,6c,4c,76,8f,28,eb,5d,24,86,44,8a,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000000
    "ujdew"=hex:44,14,f8,ee,7f,9f,16,99,0d,ef,06,13,43,1f,75,73,c3,bc,57,9f,60,..
    "p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000001
    "khjeh"=hex:b6,35,ec,ca,9f,0c,38,48,70,5f,90,9c,20,4b,2e,c3,dc,fa,87,d7,75,..
    "p0"="C:\Program Files\DAEMON Tools Lite\"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,31,e9,2e,59,bf,a7,c8,c0,59,00,56,2a,6f,5f,28,c2,97,..
    "khjeh"=hex:0a,25,ae,ab,5e,a6,39,c1,bc,f0,23,b9,62,59,74,8c,d3,19,42,27,e5,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:8b,92,6c,85,72,ec,83,47,b2,dd,6c,4c,76,8f,28,eb,5d,24,86,44,8a,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000000
    "ujdew"=hex:02,e0,63,0f,d5,0d,f9,6a,cf,9d,47,e7,e1,82,2e,d2,ec,ab,fa,25,ff,..
    "p0"="C:\Program Files\Alcohol 52\"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000001
    "khjeh"=hex:b6,35,ec,ca,9f,0c,38,48,70,5f,90,9c,20,4b,2e,c3,dc,fa,87,d7,75,..
    "p0"="C:\Program Files\DAEMON Tools Lite\"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,31,e9,2e,59,bf,a7,c8,c0,59,00,56,2a,6f,5f,28,c2,97,..
    "khjeh"=hex:0a,25,ae,ab,5e,a6,39,c1,bc,f0,23,b9,62,59,74,8c,d3,19,42,27,e5,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:8b,92,6c,85,72,ec,83,47,b2,dd,6c,4c,76,8f,28,eb,5d,24,86,44,8a,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:ecc24041
    "s2"=dword:6ad14240
    "h0"=dword:00000002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000000
    "ujdew"=hex:9c,b5,bb,de,e7,db,49,f7,ae,9f,af,bb,a9,0f,dd,c5,06,37,fd,d3,90,..
    "p0"="C:\Program Files\Alcohol 52\"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000001
    "khjeh"=hex:e1,23,6c,e1,60,90,36,58,ca,21,9c,3d,9c,d3,e5,76,e3,2c,5d,be,13,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000000
    "ujdew"=hex:cd,f9,6a,2e,fc,33,5b,31,18,97,16,f9,ae,98,d0,e3,f5,53,3f,85,a3,..
    "p0"="C:\Program Files\Alcohol 52\"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000001
    "khjeh"=hex:e1,23,6c,e1,60,90,36,58,ca,21,9c,3d,9c,d3,e5,76,e3,2c,5d,be,13,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000000
    "ujdew"=hex:cd,f9,6a,2e,fc,33,5b,31,18,97,16,f9,ae,98,d0,e3,f5,53,3f,85,a3,..
    "p0"="C:\Program Files\Alcohol 52\"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000001
    "khjeh"=hex:e1,23,6c,e1,60,90,36,58,ca,21,9c,3d,9c,d3,e5,76,e3,2c,5d,be,13,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000000
    "ujdew"=hex:cd,f9,6a,2e,fc,33,5b,31,18,97,16,f9,ae,98,d0,e3,f5,53,3f,85,a3,..
    "p0"="C:\Program Files\Alcohol 52\"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000001
    "khjeh"=hex:e1,23,6c,e1,60,90,36,58,ca,21,9c,3d,9c,d3,e5,76,e3,2c,5d,be,13,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000000
    "ujdew"=hex:9c,b5,bb,de,e7,db,49,f7,ae,9f,af,bb,a9,0f,dd,c5,06,37,fd,d3,90,..
    "p0"="C:\Program Files\Alcohol 52\"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000001
    "khjeh"=hex:e1,23,6c,e1,60,90,36,58,ca,21,9c,3d,9c,d3,e5,76,e3,2c,5d,be,13,..

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
    "OODEFRAG11.00.00.01WORKSTATION"="C932FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A2D97226D213B555BA7FD869164D67945DDF4E4DA5C535526903DA56C00A7B416323B11398E13EE8B194363A6BE5B882F88684E0B209EB7EFDD313A5944B0263A01A5834E2BAC3EF5EA8069527501897EBBCD250C00A1647591058591867A903CAAF7BD2572BC6C9BDAD64A0BBECA650DF1E0C4474069F0CF4DED60F8F3986034EB7BFA3FA46A27ECF450EC50EB0A77E08B725FA316B5601565BDCFA7F4F119D9FF96C6E925897ED1983E382C6404743180BB8481FE0EAAF0195DC64B269A1623534ED8E2B5F4BCB1F72EA67D0F81297491004912DBDF6F57E8F6DA538FC79B28815D3F6130DC59D700DCC99DCE9F8C7D6AD69508C8FF2035D404AAF60B3BCC2194152A8DD4AF240994655D3DE57517303446E14B016BDDCAF935384426C709D69CEC03E632F235F318375E18FB7D48C91263D7ED4C599DA89E709BBB8B703A080CD9B63BC0B0C00CC9B43A5EAB6A0DCCA9824C5F3C6ACAA06101401DFDAC0FDE7B982574AE1C477085DF514B034B600FCD41534D0F6814D41D33E931DCFDFBAAF0A3AEF2FE74972040A6C3764C3FB6576892528F0E508175E6DF7C6934476B0E9A429945388FBED6454262B4F2DB9D08E590E159B5910B1820C53802E19008F2D66DCC16063203D4FE747A1FDEA9E5A1BD9AF7FDEC6D01857D3073D9BE3DAD5139F8308C649DD8771601B603FAD3AEC7B1409818D5E661D0B5AEC8CCDEE4C5C3C14F28BB9C1C1C7F9CF0DC0285882C88E88C24B39FECCE3CD2B0611FB377A4B4AFAA083AE86BB4B1DBA2EAF9183D10239A6A59DBE3C6866D6C4F3021EEEF1A0E302AA3DE107A1379119332E9578640064551F5038607D70DE1B7EAB73FAA02E3447501AD2E52A8014D875521539DC7FFCEEC0CB89E739A224158FEBFE74DB99E961F48CC479F272645B71443577BF0E73C1C10ED50127F3670EB7378629D8DD3655219C3ECA7BABC47548425D1C76913C0F7BAB8613BBAAEE54A714131C3447D0A180E88A1A2A9E7E70BF1DB9C1CD41CF0EEB4AC9B4CC6484AAB69EF280EC77F4B4621FB95AC493DB09BEB93BB7F8A8AB67B4A2903494927548E084B9416766E0F33B051DB078A3AD6F531394030CA750B91C040F90B1F794D8450ABCFB695B56B52372CCF757BE46492F34BED880F141968CD03F7E26B0B5FA2508958120F41D48D55424BE53A67EB0A5BFF5A734100805127F5D66D8A634C16967A35719A4FEE834AAC247C672323131EA3A0C685C31FDDF19EBE5939BEB349AA78738C9B1CB4EBF088A096D0EBFCBECFD50DB4387CDEFCC3D30CC05A440CDE9DD29900834D59E2218242F66B68AF59BD73F1D4C9471BD509EB12041AA157C292FB002"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BF7CD221-C241-8100-9978-4F32856C9627}]

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤)
    0
  15. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    ok dans cet ordre stp

    1) Suppression :

    REDEMARRE EN MODE SANS ECHEC ,

    https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php

    puis :

    ▶ Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),

    mais cette fois-ci :

    ▶ choisis l'option 2 = Mode Destruction

    laisse travailler l'outil

    ▶ colle le contenu de C:\Kill'em.txt dans ta réponse après avoir redémarré en mode normal

    2) vois si tu trouves et supprmes : C:\WINDOWS\system32\tmp.txt

    3) ▶ Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
    https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/

    * Lance-le.(clic droit "en tant qu'administrateur" pour Vista) Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
    * Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
    * Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs tant de fois qu il en trouve a l analyse
    * Veille a ce que dans les options le reglage soit au demarrage de windows et réglé sur "effacement securisé" 35 passes (guttman)

    4) apres Ccleaner, refais un nouveau RSIT

    0
  16. balico
     
    Kill'em by g3n-h@ckm@n 1.1.3.1

    User : Balico () # CASA
    Update on 08/12/2009 by g3n-h@ckm@n ::::: 12:30
    Start at: 06:55:58 | 08/12/2009
    Contact : g3n-h@ckm@n sur CCM

    Intel(R) Pentium(R) 4 CPU 3.06GHz
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Enabled
    AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

    C:\ -> Disque fixe local | 232,88 Go (34,98 Go free) [446513] | NTFS
    D:\ -> Disque CD-ROM
    F:\ -> Disque amovible
    G:\ -> Disque amovible
    H:\ -> Disque amovible
    I:\ -> Disque amovible
    K:\ -> Disque amovible

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\WINDOWS\System32\smss.exe 128
    C:\WINDOWS\system32\csrss.exe 192
    C:\WINDOWS\system32\winlogon.exe 216
    C:\WINDOWS\system32\services.exe 260
    C:\WINDOWS\system32\lsass.exe 272
    C:\WINDOWS\system32\svchost.exe 428
    C:\WINDOWS\system32\svchost.exe 504
    C:\WINDOWS\system32\svchost.exe 560
    C:\WINDOWS\Explorer.EXE 856
    C:\Documents and Settings\Balico\Bureau\List_Kill'em.exe 1048
    C:\WINDOWS\system32\cmd.exe 1060
    C:\WINDOWS\system32\wbem\wmiprvse.exe 1144
    C:\Documents and Settings\Balico\Local Settings\Temp\1.tmp\pv.exe 1216

    Detections :
    ==========

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    "C:\Program Files\Multi_Media_France"
    "C:\Program Files\VLC"
    "C:\WINDOWS\iun6002.exe"
    "C:\WINDOWS\system32\404Fix.exe"
    "C:\WINDOWS\System32\ACTSKN43.ocx"
    "C:\WINDOWS\System32\drivers\etc\hosts.msn"
    "C:\WINDOWS\System32\drivers\lvuvc.hs"
    "C:\WINDOWS\system32\drivers\Sonyhcp.dll"
    "C:\WINDOWS\system32\dumphive.exe"
    "C:\WINDOWS\system32\IEDFix.exe"
    "C:\WINDOWS\system32\Process.exe"
    "C:\WINDOWS\system32\SrchSTS.exe"
    "C:\WINDOWS\system32\tmp.reg"
    "C:\WINDOWS\system32\VACFix.exe"
    "C:\WINDOWS\system32\VCCLSID.exe"
    "C:\WINDOWS\system32\WS2Fix.exe"
    C:\Documents and Settings\Balico\LOCAL Settings\Temp\ttmax_maxibox_v2.0.19.exe
    C:\Documents and Settings\Balico\LOCAL Settings\Temp\_is1.exe
    C:\Documents and Settings\Balico\LOCAL Settings\Temp\_is5.exe
    C:\Documents and Settings\Balico\LOCAL Settings\Temp\_is6.exe
    C:\Documents and Settings\Balico\LOCAL Settings\Temp\_is7.exe
    C:\Documents and Settings\Balico\LOCAL Settings\Temp\{8ED75F97-106A-7C76-4EC8-80850588D7C2}-msa.exe
    C:\Documents and Settings\Balico\LOCAL Settings\Temp\tmp28.tmp

    ¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :

    Quarantine :

    404Fix.exe.Kill'em
    ACTSKN43.OCX.Kill'em
    dumphive.exe.Kill'em
    hosts.msn.Kill'em
    IEDFix.exe.Kill'em
    iun6002.exe.Kill'em
    lvuvc.hs.Kill'em
    Multi_Media_France.Kill'em
    Process.exe.Kill'em
    QTSBandwidthCache.Kill'em
    Sonyhcp.dll.Kill'em
    SrchSTS.exe.Kill'em
    tmp.reg.Kill'em
    tmp28.tmp.Kill'em
    ttmax_maxibox_v2.0.19.exe.Kill'em
    VACFix.exe.Kill'em
    VCCLSID.exe.Kill'em
    VLC.Kill'em
    WS2Fix.exe.Kill'em
    _is1.exe.Kill'em
    _is5.exe.Kill'em
    _is6.exe.Kill'em
    _is7.exe.Kill'em
    {8ED75F97-106A-7C76-4EC8-80850588D7C2}-msa.exe.Kill'em

    ==============
    host file OK !
    ==============

    ========
    Registry
    ========
    Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
    Deleted : HKLM\Software\Trymedia Systems

    ============
    Disk Cleaned
    ============

    ================
    Prefetch cleaned :
    ================

    Layout.ini
    NTOSBOOT-B00DFAAD.pf

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  17. balico
     
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Balico at 2009-12-08 07:23:28
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 36 GB (15%) free of 238 GB
    Total RAM: 1023 MB (55% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 07:23:44, on 08/12/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\Balico\Mes documents\RSIT(3).exe
    C:\Documents and Settings\Balico\Mes documents\Balico.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O2 - BHO: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfree.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfree.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [MailNotifierSessionManager] C:\Program Files\Orange\Notification Mail\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Balico\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol 52\axcmd.exe" /automount
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f006.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8001DE01-8B64-42D0-A0DB-7618DC0AF72D}: NameServer = 192.168.1.1,80.10.246.2
    O17 - HKLM\System\CCS\Services\Tcpip\..\{90093DB8-745E-40BA-9619-3D078DF4E4F1}: NameServer = 192.168.1.1,80.10.246.2
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9FB87DFC-19EC-4AF0-9661-BA62417C648E}: NameServer = 192.168.1.1,80.10.246.2
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
    O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe
    0
  18. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    as tu suivi l'ordre des étapes du post 18
    et en particulier les étapes 2 et 3

    0
    1. balico
       
      oui mais à l'étape 2 je n'ai pas trouvé le fichier C:\WINDOWS\system32\tmp.txt (peut être pas cherché où il faut ?).

      A l'étape 3, je n'ai pas trouvé à l'endroit indiqué "les options le réglage soit au démarrage de windows et réglé sur "effacement securisé" 35 passes (guttman)".

      Je te dis à ce soir car je pars bosser.
      Merci encore pour ta patience !
      0
      1. balico > balico
         
        çà y est, j'ai trouvé et viré le fichier C:\WINDOWS\system32\tmp.txt



        Logfile of random's system information tool 1.06 (written by random/random)
        Run by Balico at 2009-12-08 19:23:21
        Microsoft Windows XP Édition familiale Service Pack 3
        System drive C: has 36 GB (15%) free of 238 GB
        Total RAM: 1023 MB (34% free)

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 19:23:38, on 08/12/2009
        Platform: Windows XP SP3 (WinNT 5.01.2600)
        MSIE: Internet Explorer v8.00 (8.00.6001.18702)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Avira\AntiVir Desktop\sched.exe
        C:\Program Files\Avira\AntiVir Desktop\avguard.exe
        C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
        C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
        C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
        C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\SearchIndexer.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
        C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
        C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
        C:\WINDOWS\system32\SearchProtocolHost.exe
        C:\Documents and Settings\Balico\Mes documents\RSIT(3).exe
        C:\Documents and Settings\Balico\Mes documents\Balico.exe

        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
        O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
        O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
        O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
        O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
        O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
        O2 - BHO: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfree.dll
        O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
        O3 - Toolbar: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfree.dll
        O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
        O4 - HKLM\..\Run: [MailNotifierSessionManager] C:\Program Files\Orange\Notification Mail\SessionManager\SessionManager.exe
        O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
        O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
        O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
        O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
        O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Balico\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
        O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol 52\axcmd.exe" /automount
        O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
        O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
        O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
        O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
        O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
        O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
        O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
        O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
        O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
        O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
        O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
        O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
        O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f006.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
        O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx
        O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{8001DE01-8B64-42D0-A0DB-7618DC0AF72D}: NameServer = 192.168.1.1,80.10.246.2
        O17 - HKLM\System\CCS\Services\Tcpip\..\{90093DB8-745E-40BA-9619-3D078DF4E4F1}: NameServer = 192.168.1.1,80.10.246.2
        O17 - HKLM\System\CCS\Services\Tcpip\..\{9FB87DFC-19EC-4AF0-9661-BA62417C648E}: NameServer = 192.168.1.1,80.10.246.2
        O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
        O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
        O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
        O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
        O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
        O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
        O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
        O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
        O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe
        0
    2. balico
       
      me revoilou
      0
  19. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    relances usbfix option 2

    ce que je cherche devrait être pris en charge par lui

    0
  • 1
  • 2
  • 3