qui peut m'aider à supprimer un bagle ?Résolu/Fermé

Question

Bonjour,
je crois que j'ai fais une grosse boulette, j'ai telecharger un truc qui fallait pas.
Après tout c'est fermé, mon ordi a redemarrer et mon parfeu à disparu et avast est devenu une application win32 non valide. Alors j'ai regarder sur les forums et à parament ça ressemble à un bagle (oups !), il conseillait d'utiliser findykill, ce que j'ai fait et de poster le rapport, ce que je fait. 
Donc si quelqu'un aura la gentillesse de m'aider je lui en serait très reconnaissant, MERCI


############################## | FindyKill V5.023 |

# User : Elise (Administrateurs) # BLONDEAU-0ED7F4
# Update on 31/12/2009 by El Desaparecido
# Start at: 15:20:42 | 06/01/2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

# AMD Athlon(tm) 64 Processor 3000+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1351 [VPS 100104-0] 4.8.1351 [ (!) Disabled | Updated ]

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 114,48 Go (1,26 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM

############################## | Processus actifs |

C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\svchost.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32
tvdm.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\windows\System32\svchost.exe
C:\windows\system32\khebx.exe
C:\windows\vsnpstd2.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\windows\system32\ctfmon.exe
C:\Documents and Settings\Elise\Application Data\drivers\winupgro.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\Elise\Application Data\m\flec006.exe
C:\windows\wintems.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\windows\system32\msiexec.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\WINDOWS\SYSTEM\LXDBOXCP.EXE
C:\WINDOWS\SYSTEM32\WOWEXEC.EXE
 
############################## | Processus infectieux stoppés  | 

"C:\Documents and Settings\Elise\Application Data\drivers\winupgro.exe"  (2236)
"C:\Documents and Settings\Elise\Application Data\m\flec006.exe"  (160)
"C:\windows\wintems.exe"  (540)

################## | C: |


################## | C:\windows |

Présent ! C:\windows\ban_list.txt  
Présent ! C:\windows\mdelk.exe  
Présent ! C:\windows\wintems.exe  
Présent ! C:\windows\Prefetch\130046.EXE-1BFA1703.pf  
Présent ! C:\windows\Prefetch\139109.EXE-18F1344F.pf  
Présent ! C:\windows\Prefetch\147140.EXE-31714B29.pf  
Présent ! C:\windows\Prefetch\14958656.EXE-0DAF0724.pf  
Présent ! C:\windows\Prefetch\14963671.EXE-39D0CC83.pf  
Présent ! C:\windows\Prefetch\14983875.EXE-0E7423E5.pf  
Présent ! C:\windows\Prefetch\14989375.EXE-1C1DD39E.pf  
Présent ! C:\windows\Prefetch\153031.EXE-10578C03.pf  
Présent ! C:\windows\Prefetch\201531.EXE-185DAF84.pf  
Présent ! C:\windows\Prefetch\207031.EXE-0AB3FFCB.pf  
Présent ! C:\windows\Prefetch\213750.EXE-2339AE27.pf  
Présent ! C:\windows\Prefetch\216125.EXE-2920EAB0.pf  
Présent ! C:\windows\Prefetch\FLEC006.EXE-04285AB8.pf  
Présent ! C:\windows\Prefetch\MDELK.EXE-087EF2B4.pf  
Présent ! C:\windows\Prefetch\WINTEMS.EXE-127B61D4.pf  

################## | C:\windows\system32 |

Présent ! C:\windows\system32\srosa2.sys  
Présent ! C:\windows\system32\wfsintwq.sys  

################## | C:\windows\system32\drivers |


################## | C:\Documents and Settings\Elise\Application Data |

Présent ! C:\Documents and Settings\Elise\Application Data\drivers  
Présent ! C:\Documents and Settings\Elise\Application Data\drivers\downld  
Présent ! C:\Documents and Settings\Elise\Application Data\drivers\winupgro.exe  
Présent ! C:\Documents and Settings\Elise\Application Data\m  
Présent ! C:\Documents and Settings\Elise\Application Data\m\data.oct  
Présent ! C:\Documents and Settings\Elise\Application Data\m\flec006.exe  
Présent ! C:\Documents and Settings\Elise\Application Data\m\list.oct  
Présent ! C:\Documents and Settings\Elise\Application Data\m\srvlist.oct  
Présent ! C:\Documents and Settings\Elise\Application Data\m\shared  

################## | Temporary Internet Files |

Présent ! C:\Documents and Settings\Elise\Local Settings\Temporary Internet Files\Content.IE5\4EYBNWPZ\mxd[1].jpg  
Présent ! C:\Documents and Settings\Elise\Local Settings\Temporary Internet Files\Content.IE5\4EYBNWPZ\servernames[1].htm  
Présent ! C:\Documents and Settings\Elise\Local Settings\Temporary Internet Files\Content.IE5\LHZVKPHL\mxd[1].jpg  
Présent ! C:\Documents and Settings\Elise\Local Settings\Temporary Internet Files\Content.IE5\LHZVKPHL\mxd[2].jpg  
Présent ! C:\Documents and Settings\Elise\Local Settings\Temporary Internet Files\Content.IE5\W5R2WOTP\mxd[1].jpg  
Présent ! C:\Documents and Settings\Elise\Local Settings\Temporary Internet Files\Content.IE5\W5R2WOTP\mxd[2].jpg  

################## | Registre / Clés infectieuses |

Présent ! [HKLM\SYSTEM\CurrentControlSet\Services\sK9Ou0s]  
Présent ! [HKLM\SYSTEM\ControlSet001\Services\sK9Ou0s]  
Présent ! [HKLM\SYSTEM\ControlSet003\Services\sK9Ou0s]  
Présent ! [HKLM\SYSTEM\CurrentControlSet\Services\srosa]  
Présent ! [HKLM\SYSTEM\ControlSet001\Services\srosa]  
Présent ! [HKLM\SYSTEM\ControlSet003\Services\srosa]  
Présent ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S]  
Présent ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S]  
Présent ! [HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S]  
Présent ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]  
Présent ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]  
Présent ! [HKCU\Software\bisoft]  
Présent ! [HKCU\Software\MuleAppData]  
Présent ! [HKCU\Software\WS35]  
Présent ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"  
Présent ! [HKU\S-1-5-21-725345543-682003330-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"  
Présent ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"  
Présent ! [HKU\S-1-5-21-725345543-682003330-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"  
Présent ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "mule_st_key"  
Présent ! [HKU\S-1-5-21-725345543-682003330-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Run] "mule_st_key"  
Présent ! [HKU\S-1-5-21-725345543-682003330-839522115-1005\Software\bisoft]  
Présent ! [HKU\S-1-5-21-725345543-682003330-839522115-1005\Software\MuleAppData]  
Présent ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]  
Présent ! [HKU\S-1-5-21-725345543-682003330-839522115-1005\Software\Local AppWizard-Generated Applications\winupgro]  

################## | Etat / Services / Informations |

# Affichage des fichiers cachés : OK
 
Clé manquante : HKLM\...\SafeBoot | Mode sans echec non fonctionnel !  
 
# (!) Ndisuio -> Start = 4 ( Good = 3 | Bad = 4 )  
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 ) 
# (!) Ip6Fw -> Start = 4 ( Good = 2 | Bad = 4 )  
# (!) SharedAccess -> Start = 4 ( Good = 2 | Bad = 4 )  
# (!) wuauserv -> Start = 4 ( Good = 2 | Bad = 4 )  
# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )  


################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # FindyKill V5.023 ! |

Utilisateur anonyme · Answer

bonjour
belle infection bagle
Déconnecte toi et ferme toutes application en cours, ainsi que le navigateur 

• Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)
• Relance FindyKill présent sur le bureau, tape sur F  pour le français, puis appuie sur la touche entrée
• Sélectionne l'option 2 (suppression), puis appuie sur la touche entrée 
• Le pc va redémarrer automatiquement ...

&#9654;Laisse l'outil travailler, et ne touche à rien,ton bureau ne sera pas accessible c'est normal !

--> Poste le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt ) 

Note:Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , aller dans Onglet "Processus", 
cliquer sur "fichier", sélectionner "nouvelle tâche", taper explorer.exe, puis valider

Utilisateur anonyme · Answer

Ton Avast est HS, désinstalle le et je te conseille un anti-virus plus efficace, c'est à toi de choisir

http://www.commentcamarche.net/telecharger/telecharger-55-antivir
Avira Antivir télécharge une pop-up qui propose la version payante lorsque qu'il se met à jour
quotidiennement. Ne pas s'inquiéter, ferme cette pop-up tout simplement
Configure le
https://www.commentcamarche.net/faq/16831-tutoriel-configuration-optimale-d-antivir-personal


on va faire un bilan du PC
Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

- http://images.malwareremoval.com/random/RSIT.exe

! Déconnecte toi et ferme toutes tes applications en cours !

* Double-clique sur RSIT.exe pour le lancer .
* Une première fenêtre s'ouvre avec en titre : Disclaimer of warranty .
* Devant l'option List files/folders created ... , tu choisis  2 months
* Clique ensuite sur Continue pour lancer l'analyse ...
* Laisse faire le scan et ne touche pas au PC ...
* Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).
* Héberge le contenu de log.txt (c'est celui qui apparait à l'écran), ainsi que de  info.txt ici.  
Clique sur parcourir
Une fois que tu as trouvé les rapports à héberger, clique sur ouvrir
Clique sur Cliquez ici pour déposer le fichier, puis donne le lien
qui apparait comme ceci http:/www.cijoint.fr/cjlink.php?file=cj200911/cijgAdC3Ch.txt

Note : les rapports seront en outre sauvegardés dans ce dossier C:\rsit

lilise · Answer

Voila donc j'ai desinstallé avast et installer antivir
Et voici les resultats du bilan du pc


info.txt
http://www.cijoint.fr/cjlink.php?file=cj201001/cijg5HXSvV.txt

log.txt
http://www.cijoint.fr/cjlink.php?file=cj201001/cijW7nj8j2.txt

Alors qu'est-ce que ça donne ? J'espère que ça sera bon
Par contre toute cette histoire m'a aussi enlevé mon parfeu (kerio) peut-tu m'en conseiller un bien ?
Merci

lilise · Answer

Voilà le rapport :

.
======= RAPPORT D'AD-REMOVER 1.1.4.6_G | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 05.01.2010 à 18:50
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 11:09:15, 07/01/2010 | Mode Normal | Option: CLEAN
Exécuté de: C:\PROGRA~1\AD-REM~1\
Système d'exploitation: Microsoft® Windows XP™  Service Pack 3 v5.1.2600
Nom du PC: BLONDEAU-0ED7F4 | Utilisateur actuel: Elise

.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.

C:\windows\Downloaded Program Files\F3initialsetup1.0.0.15-3.inf 
C:\windows\Installer\{E1B94435-241E-4519-B1C3-C4DD9EB352A2} 
C:\windows\System32\f3PSSavr.scr 
C:\windows\pack.epk 
C:\windows\Temp\msksetup.log 
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\GamesBar 
C:\Program Files\FunWebProducts 
C:\Program Files\GamesBar 
C:\Program Files\Internet Optimizer 
C:\Program Files\Macrogaming 
C:\Program Files\MailSkinner 
C:\Program Files\MyWebSearch 
C:\Program Files\Trymedia 
C:\Program Files\webHancer 
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar 
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia 
C:\Documents and Settings\Elise\Local Settings\Application Data\Iminent 
C:\windows\System32\parbed.dat 
C:\windows\System32\parbed.exe 
C:\windows\System32\parbed_nav.dat 
C:\windows\System32\parbed_navps.dat 

(!) -- Fichiers temporaires supprimés.
 
.
HKCU\software\Casino Tropez
HKCU\software\fcn
HKCU\software\GamesBar
HKCU\software\Iminent
HKCU\software\LanConfig
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} 
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} 
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A93C934-025B-4C3A-B38E-9654A7003239}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
HKCU\software\SWEETIE
HKCU\software\Trymedia Systems
HKLM\software\Casino Tropez
HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKLM\Software\Classes\CLSID\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}
HKLM\Software\Classes\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94}
HKLM\Software\Classes\CLSID\{31A59636-0FA3-4A56-954D-DB7AD02840D8}
HKLM\Software\Classes\CLSID\{3FA917B9-DF69-477F-9E4F-B60D929DE79F}
HKLM\Software\Classes\CLSID\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}
HKLM\Software\Classes\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
HKLM\Software\Classes\CLSID\{74CC49F7-EB32-4A08-B204-948962A6E3DB}
HKLM\Software\Classes\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}
HKLM\Software\Classes\CLSID\{8C875948-9C60-4381-9248-0DF180542D53}
HKLM\Software\Classes\CLSID\{A14C0D8D-E753-4E73-9E2B-4070791D8940}
HKLM\Software\Classes\CLSID\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
HKLM\Software\Classes\CLSID\{C2BAA4C9-AE1E-4605-AE2F-A1C49A30D881}
HKLM\Software\Classes\CLSID\{CB0D163C-E9F4-4236-9496-0597E24B23A5}
HKLM\Software\Classes\CLSID\{ED8525EA-2BFC-4440-BD8A-20EFB9D5E541}
HKLM\software\classes\HbCoreSrv.DynamicProp
HKLM\software\classes\HbCoreSrv.DynamicProp.1
HKLM\Software\Classes\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}
HKLM\Software\Classes\Interface\{1C1793E0-1034-4CAC-837D-AA545F6961BF}
HKLM\Software\Classes\Interface\{38A7C9DA-8DB7-4D0F-A7B1-C4B1A305BDDB}
HKLM\Software\Classes\Interface\{421745E9-16DF-4EE4-A758-D51F939C49CB}
HKLM\Software\Classes\Interface\{4331EC56-0AAB-499E-8757-DD2EE44AD671}
HKLM\Software\Classes\Interface\{54286C3A-E044-4E65-BD44-528D6AE28A18}
HKLM\Software\Classes\Interface\{5F2B9DE7-F878-4762-8CFE-E9C58F082F0E}
HKLM\Software\Classes\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}
HKLM\Software\Classes\Interface\{8D292EC0-6792-4A38-82ED-73A087E41BA6}
HKLM\Software\Classes\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}
HKLM\Software\Classes\Interface\{B671426C-5C1A-48AC-9652-BC9402B1C404}
HKLM\Software\Classes\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}
HKLM\Software\Classes\Interface\{D082721F-4BD4-4B8B-BB82-06753EE6174F}
HKLM\Software\Classes\Interface\{D24F9D3C-5D4C-47F8-9AB7-632B44AD6A0D}
HKLM\Software\Classes\Interface\{DC065FA6-08F9-4C50-99DC-275D16CFC5BD}
HKLM\Software\Classes\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}
HKLM\software\classes\Oberontb.Band
HKLM\software\classes\Oberontb.Band.1
HKLM\software\classes\SWEETIE.IEToolbar
HKLM\software\classes\SWEETIE.IEToolbar.1
HKLM\software\classes\SWEETIE.SWEETIE
HKLM\software\classes\SWEETIE.SWEETIE.1
HKLM\software\classes\ToolBand.SWEETIE
HKLM\software\classes\ToolBand.SWEETIE.1
HKLM\Software\Classes\TypeLib\{45397063-D7D0-47C2-9508-26487608A298}
HKLM\Software\Classes\TypeLib\{4CF5A3C1-07A2-4336-9B54-6870452EBDE1}
HKLM\Software\Classes\TypeLib\{71E9CF40-AF72-4B55-BD3F-1FEA2A0EAEA6}
HKLM\Software\Classes\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36}
HKLM\Software\Classes\TypeLib\{98635087-3F5D-418F-990C-B1EFE0797A3B}
HKLM\Software\Classes\TypeLib\{AD76633E-E50D-4844-9E7F-4DFBC7C18467}
HKLM\software\FocusInteractive
HKLM\software\Fun Web Products
HKLM\software\FunWebProducts
HKLM\software\GamesBar
HKLM\software\GamesBarSetup
HKLM\software\iAvatars.com
HKLM\software\Iminent
HKLM\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\{6F282B65-56BF-4BD1-A8B2-A4449A05863D} 
HKLM\Software\Microsoft\Internet Explorer\Toolbar\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} 
HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
HKLM\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer
HKLM\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent
HKLM\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{F86FFD86-1966-4C6C-99D9-44A6E7AB97E3}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB0D163C-E9F4-4236-9496-0597E24B23A5}
HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\IMBooster 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Iminent.Notifier 
HKLM\software\microsoft\windows\currentversion\uninstall\GamesBar
HKLM\software\microsoft\windows\currentversion\uninstall\parbed
HKLM\software\MyWebSearch
HKLM\software\Trymedia Systems
.
============== Scan additionnel ==============
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\windows\system32\blank.htm
Show_ToolBar: yes
Enable Browser Extensions: yes
Use Search Asst: no
Start Page: hxxp://fr.msn.com/
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\windows\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Documents and Settings\Claudine & Thierry\Local Settings\Temp\Patch_MSN_Messenger.EXE
.
===================================
.
8961 Octet(s) - C:\Ad-Report-CLEAN[1].log 
.
0 Fichier(s) - C:\DOCUME~1\Elise\LOCALS~1\Temp 
1 Fichier(s) - C:\windows\Temp 
6 Fichier(s) - C:\windows\Prefetch 
.
16 Fichier(s) - C:\PROGRA~1\AD-REM~1\BACKUP
147 Fichier(s) - C:\PROGRA~1\AD-REM~1\QUARANTINE 
.
Fin à: 12:35:43 | 07/01/2010 - CLEAN[1]
.
============== E.O.F ==============
.

lilise · Answer

donc j'ai supprimer le fichier et voilà le rapport de malwarebytes

Malwarebytes' Anti-Malware 1.43
Version de la base de données: 3508
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07/01/2010 18:47:55
mbam-log-2010-01-07 (18-47-55).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 326808
Temps écoulé: 1 hour(s), 55 minute(s), 16 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 46
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 10
Fichier(s) infecté(s): 40

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\hbtcoresrv.hbtcoreservices (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbtcoresrv.hbtcoreservices.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbtcoresrv.lfgax (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbtcoresrv.lfgax.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbthostol.hbtmailanim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbthostol.hbtmailanim.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbthostol.hbtwebmailsend (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbthostol.hbtwebmailsend.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbtinstie.hbinstobj (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbtinstie.hbinstobj.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbtools.hbtcommband (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbtools.hbtcommband.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbttools.hbmain (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbttools.hbmain.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{023a4648-601a-4c30-8a2e-c72ebfa99af6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{19ebcbe0-9245-4397-bc5d-883d34782043} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1e07646f-07c4-4847-a250-0ec8114f2963} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38370864-346f-4afa-8c4b-4fbff518c0bb} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5d16197a-1eaa-45af-b29a-69f1aa055e87} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8654592e-952a-4e7c-a960-304763b35fa6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} (Adware.NetOptimizer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} (Adware.NetOptimizer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f43ec88b-b6c8-4969-a763-e2bf55602cce} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f814be58-1bf9-4b50-829a-e889f86127ad} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{460ac4db-b0de-4626-a0f0-175dd84dcb9b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31a59636-0fa3-4a56-954d-db7ad02840d8} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3fa917b9-df69-477f-9e4f-b60d929de79f} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4b18dd50-c996-44fc-ac52-0fecff82ed58} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8c875948-9c60-4381-9248-0df180542d53} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ed8525ea-2bfc-4440-bd8a-20efb9d5e541} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\AMeOpt (Adware.NetOptimizer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegistryDoktorFrNE (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\winantivirus pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\AMeOpt (Adware.NetOptimizer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout (Adware.NetOptimizer) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\parbed (Trojan.Agent.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{10e42047-deb9-4535-a118-b3f6ec39b807} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pmsngr.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\bootstera (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elise\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elise\Application Data\WinAntiVirus Pro 2006\Logs (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Montorgueil (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Montorgueil\Piporama (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\Program Files\SideFind (Adware.ISTBar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\AVP 2009 (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\msskinner (Adware.EGDAccess) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MYWEBS~1\SrchAstt\1.bin\MWSSRCAS.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP963\A0332266.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP964\A0332290.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP964\A0332291.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP964\A0332292.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP964\A0332311.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP964\A0332320.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP964\A0332323.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP964\A0332556.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP964\A0333027.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP964\A0333026.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP964\A0333028.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP965\A0333194.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP965\A0333198.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP965\A0333202.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP965\A0333557.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP965\A0333558.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP965\A0333559.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP965\A0334137.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP965\A0334140.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP965\A0334509.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP965\A0334517.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP965\A0334522.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP965\A0334510.exe (Worm.Bagle) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP966\A0334729.exe (Rogue.AntivirusDoktor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP967\A0334768.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP967\A0334769.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1024\ld4C30.tmp (Malware.Packer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Elise\Application Data\WinAntiVirus Pro 2006\PGE.dat (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Montorgueil\14.05068 (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Montorgueil\Piporama\Piporama.ico (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Montorgueil\Piporama\Thumbs.db (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\AVP 2009\1.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\msskinner\msbackup.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msegcompid.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\stera.job (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\EGAUTH.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\sysiasvc32.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\syswbsvc32.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.

lilise · Answer

Oui, merci, je crois que ça m'as servi de leçon.
Donc une fois la quarantaine de malwarebytes vider mon problème est resolu ? le bagle n'est plus ds mon ordi ?
Une dernière question : est-ce je doit garder ou supprimer les logiciels que tu m'as fais telecharger ? (findykill, malwarebytes ...)

Et encore MERCI je me voyait tous reinstaller windows.

lilise · Answer

Par contre y'a que log.txt qui s'est affiché :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Elise at 2010-01-07 21:50:48
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 37 GB (31%) free of 117 GB
Total RAM: 511 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:49, on 07/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\windows\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\windows\system32
tvdm.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\vsnpstd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Elise\Mes documents\Downloads\RSIT (1).exe
C:\Program Files	rend micro\Elise.exe
C:\windows\system32\HPZipm12.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F3 - REG:win.ini: run= lxdboxcp.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program filesealealplayerpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {E6F3D849-220F-B5F1-C818-EE94D660FC51} - C:\DOCUME~1\Elise\APPLIC~1\CURBDU~1\MemoBash.exe (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: barre d'outils Orange - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\orange\ToolbarFR\ToolbarContainer101000313.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Voyance] C:\Program Files\Allocam Multi Visio\voyance.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [BrowserSessionManager] C:\Program Files\Orange\Navigateur\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\windows\vsnpstd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RegDokFRT] C:\Program Files\RegistryDoktor 4.1\RegistryDoktor.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\DOCUME~1\Elise\LOCALS~1\Temp\cceD1.html
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: traduire la page - C:\DOCUME~1\Elise\LOCALS~1\Temp\cceCF.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\DOCUME~1\Elise\LOCALS~1\Temp\cceD0.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\orange\ToolbarFR\ToolbarContainer101000313.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\orange\ToolbarFR\ToolbarContainer101000313.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\orange\ToolbarFR\ToolbarContainer101000313.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - "C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\..\Launcher\Exe\SilentLauncher.exe" (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - "C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\..\Launcher\Exe\SilentLauncher.exe" (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden-test.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://moielise22ans.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5392B545-31A5-4724-BEF3-4FED1D56FDAC} (CPlayFirstDinerDash2_frControl Object) - file:///C:/Documents%20and%20Settings/Elise/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/DinerDash2_fr.1.0.0.70.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumblebugs/axhost.cab
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {A13516A3-BE86-4517-813C-B5FF0C8ACDF3} (Toontown Installer ActiveX Control French) - http://downloadtoontown.goa.com/sv1.5.11.7/ttinst-french.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://caebmm.imgag.com/imgag/cp/install/crusher-cae.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file:///C:/Documents%20and%20Settings/Elise/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v10.cab
O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab
O22 - SharedTaskScheduler: {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - coursings - (no file)
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Update Service (gupdate1c9ecf7c509b116) (gupdate1c9ecf7c509b116) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

la lumiére de l'orient · Answer

bonjours, 
j ai un pbl sur mn pc , je pense c est 1 virus qui m'attaque 
c est server.exe 
s'il  y a qlq  a le tallent de m'aidé ?
j vs remercie

Utilisateur anonyme · Answer

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent

&#9654; Télécharge List&Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem.zip
&#9654; dezippe-le , (clic droit/ extraire.....)

Il ne necessite pas d'installation

&#9654; double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

choisis la langue puis choisis l'option 1 = Mode Recherche

&#9654; laisse travailler l'outil

un rapport du nom de catchme apparait sur ton bureau , ignore-le , mais ne le supprime pas pour l instant

&#9654; Poste le contenu du rapport qui s'ouvre

Utilisateur anonyme · Answer

je m'adresse à la lumière de l'orient
il ne faut pas écrire en SMS ici, car je ne comprends pas tout
ouvre un sujet pour ton problème

lilise tu fait le post 18

lilise · Answer

List'em by g3n-h@ckm@n 1.1.7.1

Thx to Chiquitine29.....& CCM team

voila le rapport, mais ça ne m'as pas mis le catchme

User : Elise (Administrateurs) # BLONDEAU-0ED7F4
Update on 03/12/2009 by g3n-h@ckm@n ::::: 21:00
Start at: 23:21:20 | 07/01/2010
Contact : g3n-h@ckm@n sur CCM

AMD Athlon(tm) 64 Processor 3000+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 114,48 Go (35,96 Go free) | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\windows\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\windows\system32\svchost.exe
C:\windows\System32\alg.exe
C:\windows\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\windows\system32\ntvdm.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\vsnpstd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Elise\Bureau\List_Kill'em.exe
C:\windows\system32\cmd.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Elise\Local Settings\Temp\1A9.tmp\pv.exe
C:\WINDOWS\SYSTEM\LXDBOXCP.EXE
C:\WINDOWS\SYSTEM32\WOWEXEC.EXE

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe REG_SZ C:\windows\system32\ctfmon.exe
updateMgr REG_SZ "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
MailSkinner REG_SZ c:\program files\mailskinner\mailskinner.exe
Magentic REG_SZ C:\PROGRA~1\Magentic\bin\Magentic.exe /c
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
RegDokFRT REG_SZ C:\Program Files\RegistryDoktor 4.1\RegistryDoktor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Adobe Photo Downloader REG_SZ "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
Voyance REG_SZ C:\Program Files\Allocam Multi Visio\voyance.exe
OpwareSE2 REG_SZ "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
SystrayORAHSS REG_SZ "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
Sony Ericsson PC Suite REG_SZ "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
USB Storage Toolbox REG_SZ C:\Program Files\USB Disk Win98 Driver\Res.EXE
BrowserSessionManager REG_SZ C:\Program Files\Orange\Navigateur\SessionManager\SessionManager.exe
WOOWATCH REG_SZ C:\PROGRA~1\Wanadoo\Watch.exe
WOOTASKBARICON REG_SZ C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
<NO NAME> REG_SZ
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
SNPSTD2 REG_SZ C:\windows\vsnpstd2.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 0 (0x0)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_BINARY 95000000

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 1 (0x1)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\WINDOWS\Temp\NavBrowser.exe REG_SZ C:\WINDOWS\Temp\NavBrowser.exe:*:Disabled:NAVBrowser
C:\Program Files\Duke Nukem - Manhattan Project\prism3d.exe REG_SZ C:\Program Files\Duke Nukem - Manhattan Project\prism3d.exe:*:Disabled:prism3d
C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe REG_SZ C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe:*:Enabled:WolfMP
C:\Program Files\Activision Value\Secret Service Security Breach\run.exe REG_SZ C:\Program Files\Activision Value\Secret Service Security Breach\run.exe:*:Enabled:run
C:\Program Files\Lords of EverQuest\Lords.ree REG_SZ C:\Program Files\Lords of EverQuest\Lords.ree:*:Enabled:Lords of Everquest
C:\Program Files\Livecom\Application\eConfv4\ftplayer.exe REG_SZ C:\Program Files\Livecom\Application\eConfv4\ftplayer.exe:*:Enabled:eConf player
C:\Program Files\Livecom\Application\Exe\Livecom.exe REG_SZ C:\Program Files\Livecom\Application\Exe\Livecom.exe:*:Enabled:Livecom
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe REG_SZ C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI
C:\Program Files\IncrediMail\bin\IMApp.exe REG_SZ C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\bin\IncMail.exe REG_SZ C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\bin\ImpCnt.exe REG_SZ C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\bin\ImLc.exe REG_SZ C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail
C:\Documents and Settings\Elise\Local Settings\Temp\ImInstaller\IncrediMail\IncrediMail_Install.exe REG_SZ C:\Documents and Settings\Elise\Local Settings\Temp\ImInstaller\IncrediMail\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\MSN Messenger\msncall.exe REG_SZ C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
C:\Program Files\Magentic\bin\Magentic.exe REG_SZ C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic
C:\Program Files\Magentic\bin\MgApp.exe REG_SZ C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic
C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\WINDOWS\system32\mcoinstall.exe REG_SZ C:\WINDOWS\system32\mcoinstall.exe:*:Enabled:mcoinstall
C:\Program Files\SFR\Media Center\MediaCenter.exe REG_SZ C:\Program Files\SFR\Media Center\MediaCenter.exe:*:Enabled:Charger le Media Center
C:\Program Files\eMule\eMule.exe REG_SZ C:\Program Files\eMule\eMule.exe:*:Enabled:eMule Plus
C:\Program Files\Magentic\bin\MgImp.exe REG_SZ C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\SFR\Media Center\httpd\httpd.exe REG_SZ C:\Program Files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)
C:\WINDOWS\system32\dpvsetup.exe REG_SZ C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
C:\WINDOWS\system32\rundll32.exe REG_SZ C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\MSN Messenger\msncall.exe REG_SZ C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{00B71CFB-6864-4346-A978-C0A14556272C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{01347765-1965-426B-91A4-AA6BB342B9A3}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{14B87622-7E19-4EA8-93B3-97215F77A6BC}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{205FF73B-CA67-11D5-99DD-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{2250C29C-C5E9-4F55-BE4E-01E45A40FCF1}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{39EA2F6F-3F50-4F58-9C63-4B3D53B0926E}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5392B545-31A5-4724-BEF3-4FED1D56FDAC}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6A060448-60F9-11D5-A6CD-0002B31F7455}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6AA85413-165C-4200-8154-71166077B22E}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{87056D28-9730-4A47-B9F9-7E890B62C58A}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8B3B8135-9DAA-40E7-8941-962795F9C1CB}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{97E71027-0BA2-44F2-97DB-F84D808ED0B6}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{A13516A3-BE86-4517-813C-B5FF0C8ACDF3}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{B8BE5E93-A60C-4D26-A2DC-220313175592}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{BD8667B7-38D8-4C77-B580-18C3E146372C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D0C0F75C-683A-4390-A791-1ACFD5599AB8}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{FD40EC41-D860-4579-8BA4-52671A45C71C}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22209038-BAE2-413B-BA3C-137AA3D2AAD0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{11D347EF-EA2A-481A-9E2D-31E536C5E660}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{15B78211-702A-4641-903E-3A571A91DE4C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{19D0BD91-6699-17C6-8008-DA80E88F9001}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{21331C3B-8BF9-CE12-C2C2-C782E4F8284E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{23AB2D9F-7366-7596-CC5F-5F11C8318683}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{260E2E14-3FAC-D90F-6A77-8AB5F9C5540D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3BD51DFA-F02F-4CA1-7B97-AD081284BB6F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3D05DAF9-150D-3FF0-491C-9937E7598F0A}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4382523A-B916-4EF0-B79B-C4F5A9DBBBEF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4CD1745D-2E51-4D40-50B6-4A9975825F30}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{543DC8E9-D409-A01A-1B92-9D6217FAE7ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{56778CA1-E834-4D66-2410-CB14C83E9CE0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{68556DB8-458E-DB46-8FA9-E317823BC84F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{69C2A96C-2561-C9F9-ADB2-897024033296}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73ABC36C-AA83-DD06-D5AE-17344235C1E7}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7E36A622-D3AD-3407-84E9-105CC9E09EDF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8603E58E-BB2E-4602-9C5E-8DBB68DCB14D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{866D7D0E-D9CB-49B6-A103-E6FAEFD13969}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{91AFB5F7-48C8-3557-D848-CBF83BC64D32}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{93C26716-35AE-8B37-9015-2BA7BB2F81A8}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{98AE9FE1-2295-EF9C-D478-30C54D2B76DB}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9F1297DC-7F0F-2A00-EAFA-A03806BA2B72}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3B628E5-7338-477A-AC76-88455BCCB305}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3D1642B-1E0E-49E0-4E6A-4CA2CD14141C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B5885D32-156B-49FF-BA57-1931B72A4CDD}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B78BEDD4-A3DA-823F-F6EF-628ADF9D315C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BB6D9805-FBAC-9217-A6F1-E3BC5A9ECE68}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DEB8CC64-9F3E-1664-1179-EE753E2C5E77}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E9B920FB-C930-0DFB-A80A-2407EF1C0CBF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ECF853BC-F1B8-8695-12EC-6C19AEB7247C}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E6F3D849-220F-B5F1-C818-EE94D660FC51}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3
EapHost : 0x2
SharedAccess : 0x2
wuauserv : 0x2

=========

=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
114 Go total, 35,96 Go libre (31%), 15% fragment‚ (fragmentation du fichier 31%)

Vous devriez d‚fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
C:\Program Files\Media-Codec
C:\Program Files\NavExcel
C:\windows\Downloaded Program Files\popcaploader.inf
C:\windows\Fonts\GRGAREF.TTF
C:\windows\System32\scrrun.dll.tmp
C:\windows\System32\1024
C:\windows\System32\drivers\etc\hosts.msn
C:\windows\System32\ot.ico
C:\windows\System32\stdole3.tlb
C:\windows\System32\stera.log
C:\windows\System32\ts.ico
C:\windows\winstart.bat
C:\Documents and Settings\Elise\Application Data\ViewerApp.dat
C:\Documents and Settings\Elise\Application Data\MessengerSkinner

¤¤¤¤¤¤¤¤¤¤ Keys :

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
HKCR\Install.Install
HKCR\Install.Install\CLSID
HKCR\Install.Install\CurVer
HKCR\Install.Install.1
HKCR\Install.Install.1\CLSID
HKCR\Interface\{daa37aad-f156-4c2c-ac48-3c22ef92ae2f}
HKCR\Typelib\{58906392-79C4-497C-ACC6-6942B59F1A08}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cb0d163c-e9f4-4236-9496-0597e24b23a5}
HKCU\software\Montorgueil
HKLM\SOFTWARE\Classes\HbtHostIE.Bho
HKLM\SOFTWARE\Classes\HbtHostIE.Bho.1
HKLM\SOFTWARE\Classes\HbTools.HbtTravelCompareBar
HKLM\SOFTWARE\Classes\HbTools.HbtTravelCompareBar.1
HKLM\Software\Classes\TypeLib\{58906392-79C4-497C-ACC6-6942B59F1A08}
HKLM\SOFTWARE\MailSkinner
HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_FOPN
HKLM\SYSTEM\ControlSet001\Services\vspf
HKLM\SYSTEM\ControlSet001\Services\vspf_hk

================
Other infections
================

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-07 23:23:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:35eb3eb9
"s2"=dword:5f738496
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:d8,c0,47,1a,7b,a7,8c,26,08,22,b5,8a,20,c2,90,22,b9,6b,33,c6,34,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:d8,c0,47,1a,7b,a7,8c,26,08,22,b5,8a,20,c2,90,22,b9,6b,33,c6,34,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:d8,c0,47,1a,7b,a7,8c,26,08,22,b5,8a,20,c2,90,22,b9,6b,33,c6,34,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

==========
Programs
==========

Acclaim Entertainment
Action Solitaire
Activision Value
Ad-Remover
Adobe
Ahead
Alcohol Soft
Allocam Multi Visio
Alwil Software
Anuman Interactive
ArcSoft
AV VCS 3.0
Avira
AvRack
Bandoo
Bethesda Softworks
Boonty
BoontyGames
Canon
Common Files
Corel
Cyanide
CyberLink
Ddbhfo
delir.gio
denouvel
DesktopPlant
DIFX
Digital
DiMAGE Image Viewer Utility
directx
Dracula
Eidos
Electronic Arts
Empire Interactive
eMule
epson
ETIQUETT
Every Toolbar 1.1
Fichiers communs
flight2
GeneWeb Bases
GeneWeb-4.09
Gigabyte
GIMP-2.0
Google
Griddlers
Happy Note
Hardwood Hearts
Hardwood Solitaire III
Hasbro
Heart Of Darkness
Heavy Weapon
Hewlett-Packard
HP
IHOPPER
Ihsv
Incredijeux
IncrediMail
Infogrames
InstallShield Installation Information
Interactive Vision
InterActual
Internet Explorer
Inventel
IrfanView
Java
Jeux classiques
JHC SoftWare
JoWooD
K-Lite Codec Pack
KaraFun
Kerio
KPixGames
Lavasoft
LG Electronics
LG PC Suite II
LinCity-NG
Livecom
LivePix 1.1
Logitech
Lords of EverQuest
Magentic
Malwarebytes' Anti-Malware
Maniac
Media-Codec
Mes Jeux Install‚s
Mes Jeux T‚l‚charg‚s
Messenger
Messenger Plus! Live
MessengerPlus! 3
Micro Application
Microsoft
Microsoft Encarta
microsoft frontpage
Microsoft Games
Microsoft Money
Microsoft Office
Microsoft Picture It! PhotoPub
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
MidiNotate
Midnight Oil
MinderTech
Monte Cristo
Movie Maker
MSBuild
MSN
MSN Games
MSN Gaming Zone
MSN Messenger
MSXML 4.0
Mumbo Jumbo
MUSICMATCH
MUST
NavExcel
NetMeeting
Oberon Media
OneClick
OnePlayer
Online Services
OpenOffice.org1.1.3
orange
OrangeHSS
Outlook Express
Panda Security
PhotoMail Maker
Phototool
PIXELA
Player Metaboli
PlayOnline
PowerPoint to Video 1.3.0
quickmov
QuickTime
Railroad Tycoon II
Real
Realtek Sound Manager
Red Storm Entertainment
Reference Assemblies
ReflexiveArcade
RegCleaner
Return to Castle Wolfenstein
Ricochet Xtreme
Rockstar Games
ScanSoft
Sega
Services en ligne
SFR
Sierra On-Line
SilverCreekCommonFiles
Smotus
SolSuite
Sony Corporation
Sony Ericsson
Spyware Stormer
Strategy First
StuffPlug3
Sunbelt Software
Sylvain Seccia
Symantec
Tacmi
TLC
TLC-Edusoft
TomCat Soft
TooX
trend micro
Trust
Ubi Soft
ubi.com
Ubisoft
Uninstall Information
USB Disk Win98 Driver
Virtools
Wanadoo
Wanadoo Jeux
WarlockStudio
WBFS
WildTangent
WinAce
Winamp
Windows Live
Windows Live SkyDrive
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
xerox
XStitch_Studio
Yahoo!
ZC2.10
Zylom Games

============
Lecteur C:
============

0551f621f60f0e3a7f0f087d7ab6
1STPRESW
Abuse
Ad-Report-CLEAN[1].log
BdUninstallTool2010.01.06-03.07.42.log
BdUninstallTool2010.01.06-03.07.42.reg
Bootfont.bin
CanonMP
ComPlus Applications
Config.Msi
Corel
dico
Documents and Settings
DownloadLog.txt
Downloads
DUKE3D.TMP
EMPTY
ExtractLog.txt
FindyKill
fluide
fond
fonds
GERCC.txt
GRW3EVAL
GSP
GST
hiberfil.sys
IComTracer.log
INSTALL.LOG
IO.SYS
itouch_config_crash_info.txt
itouch_crash_info.txt
JEUX
Kill'em
LGSInst.Log
LION
List'em.txt
Log.txt
Mes t‚l‚chargements
MOMENTS
moods
MOTSCROI
MSDOS.SYS
muggins
My Download Files
My Games
My Music
MyFiles
NTDETECT.COM
ntldr
NVIDIA
OpenOffice.org 1.1.3
pagefile.sys
persist.dbs
PIRATESG
playground.log
Program Files
program1
RCPARAM.txt
RECYCLER
Remote Programs
rsit
Rummy Royal
SCATLAWS SOFTWARE
scrabble.acc
sounds
sqmnoopt00.sqm
sqmnoopt01.sqm
sqmnoopt02.sqm
sqmnoopt03.sqm
sqmnoopt04.sqm
sqmnoopt05.sqm
sqmnoopt06.sqm
sqmnoopt07.sqm
sqmnoopt08.sqm
sqmnoopt09.sqm
sqmnoopt10.sqm
sqmnoopt11.sqm
sqmnoopt12.sqm
sqmnoopt13.sqm
sqmnoopt14.sqm
sqmnoopt15.sqm
sqmnoopt16.sqm
System Volume Information
TEMP
UNWISE.EXE
updatedatfix.log
UT2004
WINDOWS
winks
wonderlog.txt
Y

¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger
C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger\In('c')Fo - Patch - Eng & Ger - GTA Vice City.txt
C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger\Patch - GTA Vice City - Eng
C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger\Patch - GTA Vice City - Ger
C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger\Patch - GTA Vice City - Eng\ReadMeNOW.txt
C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger\Patch - GTA Vice City - Eng\ViceCity_Patch_11.exe
C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger\Patch - GTA Vice City - Ger\ReadMeNOW_Ger.txt
C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger\Patch - GTA Vice City - Ger\ViceCity_Patch_11_German.exe

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Utilisateur anonyme · Answer

C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger
C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger\In('c')Fo - Patch - Eng & Ger - GTA Vice City.txt
C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger\Patch - GTA Vice City - Eng
C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger\Patch - GTA Vice City - Ger
C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger\Patch - GTA Vice City - Eng\ReadMeNOW.txt
C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger\Patch - GTA Vice City - Eng\ViceCity_Patch_11.exe
C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger\Patch - GTA Vice City - Ger\ReadMeNOW_Ger.txt
C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger\Patch - GTA Vice City - Ger\ViceCity_Patch_11_German.exe

cracks, pas bon du tout

&#9654; Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),

mais cette fois-ci :

&#9654; choisis l'option 2 = Mode Destruction

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

&#9654; colle le contenu dans ta reponse

lilise · Answer

Voila et me dis pas qu'il y en a encore ou je vais demoraliser


Kill'em by g3n-h@ckm@n 1.1.7.1 
 
User : Elise (Administrateurs) # BLONDEAU-0ED7F4
Update on 03/12/2009 by g3n-h@ckm@n ::::: 21:00 
Start at: 23:47:34 | 07/01/2010
Contact : g3n-h@ckm@n sur CCM

AMD Athlon(tm) 64 Processor 3000+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 114,48 Go (35,96 Go free) | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
 
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\windows\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\windows\system32\svchost.exe
C:\windows\System32\alg.exe
C:\windows\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\windows\system32
tvdm.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\vsnpstd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Elise\Bureau\List_Kill'em.exe
C:\windows\system32\cmd.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Elise\Local Settings\Temp\1C1.tmp\pv.exe
C:\WINDOWS\SYSTEM\LXDBOXCP.EXE
C:\WINDOWS\SYSTEM32\WOWEXEC.EXE
 
Detections : 
========== 
 

¤¤¤¤¤¤¤¤¤¤ Files/folders : 

C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache  
"C:\Program Files\Media-Codec"  
"C:\Program Files\NavExcel"  
"C:\windows\Downloaded Program Files\popcaploader.inf"  
"C:\windows\Fonts\GRGAREF.TTF"  
C:\windows\system32\scrrun.dll.tmp  
"C:\windows\System32\1024"  
"C:\windows\System32\drivers\etc\hosts.msn"  
"C:\windows\System32\ot.ico"  
"C:\windows\System32\stdole3.tlb"  
C:\windows\System32\stera.log  
"C:\windows\System32	s.ico"  
"C:\windows\winstart.bat"  
"C:\Documents and Settings\Elise\Application Data\MessengerSkinner"  
 
 
¤¤¤¤¤¤¤¤¤¤ Files/folders deleted : 
  
Quarantine : 

1024.Kill'em
GRGAREF.TTF.Kill'em
hosts.msn.Kill'em
Media-Codec.Kill'em
MessengerSkinner.Kill'em
NavExcel.Kill'em
ot.ico.Kill'em
popcaploader.inf.Kill'em
QTSBandwidthCache.Kill'em
scrrun.dll.tmp.Kill'em
stdole3.tlb.Kill'em
stera.log.Kill'em
ts.ico.Kill'em
winstart.bat.Kill'em

==============
host file OK !
==============

========
Registry
========
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe  
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe  
Deleted : HKCR\Install.Install  
Deleted : HKCR\Install.Install.1  
Deleted : HKCR\Interface\{daa37aad-f156-4c2c-ac48-3c22ef92ae2f}  
Deleted : HKCR\Typelib\{58906392-79C4-497C-ACC6-6942B59F1A08}  
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cb0d163c-e9f4-4236-9496-0597e24b23a5}  
Deleted : HKCU\software\Montorgueil  
Deleted : HKLM\SOFTWARE\Classes\HbtHostIE.Bho  
Deleted : HKLM\SOFTWARE\Classes\HbtHostIE.Bho.1  
Deleted : HKLM\SOFTWARE\Classes\HbTools.HbtTravelCompareBar  
Deleted : HKLM\SOFTWARE\Classes\HbTools.HbtTravelCompareBar.1  
Deleted : HKLM\SOFTWARE\MailSkinner  
Deleted : HKLM\SYSTEM\ControlSet001\Services\vspf  
Deleted : HKLM\SYSTEM\ControlSet001\Services\vspf_hk  
Deleted : HKLM\SYSTEM\ControlSet002\Services\vspf  
Deleted : HKLM\SYSTEM\ControlSet002\Services\vspf_hk  
Deleted : HKLM\SYSTEM\ControlSet003\Services\vspf  
Deleted : HKLM\SYSTEM\ControlSet003\Services\vspf_hk  

============
Disk Cleaned
============
 
================
Prefetch cleaned 
================
 
 
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

lilise · Answer

Bonjour, voila donc le rapport RSIT :


Logfile of random's system information tool 1.06 (written by random/random)
Run by Elise at 2010-01-08 09:00:41
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 37 GB (31%) free of 117 GB
Total RAM: 511 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:00:46, on 08/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\windows\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\windows\system32\svchost.exe
C:\windows\system32\wuauclt.exe
C:\windows\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\windows\system32
tvdm.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\vsnpstd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\Elise\Mes documents\Downloads\RSIT (2).exe
C:\Program Files	rend micro\Elise.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F3 - REG:win.ini: run= lxdboxcp.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program filesealealplayerpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {E6F3D849-220F-B5F1-C818-EE94D660FC51} - C:\DOCUME~1\Elise\APPLIC~1\CURBDU~1\MemoBash.exe (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: barre d'outils Orange - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\orange\ToolbarFR\ToolbarContainer101000313.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Voyance] C:\Program Files\Allocam Multi Visio\voyance.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [BrowserSessionManager] C:\Program Files\Orange\Navigateur\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\windows\vsnpstd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RegDokFRT] C:\Program Files\RegistryDoktor 4.1\RegistryDoktor.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\DOCUME~1\Elise\LOCALS~1\Temp\cceD1.html
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: traduire la page - C:\DOCUME~1\Elise\LOCALS~1\Temp\cceCF.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\DOCUME~1\Elise\LOCALS~1\Temp\cceD0.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\orange\ToolbarFR\ToolbarContainer101000313.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\orange\ToolbarFR\ToolbarContainer101000313.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\orange\ToolbarFR\ToolbarContainer101000313.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - "C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\..\Launcher\Exe\SilentLauncher.exe" (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - "C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\..\Launcher\Exe\SilentLauncher.exe" (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden-test.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://moielise22ans.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5392B545-31A5-4724-BEF3-4FED1D56FDAC} (CPlayFirstDinerDash2_frControl Object) - file:///C:/Documents%20and%20Settings/Elise/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/DinerDash2_fr.1.0.0.70.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumblebugs/axhost.cab
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {A13516A3-BE86-4517-813C-B5FF0C8ACDF3} (Toontown Installer ActiveX Control French) - http://downloadtoontown.goa.com/sv1.5.11.7/ttinst-french.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://caebmm.imgag.com/imgag/cp/install/crusher-cae.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file:///C:/Documents%20and%20Settings/Elise/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v10.cab
O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab
O22 - SharedTaskScheduler: {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - coursings - (no file)
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Update Service (gupdate1c9ecf7c509b116) (gupdate1c9ecf7c509b116) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Utilisateur anonyme · Answer

c'est en court de préparation, il me reste à le faire valider, ce sera prêt ce soir

boudreaux · Answer

bonjour je ne suis pas un expert dans l'informatique mais j'ai dejà eu des probleme dans mon ordinateur aussi et j'ai telechargé et installe un tres bon antispyware et antirotkits aussi "Ad-AwareAE" il est trés bon aussi, facile a utilisé, je l'aime bien aussi se anti-spyware. Essaie le. tu as seuklement qu'a faure une anilise complete sur tous ton hardware (vas sur l'option reglages et selectione tous se que tu peut seleccioné et apres lance l'analise complete) et apres dit moi ton avi sur se programme.
A plus .Bonne chance.

Utilisateur anonyme · Answer

lilise

C'est prêt plus vite que prévu

Attention,à ne pas reproduire sur un autre PC, ce qui pourrai l'endommager

&#9654; Télécharge  OTM (de Old_Timer) sur ton Bureau

&#9654; Double-clique sur OTM.exe pour le lancer.

&#9654; Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.

&#9654; Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTM sous "Paste instructions for item to be moved".


:files
c:\program files\mailskinner
C:\Program Files\RegistryDoktor 4.1
C:\windows\system32\drivers\df_kmd.sys
C:\windows\system32\drivers\aqsjos09.sys
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Ddbhfo\Iekcfw.exe
C:\windows\rkxwbtnb.exe

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion­­\Run]
"MailSkinner"=-
"RegDokFRT"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pvoyma]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TB3OBEnC]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# L"h'þ9Óœð3rÅWC:]

:services
df_kmd
aqsjos09

:commands
[emptytemp]
[start explorer]
[reboot]

&#9654; clique sur MoveIt! pour lancer la suppression.

&#9654; Le résultat apparaitra dans le cadre "Results".

&#9654; Clique sur Exit pour fermer.

&#9654; Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

&#9654; Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

lilise · Answer

All processes killed
========== FILES ==========
File/Folder c:\program files\mailskinner not found.
File/Folder C:\Program Files\RegistryDoktor 4.1 not found.
File/Folder C:\windows\system32\drivers\df_kmd.sys not found.
File/Folder C:\windows\system32\drivers\aqsjos09.sys not found.
File/Folder C:\Program Files\ISTsvc\istsvc.exe not found.
File/Folder C:\Program Files\Ddbhfo\Iekcfw.exe not found.
File/Folder C:\windows\rkxwbtnb.exe not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \Run not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \Run not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pvoyma\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TB3OBEnC\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# L"h'þ9Óœð3rÅWC:\ not found.
========== SERVICES/DRIVERS ==========
Service df_kmd stopped successfully!
Service df_kmd deleted successfully!
Error: No service named aqsjos09 was found to stop!
Unable to stop service aqsjos09!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: All Users
 
User: Claudine & Thierry
->Temp folder emptied: 20476917 bytes
->Temporary Internet Files folder emptied: 266197003 bytes
->Java cache emptied: 14543815 bytes
->Google Chrome cache emptied: 43371106 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Elise
->Temp folder emptied: 2561964 bytes
->Temporary Internet Files folder emptied: 22821209 bytes
->Java cache emptied: 67575181 bytes
->Google Chrome cache emptied: 260274061 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 16000 bytes
%systemroot% .tmp files removed: 2322385 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13513310 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 681,00 mb
 
 
OTM by OldTimer - Version 3.1.4.0 log created on 01082010_180134

Files moved on Reboot...

Registry entries deleted on Reboot...

lilise · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:56:57, on 08/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\windows\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\windows\system32
tvdm.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\vsnpstd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\windows\System32\svchost.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Documents and Settings\Elise\Bureau\Elise.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F3 - REG:win.ini: run= lxdboxcp.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program filesealealplayerpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {E6F3D849-220F-B5F1-C818-EE94D660FC51} - C:\DOCUME~1\Elise\APPLIC~1\CURBDU~1\MemoBash.exe (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: barre d'outils Orange - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\orange\ToolbarFR\ToolbarContainer101000313.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Voyance] C:\Program Files\Allocam Multi Visio\voyance.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [BrowserSessionManager] C:\Program Files\Orange\Navigateur\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\windows\vsnpstd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RegDokFRT] C:\Program Files\RegistryDoktor 4.1\RegistryDoktor.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\DOCUME~1\Elise\LOCALS~1\Temp\cceD1.html
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: traduire la page - C:\DOCUME~1\Elise\LOCALS~1\Temp\cceCF.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\DOCUME~1\Elise\LOCALS~1\Temp\cceD0.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\orange\ToolbarFR\ToolbarContainer101000313.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\orange\ToolbarFR\ToolbarContainer101000313.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\orange\ToolbarFR\ToolbarContainer101000313.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - "C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\..\Launcher\Exe\SilentLauncher.exe" (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - "C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\..\Launcher\Exe\SilentLauncher.exe" (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden-test.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - http://scripts.downloadv3.com/binaries/P2EClient/EGAUTH_1049_FR_XP.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://moielise22ans.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5392B545-31A5-4724-BEF3-4FED1D56FDAC} (CPlayFirstDinerDash2_frControl Object) - file:///C:/Documents%20and%20Settings/Elise/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/DinerDash2_fr.1.0.0.70.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - http://scripts.downloadv3.com/binaries/IA/sysiasvc32_FR_XP.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumblebugs/axhost.cab
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - http://scripts.downloadv3.com/binaries/IA/syswbsvc32_FR_XP.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {A13516A3-BE86-4517-813C-B5FF0C8ACDF3} (Toontown Installer ActiveX Control French) - http://downloadtoontown.goa.com/sv1.5.11.7/ttinst-french.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://caebmm.imgag.com/imgag/cp/install/crusher-cae.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file:///C:/Documents%20and%20Settings/Elise/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v10.cab
O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab
O22 - SharedTaskScheduler: {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - coursings - (no file)
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Update Service (gupdate1c9ecf7c509b116) (gupdate1c9ecf7c509b116) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

lilise · Answer

voilà c fait j'ai un dossier qui est apparu au redemarrage : backups

Par contre pour registry doctor je l'avai deja supprimer et j'ai chercher je ne trouve pas
Pour mailskinner je ne trouve le fichier non plus mais il est dans ajout/suppression de programme mais il ne veut pas le supprimer un programme necessaire pour que ça se termine n'a pas pu etre executer

et maintenant je fais quoi ?

lilise · Answer

voila c'est fait il y a un dossier backups qui est apparu

je n'est pas pu supprimer les 2fichiers
mailskinner je peu il me dit qu'il manque un fichier pour terminer
et registry doctor je l'avais deja supprimer et je n'en trouve pas trace meme avec rechercher

lilise · Answer

Bonjour, 
ok mais je ne trouve pas le dossier mailskinner même avec l'outil de recherche par contre il est bien dans ajout/suppression de programme mais il ne veut pas il me dit qu'un fichier necessaire est introuvable
Donc je pensait le retelecharger pour ensuite pouvoir le supprimer ou est-ce que c'est une fausse bonne idée ?

lilise · Answer

ça y est je connaissait pas ce logiciel j'en ai profité pour supprimer d'autre truc que j'arrivait pas

lilise · Answer

Bonjour, desolé j'ai  pas pu répondre hier soir j'etais pas chez moi et je suis rentrer trop tard. Merci pour tes recommandations c'est gentil.

Voila deja le rapport de toolscleaners

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche: 

C:\_OTM: trouvé !
C:\FindyKill: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\Elise\Bureau\OTM.exe: trouvé !
C:\Documents and Settings\Elise\Bureau\hijackthis.log: trouvé !
C:\Documents and Settings\Elise\Bureau\catchme.log: trouvé !
C:\Documents and Settings\Elise\Mes documents\Downloads\OTM.exe: trouvé !
C:\Documents and Settings\Elise\Mes documents\Downloads\Ad-R.exe: trouvé !
C:\Documents and Settings\Elise\Mes documents\Downloads\Rsit.exe: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Program Files	rend micro\HijackThis.exe: trouvé !
C:\Program Files	rend micro\hijackthis.log: trouvé !

---------------------------------
--> Suppression: 

C:\Documents and Settings\Elise\Bureau\OTM.exe: supprimé !
C:\Documents and Settings\Elise\Mes documents\Downloads\OTM.exe: supprimé !
C:\Documents and Settings\Elise\Mes documents\Downloads\Ad-R.exe: supprimé !
C:\Program Files	rend micro\HijackThis.exe: supprimé !
C:\Documents and Settings\Elise\Bureau\hijackthis.log: supprimé !
C:\Documents and Settings\Elise\Bureau\catchme.log: supprimé !
C:\Documents and Settings\Elise\Mes documents\Downloads\Rsit.exe: supprimé !
C:\Program Files	rend micro\hijackthis.log: supprimé !
C:\_OTM: supprimé !
C:\FindyKill: supprimé !
C:\Rsit: supprimé !
C:\Program Files\Ad-remover: supprimé !

Fichiers temporaires nettoyés !

lilise · Answer

Bon voilà j'ai fini j'espère que tout est réparer et je te remerci encore

Qui peut m'aider à supprimer un bagle ?

25 réponses

Discussions similaires

Newsletters