A voir également:
- Virus windows live messenger
- Windows live mail - Télécharger - Mail
- Clé windows 10 gratuit - Guide
- L'équipe live foot - Accueil - TV & Vidéo
- Montage video windows - Guide
- Windows ne démarre pas - Guide
5 réponses
Utilisateur anonyme
22 déc. 2009 à 21:00
22 déc. 2009 à 21:00
Bonsoir,
Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.
! Déconnecte toi et FERME TOUTES TES APPLICATIONS EN COURS !
Double-clique sur " RSIT.exe " pour le lancer .
▶ Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .
▶ Devant l'option "List files/folders created ..." , tu choisis : 2 months
▶ clique ensuite sur " Continue " pour lancer l'analyse ...
▶ laisse faire le scan et ne touche pas au PC ...
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).
Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...
Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum
( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.
! Déconnecte toi et FERME TOUTES TES APPLICATIONS EN COURS !
Double-clique sur " RSIT.exe " pour le lancer .
▶ Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .
▶ Devant l'option "List files/folders created ..." , tu choisis : 2 months
▶ clique ensuite sur " Continue " pour lancer l'analyse ...
▶ laisse faire le scan et ne touche pas au PC ...
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).
Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...
Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum
( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
Utilisateur anonyme
23 déc. 2009 à 19:06
23 déc. 2009 à 19:06
▶ Télécharge Ad-remover ( de C_XX ) sur ton bureau :
▶ Déconnecte toi et ferme toutes applications en cours !
▶ Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .
▶ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
▶ Au menu principal choisis l'option "L" et tape sur [entrée] .
▶ Laisse travailler l'outil et ne touche à rien ...
▶ Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
▶ Déconnecte toi et ferme toutes applications en cours !
▶ Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .
▶ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
▶ Au menu principal choisis l'option "L" et tape sur [entrée] .
▶ Laisse travailler l'outil et ne touche à rien ...
▶ Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
voici le rapport:
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 23.12.2009 à 20:36
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 21:04:41, 24/12/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: BUREAU | Utilisateur actuel: jerome soulet
Bonnes fêtes de fin d'année à vous tous :)
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
C:\DOCUME~1\JEROME~1\APPLIC~1\Mozilla\FireFox\Profiles\s4swq5vp.default\searchplugins\Yoog Search.xml
C:\Program Files\Smart-Ads-Solutions
C:\Program Files\Winsudate
C:\DOCUME~1\JEROME~1\APPLIC~1\EoRezo
C:\DOCUME~1\JEROME~1\APPLIC~1\Smart-Ads-Solutions
C:\WINDOWS\system32\mxnkdegctvkynq.exe
C:\WINDOWS\system32\u_ofgrmyrfolbhu.dll.exe
C:\WINDOWS\system32\ofgrmyrfolbhu.dll - ... [b]ERREUR SUPPRESSION !!/b
C:\WINDOWS\system32\fzmqhsxlmaa.dll - ... [b]ERREUR SUPPRESSION !!/b
C:\WINDOWS\system32\ofgrmyrfolbhu.dll - ... [b]ERREUR SUPPRESSION !!/b
(!) -- Fichiers temporaires supprimés.
.
HKCU\software\appdatalow\2297199f-9cf2-64f1-64a7-c6f3a5ca56b3
HKCU\software\appdatalow\eed64a28-0f66-fe56-30c8-52e77fd63dfe
HKCU\software\appdatalow\HavingFunOnline
HKCU\Software\AppDataLow\software\{63251812-DC26-141E-0FF1-C4663669F6CB}
HKCU\software\EoRezo
HKCU\software\microsoft\internet explorer\searchscopes\{740537D5-481D-4A67-97DD-AE176D84C830}
HKCU\software\microsoft\internet explorer\searchscopes\{BCE02E95-D90E-48A8-B5A5-03FE84FB7CA4}
HKCU\software\microsoft\internet explorer\searchscopes\{D0B4EF38-156F-4412-8F2F-06C229229503}
HKCU\software\microsoft\internet explorer\searchscopes\{DFBD81C8-17B5-47A3-96B7-B9DE32D13A2C}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\WinUsr
HKLM\Software\Classes\CLSID\{30A27A1A-6558-86DA-35B8-4AA62524EFA3}
HKLM\Software\Classes\CLSID\{58A878F4-03F8-DD7B-6951-6DBD0911B381}
HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\CLSID\{B35BAC80-F31E-305C-EE91-554B8DE28720}
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\software\EoRezo
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30A27A1A-6558-86DA-35B8-4AA62524EFA3}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58A878F4-03F8-DD7B-6951-6DBD0911B381}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\EoEngine
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SoftwareHelper
HKLM\software\microsoft\windows\currentversion\uninstall
HKLM\software\microsoft\windows\currentversion\uninstall\SoftwareUpdate_is1
HKU\.default\software\EoRezo
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.6 [fr] *
.
Nom du profil: s4swq5vp.default (jerome soulet)
.
(JEROME~1, Invalidprefs.js) //er_prefbrowser.search.selectedEngine, Google
(JEROME~1, Invalidprefs.js) Browser.search.selectedEngine, Search
(JEROME~1, Invalidprefs.js) Browser.startup.homepage, hxxp://lo.st#home.
(JEROME~1, Invalidprefs.js) EFFACE - Browser.startup.homepage, hxxp://lo.st#home.
(JEROME~1, prefs.js) Browser.download.lastDir, F:\beasoulet\CYCLE 3\CE2\CE2
(JEROME~1, prefs.js) Browser.search.defaultenginename, 4.6.6.1
(JEROME~1, prefs.js) Browser.search.defaulturl, 4.6.6.1
(JEROME~1, prefs.js) Browser.search.selectedEngine, 4.6.6.1
(JEROME~1, prefs.js) Browser.startup.homepage, hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
(JEROME~1, prefs.js) Extensions.enabledItems, {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04,{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05,{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,jqs@sun.com:1.0,{B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6
(JEROME~1, prefs.js) Keyword.URL, 4.6.6.1
.
(JEROME~1, prefs.js) EFFACE - Browser.search.order.1, Fast Browser Search
.
(JEROME~1, user.js) Browser.search.defaultenginename, 4.6.6.1
(JEROME~1, user.js) Browser.search.defaulturl, 4.6.6.1
(JEROME~1, user.js) Browser.search.selectedEngine, 4.6.6.1
(JEROME~1, user.js) Keyword.URL, 4.6.6.1
.
.
* Internet Explorer Version 7.0.5730.13 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
Use Custom Search URL: 1 (0x1)
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Enable Browser Extensions: yes
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search bar: hxxp://search.msn.com/spbasic.htm
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\Start Page
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_1_08044.exe
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_1_08060_20.exe
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_08100_2.0.exe
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_08267_2.0.exe
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_08298_2.0.exe
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_08335_2.0.exe
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_09085_2.0.exe
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\PCD_Patch_1.exe
C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\ghuetyW\World of Warcraft Shindorei\WoW-3.0.2.9056-to-3.0.3.9183-frFR-patch.exe
C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\ghuetyW\World of Warcraft Shindorei\WoW-3.0.3.9183-to-3.0.8.9464-frFR-patch.exe
C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\ghuetyW\World of Warcraft Shindorei\WoW-3.0.8.9464-to-3.0.8.9506-frFR-patch.exe
C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\ghuetyW\World of Warcraft Shindorei\WoW-3.0.8.9506-to-3.0.9.9551-frFR-patch.exe
C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\ghuetyW\World of Warcraft Shindorei\WoW-3.1.0.9767-to-3.1.1.9806-frFR-patch.exe
C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\ghuetyW\World of Warcraft Shindorei\WoW-3.1.1.9806-to-3.1.1.9835-frFR-patch.exe
C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\ghuetyW\World of Warcraft Shindorei\WoW-3.1.1.9835-to-3.1.2.9901-frFR-patch.exe
C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\ghuetyW\World of Warcraft Shindorei\WoW-3.1.2.9901-to-3.1.3.9947-frFR-patch.exe
C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\ghuetyW\World of Warcraft Shindorei\Patches\WoW-3.0.9.9551-to-3.1.0.9767-frFR-Win\WoW-3.0.9-to-3.1.0-frFR-Win-patch\BNUpdate.exe
C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\HIYTjhdfzM\FR\Patcher.exe
C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\HIYTjhdfzM\FR\PatcherPatch.exe
C:\Documents and Settings\jerome soulet\Local Settings\Application Data\SupportSoft\DellSupportCenter\jerome soulet\exec\DSCPatch07311.exe
C:\Documents and Settings\jerome soulet\Mes documents\les documents … Floriane\Dofus 2\app\_uplauncher\patch_0.0_2.0.0.23619_base.zip
C:\Documents and Settings\jerome soulet\Mes documents\les documents … Floriane\Dofus 2\app\_uplauncher\patch_2.0.0.23619_2.0.0.23654_base.zip
C:\Documents and Settings\jerome soulet\Mes documents\les documents … Floriane\Dofus 2\app\_uplauncher\patch_2.0.0.23654_2.0.0.23662_base.zip
C:\Documents and Settings\jerome soulet\Mes documents\les documents … Floriane\Dofus 2\app\_uplauncher\patch_2.0.0.23662_2.0.0.23663_base.zip
C:\Documents and Settings\jerome soulet\Mes documents\les documents … Floriane\Dofus 2\app\_uplauncher\patch_2.0.0.23663_2.0.0.23665_base.zip
C:\Documents and Settings\jerome soulet\Mes documents\les documents … Floriane\Dofus 2\app\_uplauncher\patch_2.0.0.23665_2.0.0.23666_base.zip
C:\Documents and Settings\jerome soulet\Mes documents\les documents … Floriane\Dofus 2\app\_uplauncher\patch_2.0.0.23666_2.0.0.24039_base.zip
C:\Documents and Settings\jerome soulet\Mes documents\les documents … Floriane\Dofus 2\app\_uplauncher\patch_2.0.0.24039_2.0.0.24040_base.zip
C:\Documents and Settings\jerome soulet\Mes documents\les documents … Floriane\Dofus 2\app\_uplauncher\patch_2.0.0.24040_2.0.0.24212_base.zip
.
===================================
.
587 Octet(s) - C:\Ad-Report-CLEAN[1].log
10140 Octet(s) - C:\Ad-Report-CLEAN[2].log
.
6 Fichier(s) - C:\DOCUME~1\JEROME~1\LOCALS~1\Temp
8 Fichier(s) - C:\WINDOWS\Temp
10 Fichier(s) - C:\WINDOWS\Prefetch
.
37 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
37 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 21:21:04 | 24/12/2009 - CLEAN[2]
.
============== E.O.F ==============
.
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 23.12.2009 à 20:36
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 21:04:41, 24/12/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: BUREAU | Utilisateur actuel: jerome soulet
Bonnes fêtes de fin d'année à vous tous :)
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
C:\DOCUME~1\JEROME~1\APPLIC~1\Mozilla\FireFox\Profiles\s4swq5vp.default\searchplugins\Yoog Search.xml
C:\Program Files\Smart-Ads-Solutions
C:\Program Files\Winsudate
C:\DOCUME~1\JEROME~1\APPLIC~1\EoRezo
C:\DOCUME~1\JEROME~1\APPLIC~1\Smart-Ads-Solutions
C:\WINDOWS\system32\mxnkdegctvkynq.exe
C:\WINDOWS\system32\u_ofgrmyrfolbhu.dll.exe
C:\WINDOWS\system32\ofgrmyrfolbhu.dll - ... [b]ERREUR SUPPRESSION !!/b
C:\WINDOWS\system32\fzmqhsxlmaa.dll - ... [b]ERREUR SUPPRESSION !!/b
C:\WINDOWS\system32\ofgrmyrfolbhu.dll - ... [b]ERREUR SUPPRESSION !!/b
(!) -- Fichiers temporaires supprimés.
.
HKCU\software\appdatalow\2297199f-9cf2-64f1-64a7-c6f3a5ca56b3
HKCU\software\appdatalow\eed64a28-0f66-fe56-30c8-52e77fd63dfe
HKCU\software\appdatalow\HavingFunOnline
HKCU\Software\AppDataLow\software\{63251812-DC26-141E-0FF1-C4663669F6CB}
HKCU\software\EoRezo
HKCU\software\microsoft\internet explorer\searchscopes\{740537D5-481D-4A67-97DD-AE176D84C830}
HKCU\software\microsoft\internet explorer\searchscopes\{BCE02E95-D90E-48A8-B5A5-03FE84FB7CA4}
HKCU\software\microsoft\internet explorer\searchscopes\{D0B4EF38-156F-4412-8F2F-06C229229503}
HKCU\software\microsoft\internet explorer\searchscopes\{DFBD81C8-17B5-47A3-96B7-B9DE32D13A2C}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\WinUsr
HKLM\Software\Classes\CLSID\{30A27A1A-6558-86DA-35B8-4AA62524EFA3}
HKLM\Software\Classes\CLSID\{58A878F4-03F8-DD7B-6951-6DBD0911B381}
HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\CLSID\{B35BAC80-F31E-305C-EE91-554B8DE28720}
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\software\EoRezo
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30A27A1A-6558-86DA-35B8-4AA62524EFA3}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58A878F4-03F8-DD7B-6951-6DBD0911B381}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\EoEngine
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SoftwareHelper
HKLM\software\microsoft\windows\currentversion\uninstall
HKLM\software\microsoft\windows\currentversion\uninstall\SoftwareUpdate_is1
HKU\.default\software\EoRezo
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.6 [fr] *
.
Nom du profil: s4swq5vp.default (jerome soulet)
.
(JEROME~1, Invalidprefs.js) //er_prefbrowser.search.selectedEngine, Google
(JEROME~1, Invalidprefs.js) Browser.search.selectedEngine, Search
(JEROME~1, Invalidprefs.js) Browser.startup.homepage, hxxp://lo.st#home.
(JEROME~1, Invalidprefs.js) EFFACE - Browser.startup.homepage, hxxp://lo.st#home.
(JEROME~1, prefs.js) Browser.download.lastDir, F:\beasoulet\CYCLE 3\CE2\CE2
(JEROME~1, prefs.js) Browser.search.defaultenginename, 4.6.6.1
(JEROME~1, prefs.js) Browser.search.defaulturl, 4.6.6.1
(JEROME~1, prefs.js) Browser.search.selectedEngine, 4.6.6.1
(JEROME~1, prefs.js) Browser.startup.homepage, hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
(JEROME~1, prefs.js) Extensions.enabledItems, {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04,{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05,{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,jqs@sun.com:1.0,{B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6
(JEROME~1, prefs.js) Keyword.URL, 4.6.6.1
.
(JEROME~1, prefs.js) EFFACE - Browser.search.order.1, Fast Browser Search
.
(JEROME~1, user.js) Browser.search.defaultenginename, 4.6.6.1
(JEROME~1, user.js) Browser.search.defaulturl, 4.6.6.1
(JEROME~1, user.js) Browser.search.selectedEngine, 4.6.6.1
(JEROME~1, user.js) Keyword.URL, 4.6.6.1
.
.
* Internet Explorer Version 7.0.5730.13 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
Use Custom Search URL: 1 (0x1)
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Enable Browser Extensions: yes
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search bar: hxxp://search.msn.com/spbasic.htm
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\Start Page
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_1_08044.exe
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_1_08060_20.exe
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_08100_2.0.exe
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_08267_2.0.exe
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_08298_2.0.exe
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_08335_2.0.exe
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_09085_2.0.exe
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\PCD_Patch_1.exe
C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\ghuetyW\World of Warcraft Shindorei\WoW-3.0.2.9056-to-3.0.3.9183-frFR-patch.exe
C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\ghuetyW\World of Warcraft Shindorei\WoW-3.0.3.9183-to-3.0.8.9464-frFR-patch.exe
C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\ghuetyW\World of Warcraft Shindorei\WoW-3.0.8.9464-to-3.0.8.9506-frFR-patch.exe
C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\ghuetyW\World of Warcraft Shindorei\WoW-3.0.8.9506-to-3.0.9.9551-frFR-patch.exe
C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\ghuetyW\World of Warcraft Shindorei\WoW-3.1.0.9767-to-3.1.1.9806-frFR-patch.exe
C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\ghuetyW\World of Warcraft Shindorei\WoW-3.1.1.9806-to-3.1.1.9835-frFR-patch.exe
C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\ghuetyW\World of Warcraft Shindorei\WoW-3.1.1.9835-to-3.1.2.9901-frFR-patch.exe
C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\ghuetyW\World of Warcraft Shindorei\WoW-3.1.2.9901-to-3.1.3.9947-frFR-patch.exe
C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\ghuetyW\World of Warcraft Shindorei\Patches\WoW-3.0.9.9551-to-3.1.0.9767-frFR-Win\WoW-3.0.9-to-3.1.0-frFR-Win-patch\BNUpdate.exe
C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\HIYTjhdfzM\FR\Patcher.exe
C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\HIYTjhdfzM\FR\PatcherPatch.exe
C:\Documents and Settings\jerome soulet\Local Settings\Application Data\SupportSoft\DellSupportCenter\jerome soulet\exec\DSCPatch07311.exe
C:\Documents and Settings\jerome soulet\Mes documents\les documents … Floriane\Dofus 2\app\_uplauncher\patch_0.0_2.0.0.23619_base.zip
C:\Documents and Settings\jerome soulet\Mes documents\les documents … Floriane\Dofus 2\app\_uplauncher\patch_2.0.0.23619_2.0.0.23654_base.zip
C:\Documents and Settings\jerome soulet\Mes documents\les documents … Floriane\Dofus 2\app\_uplauncher\patch_2.0.0.23654_2.0.0.23662_base.zip
C:\Documents and Settings\jerome soulet\Mes documents\les documents … Floriane\Dofus 2\app\_uplauncher\patch_2.0.0.23662_2.0.0.23663_base.zip
C:\Documents and Settings\jerome soulet\Mes documents\les documents … Floriane\Dofus 2\app\_uplauncher\patch_2.0.0.23663_2.0.0.23665_base.zip
C:\Documents and Settings\jerome soulet\Mes documents\les documents … Floriane\Dofus 2\app\_uplauncher\patch_2.0.0.23665_2.0.0.23666_base.zip
C:\Documents and Settings\jerome soulet\Mes documents\les documents … Floriane\Dofus 2\app\_uplauncher\patch_2.0.0.23666_2.0.0.24039_base.zip
C:\Documents and Settings\jerome soulet\Mes documents\les documents … Floriane\Dofus 2\app\_uplauncher\patch_2.0.0.24039_2.0.0.24040_base.zip
C:\Documents and Settings\jerome soulet\Mes documents\les documents … Floriane\Dofus 2\app\_uplauncher\patch_2.0.0.24040_2.0.0.24212_base.zip
.
===================================
.
587 Octet(s) - C:\Ad-Report-CLEAN[1].log
10140 Octet(s) - C:\Ad-Report-CLEAN[2].log
.
6 Fichier(s) - C:\DOCUME~1\JEROME~1\LOCALS~1\Temp
8 Fichier(s) - C:\WINDOWS\Temp
10 Fichier(s) - C:\WINDOWS\Prefetch
.
37 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
37 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 21:21:04 | 24/12/2009 - CLEAN[2]
.
============== E.O.F ==============
.
Utilisateur anonyme
24 déc. 2009 à 22:48
24 déc. 2009 à 22:48
Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
▶ Télécharge :
Malwarebytes
ou :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
▶ Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
▶ Télécharge :
Malwarebytes
ou :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
▶ Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1142
Windows 5.1.2600 Service Pack 2
12/09/2008 22:29:14
mbam-log-2008-09-12 (22-29-14).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 134492
Temps écoulé: 43 minute(s), 21 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 14
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 74
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{51AFE130-73BB-0EA9-4EC0-03B4D3F72AC3} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dc_ads.ads (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dc_ads.ads.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Custom Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software (Trojan.Zlob) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\mntact (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\strprocsh (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\enwebmon (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oo4zzzfgk1 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\zcbtknc\MntAct.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\system32\zqtsrwfs.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\system32\odipensn.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\qfqdwnmt\cjgjgbiv.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-2530769841-3970789835-1896456951-1006\Dc2\Quarantine\C\WINDOWS\system32\myss_sb_uninstall.exe.vir (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP555\A0165576.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP495\A0132268.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{f0a15cab-f693-fb9a-efaa-0bd12148e591}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
Et Bonne année =)
Version de la base de données: 1142
Windows 5.1.2600 Service Pack 2
12/09/2008 22:29:14
mbam-log-2008-09-12 (22-29-14).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 134492
Temps écoulé: 43 minute(s), 21 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 14
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 74
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{51AFE130-73BB-0EA9-4EC0-03B4D3F72AC3} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dc_ads.ads (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dc_ads.ads.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Custom Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software (Trojan.Zlob) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\mntact (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\strprocsh (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\enwebmon (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oo4zzzfgk1 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\zcbtknc\MntAct.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\system32\zqtsrwfs.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\system32\odipensn.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\qfqdwnmt\cjgjgbiv.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-2530769841-3970789835-1896456951-1006\Dc2\Quarantine\C\WINDOWS\system32\myss_sb_uninstall.exe.vir (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP555\A0165576.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP495\A0132268.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\{f0a15cab-f693-fb9a-efaa-0bd12148e591}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
Et Bonne année =)
Utilisateur anonyme
2 janv. 2010 à 20:17
2 janv. 2010 à 20:17
Vide la qurantaine de Malwarebyte's :
> Lance Malwarebyte's
> Onglet quarantaine
> Supprimer tout
=======
▶ Télécharge et install UsbFix par Chiquitine29
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
▶ Double clic sur le raccourci UsbFix présent sur ton bureau .
▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
▶ Laisse travailler l'outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra.
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
> Lance Malwarebyte's
> Onglet quarantaine
> Supprimer tout
=======
▶ Télécharge et install UsbFix par Chiquitine29
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
▶ Double clic sur le raccourci UsbFix présent sur ton bureau .
▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]
▶ Laisse travailler l'outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra.
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
############################## | UsbFix V6.074 |
User : jerome soulet (Administrateurs) # BUREAU
Update on 15/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 17:47:28 | 17/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : McAfee VirusScan [ Enabled | (!) Outdated ]
FW : McAfee Personal Firewall[ Enabled ]
C:\ -> Disque fixe local # 145,95 Go (27,95 Go free) # NTFS
D:\ -> Disque CD-ROM # 3,44 Go (0 Mo free) [Mon disque] # CDFS
E:\ -> Disque CD-ROM # 2,01 Go (0 Mo free) [Mon disque] # CDFS
F:\ -> Disque fixe local # 465,65 Go (460,03 Go free) [VERBATIM] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 680
C:\WINDOWS\system32\csrss.exe 732
C:\WINDOWS\system32\winlogon.exe 756
C:\WINDOWS\system32\services.exe 800
C:\WINDOWS\system32\lsass.exe 812
C:\WINDOWS\system32\svchost.exe 1008
C:\WINDOWS\system32\svchost.exe 1116
C:\WINDOWS\System32\svchost.exe 1212
C:\WINDOWS\system32\svchost.exe 1256
C:\WINDOWS\system32\svchost.exe 1388
C:\WINDOWS\system32\svchost.exe 1520
C:\WINDOWS\system32\brsvc01a.exe 1648
C:\WINDOWS\system32\brss01a.exe 1664
C:\WINDOWS\system32\spoolsv.exe 1672
C:\WINDOWS\system32\SCardSvr.exe 1720
C:\WINDOWS\system32\svchost.exe 1796
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1828
C:\Program Files\Bonjour\mDNSResponder.exe 1848
C:\WINDOWS\system32\svchost.exe 1868
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe 1904
C:\Program Files\Java\jre6\bin\jqs.exe 196
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe 220
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe 256
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe 420
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe 596
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe 1024
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE 1380
C:\WINDOWS\Explorer.EXE 1452
C:\Program Files\McAfee\MPF\MPFSrv.exe 2104
c:\PROGRA~1\mcafee.com\agent\mcagent.exe 2116
C:\Program Files\McAfee\MSK\MskSrver.exe 2148
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe 2236
C:\WINDOWS\system32\nvsvc32.exe 2324
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe 2364
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2408
C:\Program Files\Dell Support Center\bin\sprtsvc.exe 2540
C:\WINDOWS\system32\svchost.exe 2584
C:\Program Files\Canon\CAL\CALMAIN.exe 3244
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe 3312
C:\WINDOWS\system32\wbem\wmiapsrv.exe 3392
C:\WINDOWS\System32\alg.exe 3856
C:\Program Files\Java\jre6\bin\jusched.exe 1476
C:\WINDOWS\stsystra.exe 2056
C:\Program Files\Dell\Media Experience\DMXLauncher.exe 2524
C:\WINDOWS\System32\DLA\DLACTRLW.EXE 2604
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe 2756
C:\WINDOWS\System32\svchost.exe 3344
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe 3628
C:\WINDOWS\system32\rundll32.exe 3780
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe 3844
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe 3960
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe 4016
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe 4040
C:\Program Files\Orange\option fax\OptionFax.exe 452
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe 728
C:\Program Files\iTunes\iTunesHelper.exe 2248
C:\WINDOWS\vsnpstd3.exe 2332
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe 1108
C:\WINDOWS\system32\ctfmon.exe 1076
C:\Program Files\Dell Support\DSAgnt.exe 2580
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2900
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe 3580
C:\WINDOWS\system32\wuauclt.exe 3180
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe 3684
C:\PROGRA~1\Wanadoo\ComComp.exe 3564
C:\PROGRA~1\Wanadoo\Toaster.exe 1704
C:\PROGRA~1\Wanadoo\Inactivity.exe 1096
C:\PROGRA~1\Wanadoo\PollingModule.exe 960
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE 2748
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe 3740
C:\PROGRA~1\Wanadoo\Watch.exe 1144
C:\Program Files\iPod\bin\iPodService.exe 4176
C:\Program Files\Skype\Phone\Skype.exe 5132
C:\Program Files\Digital Line Detect\DLG.exe 5352
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe 5396
C:\Program Files\Java\jre6\bin\jucheck.exe 5740
C:\WINDOWS\system32\wscntfy.exe 3732
C:\Program Files\Mozilla Firefox\firefox.exe 5420
C:\WINDOWS\system32\wbem\wmiprvse.exe 5784
################## | Elements infectieux |
C:\Documents and Settings\jerome soulet\Mes documents\T‚l‚chargements\IMG67463_95.JPG-www.myspace.com.exe
################## | Registre |
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{053c87ef-e5a8-11de-82b4-00188b5bd6ff}
Shell\AutoRun\command =G:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ
Shell\open\command =G:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ
HKCU\..\..\Explorer\MountPoints2\{0c0cbbe4-de42-11de-82b1-00188b5bd6ff}
Shell\AutoRun\command =G:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ
Shell\open\command =G:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ
HKCU\..\..\Explorer\MountPoints2\{66834c02-ea19-11de-82b6-00188b5bd6ff}
Shell\AutoRun\command =G:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ
Shell\open\command =G:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ
HKCU\..\..\Explorer\MountPoints2\{7d6cab24-c42e-11db-8079-00188b5bd6ff}
Shell\AutoRun\command =G:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ
Shell\open\command =G:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ
################## | Cracks > Keygens > Serials |
################## | ! Fin du rapport # UsbFix V6.074 ! |
Dsl du retard
User : jerome soulet (Administrateurs) # BUREAU
Update on 15/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 17:47:28 | 17/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled
AV : McAfee VirusScan [ Enabled | (!) Outdated ]
FW : McAfee Personal Firewall[ Enabled ]
C:\ -> Disque fixe local # 145,95 Go (27,95 Go free) # NTFS
D:\ -> Disque CD-ROM # 3,44 Go (0 Mo free) [Mon disque] # CDFS
E:\ -> Disque CD-ROM # 2,01 Go (0 Mo free) [Mon disque] # CDFS
F:\ -> Disque fixe local # 465,65 Go (460,03 Go free) [VERBATIM] # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe 680
C:\WINDOWS\system32\csrss.exe 732
C:\WINDOWS\system32\winlogon.exe 756
C:\WINDOWS\system32\services.exe 800
C:\WINDOWS\system32\lsass.exe 812
C:\WINDOWS\system32\svchost.exe 1008
C:\WINDOWS\system32\svchost.exe 1116
C:\WINDOWS\System32\svchost.exe 1212
C:\WINDOWS\system32\svchost.exe 1256
C:\WINDOWS\system32\svchost.exe 1388
C:\WINDOWS\system32\svchost.exe 1520
C:\WINDOWS\system32\brsvc01a.exe 1648
C:\WINDOWS\system32\brss01a.exe 1664
C:\WINDOWS\system32\spoolsv.exe 1672
C:\WINDOWS\system32\SCardSvr.exe 1720
C:\WINDOWS\system32\svchost.exe 1796
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1828
C:\Program Files\Bonjour\mDNSResponder.exe 1848
C:\WINDOWS\system32\svchost.exe 1868
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe 1904
C:\Program Files\Java\jre6\bin\jqs.exe 196
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe 220
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe 256
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe 420
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe 596
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe 1024
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE 1380
C:\WINDOWS\Explorer.EXE 1452
C:\Program Files\McAfee\MPF\MPFSrv.exe 2104
c:\PROGRA~1\mcafee.com\agent\mcagent.exe 2116
C:\Program Files\McAfee\MSK\MskSrver.exe 2148
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe 2236
C:\WINDOWS\system32\nvsvc32.exe 2324
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe 2364
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2408
C:\Program Files\Dell Support Center\bin\sprtsvc.exe 2540
C:\WINDOWS\system32\svchost.exe 2584
C:\Program Files\Canon\CAL\CALMAIN.exe 3244
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe 3312
C:\WINDOWS\system32\wbem\wmiapsrv.exe 3392
C:\WINDOWS\System32\alg.exe 3856
C:\Program Files\Java\jre6\bin\jusched.exe 1476
C:\WINDOWS\stsystra.exe 2056
C:\Program Files\Dell\Media Experience\DMXLauncher.exe 2524
C:\WINDOWS\System32\DLA\DLACTRLW.EXE 2604
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe 2756
C:\WINDOWS\System32\svchost.exe 3344
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe 3628
C:\WINDOWS\system32\rundll32.exe 3780
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe 3844
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe 3960
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe 4016
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe 4040
C:\Program Files\Orange\option fax\OptionFax.exe 452
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe 728
C:\Program Files\iTunes\iTunesHelper.exe 2248
C:\WINDOWS\vsnpstd3.exe 2332
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe 1108
C:\WINDOWS\system32\ctfmon.exe 1076
C:\Program Files\Dell Support\DSAgnt.exe 2580
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2900
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe 3580
C:\WINDOWS\system32\wuauclt.exe 3180
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe 3684
C:\PROGRA~1\Wanadoo\ComComp.exe 3564
C:\PROGRA~1\Wanadoo\Toaster.exe 1704
C:\PROGRA~1\Wanadoo\Inactivity.exe 1096
C:\PROGRA~1\Wanadoo\PollingModule.exe 960
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE 2748
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe 3740
C:\PROGRA~1\Wanadoo\Watch.exe 1144
C:\Program Files\iPod\bin\iPodService.exe 4176
C:\Program Files\Skype\Phone\Skype.exe 5132
C:\Program Files\Digital Line Detect\DLG.exe 5352
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe 5396
C:\Program Files\Java\jre6\bin\jucheck.exe 5740
C:\WINDOWS\system32\wscntfy.exe 3732
C:\Program Files\Mozilla Firefox\firefox.exe 5420
C:\WINDOWS\system32\wbem\wmiprvse.exe 5784
################## | Elements infectieux |
C:\Documents and Settings\jerome soulet\Mes documents\T‚l‚chargements\IMG67463_95.JPG-www.myspace.com.exe
################## | Registre |
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{053c87ef-e5a8-11de-82b4-00188b5bd6ff}
Shell\AutoRun\command =G:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ
Shell\open\command =G:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ
HKCU\..\..\Explorer\MountPoints2\{0c0cbbe4-de42-11de-82b1-00188b5bd6ff}
Shell\AutoRun\command =G:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ
Shell\open\command =G:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ
HKCU\..\..\Explorer\MountPoints2\{66834c02-ea19-11de-82b6-00188b5bd6ff}
Shell\AutoRun\command =G:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ
Shell\open\command =G:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ
HKCU\..\..\Explorer\MountPoints2\{7d6cab24-c42e-11db-8079-00188b5bd6ff}
Shell\AutoRun\command =G:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ
Shell\open\command =G:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ
################## | Cracks > Keygens > Serials |
################## | ! Fin du rapport # UsbFix V6.074 ! |
Dsl du retard
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
18 janv. 2010 à 21:12
18 janv. 2010 à 21:12
▶ (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
▶ Double clic (clic droit "en tant qu'administrateur" pour Vista)sur le raccourci UsbFix présent sur ton bureau
▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]
▶ Ton bureau disparaitra et le pc redémarrera .
▶ Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
▶ Double clic (clic droit "en tant qu'administrateur" pour Vista)sur le raccourci UsbFix présent sur ton bureau
▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
▶ Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]
▶ Ton bureau disparaitra et le pc redémarrera .
▶ Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
23 déc. 2009 à 17:47
Logfile of random's system information tool 1.06 (written by random/random)
Run by jerome soulet at 2009-12-23 17:55:37
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 45 GB (30%) free of 149 GB
Total RAM: 2046 MB (38% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:56:42, on 23/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winsudate\gibsvc.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Orange\option fax\OptionFax.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\rndll.exe
C:\Documents and Settings\jerome soulet\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Winsudate\gibusr.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\jerome soulet\Bureau\RSIT.exe
C:\Program Files\trend micro\jerome soulet.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-fr.com/fr/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shareware-fr.com/fr/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=3070220
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://y.lo.st
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: mysidesearch search enhancer - {30A27A1A-6558-86DA-35B8-4AA62524EFA3} - C:\WINDOWS\system32\ofgrmyrfolbhu.dll
O2 - BHO: gooochi browser enhancer - {58A878F4-03F8-DD7B-6951-6DBD0911B381} - C:\WINDOWS\system32\fzmqhsxlmaa.dll
O2 - BHO: MessengerUpdate - {5948A52A-BA3A-49A8-BCAF-D578502BDA9D} - C:\Documents and Settings\jerome soulet\Application Data\Messenger\Drivers\MsgUpdate.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartAds browser enhancer qcslizbm - {F75173F2-6DF0-4E5A-908D-F4FFEB2688ED} - C:\WINDOWS\system32\qcslizbm.dll
O2 - BHO: ezLife browser enhancer xnpwjqan - {FE69DCCC-5BEC-41A4-9E28-03C0AB888884} - C:\WINDOWS\system32\xnpwjqan.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe"
O4 - HKLM\..\Run: [option fax] "C:\Program Files\Orange\option fax\OptionFax.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [Firevall Administrating] rndll.exe
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\jerome soulet\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [diazpdodsyoagyaa] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\fzmqhsxlmaa.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IgfxSys] rundll32.exe "C:\Documents and Settings\jerome soulet\Application Data\Messenger\Drivers\IgfxSys.dll",StartProtector
O4 - HKCU\..\Run: [RegDokFRT] C:\Program Files\RegistryDoktor 4.1\RegistryDoktor.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www.tellmemorecampus.com/bin/tol9inst.cab
O16 - DPF: {A06BE318-C096-11D4-964F-0010A4D06F69} (TeleTVA Control) - https://tva.dgi.minefi.gouv.fr/activeX/TeleTVA.tva
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5382/mcfscan.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Winsudate - C:\Program Files\Winsudate\gibsvc.exe