Qui peut m'aider à supprimer un bagle ?

Résolu
lilise -  
 Utilisateur anonyme -
Bonjour,
je crois que j'ai fais une grosse boulette, j'ai telecharger un truc qui fallait pas.
Après tout c'est fermé, mon ordi a redemarrer et mon parfeu à disparu et avast est devenu une application win32 non valide. Alors j'ai regarder sur les forums et à parament ça ressemble à un bagle (oups !), il conseillait d'utiliser findykill, ce que j'ai fait et de poster le rapport, ce que je fait.
Donc si quelqu'un aura la gentillesse de m'aider je lui en serait très reconnaissant, MERCI

############################## | FindyKill V5.023 |

# User : Elise (Administrateurs) # BLONDEAU-0ED7F4
# Update on 31/12/2009 by El Desaparecido
# Start at: 15:20:42 | 06/01/2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

# AMD Athlon(tm) 64 Processor 3000+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1351 [VPS 100104-0] 4.8.1351 [ (!) Disabled | Updated ]

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 114,48 Go (1,26 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM

############################## | Processus actifs |

C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\svchost.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\ntvdm.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\windows\System32\svchost.exe
C:\windows\system32\khebx.exe
C:\windows\vsnpstd2.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\windows\system32\ctfmon.exe
C:\Documents and Settings\Elise\Application Data\drivers\winupgro.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\Elise\Application Data\m\flec006.exe
C:\windows\wintems.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\windows\system32\msiexec.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\WINDOWS\SYSTEM\LXDBOXCP.EXE
C:\WINDOWS\SYSTEM32\WOWEXEC.EXE

############################## | Processus infectieux stoppés |

"C:\Documents and Settings\Elise\Application Data\drivers\winupgro.exe" (2236)
"C:\Documents and Settings\Elise\Application Data\m\flec006.exe" (160)
"C:\windows\wintems.exe" (540)

################## | C: |

################## | C:\windows |

Présent ! C:\windows\ban_list.txt
Présent ! C:\windows\mdelk.exe
Présent ! C:\windows\wintems.exe
Présent ! C:\windows\Prefetch\130046.EXE-1BFA1703.pf
Présent ! C:\windows\Prefetch\139109.EXE-18F1344F.pf
Présent ! C:\windows\Prefetch\147140.EXE-31714B29.pf
Présent ! C:\windows\Prefetch\14958656.EXE-0DAF0724.pf
Présent ! C:\windows\Prefetch\14963671.EXE-39D0CC83.pf
Présent ! C:\windows\Prefetch\14983875.EXE-0E7423E5.pf
Présent ! C:\windows\Prefetch\14989375.EXE-1C1DD39E.pf
Présent ! C:\windows\Prefetch\153031.EXE-10578C03.pf
Présent ! C:\windows\Prefetch\201531.EXE-185DAF84.pf
Présent ! C:\windows\Prefetch\207031.EXE-0AB3FFCB.pf
Présent ! C:\windows\Prefetch\213750.EXE-2339AE27.pf
Présent ! C:\windows\Prefetch\216125.EXE-2920EAB0.pf
Présent ! C:\windows\Prefetch\FLEC006.EXE-04285AB8.pf
Présent ! C:\windows\Prefetch\MDELK.EXE-087EF2B4.pf
Présent ! C:\windows\Prefetch\WINTEMS.EXE-127B61D4.pf

################## | C:\windows\system32 |

Présent ! C:\windows\system32\srosa2.sys
Présent ! C:\windows\system32\wfsintwq.sys

################## | C:\windows\system32\drivers |

################## | C:\Documents and Settings\Elise\Application Data |

Présent ! C:\Documents and Settings\Elise\Application Data\drivers
Présent ! C:\Documents and Settings\Elise\Application Data\drivers\downld
Présent ! C:\Documents and Settings\Elise\Application Data\drivers\winupgro.exe
Présent ! C:\Documents and Settings\Elise\Application Data\m
Présent ! C:\Documents and Settings\Elise\Application Data\m\data.oct
Présent ! C:\Documents and Settings\Elise\Application Data\m\flec006.exe
Présent ! C:\Documents and Settings\Elise\Application Data\m\list.oct
Présent ! C:\Documents and Settings\Elise\Application Data\m\srvlist.oct
Présent ! C:\Documents and Settings\Elise\Application Data\m\shared

################## | Temporary Internet Files |

Présent ! C:\Documents and Settings\Elise\Local Settings\Temporary Internet Files\Content.IE5\4EYBNWPZ\mxd[1].jpg
Présent ! C:\Documents and Settings\Elise\Local Settings\Temporary Internet Files\Content.IE5\4EYBNWPZ\servernames[1].htm
Présent ! C:\Documents and Settings\Elise\Local Settings\Temporary Internet Files\Content.IE5\LHZVKPHL\mxd[1].jpg
Présent ! C:\Documents and Settings\Elise\Local Settings\Temporary Internet Files\Content.IE5\LHZVKPHL\mxd[2].jpg
Présent ! C:\Documents and Settings\Elise\Local Settings\Temporary Internet Files\Content.IE5\W5R2WOTP\mxd[1].jpg
Présent ! C:\Documents and Settings\Elise\Local Settings\Temporary Internet Files\Content.IE5\W5R2WOTP\mxd[2].jpg

################## | Registre / Clés infectieuses |

Présent ! [HKLM\SYSTEM\CurrentControlSet\Services\sK9Ou0s]
Présent ! [HKLM\SYSTEM\ControlSet001\Services\sK9Ou0s]
Présent ! [HKLM\SYSTEM\ControlSet003\Services\sK9Ou0s]
Présent ! [HKLM\SYSTEM\CurrentControlSet\Services\srosa]
Présent ! [HKLM\SYSTEM\ControlSet001\Services\srosa]
Présent ! [HKLM\SYSTEM\ControlSet003\Services\srosa]
Présent ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S]
Présent ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S]
Présent ! [HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S]
Présent ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]
Présent ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA]
Présent ! [HKCU\Software\bisoft]
Présent ! [HKCU\Software\MuleAppData]
Présent ! [HKCU\Software\WS35]
Présent ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
Présent ! [HKU\S-1-5-21-725345543-682003330-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
Présent ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"
Présent ! [HKU\S-1-5-21-725345543-682003330-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"
Présent ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "mule_st_key"
Présent ! [HKU\S-1-5-21-725345543-682003330-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Run] "mule_st_key"
Présent ! [HKU\S-1-5-21-725345543-682003330-839522115-1005\Software\bisoft]
Présent ! [HKU\S-1-5-21-725345543-682003330-839522115-1005\Software\MuleAppData]
Présent ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]
Présent ! [HKU\S-1-5-21-725345543-682003330-839522115-1005\Software\Local AppWizard-Generated Applications\winupgro]

################## | Etat / Services / Informations |

# Affichage des fichiers cachés : OK

Clé manquante : HKLM\...\SafeBoot | Mode sans echec non fonctionnel !

# (!) Ndisuio -> Start = 4 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# (!) Ip6Fw -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) SharedAccess -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) wuauserv -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )

################## | Cracks / Keygens / Serials |

################## | ! Fin du rapport # FindyKill V5.023 ! |
Configuration: Windows XP

25 réponses

  • 1
  • 2
Résumé de la discussion

Une infection logicielle détectée après le téléchargement d’un fichier douteux a provoqué le redémarrage, la disparition du pare-feu et le comportement anormal d’Avast sur un système Windows XP. Le rapport FindyKill V5.023 et les éléments recueillis indiquent des traces d’infections persistantes, nécessitant l’exécution d’un script de suppression et un nettoyage approfondi du système avant toute réhabilitation des composants. D'autres échanges suggèrent d'analyser les rapports HijackThis et d’éliminer les entrées douteuses, les clés de démarrage malveillantes et les processus infectieux, tout en prévoyant une vérification des navigateurs et des extensions. En cas de doute sur d’éventuelles traces résiduelles, un contrôle des sauvegardes et des points de restauration peut s’avérer nécessaire afin de prévenir une réinfection lors de futures sessions.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Utilisateur anonyme
     
    bonjour
    belle infection bagle
    Déconnecte toi et ferme toutes application en cours, ainsi que le navigateur

    • Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...)
    • Relance FindyKill présent sur le bureau, tape sur F pour le français, puis appuie sur la touche entrée
    • Sélectionne l'option 2 (suppression), puis appuie sur la touche entrée
    • Le pc va redémarrer automatiquement ...

    ▶Laisse l'outil travailler, et ne touche à rien,ton bureau ne sera pas accessible c'est normal !

    --> Poste le rapport qui apparait à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt )

    Note:Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , aller dans Onglet "Processus",
    cliquer sur "fichier", sélectionner "nouvelle tâche", taper explorer.exe, puis valider
    0
    1. lilise
       
      Tout d'abord merci
      donc j'ai relancé findykill avec supprimer et voici le rapport :


      ############################## | FindyKill V5.023 |

      # User : Elise (Administrateurs) # BLONDEAU-0ED7F4
      # Update on 31/12/2009 by El Desaparecido
      # Start at: 18:10:06 | 06/01/2010
      # Website : http://pagesperso-orange.fr/NosTools/index.html
      # Contact : FindyKill.Contact@gmail.com

      # AMD Athlon(tm) 64 Processor 3000+
      # Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
      # Internet Explorer 8.0.6001.18702
      # Windows Firewall Status : Enabled
      # AV : avast! antivirus 4.8.1351 [VPS 100104-0] 4.8.1351 [ (!) Disabled | Updated ]

      # A:\ # Lecteur de disquettes 3 ½ pouces
      # C:\ # Disque fixe local # 114,48 Go (1,44 Go free) # NTFS
      # D:\ # Disque CD-ROM
      # E:\ # Disque CD-ROM
      # F:\ # Disque CD-ROM

      ############################## | Processus actifs |

      C:\windows\System32\smss.exe
      C:\windows\system32\csrss.exe
      C:\windows\system32\winlogon.exe
      C:\windows\system32\services.exe
      C:\windows\system32\lsass.exe
      C:\windows\system32\svchost.exe
      C:\windows\system32\svchost.exe
      C:\windows\System32\svchost.exe
      C:\windows\system32\svchost.exe
      C:\windows\system32\svchost.exe
      C:\windows\system32\logonui.exe
      C:\windows\system32\spoolsv.exe
      C:\windows\system32\svchost.exe
      C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
      C:\Program Files\Google\Update\GoogleUpdate.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\windows\system32\HPZipm12.exe
      C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      C:\windows\system32\svchost.exe
      C:\WINDOWS\system32\userinit.exe
      C:\windows\Explorer.EXE
      C:\windows\system32\wbem\wmiprvse.exe

      ################## | C: |


      ################## | C:\windows |

      Supprimé ! C:\windows\ban_list.txt
      Supprimé ! C:\windows\mdelk.exe
      Supprimé ! C:\windows\wintems.exe
      Supprimé ! C:\windows\Prefetch\130046.EXE-1BFA1703.pf
      Supprimé ! C:\windows\Prefetch\139109.EXE-18F1344F.pf
      Supprimé ! C:\windows\Prefetch\147140.EXE-31714B29.pf
      Supprimé ! C:\windows\Prefetch\14958656.EXE-0DAF0724.pf
      Supprimé ! C:\windows\Prefetch\14963671.EXE-39D0CC83.pf
      Supprimé ! C:\windows\Prefetch\14983875.EXE-0E7423E5.pf
      Supprimé ! C:\windows\Prefetch\14989375.EXE-1C1DD39E.pf
      Supprimé ! C:\windows\Prefetch\153031.EXE-10578C03.pf
      Supprimé ! C:\windows\Prefetch\201531.EXE-185DAF84.pf
      Supprimé ! C:\windows\Prefetch\207031.EXE-0AB3FFCB.pf
      Supprimé ! C:\windows\Prefetch\213750.EXE-2339AE27.pf
      Supprimé ! C:\windows\Prefetch\216125.EXE-2920EAB0.pf
      Supprimé ! C:\windows\Prefetch\317296.EXE-238A51CD.pf
      Supprimé ! C:\windows\Prefetch\320890.EXE-07401FB3.pf
      Supprimé ! C:\windows\Prefetch\333000.EXE-3869057F.pf
      Supprimé ! C:\windows\Prefetch\337625.EXE-02E76C3F.pf
      Supprimé ! C:\windows\Prefetch\FLEC006.EXE-04285AB8.pf
      Supprimé ! C:\windows\Prefetch\MDELK.EXE-087EF2B4.pf
      Supprimé ! C:\windows\Prefetch\WINTEMS.EXE-127B61D4.pf
      Supprimé ! C:\windows\Prefetch\WINUPGRO.EXE-17681AA8.pf
      Supprimé ! C:\windows\Prefetch\WINUPGRO.EXE-359C6F58.pf

      ################## | C:\windows\system32 |

      Supprimé ! C:\windows\system32\srosa2.sys
      Supprimé ! C:\windows\system32\wfsintwq.sys

      ################## | C:\windows\system32\drivers |


      ################## | C:\Documents and Settings\Elise\Application Data |

      Supprimé ! C:\Documents and Settings\Elise\Application Data\drivers\downld\210625.exe
      Supprimé ! C:\Documents and Settings\Elise\Application Data\drivers\downld\211062.exe
      Supprimé ! C:\Documents and Settings\Elise\Application Data\drivers\downld\211328.exe
      Supprimé ! C:\Documents and Settings\Elise\Application Data\drivers\downld\211609.exe
      Supprimé ! C:\Documents and Settings\Elise\Application Data\drivers\downld\211859.exe
      Supprimé ! C:\Documents and Settings\Elise\Application Data\drivers\downld\220968.exe
      Supprimé ! C:\Documents and Settings\Elise\Application Data\drivers\downld\236609.exe
      Supprimé ! C:\Documents and Settings\Elise\Application Data\drivers\downld\237031.exe
      Supprimé ! C:\Documents and Settings\Elise\Application Data\drivers\downld
      Supprimé ! C:\Documents and Settings\Elise\Application Data\drivers\winupgro.exe
      Supprimé ! C:\Documents and Settings\Elise\Application Data\drivers
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\data.oct
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\flec006.exe
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\list.oct
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\10DRemote v1.1 by Core.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\24U SimpleChart Plug-In 1.0 keygen.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\32Bit Web Browser w9.72.18 by EMBRACE.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\3D MP3 Sound Recorder v3.9.2 Keygen Only by DiGERATi.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\4Media Windows Mobile Ringtone Maker 1.0.12.0522.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\4WomenOnly v5.7 by AT4RE.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\5Star MP4 Video Joiner 1.6.1.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\7-max v3.01b.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\@Spider v1.2.5 (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\A Musical Generator v3.0 BetA 7.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Acronis Universal Restore for True Image Workstation v9.1.3832 Keymaker by Core.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Active Desktop Calendar v5.95.051221 WinALL Incl Keygen by BRD.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Active Submission Toolkit v2.001 by PHS.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Activekitten Chronos v3.7.2 for Smartphones by TSRh.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\ActiveState Expect v1.1.0.147113 Incl Keygen by SSG.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Address Manager Pro v2.0.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\AdobePhotoshop CS 2004 (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Advanced Batch Converter v2.65 Keygen.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Advanced Lookup 1.1 (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Advanced PDF2Word v2.0 Full by Eskander Ali.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\AeroTags TagsLock Pro v2.22 by FFF.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\AfterHour 2.03 (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\AKMail v3.1b by IPA.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Alarm Clock 1.0.0.1 keygen.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Allegro ZACK v1.2.0.1 German WinAll by LAXiTY.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Amor SWF to Video Converter v2.3.9 by CIY.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Animal and Foliage Icons 1.0.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Any Media To Nokia 5.0.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\AquaPuzzle Pentic v4.0 Russian and English.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\AquaScreenR21.3D KEYGEN by FFF.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\ASP.NET Maker v3.4.0 by AT4RE.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Auction Tamer 4.3.0 (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\AVG Anti-Virus Professional v7.5.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Axialis CursorWorkshop v6.33 Tryout Version by FFF.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Babylon Translator v3.2.40.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Baldur's Gate 2 SoA v2.3.0.3.7.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Better Typing 1.0 (1.0.2.2006).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Bible Verse v2.1 for PalmOS.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\BibleReaders v1.0 SP1.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\BigFilePoster v1.0.0 by Inferno.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\BitRipper v1.20.013 WinALL Keygen Only by NGEN.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\BlackBerry Database Viewer Plus 3.1.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Blanks Filler v6.11 Pro.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\BrowserBob 4 Professional 4.1.3.0 KEYGEN by FFF.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Bubble Frenzy v1.05.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\BugMe! v4.4.1.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Burnt Cookies v1.007.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\BVS Solitaire Samlung v2.3.1.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\C2C Plus C Compiler 3.28e.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Calc-Add 3.1.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Candybar 2.5.1 for Mac.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Capitalism 2 Game Updates.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\CD MP3 Burner v2.1.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\CDRWin v4.0A Beta by NEMROD34.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\chasys draw artist 1.60 crack by TSRh.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Chord Pro Manager v3.52.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Christmas Antiqa Screen Saver 1.0.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Cinderella v2.0.10.722 Multilingual MacOSX by diGERATi.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\CleanWin v6.0.5.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Company of Heroes Opposing Fronts v2.300 [MULTI] No-DVD-Fixed EXE #1.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Configurable Desktop Clock 1.1.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Corda PopChart Server Enterprise 4.0.1.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\CPR International JobCOST Estimator for MS Excel 2.1 (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Ctris 2000.2.0 (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\CyberLink PowerEncoder MPEG4 AVC Edition v1.0 Merry Xmas by ROR.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Cycling Manager v1.00.00.05 [ENGLISH] Fixed Update.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Design Science MathType v6.0c French by TSRh.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Digital Sound Recorder 3.1.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\DiscJuggler 3.00.799 (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Dkeyboard 1.22 for PalmOS.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Download Accelerator Plus v5.3.0.0 v5.x.x by TSRh.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\DSL Speed v3.6 Keygen Only by EXPLOSiON.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\DVD Ghost v2.0 Incl Keygen by TSZ.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\DVDZip Pro 3.0.1.1 (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\e-BountyHunter 1.0.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Easy CDDA Extractor 4.6.1.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Effective Newsletter Studio v2007.5.1.0.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Email Cyclone(Collect) 6.80.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Embedded Speaker Verification Kit 1.12.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\European Air War v1.0 [UK] No-CD Patch.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\EvolVe 6.1 (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Ewallet 4.0 for Pocket PC.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\ExactPapers.com Microsoft 070-152 Exam Q and A v10-2004.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\ExcellenceSoft Flash Speed 200 v3.7 Cracked by ARN.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\EZ IncrediMail Backup 1.2.1 (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\EZPix 7.01.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Fake Webcam v1.0 Datecode 011406 Win2kXP2k3 Keygen Only by BRD.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\FestplattenInspektor 1.0 (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\File Recover 6.2.0.20.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\FileLoc 1.0.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Find Duplicate Photos 7.96.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\FireViewer 6.0 for PalmOS.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Flash Capture 1.2.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\FLaunch 1.2.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\focusKONTROL.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\FoxPro2MSSQL Pro 1.0.2 keygen.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\FSchedule 1.0.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\FTP Now v2.6.47 WinALL Cracked by ViRiLiTY.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\GameHouse Rainbow Mystery by BalCrNepal.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Gangland v1.1 +7 TRAINER 1.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\GoldWave v4.26 French.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Good Sync Pro v4.6.0 by AGAiN.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Guitar Pro 4.0.7 (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\HelpPad 2.6.0.3.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Hitman Blood Money Vegas Retail JAVA 6130i by RLYEH.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\HS SMS DLL (GSM 07.05) 1.0.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\HTTP Snapshot 1.03a.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Hunting Unlimited 4 LIMIT REMOVER.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Id Cards 1.0.45-key.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\ImTOO DVD Ripper Platinum v4.0.28.1201 by EMBRACE.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\IncrediMail XE build ID 1600560.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\InfoGenie 2.0 for Mac.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Intersect 1.2 (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\isilo 4.05 for windows read nfo crack by TSRh.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\JSentry Proxy Server 2.3.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Jupiter 3D Space Survey Screensaver v1.0 by s0m.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\kingdia dvd ripper standard 2.4.8 regfile by REVENGE.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Kleptomania v2.3 by Pham Thai.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Legend Of the Red Dragon 4.02a (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Lexicon PSP 42.1.4.1 for Mac.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\LingvoSoft Dictionary English - Latvian 4.1.29.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\mailexpressprov4.2build0323 cracked exe.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\MapEdit 2.59.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\MassMail 2.0 (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Mathematica 2.2 for Mac.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Mayhems Magic Dust v1.0 Retail for Siemens x65 Java.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\McFunSoft Video Solution v6.2 by TE.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\MLDownloader v6.1.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Mouse Odometer 1.10 (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\MSG Animator v2.1.0.120 Win2kXP Incl Keygen REPACK by BRD.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Multilingual Keyboard 1.4.0.15.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\My All Movies (MyAllMovies) v1.5.3 by AT4RE.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\NewsPro 2.8 (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\NGWave Audio Editor v2.3.20040522 Incl Keygen by ORiON.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\NotPad 2.66.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Oggisoft LANeMail Pro v2005.2.1137 German WinALL Incl Keygen by ViRiLiTY.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Oil Tycoon 2 Working GERMAN DiRFiXSiLENTGA by TE.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\One-click Ringtone Converter 2.6.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Opus Pro XE 5.5 (crack).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Panelbar Studio 2.0.58 (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Passware WordPerfect Password Recovery Key 6.1.720 (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\PC Protect Control Center v3.01.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\PC Surgeon 4.20 Crack by FFF.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\PDF Converter - Developer Pro 3.0 patch.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\PDF Page Numberer for Adobe Acrobat v1.15 by ACME.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Peeper 32 v2.3.33 by TSRh.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Pegasus Agile MPEG Video Splitter v2.2.1 by tRUE.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\PictureMan ArtGallery PlugIn.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Poker Patience Pack 1.00.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Poker Winning Video Downloader Ultimate v4.60.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Polar Studio 6.35.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Polybytes PolyView v4.24 by Core.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Portfolio Optimization 1.0-key.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Privacy Guardian 4.1.0.37.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\PS to PDF 1.0 crack.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\PStill v1.71.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Pyro MP3 and CD Maker 1.5.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\QN Password Keeper 1.3.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Quicksys RegCleaner 2009 2.1.0.209.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Railroads v1.0 +3 TRAINER.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Reflexive Arcade Sally's Salon Patch by Amin Fear.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\River Past Cam Do Webmaster Edition v2.9.2 WinALL Incl Keygen by BRD.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Runtime GetDataBack NTFS v2.31 READ NFO by ROR.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\ScreenFlash 1.62 (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Selteco Flash Designer v4.0.6.16 Incl Keygen by UCF.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\ShadowCaster 2.01.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Shredder 95.1.23.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\SigLibz v6.10a Full.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Sim City 4 1.0 (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\SimExpress 1.4.1 X for Mac.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Simple Office Icon Set 1.0.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Smiling Writting v1.0 WinALL Cracked by EiTHeL.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Softick Audio Gateway 1.25.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Speed Gear v5.0 by QUARTEX.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Speed Shot 1.06 (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Spy Hunter (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\SQLWays 3.6.8 WinALL ReggedSCF.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Stamp Organizer Deluxe 2.1.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Stoneware Summa Summarum v2.7.5 Danish by Lz0.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Story Harp 1 x (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Style Master.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\SWiSH Jukebox 1.0.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\SwitchSync v3.2.1 Incl Keymaker by ACME.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Sys Date v1.2.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Tag and Rename v3.3.5 by YAG.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Talking Time Keeper v15.4 WinALL Regged by NGEN.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\telemaster v2.06 keygen tds.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Tempest v1.1.2 Retail for K700 Java v2.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\The Bourne Conspiracy Retail JAVA N95 by RLYEH.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\The Brain 1.73 (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\The Collectors Crown SE 5.2.71.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\The File Viewer v3.5.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\The Ultimate Quake Collection.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\The Westerner v1.5 [SPANISH] No-CD Fixed EXE.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Time Organizer 1.0 (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Total Extreme Warfare v1.1.4.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Tourney Tracker 2004.1.1 (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Transcender SwitchingCert v3.0 DateCode 20040831RBS.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\TurboStats v9.0x.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\TXTSearcher 1.5.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\TypingMaster 2002 v6.20 English.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Understand for Ada v1.4.344 HPUX Incl Keygen by Lz0.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Understand for Jovial v1.4.352b Linux Keymaker Only READ NFO by NiTROUS.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Understand for Pascal v1.4.315 Linux Incl Keygenerator by TMG.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Vern 2.1 Beta 5.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Virtual Book 4.43 (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\VisNetic AntiVirus PlugIn for MailServer 4.6.0.0.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\VITO AudioNotes v1.31 Retail for Pocket PC by RLYEH.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\VLXpress 1.01.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\VPOP3 1.4.0b (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\WATERCOM DRAINS v2004.17 by diGERATi.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Wave Arts Power Suite VST DX RTAS v4.06 incl KeyGen by BEAT.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Webroot Spy Sweeper v5.2.3.2125 Win2kXP by rG.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Webserver Stress Tool 7.2.1.261.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\WebZIP 2.47 (Serial).zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Win Serf 2.10.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\WinKill 1.5.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\WinMount v2.2.1 by CiM.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\WinRescue ME v1.07.15.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\WinXP Manager v4.8.3.3.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\WMV to AVI MPEG VCD SVCD DVD Converter 1.3.1.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\WooWeb Professional 1.60.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Xemicomputers Active Desktop Calendar v7.57 by TLG.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\XFader v4.04b by TCA.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\Zealot Advanced MP3 Sound Recorder v2.4 WinALL Incl Keygen by BRD.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared\ZoneLog Analyser 1.19.zip
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\shared
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m\srvlist.oct
      Supprimé ! C:\Documents and Settings\Elise\Application Data\m

      ################## | Références de comparaison Bagle MD5 : |

      File : C:\Documents and Settings\Elise\Application Data\drivers\winupgro.exe
      -> Crc32 : cf6ad6f4 | Md5 : c2f70004bba378b0074beb3e042cb2ba


      ################## | Autres suppressions ... |

      Supprimé ! "C:\Program Files\MailSkinner\mailskinner.exe"
      -> Size : 857088 | Crc32 : cf6ad6f4 | Md5 : c2f70004bba378b0074beb3e042cb2ba

      Supprimé ! "C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP960\A0330924.sys"
      -> Size : 7168 | Crc32 : f30c6949 | Md5 : 524d8d450622db4a7875b111c299a76b

      Supprimé ! "C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP960\A0330926.sys"
      -> Size : 105300 | Crc32 : 9a7dbdf9 | Md5 : 12d5e77748ab936ef8fab695738e12de

      Supprimé ! "C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP960\A0330940.exe"
      -> Size : 857088 | Crc32 : cf6ad6f4 | Md5 : c2f70004bba378b0074beb3e042cb2ba

      Supprimé ! "C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP961\A0331333.sys"
      -> Size : 7168 | Crc32 : f30c6949 | Md5 : 524d8d450622db4a7875b111c299a76b

      Supprimé ! "C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP961\A0331334.sys"
      -> Size : 105300 | Crc32 : 9a7dbdf9 | Md5 : 12d5e77748ab936ef8fab695738e12de

      Supprimé ! "C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP963\A0331525.sys"
      -> Size : 7168 | Crc32 : f30c6949 | Md5 : 524d8d450622db4a7875b111c299a76b

      Supprimé ! "C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP963\A0332250.exe"
      -> Size : 857088 | Crc32 : cf6ad6f4 | Md5 : c2f70004bba378b0074beb3e042cb2ba

      Supprimé ! "C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP963\A0332261.sys"
      -> Size : 105300 | Crc32 : 9a7dbdf9 | Md5 : 12d5e77748ab936ef8fab695738e12de

      Supprimé ! "C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP964\A0333023.sys"
      -> Size : 7168 | Crc32 : f30c6949 | Md5 : 524d8d450622db4a7875b111c299a76b

      Supprimé ! "C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP964\A0333024.sys"
      -> Size : 105300 | Crc32 : 9a7dbdf9 | Md5 : 12d5e77748ab936ef8fab695738e12de

      Supprimé ! "C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP965\A0333554.sys"
      -> Size : 7168 | Crc32 : f30c6949 | Md5 : 524d8d450622db4a7875b111c299a76b

      Supprimé ! "C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP965\A0333555.sys"
      -> Size : 105300 | Crc32 : 9a7dbdf9 | Md5 : 12d5e77748ab936ef8fab695738e12de

      Supprimé ! "C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP965\A0334503.sys"
      -> Size : 7168 | Crc32 : f30c6949 | Md5 : 524d8d450622db4a7875b111c299a76b

      Supprimé ! "C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP965\A0334504.sys"
      -> Size : 105300 | Crc32 : 9a7dbdf9 | Md5 : 12d5e77748ab936ef8fab695738e12de

      Supprimé ! "C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP965\A0334521.exe"
      -> Size : 857088 | Crc32 : cf6ad6f4 | Md5 : c2f70004bba378b0074beb3e042cb2ba

      Supprimé ! "C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP965\A0334523.exe"
      -> Size : 857088 | Crc32 : cf6ad6f4 | Md5 : c2f70004bba378b0074beb3e042cb2ba

      ################## | Temporary Internet Files |

      Supprimé ! C:\Documents and Settings\Elise\Local Settings\Temporary Internet Files\Content.IE5\4EYBNWPZ\mxd[1].jpg
      Supprimé ! C:\Documents and Settings\Elise\Local Settings\Temporary Internet Files\Content.IE5\LHZVKPHL\mxd[1].jpg
      Supprimé ! C:\Documents and Settings\Elise\Local Settings\Temporary Internet Files\Content.IE5\LHZVKPHL\mxd[2].jpg
      Supprimé ! C:\Documents and Settings\Elise\Local Settings\Temporary Internet Files\Content.IE5\LHZVKPHL\servernames[1].htm
      Supprimé ! C:\Documents and Settings\Elise\Local Settings\Temporary Internet Files\Content.IE5\W5R2WOTP\mxd[1].jpg
      Supprimé ! C:\Documents and Settings\Elise\Local Settings\Temporary Internet Files\Content.IE5\W5R2WOTP\mxd[2].jpg

      ################## | Registre / Clés infectieuses |

      Supprimé ! [HKLM\SYSTEM\ControlSet003\Services\sK9Ou0s]
      Supprimé ! [HKLM\SYSTEM\ControlSet003\Services\srosa]
      Supprimé ! [HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S]
      Supprimé ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA]
      Supprimé ! [HKCU\Software\bisoft]
      Supprimé ! [HKCU\Software\DateTime4]
      Supprimé ! [HKCU\Software\MuleAppData]
      Supprimé ! [HKCU\Software\WS35]
      Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
      Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "german.exe"
      Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "mule_st_key"
      Supprimé ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]

      ################## | Etat / Services / Informations |

      # Mode sans echec restauré !

      # Affichage des fichiers cachés : OK

      # Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
      # EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
      # Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
      # SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
      # wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
      # wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

      ################## | PEH ... |

      Corrompu : C:\Program Files\Alwil Software\Avast4\ashAvast.exe
      [Offset = 0000011C - Valeur = 0x0001]

      Corrompu : C:\Program Files\Alwil Software\Avast4\ashDisp.exe
      [Offset = 00000124 - Valeur = 0x0001]

      Corrompu : C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      [Offset = 0000010C - Valeur = 0x0001]

      Corrompu : C:\Program Files\Alwil Software\Avast4\ashServ.exe
      [Offset = 00000124 - Valeur = 0x0001]

      Corrompu : C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
      [Offset = 00000124 - Valeur = 0x0001]

      Corrompu : C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      [Offset = 00000114 - Valeur = 0x0001]

      Corrompu : C:\Program Files\Alwil Software\Avast4\aswRegSvr.exe
      [Offset = 000000D4 - Valeur = 0x0001]

      Corrompu : C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      [Offset = 00000114 - Valeur = 0x0001]

      Corrompu : C:\Program Files\Alwil Software\Avast4\copyx64.exe
      [Offset = 000000CC - Valeur = 0x0001]

      Corrompu : C:\Program Files\Oberon Media\Flower Shop - Big City Break\Launch.exe
      [Offset = 000000F4 - Valeur = 0x0001]

      Corrompu : C:\Program Files\Return to Castle Wolfenstein\register.exe
      [Offset = 000000DC - Valeur = 0x0001]

      Corrompu : C:\Program Files\Return to Castle Wolfenstein\sysinfo.exe
      [Offset = 00000084 - Valeur = 0x0001]

      Corrompu : C:\Program Files\Wanadoo\Monitor.exe
      [Offset = 000000EC - Valeur = 0x0001]

      Corrompu : C:\WINDOWS\$hf_mig$\KB873339\update\update.exe
      [Offset = 000000EC - Valeur = 0x0001]

      Tentative de réparation...
      Sauvegarde : update.exe.REN
      [Offset = 000000EC - Nouvelle valeur = 0x4C01]
      Fichier réparé avec succès.


      Corrompu : C:\WINDOWS\$hf_mig$\KB885250\update\update.exe
      [Offset = 000000EC - Valeur = 0x0001]

      Tentative de réparation...
      Sauvegarde : update.exe.REN
      [Offset = 000000EC - Nouvelle valeur = 0x4C01]
      Fichier réparé avec succès.


      Corrompu : C:\WINDOWS\$hf_mig$\KB885835\update\update.exe
      [Offset = 000000EC - Valeur = 0x0001]

      Tentative de réparation...
      Sauvegarde : update.exe.REN
      [Offset = 000000EC - Nouvelle valeur = 0x4C01]
      Fichier réparé avec succès.


      Corrompu : C:\WINDOWS\$hf_mig$\KB885836\update\update.exe
      [Offset = 000000EC - Valeur = 0x0001]

      Tentative de réparation...
      Sauvegarde : update.exe.REN
      [Offset = 000000EC - Nouvelle valeur = 0x4C01]
      Fichier réparé avec succès.


      Corrompu : C:\WINDOWS\$hf_mig$\KB886185\update\update.exe
      [Offset = 000000EC - Valeur = 0x0001]

      Tentative de réparation...
      Sauvegarde : update.exe.REN
      [Offset = 000000EC - Nouvelle valeur = 0x4C01]
      Fichier réparé avec succès.


      Corrompu : C:\WINDOWS\$hf_mig$\KB887472\update\update.exe
      [Offset = 000000EC - Valeur = 0x0001]

      Tentative de réparation...
      Sauvegarde : update.exe.REN
      [Offset = 000000EC - Nouvelle valeur = 0x4C01]
      Fichier réparé avec succès.


      Corrompu : C:\WINDOWS\$hf_mig$\KB887742\update\update.exe
      [Offset = 000000EC - Valeur = 0x0001]

      Tentative de réparation...
      Sauvegarde : update.exe.REN
      [Offset = 000000EC - Nouvelle valeur = 0x4C01]
      Fichier réparé avec succès.


      Corrompu : C:\WINDOWS\$hf_mig$\KB888113\update\update.exe
      [Offset = 000000EC - Valeur = 0x0001]

      Tentative de réparation...
      Sauvegarde : update.exe.REN
      [Offset = 000000EC - Nouvelle valeur = 0x4C01]
      Fichier réparé avec succès.


      Corrompu : C:\WINDOWS\$hf_mig$\KB888302\update\update.exe
      [Offset = 000000EC - Valeur = 0x0001]

      Tentative de réparation...
      Sauvegarde : update.exe.REN
      [Offset = 000000EC - Nouvelle valeur = 0x4C01]
      Fichier réparé avec succès.


      Corrompu : C:\WINDOWS\$hf_mig$\KB891781\update\update.exe
      [Offset = 000000EC - Valeur = 0x0001]

      Tentative de réparation...
      Sauvegarde : update.exe.REN
      [Offset = 000000EC - Nouvelle valeur = 0x4C01]
      Fichier réparé avec succès.


      Corrompu : C:\WINDOWS\$hf_mig$\KB970430\update\update.exe
      [Offset = 000000EC - Valeur = 0x0001]

      Tentative de réparation...
      Sauvegarde : update.exe.REN
      [Offset = 000000EC - Nouvelle valeur = 0x4C01]
      Fichier réparé avec succès.


      Corrompu : C:\WINDOWS\$hf_mig$\KB971737\update\update.exe
      [Offset = 000000EC - Valeur = 0x0001]

      Tentative de réparation...
      Sauvegarde : update.exe.REN
      [Offset = 000000EC - Nouvelle valeur = 0x4C01]
      Fichier réparé avec succès.


      Corrompu : C:\WINDOWS\$hf_mig$\KB973904\update\update.exe
      [Offset = 000000EC - Valeur = 0x0001]

      Tentative de réparation...
      Sauvegarde : update.exe.REN
      [Offset = 000000EC - Nouvelle valeur = 0x4C01]
      Fichier réparé avec succès.


      Corrompu : C:\WINDOWS\$hf_mig$\KB974318\update\update.exe
      [Offset = 000000EC - Valeur = 0x0001]

      Tentative de réparation...
      Sauvegarde : update.exe.REN
      [Offset = 000000EC - Nouvelle valeur = 0x4C01]
      Fichier réparé avec succès.


      Corrompu : C:\WINDOWS\$hf_mig$\KB974392\update\update.exe
      [Offset = 000000EC - Valeur = 0x0001]

      Tentative de réparation...
      Sauvegarde : update.exe.REN
      [Offset = 000000EC - Nouvelle valeur = 0x4C01]
      Fichier réparé avec succès.


      Corrompu : C:\WINDOWS\$hf_mig$\KB976325-IE8\update\update.exe
      [Offset = 000000EC - Valeur = 0x0001]

      Tentative de réparation...
      Sauvegarde : update.exe.REN
      [Offset = 000000EC - Nouvelle valeur = 0x4C01]
      Fichier réparé avec succès.


      Corrompu : C:\WINDOWS\system32\dllcache\register.exe
      [Offset = 000000E4 - Valeur = 0x0001]

      Tentative de réparation...
      Sauvegarde : register.exe.REN
      [Offset = 000000E4 - Nouvelle valeur = 0x4C01]
      Fichier réparé avec succès.



      ################## | Cracks / Keygens / Serials |


      ################## | ! Fin du rapport # FindyKill V5.023 ! |
      0
  2. Utilisateur anonyme
     
    Ton Avast est HS, désinstalle le et je te conseille un anti-virus plus efficace, c'est à toi de choisir

    http://www.commentcamarche.net/telecharger/telecharger-55-antivir
    Avira Antivir télécharge une pop-up qui propose la version payante lorsque qu'il se met à jour
    quotidiennement. Ne pas s'inquiéter, ferme cette pop-up tout simplement
    Configure le
    https://www.commentcamarche.net/faq/16831-tutoriel-configuration-optimale-d-antivir-personal

    on va faire un bilan du PC
    Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

    - http://images.malwareremoval.com/random/RSIT.exe

    ! Déconnecte toi et ferme toutes tes applications en cours !

    * Double-clique sur RSIT.exe pour le lancer .
    * Une première fenêtre s'ouvre avec en titre : Disclaimer of warranty .
    * Devant l'option List files/folders created ... , tu choisis 2 months
    * Clique ensuite sur Continue pour lancer l'analyse ...
    * Laisse faire le scan et ne touche pas au PC ...
    * Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).
    * Héberge le contenu de log.txt (c'est celui qui apparait à l'écran), ainsi que de info.txt ici.
    Clique sur parcourir
    Une fois que tu as trouvé les rapports à héberger, clique sur ouvrir
    Clique sur Cliquez ici pour déposer le fichier, puis donne le lien
    qui apparait comme ceci http:/www.cijoint.fr/cjlink.php?file=cj200911/cijgAdC3Ch.txt

    Note : les rapports seront en outre sauvegardés dans ce dossier C:\rsit
    0
  3. lilise
     
    Voila donc j'ai desinstallé avast et installer antivir
    Et voici les resultats du bilan du pc

    info.txt
    http://www.cijoint.fr/cjlink.php?file=cj201001/cijg5HXSvV.txt

    log.txt
    http://www.cijoint.fr/cjlink.php?file=cj201001/cijW7nj8j2.txt

    Alors qu'est-ce que ça donne ? J'espère que ça sera bon
    Par contre toute cette histoire m'a aussi enlevé mon parfeu (kerio) peut-tu m'en conseiller un bien ?
    Merci
    0
    1. Utilisateur anonyme
       
      encore plusieurs infections, dont plusieurs programmes infectieux, dont Eminent, SweetIM, Game Bar

      pour le pare-feu, si tu sais t'en servir, il y a Comodo, ou Zone Alarm, je crois que celui là bouffe un peu de ressources, mais kerio est bien aussi, tu peux essayer de le réinstaller

      Télécharge AD Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
      http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe
      ou
      https://www.androidworld.fr/

      Désactive l'anti-virus

      Déconnecte toi et ferme toutes les applications en cours

      Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
      Double-clique sur l'icône Ad-remover présent sur ton bureau pour le lancer
      Au menu principal, sélectionne l'option L, puis appuie sur la touche entrée
      Poste le rapport qui apparait à la fin .

      ( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

      (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

      Note :
      "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
      Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
      Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall
      0
  4. lilise
     
    Voilà le rapport :

    .
    ======= RAPPORT D'AD-REMOVER 1.1.4.6_G | UNIQUEMENT XP/VISTA/7 =======
    .
    Mis à jour par C_XX le 05.01.2010 à 18:50
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 11:09:15, 07/01/2010 | Mode Normal | Option: CLEAN
    Exécuté de: C:\PROGRA~1\AD-REM~1\
    Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
    Nom du PC: BLONDEAU-0ED7F4 | Utilisateur actuel: Elise

    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .

    C:\windows\Downloaded Program Files\F3initialsetup1.0.0.15-3.inf
    C:\windows\Installer\{E1B94435-241E-4519-B1C3-C4DD9EB352A2}
    C:\windows\System32\f3PSSavr.scr
    C:\windows\pack.epk
    C:\windows\Temp\msksetup.log
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\GamesBar
    C:\Program Files\FunWebProducts
    C:\Program Files\GamesBar
    C:\Program Files\Internet Optimizer
    C:\Program Files\Macrogaming
    C:\Program Files\MailSkinner
    C:\Program Files\MyWebSearch
    C:\Program Files\Trymedia
    C:\Program Files\webHancer
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
    C:\Documents and Settings\Elise\Local Settings\Application Data\Iminent
    C:\windows\System32\parbed.dat
    C:\windows\System32\parbed.exe
    C:\windows\System32\parbed_nav.dat
    C:\windows\System32\parbed_navps.dat

    (!) -- Fichiers temporaires supprimés.

    .
    HKCU\software\Casino Tropez
    HKCU\software\fcn
    HKCU\software\GamesBar
    HKCU\software\Iminent
    HKCU\software\LanConfig
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A93C934-025B-4C3A-B38E-9654A7003239}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
    HKCU\software\SWEETIE
    HKCU\software\Trymedia Systems
    HKLM\software\Casino Tropez
    HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
    HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
    HKLM\Software\Classes\CLSID\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}
    HKLM\Software\Classes\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94}
    HKLM\Software\Classes\CLSID\{31A59636-0FA3-4A56-954D-DB7AD02840D8}
    HKLM\Software\Classes\CLSID\{3FA917B9-DF69-477F-9E4F-B60D929DE79F}
    HKLM\Software\Classes\CLSID\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}
    HKLM\Software\Classes\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
    HKLM\Software\Classes\CLSID\{74CC49F7-EB32-4A08-B204-948962A6E3DB}
    HKLM\Software\Classes\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}
    HKLM\Software\Classes\CLSID\{8C875948-9C60-4381-9248-0DF180542D53}
    HKLM\Software\Classes\CLSID\{A14C0D8D-E753-4E73-9E2B-4070791D8940}
    HKLM\Software\Classes\CLSID\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
    HKLM\Software\Classes\CLSID\{C2BAA4C9-AE1E-4605-AE2F-A1C49A30D881}
    HKLM\Software\Classes\CLSID\{CB0D163C-E9F4-4236-9496-0597E24B23A5}
    HKLM\Software\Classes\CLSID\{ED8525EA-2BFC-4440-BD8A-20EFB9D5E541}
    HKLM\software\classes\HbCoreSrv.DynamicProp
    HKLM\software\classes\HbCoreSrv.DynamicProp.1
    HKLM\Software\Classes\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}
    HKLM\Software\Classes\Interface\{1C1793E0-1034-4CAC-837D-AA545F6961BF}
    HKLM\Software\Classes\Interface\{38A7C9DA-8DB7-4D0F-A7B1-C4B1A305BDDB}
    HKLM\Software\Classes\Interface\{421745E9-16DF-4EE4-A758-D51F939C49CB}
    HKLM\Software\Classes\Interface\{4331EC56-0AAB-499E-8757-DD2EE44AD671}
    HKLM\Software\Classes\Interface\{54286C3A-E044-4E65-BD44-528D6AE28A18}
    HKLM\Software\Classes\Interface\{5F2B9DE7-F878-4762-8CFE-E9C58F082F0E}
    HKLM\Software\Classes\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}
    HKLM\Software\Classes\Interface\{8D292EC0-6792-4A38-82ED-73A087E41BA6}
    HKLM\Software\Classes\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}
    HKLM\Software\Classes\Interface\{B671426C-5C1A-48AC-9652-BC9402B1C404}
    HKLM\Software\Classes\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}
    HKLM\Software\Classes\Interface\{D082721F-4BD4-4B8B-BB82-06753EE6174F}
    HKLM\Software\Classes\Interface\{D24F9D3C-5D4C-47F8-9AB7-632B44AD6A0D}
    HKLM\Software\Classes\Interface\{DC065FA6-08F9-4C50-99DC-275D16CFC5BD}
    HKLM\Software\Classes\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}
    HKLM\software\classes\Oberontb.Band
    HKLM\software\classes\Oberontb.Band.1
    HKLM\software\classes\SWEETIE.IEToolbar
    HKLM\software\classes\SWEETIE.IEToolbar.1
    HKLM\software\classes\SWEETIE.SWEETIE
    HKLM\software\classes\SWEETIE.SWEETIE.1
    HKLM\software\classes\ToolBand.SWEETIE
    HKLM\software\classes\ToolBand.SWEETIE.1
    HKLM\Software\Classes\TypeLib\{45397063-D7D0-47C2-9508-26487608A298}
    HKLM\Software\Classes\TypeLib\{4CF5A3C1-07A2-4336-9B54-6870452EBDE1}
    HKLM\Software\Classes\TypeLib\{71E9CF40-AF72-4B55-BD3F-1FEA2A0EAEA6}
    HKLM\Software\Classes\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36}
    HKLM\Software\Classes\TypeLib\{98635087-3F5D-418F-990C-B1EFE0797A3B}
    HKLM\Software\Classes\TypeLib\{AD76633E-E50D-4844-9E7F-4DFBC7C18467}
    HKLM\software\FocusInteractive
    HKLM\software\Fun Web Products
    HKLM\software\FunWebProducts
    HKLM\software\GamesBar
    HKLM\software\GamesBarSetup
    HKLM\software\iAvatars.com
    HKLM\software\Iminent
    HKLM\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
    HKLM\Software\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
    HKLM\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer
    HKLM\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent
    HKLM\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion
    HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{F86FFD86-1966-4C6C-99D9-44A6E7AB97E3}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB0D163C-E9F4-4236-9496-0597E24B23A5}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\IMBooster
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Iminent.Notifier
    HKLM\software\microsoft\windows\currentversion\uninstall\GamesBar
    HKLM\software\microsoft\windows\currentversion\uninstall\parbed
    HKLM\software\MyWebSearch
    HKLM\software\Trymedia Systems
    .
    ============== Scan additionnel ==============
    .
    .
    * Internet Explorer Version 8.0.6001.18702 *
    .
    [HKEY_CURRENT_USER\..\Internet Explorer\Main]
    .
    Do404Search: 01000000
    Local Page: C:\windows\system32\blank.htm
    Show_ToolBar: yes
    Enable Browser Extensions: yes
    Use Search Asst: no
    Start Page: hxxp://fr.msn.com/
    Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Local Page: C:\windows\system32\blank.htm
    Start Page: hxxp://fr.msn.com/
    Search bar: hxxp://search.msn.com/spbasic.htm
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    .
    ============== Suspect (Cracks, Serials, ...) ==============
    .
    C:\Documents and Settings\Claudine & Thierry\Local Settings\Temp\Patch_MSN_Messenger.EXE
    .
    ===================================
    .
    8961 Octet(s) - C:\Ad-Report-CLEAN[1].log
    .
    0 Fichier(s) - C:\DOCUME~1\Elise\LOCALS~1\Temp
    1 Fichier(s) - C:\windows\Temp
    6 Fichier(s) - C:\windows\Prefetch
    .
    16 Fichier(s) - C:\PROGRA~1\AD-REM~1\BACKUP
    147 Fichier(s) - C:\PROGRA~1\AD-REM~1\QUARANTINE
    .
    Fin à: 12:35:43 | 07/01/2010 - CLEAN[1]
    .
    ============== E.O.F ==============
    .
    0
    1. Utilisateur anonyme
       
      bonjour
      C:\Documents and Settings\Claudine & Thierry\Local Settings\Temp\Patch_MSN_Messenger.EXE
      .

      crack vecteur d'infections, il faut le supprimer

      Tu as aussi un rogue Registry doctor faux nettoyeur de registre. Les rogues sont aussi de faux logiciels de sécurité

      Télécharge malwarebytes' anti-malware
      https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
      Enregistre le sur le bureau
      Double-clique sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation
      Si la pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
      Il va se mettre à jour une fois faite
      Va dans l'onglet recherche
      Sélectionne exécuter un examen complet
      Clique sur rechercher
      Le scan démarre
      A la fin de l'analyse, le message s'affiche: L'examen s'est terminé normalement.
      Clique sur afficher les résultats pour afficher les objets trouvés
      Clique sur OK pour pousuivre
      Si des malwares ont été détectés, cliquer sur afficher les résultats
      Sélectionne tout (ou laisser coché)
      Clique sur supprimer la sélection
      Malwarebytes va détruire les fichiers et les clés de registre et en mettre une
      copie dans la quarantaine
      Malewarebytes va ouvrir le bloc-note et y copier le rapport
      Redémarre le PC
      Une fois redémarré, double-clique sur Malewarebytes
      Va dans l'onglet rapport/log
      Clique dessus pour l'afficher une fois affiché, cliquer sur édition en haut du
      bloc-note puis sur sélectionner tout
      Revient sur édition, puis sur copier et revient sur le forum et dans ta réponse
      Clic droit dans le cadre de la réponse et coller
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. lilise
     
    donc j'ai supprimer le fichier et voilà le rapport de malwarebytes

    Malwarebytes' Anti-Malware 1.43
    Version de la base de données: 3508
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    07/01/2010 18:47:55
    mbam-log-2010-01-07 (18-47-55).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 326808
    Temps écoulé: 1 hour(s), 55 minute(s), 16 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 46
    Valeur(s) du Registre infectée(s): 4
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 10
    Fichier(s) infecté(s): 40

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\hbtcoresrv.hbtcoreservices (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbtcoresrv.hbtcoreservices.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbtcoresrv.lfgax (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbtcoresrv.lfgax.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbthostol.hbtmailanim (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbthostol.hbtmailanim.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbthostol.hbtwebmailsend (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbthostol.hbtwebmailsend.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbtinstie.hbinstobj (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbtinstie.hbinstobj.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbtools.hbtcommband (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbtools.hbtcommband.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbttools.hbmain (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\hbttools.hbmain.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{023a4648-601a-4c30-8a2e-c72ebfa99af6} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{19ebcbe0-9245-4397-bc5d-883d34782043} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1e07646f-07c4-4847-a250-0ec8114f2963} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{38370864-346f-4afa-8c4b-4fbff518c0bb} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{5d16197a-1eaa-45af-b29a-69f1aa055e87} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{8654592e-952a-4e7c-a960-304763b35fa6} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} (Adware.NetOptimizer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} (Adware.NetOptimizer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f43ec88b-b6c8-4969-a763-e2bf55602cce} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f814be58-1bf9-4b50-829a-e889f86127ad} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{460ac4db-b0de-4626-a0f0-175dd84dcb9b} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31a59636-0fa3-4a56-954d-db7ad02840d8} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3fa917b9-df69-477f-9e4f-b60d929de79f} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4b18dd50-c996-44fc-ac52-0fecff82ed58} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8c875948-9c60-4381-9248-0df180542d53} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ed8525ea-2bfc-4440-bd8a-20efb9d5e541} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\AMeOpt (Adware.NetOptimizer) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\RegistryDoktorFrNE (Rogue.RegistryDoctor) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\winantivirus pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\AMeOpt (Adware.NetOptimizer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout (Adware.NetOptimizer) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\parbed (Trojan.Agent.H) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{10e42047-deb9-4535-a118-b3f6ec39b807} (Adware.ISTBar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\pmsngr.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\bootstera (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Elise\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Elise\Application Data\WinAntiVirus Pro 2006\Logs (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
    C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
    C:\Program Files\MessengerSkinner (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\Montorgueil (Trojan.Dialer) -> Quarantined and deleted successfully.
    C:\Program Files\Montorgueil\Piporama (Trojan.Dialer) -> Quarantined and deleted successfully.
    C:\Program Files\SideFind (Adware.ISTBar) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\AVP 2009 (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\msskinner (Adware.EGDAccess) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\Ad-Remover\QUARANTINE\PROGRA~1\MYWEBS~1\SrchAstt\1.bin\MWSSRCAS.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP963\A0332266.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP964\A0332290.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP964\A0332291.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP964\A0332292.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP964\A0332311.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP964\A0332320.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP964\A0332323.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP964\A0332556.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP964\A0333027.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP964\A0333026.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP964\A0333028.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP965\A0333194.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP965\A0333198.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP965\A0333202.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP965\A0333557.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP965\A0333558.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP965\A0333559.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP965\A0334137.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP965\A0334140.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP965\A0334509.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP965\A0334517.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP965\A0334522.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP965\A0334510.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP966\A0334729.exe (Rogue.AntivirusDoktor) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP967\A0334768.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{4A876EE1-27EC-42C4-BBEE-6610BBB6315C}\RP967\A0334769.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\1024\ld4C30.tmp (Malware.Packer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Elise\Application Data\WinAntiVirus Pro 2006\PGE.dat (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
    C:\Program Files\Montorgueil\14.05068 (Trojan.Dialer) -> Quarantined and deleted successfully.
    C:\Program Files\Montorgueil\Piporama\Piporama.ico (Trojan.Dialer) -> Quarantined and deleted successfully.
    C:\Program Files\Montorgueil\Piporama\Thumbs.db (Trojan.Dialer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\AVP 2009\1.dat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\msskinner\msbackup.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msegcompid.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\stera.job (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
    C:\WINDOWS\Downloaded Program Files\EGAUTH.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\Downloaded Program Files\sysiasvc32.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\Downloaded Program Files\syswbsvc32.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
    0
    1. Utilisateur anonyme
       
      Vide la quarantaine de Malwarebytes, ton PC était un nid à infections
      Il va falloir faire attention lorsque tu télécharges quelque chose, renseignes toi d'abord avant de télécharger, car là tu as téléchargé pas mal de rogues faux anti-virus, de programmes infectieux tel que My Web Search, Pop Cap, Net Optimizer, Hot Bar, Iminent, Sweetie, SweetIM, Game Bar, Mail Skinner, Registry Doctor, faux nettoyeur de registre
      Il faut bannir tout ceci, car cela infecte les PC
      Eviter aussi les téléchargements de fichiers par les logiciels P2P (Shareaza, Limewire, Emule, Bittorent)
      Mieux vaut télécharger des logiciels connus sur les sites officiels, de bonne réputations, et bien connus
      0
  7. lilise
     
    Oui, merci, je crois que ça m'as servi de leçon.
    Donc une fois la quarantaine de malwarebytes vider mon problème est resolu ? le bagle n'est plus ds mon ordi ?
    Une dernière question : est-ce je doit garder ou supprimer les logiciels que tu m'as fais telecharger ? (findykill, malwarebytes ...)

    Et encore MERCI je me voyait tous reinstaller windows.
    0
    1. Utilisateur anonyme
       
      tu es très loin de réinstaller Windows, c'est nettement mieux, bagle est éradiqué, mais tu avais plein d'autres infections comme je te l'ai expliqué comment tu avais beaucoup infecté ton PC
      pourrai tu me refaire un RSIT
      à la fin, je te donnerai les dernières recommandations pour prendre soin de ton PC
      0
  8. lilise
     
    Par contre y'a que log.txt qui s'est affiché :

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Elise at 2010-01-07 21:50:48
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 37 GB (31%) free of 117 GB
    Total RAM: 511 MB (53% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:50:49, on 07/01/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\windows\System32\svchost.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\windows\system32\svchost.exe
    C:\windows\Explorer.EXE
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\windows\system32\ntvdm.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\USB Disk Win98 Driver\Res.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\windows\vsnpstd2.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\windows\system32\ctfmon.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\Magentic\bin\MgApp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Elise\Mes documents\Downloads\RSIT (1).exe
    C:\Program Files\trend micro\Elise.exe
    C:\windows\system32\HPZipm12.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file)
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    F3 - REG:win.ini: run= lxdboxcp.exe
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: (no name) - {E6F3D849-220F-B5F1-C818-EE94D660FC51} - C:\DOCUME~1\Elise\APPLIC~1\CURBDU~1\MemoBash.exe (file missing)
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: barre d'outils Orange - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\orange\ToolbarFR\ToolbarContainer101000313.dll
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Voyance] C:\Program Files\Allocam Multi Visio\voyance.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
    O4 - HKLM\..\Run: [BrowserSessionManager] C:\Program Files\Orange\Navigateur\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SNPSTD2] C:\windows\vsnpstd2.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
    O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [RegDokFRT] C:\Program Files\RegistryDoktor 4.1\RegistryDoktor.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\DOCUME~1\Elise\LOCALS~1\Temp\cceD1.html
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: traduire la page - C:\DOCUME~1\Elise\LOCALS~1\Temp\cceCF.html
    O8 - Extra context menu item: traduire le texte sélectionné - C:\DOCUME~1\Elise\LOCALS~1\Temp\cceD0.html
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\orange\ToolbarFR\ToolbarContainer101000313.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\orange\ToolbarFR\ToolbarContainer101000313.dll
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\orange\ToolbarFR\ToolbarContainer101000313.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - "C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\..\Launcher\Exe\SilentLauncher.exe" (file missing)
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - "C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\..\Launcher\Exe\SilentLauncher.exe" (file missing)
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden-test.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - https://www.afternic.com/domains/downloadv3.com
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://moielise22ans.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5392B545-31A5-4724-BEF3-4FED1D56FDAC} (CPlayFirstDinerDash2_frControl Object) - file:///C:/Documents%20and%20Settings/Elise/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/DinerDash2_fr.1.0.0.70.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - https://www.afternic.com/domains/downloadv3.com
    O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumblebugs/axhost.cab
    O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - https://www.afternic.com/domains/downloadv3.com
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
    O16 - DPF: {A13516A3-BE86-4517-813C-B5FF0C8ACDF3} (Toontown Installer ActiveX Control French) - http://downloadtoontown.goa.com/sv1.5.11.7/ttinst-french.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://caebmm.imgag.com/imgag/cp/install/crusher-cae.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file:///C:/Documents%20and%20Settings/Elise/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v10.cab
    O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab
    O22 - SharedTaskScheduler: {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - coursings - (no file)
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Google Update Service (gupdate1c9ecf7c509b116) (gupdate1c9ecf7c509b116) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    0
    1. Utilisateur anonyme
       
      Tu as encore des traces d'infections, je pense qu'on va procéder à un script pour les supprimer, ne t'inquiète pas, c'est pas trop grave, il va falloir que je fasse quelques recherches, il va falloir patienter
      Après qu'on aura fait cela, on procèdera au nettoyage du PC
      0
      1. lilise > Utilisateur anonyme
         
        ok j'attend de tes nouvelles
        0
      2. Utilisateur anonyme > lilise
         
        je suis en contact avec une personne pour avis
        0
  9. la lumiére de l'orient Messages postés 1 Statut Membre
     
    bonjours,
    j ai un pbl sur mn pc , je pense c est 1 virus qui m'attaque
    c est server.exe
    s'il y a qlq a le tallent de m'aidé ?
    j vs remercie
    0
    1. lilise
       
      Bonjour, je pense que tu devrais faire ton propre post y aura plus de monde pour t'aider
      un cas desesperé à la fois :)
      0
  10. Utilisateur anonyme
     
    Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent

    ▶ Télécharge List&Kill'em et enregistre le sur ton bureau
    http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem.zip
    ▶ dezippe-le , (clic droit/ extraire.....)

    Il ne necessite pas d'installation

    ▶ double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

    choisis la langue puis choisis l'option 1 = Mode Recherche

    ▶ laisse travailler l'outil

    un rapport du nom de catchme apparait sur ton bureau , ignore-le , mais ne le supprime pas pour l instant

    ▶ Poste le contenu du rapport qui s'ouvre
    0
  11. Utilisateur anonyme
     
    je m'adresse à la lumière de l'orient
    il ne faut pas écrire en SMS ici, car je ne comprends pas tout
    ouvre un sujet pour ton problème

    lilise tu fait le post 18
    0
  12. lilise
     
    List'em by g3n-h@ckm@n 1.1.7.1

    Thx to Chiquitine29.....& CCM team

    voila le rapport, mais ça ne m'as pas mis le catchme

    User : Elise (Administrateurs) # BLONDEAU-0ED7F4
    Update on 03/12/2009 by g3n-h@ckm@n ::::: 21:00
    Start at: 23:21:20 | 07/01/2010
    Contact : g3n-h@ckm@n sur CCM

    AMD Athlon(tm) 64 Processor 3000+
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Enabled
    AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]

    A:\ -> Lecteur de disquettes 3 ½ pouces
    C:\ -> Disque fixe local | 114,48 Go (35,96 Go free) | NTFS
    D:\ -> Disque CD-ROM
    E:\ -> Disque CD-ROM
    F:\ -> Disque CD-ROM

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\windows\System32\smss.exe
    C:\windows\system32\csrss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\svchost.exe
    C:\windows\system32\svchost.exe
    C:\windows\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\windows\system32\svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\windows\System32\svchost.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\alg.exe
    C:\windows\Explorer.EXE
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\windows\system32\ntvdm.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\USB Disk Win98 Driver\Res.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\windows\vsnpstd2.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\windows\system32\ctfmon.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\Magentic\bin\MgApp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Documents and Settings\Elise\Bureau\List_Kill'em.exe
    C:\windows\system32\cmd.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Documents and Settings\Elise\Local Settings\Temp\1A9.tmp\pv.exe
    C:\WINDOWS\SYSTEM\LXDBOXCP.EXE
    C:\WINDOWS\SYSTEM32\WOWEXEC.EXE

    ======================
    Keys "Run"
    ======================
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    ctfmon.exe REG_SZ C:\windows\system32\ctfmon.exe
    updateMgr REG_SZ "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    MailSkinner REG_SZ c:\program files\mailskinner\mailskinner.exe
    Magentic REG_SZ C:\PROGRA~1\Magentic\bin\Magentic.exe /c
    swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    RegDokFRT REG_SZ C:\Program Files\RegistryDoktor 4.1\RegistryDoktor.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    Adobe Photo Downloader REG_SZ "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
    Voyance REG_SZ C:\Program Files\Allocam Multi Visio\voyance.exe
    OpwareSE2 REG_SZ "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    SystrayORAHSS REG_SZ "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
    Sony Ericsson PC Suite REG_SZ "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    USB Storage Toolbox REG_SZ C:\Program Files\USB Disk Win98 Driver\Res.EXE
    BrowserSessionManager REG_SZ C:\Program Files\Orange\Navigateur\SessionManager\SessionManager.exe
    WOOWATCH REG_SZ C:\PROGRA~1\Wanadoo\Watch.exe
    WOOTASKBARICON REG_SZ C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    <NO NAME> REG_SZ
    TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
    SNPSTD2 REG_SZ C:\windows\vsnpstd2.exe
    avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    =====================
    Other Keys
    =====================
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    dontdisplaylastusername REG_DWORD 0 (0x0)
    legalnoticecaption REG_SZ
    legalnoticetext REG_SZ
    shutdownwithoutlogon REG_DWORD 1 (0x1)
    undockwithoutlogon REG_DWORD 1 (0x1)
    EnableLUA REG_DWORD 0 (0x0)

    ===============
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoDriveTypeAutoRun REG_BINARY 95000000

    ===============
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    HonorAutoRunSetting REG_DWORD 1 (0x1)

    ===============
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLS REG_SZ

    ===============
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

    ===============
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    {AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

    ===============
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\WINDOWS\Temp\NavBrowser.exe REG_SZ C:\WINDOWS\Temp\NavBrowser.exe:*:Disabled:NAVBrowser
    C:\Program Files\Duke Nukem - Manhattan Project\prism3d.exe REG_SZ C:\Program Files\Duke Nukem - Manhattan Project\prism3d.exe:*:Disabled:prism3d
    C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe REG_SZ C:\Program Files\Return to Castle Wolfenstein\WolfMP.exe:*:Enabled:WolfMP
    C:\Program Files\Activision Value\Secret Service Security Breach\run.exe REG_SZ C:\Program Files\Activision Value\Secret Service Security Breach\run.exe:*:Enabled:run
    C:\Program Files\Lords of EverQuest\Lords.ree REG_SZ C:\Program Files\Lords of EverQuest\Lords.ree:*:Enabled:Lords of Everquest
    C:\Program Files\Livecom\Application\eConfv4\ftplayer.exe REG_SZ C:\Program Files\Livecom\Application\eConfv4\ftplayer.exe:*:Enabled:eConf player
    C:\Program Files\Livecom\Application\Exe\Livecom.exe REG_SZ C:\Program Files\Livecom\Application\Exe\Livecom.exe:*:Enabled:Livecom
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe REG_SZ C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI
    C:\Program Files\IncrediMail\bin\IMApp.exe REG_SZ C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail
    C:\Program Files\IncrediMail\bin\IncMail.exe REG_SZ C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
    C:\Program Files\IncrediMail\bin\ImpCnt.exe REG_SZ C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail
    C:\Program Files\IncrediMail\bin\ImLc.exe REG_SZ C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail
    C:\Documents and Settings\Elise\Local Settings\Temp\ImInstaller\IncrediMail\IncrediMail_Install.exe REG_SZ C:\Documents and Settings\Elise\Local Settings\Temp\ImInstaller\IncrediMail\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer
    %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
    C:\Program Files\MSN Messenger\msncall.exe REG_SZ C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
    C:\Program Files\Magentic\bin\Magentic.exe REG_SZ C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic
    C:\Program Files\Magentic\bin\MgApp.exe REG_SZ C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic
    C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
    C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
    C:\WINDOWS\system32\mcoinstall.exe REG_SZ C:\WINDOWS\system32\mcoinstall.exe:*:Enabled:mcoinstall
    C:\Program Files\SFR\Media Center\MediaCenter.exe REG_SZ C:\Program Files\SFR\Media Center\MediaCenter.exe:*:Enabled:Charger le Media Center
    C:\Program Files\eMule\eMule.exe REG_SZ C:\Program Files\eMule\eMule.exe:*:Enabled:eMule Plus
    C:\Program Files\Magentic\bin\MgImp.exe REG_SZ C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
    C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
    C:\Program Files\SFR\Media Center\httpd\httpd.exe REG_SZ C:\Program Files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)
    C:\WINDOWS\system32\dpvsetup.exe REG_SZ C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
    C:\WINDOWS\system32\rundll32.exe REG_SZ C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
    C:\Program Files\MSN Messenger\msncall.exe REG_SZ C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
    C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
    C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
    C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

    ===============
    ActivX controls
    ===============
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{00B71CFB-6864-4346-A978-C0A14556272C}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{01347765-1965-426B-91A4-AA6BB342B9A3}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{14B87622-7E19-4EA8-93B3-97215F77A6BC}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{205FF73B-CA67-11D5-99DD-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{2250C29C-C5E9-4F55-BE4E-01E45A40FCF1}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{39EA2F6F-3F50-4F58-9C63-4B3D53B0926E}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5392B545-31A5-4724-BEF3-4FED1D56FDAC}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6A060448-60F9-11D5-A6CD-0002B31F7455}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6AA85413-165C-4200-8154-71166077B22E}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{87056D28-9730-4A47-B9F9-7E890B62C58A}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8B3B8135-9DAA-40E7-8941-962795F9C1CB}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{97E71027-0BA2-44F2-97DB-F84D808ED0B6}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{A13516A3-BE86-4517-813C-B5FF0C8ACDF3}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{B8BE5E93-A60C-4D26-A2DC-220313175592}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{BD8667B7-38D8-4C77-B580-18C3E146372C}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D0C0F75C-683A-4390-A791-1ACFD5599AB8}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{FD40EC41-D860-4579-8BA4-52671A45C71C}

    ===============
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22209038-BAE2-413B-BA3C-137AA3D2AAD0}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{11D347EF-EA2A-481A-9E2D-31E536C5E660}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{15B78211-702A-4641-903E-3A571A91DE4C}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{19D0BD91-6699-17C6-8008-DA80E88F9001}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{21331C3B-8BF9-CE12-C2C2-C782E4F8284E}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{23AB2D9F-7366-7596-CC5F-5F11C8318683}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{260E2E14-3FAC-D90F-6A77-8AB5F9C5540D}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3BD51DFA-F02F-4CA1-7B97-AD081284BB6F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3D05DAF9-150D-3FF0-491C-9937E7598F0A}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4382523A-B916-4EF0-B79B-C4F5A9DBBBEF}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4CD1745D-2E51-4D40-50B6-4A9975825F30}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{543DC8E9-D409-A01A-1B92-9D6217FAE7ED}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{56778CA1-E834-4D66-2410-CB14C83E9CE0}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{68556DB8-458E-DB46-8FA9-E317823BC84F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{69C2A96C-2561-C9F9-ADB2-897024033296}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73ABC36C-AA83-DD06-D5AE-17344235C1E7}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7E36A622-D3AD-3407-84E9-105CC9E09EDF}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8603E58E-BB2E-4602-9C5E-8DBB68DCB14D}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{866D7D0E-D9CB-49B6-A103-E6FAEFD13969}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{91AFB5F7-48C8-3557-D848-CBF83BC64D32}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{93C26716-35AE-8B37-9015-2BA7BB2F81A8}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{98AE9FE1-2295-EF9C-D478-30C54D2B76DB}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9F1297DC-7F0F-2A00-EAFA-A03806BA2B72}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3B628E5-7338-477A-AC76-88455BCCB305}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3D1642B-1E0E-49E0-4E6A-4CA2CD14141C}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B5885D32-156B-49FF-BA57-1931B72A4CDD}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B78BEDD4-A3DA-823F-F6EF-628ADF9D315C}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BB6D9805-FBAC-9217-A6F1-E3BC5A9ECE68}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DEB8CC64-9F3E-1664-1179-EE753E2C5E77}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E9B920FB-C930-0DFB-A80A-2407EF1C0CBF}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ECF853BC-F1B8-8695-12EC-6C19AEB7247C}

    ==============
    BHO :
    ======
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E6F3D849-220F-B5F1-C818-EE94D660FC51}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

    ================
    Internet Explorer :
    ================
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.msn.com/fr-fr

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.msn.com/fr-fr

    ========
    Services
    ========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

    Ndisuio : 0x3
    EapHost : 0x2
    SharedAccess : 0x2
    wuauserv : 0x2

    =========

    =======
    Drive :
    =======

    D‚fragmenteur de disque Windows
    Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

    Rapport d'analyse
    114 Go total, 35,96 Go libre (31%), 15% fragment‚ (fragmentation du fichier 31%)

    Vous devriez d‚fragmenter ce volume.

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    C:\Program Files\Media-Codec
    C:\Program Files\NavExcel
    C:\windows\Downloaded Program Files\popcaploader.inf
    C:\windows\Fonts\GRGAREF.TTF
    C:\windows\System32\scrrun.dll.tmp
    C:\windows\System32\1024
    C:\windows\System32\drivers\etc\hosts.msn
    C:\windows\System32\ot.ico
    C:\windows\System32\stdole3.tlb
    C:\windows\System32\stera.log
    C:\windows\System32\ts.ico
    C:\windows\winstart.bat
    C:\Documents and Settings\Elise\Application Data\ViewerApp.dat
    C:\Documents and Settings\Elise\Application Data\MessengerSkinner

    ¤¤¤¤¤¤¤¤¤¤ Keys :

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
    HKCR\Install.Install
    HKCR\Install.Install\CLSID
    HKCR\Install.Install\CurVer
    HKCR\Install.Install.1
    HKCR\Install.Install.1\CLSID
    HKCR\Interface\{daa37aad-f156-4c2c-ac48-3c22ef92ae2f}
    HKCR\Typelib\{58906392-79C4-497C-ACC6-6942B59F1A08}
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cb0d163c-e9f4-4236-9496-0597e24b23a5}
    HKCU\software\Montorgueil
    HKLM\SOFTWARE\Classes\HbtHostIE.Bho
    HKLM\SOFTWARE\Classes\HbtHostIE.Bho.1
    HKLM\SOFTWARE\Classes\HbTools.HbtTravelCompareBar
    HKLM\SOFTWARE\Classes\HbTools.HbtTravelCompareBar.1
    HKLM\Software\Classes\TypeLib\{58906392-79C4-497C-ACC6-6942B59F1A08}
    HKLM\SOFTWARE\MailSkinner
    HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_FOPN
    HKLM\SYSTEM\ControlSet001\Services\vspf
    HKLM\SYSTEM\ControlSet001\Services\vspf_hk

    ================
    Other infections
    ================

    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-07 23:23:50
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:35eb3eb9
    "s2"=dword:5f738496
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000000
    "ujdew"=hex:d8,c0,47,1a,7b,a7,8c,26,08,22,b5,8a,20,c2,90,22,b9,6b,33,c6,34,..
    "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000000
    "ujdew"=hex:d8,c0,47,1a,7b,a7,8c,26,08,22,b5,8a,20,c2,90,22,b9,6b,33,c6,34,..
    "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
    "h0"=dword:00000000
    "ujdew"=hex:d8,c0,47,1a,7b,a7,8c,26,08,22,b5,8a,20,c2,90,22,b9,6b,33,c6,34,..
    "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user & kernel MBR OK

    ==========
    Programs
    ==========

    Acclaim Entertainment
    Action Solitaire
    Activision Value
    Ad-Remover
    Adobe
    Ahead
    Alcohol Soft
    Allocam Multi Visio
    Alwil Software
    Anuman Interactive
    ArcSoft
    AV VCS 3.0
    Avira
    AvRack
    Bandoo
    Bethesda Softworks
    Boonty
    BoontyGames
    Canon
    Common Files
    Corel
    Cyanide
    CyberLink
    Ddbhfo
    delir.gio
    denouvel
    DesktopPlant
    DIFX
    Digital
    DiMAGE Image Viewer Utility
    directx
    Dracula
    Eidos
    Electronic Arts
    Empire Interactive
    eMule
    epson
    ETIQUETT
    Every Toolbar 1.1
    Fichiers communs
    flight2
    GeneWeb Bases
    GeneWeb-4.09
    Gigabyte
    GIMP-2.0
    Google
    Griddlers
    Happy Note
    Hardwood Hearts
    Hardwood Solitaire III
    Hasbro
    Heart Of Darkness
    Heavy Weapon
    Hewlett-Packard
    HP
    IHOPPER
    Ihsv
    Incredijeux
    IncrediMail
    Infogrames
    InstallShield Installation Information
    Interactive Vision
    InterActual
    Internet Explorer
    Inventel
    IrfanView
    Java
    Jeux classiques
    JHC SoftWare
    JoWooD
    K-Lite Codec Pack
    KaraFun
    Kerio
    KPixGames
    Lavasoft
    LG Electronics
    LG PC Suite II
    LinCity-NG
    Livecom
    LivePix 1.1
    Logitech
    Lords of EverQuest
    Magentic
    Malwarebytes' Anti-Malware
    Maniac
    Media-Codec
    Mes Jeux Install‚s
    Mes Jeux T‚l‚charg‚s
    Messenger
    Messenger Plus! Live
    MessengerPlus! 3
    Micro Application
    Microsoft
    Microsoft Encarta
    microsoft frontpage
    Microsoft Games
    Microsoft Money
    Microsoft Office
    Microsoft Picture It! PhotoPub
    Microsoft Silverlight
    Microsoft SQL Server Compact Edition
    Microsoft Sync Framework
    MidiNotate
    Midnight Oil
    MinderTech
    Monte Cristo
    Movie Maker
    MSBuild
    MSN
    MSN Games
    MSN Gaming Zone
    MSN Messenger
    MSXML 4.0
    Mumbo Jumbo
    MUSICMATCH
    MUST
    NavExcel
    NetMeeting
    Oberon Media
    OneClick
    OnePlayer
    Online Services
    OpenOffice.org1.1.3
    orange
    OrangeHSS
    Outlook Express
    Panda Security
    PhotoMail Maker
    Phototool
    PIXELA
    Player Metaboli
    PlayOnline
    PowerPoint to Video 1.3.0
    quickmov
    QuickTime
    Railroad Tycoon II
    Real
    Realtek Sound Manager
    Red Storm Entertainment
    Reference Assemblies
    ReflexiveArcade
    RegCleaner
    Return to Castle Wolfenstein
    Ricochet Xtreme
    Rockstar Games
    ScanSoft
    Sega
    Services en ligne
    SFR
    Sierra On-Line
    SilverCreekCommonFiles
    Smotus
    SolSuite
    Sony Corporation
    Sony Ericsson
    Spyware Stormer
    Strategy First
    StuffPlug3
    Sunbelt Software
    Sylvain Seccia
    Symantec
    Tacmi
    TLC
    TLC-Edusoft
    TomCat Soft
    TooX
    trend micro
    Trust
    Ubi Soft
    ubi.com
    Ubisoft
    Uninstall Information
    USB Disk Win98 Driver
    Virtools
    Wanadoo
    Wanadoo Jeux
    WarlockStudio
    WBFS
    WildTangent
    WinAce
    Winamp
    Windows Live
    Windows Live SkyDrive
    Windows Media Connect 2
    Windows Media Player
    Windows NT
    WindowsUpdate
    WinRAR
    xerox
    XStitch_Studio
    Yahoo!
    ZC2.10
    Zylom Games

    ============
    Lecteur C:
    ============

    0551f621f60f0e3a7f0f087d7ab6
    1STPRESW
    Abuse
    Ad-Report-CLEAN[1].log
    BdUninstallTool2010.01.06-03.07.42.log
    BdUninstallTool2010.01.06-03.07.42.reg
    Bootfont.bin
    CanonMP
    ComPlus Applications
    Config.Msi
    Corel
    dico
    Documents and Settings
    DownloadLog.txt
    Downloads
    DUKE3D.TMP
    EMPTY
    ExtractLog.txt
    FindyKill
    fluide
    fond
    fonds
    GERCC.txt
    GRW3EVAL
    GSP
    GST
    hiberfil.sys
    IComTracer.log
    INSTALL.LOG
    IO.SYS
    itouch_config_crash_info.txt
    itouch_crash_info.txt
    JEUX
    Kill'em
    LGSInst.Log
    LION
    List'em.txt
    Log.txt
    Mes t‚l‚chargements
    MOMENTS
    moods
    MOTSCROI
    MSDOS.SYS
    muggins
    My Download Files
    My Games
    My Music
    MyFiles
    NTDETECT.COM
    ntldr
    NVIDIA
    OpenOffice.org 1.1.3
    pagefile.sys
    persist.dbs
    PIRATESG
    playground.log
    Program Files
    program1
    RCPARAM.txt
    RECYCLER
    Remote Programs
    rsit
    Rummy Royal
    SCATLAWS SOFTWARE
    scrabble.acc
    sounds
    sqmnoopt00.sqm
    sqmnoopt01.sqm
    sqmnoopt02.sqm
    sqmnoopt03.sqm
    sqmnoopt04.sqm
    sqmnoopt05.sqm
    sqmnoopt06.sqm
    sqmnoopt07.sqm
    sqmnoopt08.sqm
    sqmnoopt09.sqm
    sqmnoopt10.sqm
    sqmnoopt11.sqm
    sqmnoopt12.sqm
    sqmnoopt13.sqm
    sqmnoopt14.sqm
    sqmnoopt15.sqm
    sqmnoopt16.sqm
    System Volume Information
    TEMP
    UNWISE.EXE
    updatedatfix.log
    UT2004
    WINDOWS
    winks
    wonderlog.txt
    Y

    ¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

    C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger
    C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger\In('c')Fo - Patch - Eng & Ger - GTA Vice City.txt
    C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger\Patch - GTA Vice City - Eng
    C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger\Patch - GTA Vice City - Ger
    C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger\Patch - GTA Vice City - Eng\ReadMeNOW.txt
    C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger\Patch - GTA Vice City - Eng\ViceCity_Patch_11.exe
    C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger\Patch - GTA Vice City - Ger\ReadMeNOW_Ger.txt
    C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger\Patch - GTA Vice City - Ger\ViceCity_Patch_11_German.exe

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
    1. lilise
       
      autant pour moi le catchme est bien là
      0
  13. Utilisateur anonyme
     
    C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger
    C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger\In('c')Fo - Patch - Eng & Ger - GTA Vice City.txt
    C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger\Patch - GTA Vice City - Eng
    C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger\Patch - GTA Vice City - Ger
    C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger\Patch - GTA Vice City - Eng\ReadMeNOW.txt
    C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger\Patch - GTA Vice City - Eng\ViceCity_Patch_11.exe
    C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger\Patch - GTA Vice City - Ger\ReadMeNOW_Ger.txt
    C:\JEUX\vice_city\Patch - Uniquement Pour Eng & Ger\Patch - GTA Vice City - Ger\ViceCity_Patch_11_German.exe

    cracks, pas bon du tout

    ▶ Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),

    mais cette fois-ci :

    ▶ choisis l'option 2 = Mode Destruction

    laisse travailler l'outil.

    en fin de scan un rapport s'ouvre

    ▶ colle le contenu dans ta reponse
    0
    1. lilise
       
      T'es sur parce qu'en fait vice city c'est un jeu vidéo
      0
      1. Utilisateur anonyme > lilise
         
        si c'est utile, garde les
        fait l'option 2 de l'outil, car il a trouvé des infections à supprimer
        0
  14. lilise
     
    Voila et me dis pas qu'il y en a encore ou je vais demoraliser

    Kill'em by g3n-h@ckm@n 1.1.7.1

    User : Elise (Administrateurs) # BLONDEAU-0ED7F4
    Update on 03/12/2009 by g3n-h@ckm@n ::::: 21:00
    Start at: 23:47:34 | 07/01/2010
    Contact : g3n-h@ckm@n sur CCM

    AMD Athlon(tm) 64 Processor 3000+
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 8.0.6001.18702
    Windows Firewall Status : Enabled
    AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]

    A:\ -> Lecteur de disquettes 3 ½ pouces
    C:\ -> Disque fixe local | 114,48 Go (35,96 Go free) | NTFS
    D:\ -> Disque CD-ROM
    E:\ -> Disque CD-ROM
    F:\ -> Disque CD-ROM

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\windows\System32\smss.exe
    C:\windows\system32\csrss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\svchost.exe
    C:\windows\system32\svchost.exe
    C:\windows\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\windows\system32\svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\windows\System32\svchost.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\alg.exe
    C:\windows\Explorer.EXE
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\windows\system32\ntvdm.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\USB Disk Win98 Driver\Res.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\windows\vsnpstd2.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\windows\system32\ctfmon.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\Magentic\bin\MgApp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Documents and Settings\Elise\Bureau\List_Kill'em.exe
    C:\windows\system32\cmd.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Documents and Settings\Elise\Local Settings\Temp\1C1.tmp\pv.exe
    C:\WINDOWS\SYSTEM\LXDBOXCP.EXE
    C:\WINDOWS\SYSTEM32\WOWEXEC.EXE

    Detections :
    ==========

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    "C:\Program Files\Media-Codec"
    "C:\Program Files\NavExcel"
    "C:\windows\Downloaded Program Files\popcaploader.inf"
    "C:\windows\Fonts\GRGAREF.TTF"
    C:\windows\system32\scrrun.dll.tmp
    "C:\windows\System32\1024"
    "C:\windows\System32\drivers\etc\hosts.msn"
    "C:\windows\System32\ot.ico"
    "C:\windows\System32\stdole3.tlb"
    C:\windows\System32\stera.log
    "C:\windows\System32\ts.ico"
    "C:\windows\winstart.bat"
    "C:\Documents and Settings\Elise\Application Data\MessengerSkinner"

    ¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :

    Quarantine :

    1024.Kill'em
    GRGAREF.TTF.Kill'em
    hosts.msn.Kill'em
    Media-Codec.Kill'em
    MessengerSkinner.Kill'em
    NavExcel.Kill'em
    ot.ico.Kill'em
    popcaploader.inf.Kill'em
    QTSBandwidthCache.Kill'em
    scrrun.dll.tmp.Kill'em
    stdole3.tlb.Kill'em
    stera.log.Kill'em
    ts.ico.Kill'em
    winstart.bat.Kill'em

    ==============
    host file OK !
    ==============

    ========
    Registry
    ========
    Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe
    Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
    Deleted : HKCR\Install.Install
    Deleted : HKCR\Install.Install.1
    Deleted : HKCR\Interface\{daa37aad-f156-4c2c-ac48-3c22ef92ae2f}
    Deleted : HKCR\Typelib\{58906392-79C4-497C-ACC6-6942B59F1A08}
    Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cb0d163c-e9f4-4236-9496-0597e24b23a5}
    Deleted : HKCU\software\Montorgueil
    Deleted : HKLM\SOFTWARE\Classes\HbtHostIE.Bho
    Deleted : HKLM\SOFTWARE\Classes\HbtHostIE.Bho.1
    Deleted : HKLM\SOFTWARE\Classes\HbTools.HbtTravelCompareBar
    Deleted : HKLM\SOFTWARE\Classes\HbTools.HbtTravelCompareBar.1
    Deleted : HKLM\SOFTWARE\MailSkinner
    Deleted : HKLM\SYSTEM\ControlSet001\Services\vspf
    Deleted : HKLM\SYSTEM\ControlSet001\Services\vspf_hk
    Deleted : HKLM\SYSTEM\ControlSet002\Services\vspf
    Deleted : HKLM\SYSTEM\ControlSet002\Services\vspf_hk
    Deleted : HKLM\SYSTEM\ControlSet003\Services\vspf
    Deleted : HKLM\SYSTEM\ControlSet003\Services\vspf_hk

    ============
    Disk Cleaned
    ============

    ================
    Prefetch cleaned
    ================

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
    1. Utilisateur anonyme
       
      ton PC était tellement infecté qu'il fallait bien le désinfecter
      comment il va ton PC ?
      Il vaut mieux mettre plus de temps, et que le PC soit bien clean

      un dernier RSIT pour que je puisse voir
      je regarderai demain, car il est tard
      0
      1. lilise > Utilisateur anonyme
         
        Mon pc ça a l'air d'aller, il rame pas
        Bon tu as raison, il se fait tard je vais aussi me coucher avant de m'endormir sur le clavier
        Je te post le rsit demain
        Et bonne nuit ...
        0
  15. lilise
     
    Bonjour, voila donc le rapport RSIT :

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Elise at 2010-01-08 09:00:41
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 37 GB (31%) free of 117 GB
    Total RAM: 511 MB (42% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:00:46, on 08/01/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\windows\System32\svchost.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\windows\system32\svchost.exe
    C:\windows\system32\wuauclt.exe
    C:\windows\Explorer.EXE
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\windows\system32\ntvdm.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\USB Disk Win98 Driver\Res.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\windows\vsnpstd2.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\windows\system32\ctfmon.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\Magentic\bin\MgApp.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Documents and Settings\Elise\Mes documents\Downloads\RSIT (2).exe
    C:\Program Files\trend micro\Elise.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file)
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    F3 - REG:win.ini: run= lxdboxcp.exe
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: (no name) - {E6F3D849-220F-B5F1-C818-EE94D660FC51} - C:\DOCUME~1\Elise\APPLIC~1\CURBDU~1\MemoBash.exe (file missing)
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: barre d'outils Orange - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\orange\ToolbarFR\ToolbarContainer101000313.dll
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Voyance] C:\Program Files\Allocam Multi Visio\voyance.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
    O4 - HKLM\..\Run: [BrowserSessionManager] C:\Program Files\Orange\Navigateur\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SNPSTD2] C:\windows\vsnpstd2.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
    O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [RegDokFRT] C:\Program Files\RegistryDoktor 4.1\RegistryDoktor.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\DOCUME~1\Elise\LOCALS~1\Temp\cceD1.html
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: traduire la page - C:\DOCUME~1\Elise\LOCALS~1\Temp\cceCF.html
    O8 - Extra context menu item: traduire le texte sélectionné - C:\DOCUME~1\Elise\LOCALS~1\Temp\cceD0.html
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\orange\ToolbarFR\ToolbarContainer101000313.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\orange\ToolbarFR\ToolbarContainer101000313.dll
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\orange\ToolbarFR\ToolbarContainer101000313.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - "C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\..\Launcher\Exe\SilentLauncher.exe" (file missing)
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - "C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\..\Launcher\Exe\SilentLauncher.exe" (file missing)
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden-test.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - https://www.afternic.com/domains/downloadv3.com
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://moielise22ans.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5392B545-31A5-4724-BEF3-4FED1D56FDAC} (CPlayFirstDinerDash2_frControl Object) - file:///C:/Documents%20and%20Settings/Elise/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/DinerDash2_fr.1.0.0.70.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - https://www.afternic.com/domains/downloadv3.com
    O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumblebugs/axhost.cab
    O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - https://www.afternic.com/domains/downloadv3.com
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
    O16 - DPF: {A13516A3-BE86-4517-813C-B5FF0C8ACDF3} (Toontown Installer ActiveX Control French) - http://downloadtoontown.goa.com/sv1.5.11.7/ttinst-french.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://caebmm.imgag.com/imgag/cp/install/crusher-cae.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file:///C:/Documents%20and%20Settings/Elise/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v10.cab
    O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab
    O22 - SharedTaskScheduler: {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - coursings - (no file)
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Google Update Service (gupdate1c9ecf7c509b116) (gupdate1c9ecf7c509b116) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    0
    1. Utilisateur anonyme
       
      Bonjour,
      Pourrai tu attendre jusqu'à ce soir, car il reste quelques petites choses à supprimer, je vais te préparer un procédure pour ce soir
      0
      1. lilise > Utilisateur anonyme
         
        Ok alors à ce soir
        0
  16. Utilisateur anonyme
     
    c'est en court de préparation, il me reste à le faire valider, ce sera prêt ce soir
    0
  17. boudreaux
     
    bonjour je ne suis pas un expert dans l'informatique mais j'ai dejà eu des probleme dans mon ordinateur aussi et j'ai telechargé et installe un tres bon antispyware et antirotkits aussi "Ad-AwareAE" il est trés bon aussi, facile a utilisé, je l'aime bien aussi se anti-spyware. Essaie le. tu as seuklement qu'a faure une anilise complete sur tous ton hardware (vas sur l'option reglages et selectione tous se que tu peut seleccioné et apres lance l'analise complete) et apres dit moi ton avi sur se programme.
    A plus .Bonne chance.
    0
  18. Utilisateur anonyme
     
    lilise

    C'est prêt plus vite que prévu

    Attention,à ne pas reproduire sur un autre PC, ce qui pourrai l'endommager

    ▶ Télécharge OTM (de Old_Timer) sur ton Bureau

    ▶ Double-clique sur OTM.exe pour le lancer.

    ▶ Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.

    ▶ Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTM sous "Paste instructions for item to be moved".


    :files
    c:\program files\mailskinner
    C:\Program Files\RegistryDoktor 4.1
    C:\windows\system32\drivers\df_kmd.sys
    C:\windows\system32\drivers\aqsjos09.sys
    C:\Program Files\ISTsvc\istsvc.exe
    C:\Program Files\Ddbhfo\Iekcfw.exe
    C:\windows\rkxwbtnb.exe

    :reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion­­\Run]
    "MailSkinner"=-
    "RegDokFRT"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pvoyma]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TB3OBEnC]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# L"h'þ9Óœð3rÅWC:]

    :services
    df_kmd
    aqsjos09

    :commands
    [emptytemp]
    [start explorer]
    [reboot]


    ▶ clique sur MoveIt! pour lancer la suppression.

    ▶ Le résultat apparaitra dans le cadre "Results".

    ▶ Clique sur Exit pour fermer.

    ▶ Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    ▶ Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
    0
  19. lilise
     
    All processes killed
    ========== FILES ==========
    File/Folder c:\program files\mailskinner not found.
    File/Folder C:\Program Files\RegistryDoktor 4.1 not found.
    File/Folder C:\windows\system32\drivers\df_kmd.sys not found.
    File/Folder C:\windows\system32\drivers\aqsjos09.sys not found.
    File/Folder C:\Program Files\ISTsvc\istsvc.exe not found.
    File/Folder C:\Program Files\Ddbhfo\Iekcfw.exe not found.
    File/Folder C:\windows\rkxwbtnb.exe not found.
    ========== REGISTRY ==========
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \Run not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion \Run not found.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pvoyma\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TB3OBEnC\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Á²# L"h'þ9Óœð3rÅWC:\ not found.
    ========== SERVICES/DRIVERS ==========
    Service df_kmd stopped successfully!
    Service df_kmd deleted successfully!
    Error: No service named aqsjos09 was found to stop!
    Unable to stop service aqsjos09!
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrateur
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: All Users

    User: Claudine & Thierry
    ->Temp folder emptied: 20476917 bytes
    ->Temporary Internet Files folder emptied: 266197003 bytes
    ->Java cache emptied: 14543815 bytes
    ->Google Chrome cache emptied: 43371106 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Elise
    ->Temp folder emptied: 2561964 bytes
    ->Temporary Internet Files folder emptied: 22821209 bytes
    ->Java cache emptied: 67575181 bytes
    ->Google Chrome cache emptied: 260274061 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 16000 bytes
    %systemroot% .tmp files removed: 2322385 bytes
    %systemroot%\System32 .tmp files removed: 3072 bytes
    Windows Temp folder emptied: 664 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13513310 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 681,00 mb

    OTM by OldTimer - Version 3.1.4.0 log created on 01082010_180134

    Files moved on Reboot...

    Registry entries deleted on Reboot...
    0
    1. Utilisateur anonyme
       
      pourrai tu lancer seulement hijackthis, il est ici
      C:\Program Files\trend micro\Elise.exe
      Elise.exe, c'est Hijackthis, tu le places sur le bureau, clique sur do a system scan and save a log file, et poste le rapport
      0
  20. lilise
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:56:57, on 08/01/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\windows\System32\svchost.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\windows\system32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
    C:\windows\system32\ntvdm.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\USB Disk Win98 Driver\Res.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\windows\vsnpstd2.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\windows\system32\ctfmon.exe
    C:\PROGRA~1\Magentic\bin\MgApp.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\windows\System32\svchost.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\IncrediMail\bin\IMApp.exe
    C:\Documents and Settings\Elise\Bureau\Elise.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file)
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    F3 - REG:win.ini: run= lxdboxcp.exe
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: (no name) - {E6F3D849-220F-B5F1-C818-EE94D660FC51} - C:\DOCUME~1\Elise\APPLIC~1\CURBDU~1\MemoBash.exe (file missing)
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: barre d'outils Orange - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\orange\ToolbarFR\ToolbarContainer101000313.dll
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Voyance] C:\Program Files\Allocam Multi Visio\voyance.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
    O4 - HKLM\..\Run: [BrowserSessionManager] C:\Program Files\Orange\Navigateur\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SNPSTD2] C:\windows\vsnpstd2.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
    O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [RegDokFRT] C:\Program Files\RegistryDoktor 4.1\RegistryDoktor.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\DOCUME~1\Elise\LOCALS~1\Temp\cceD1.html
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: traduire la page - C:\DOCUME~1\Elise\LOCALS~1\Temp\cceCF.html
    O8 - Extra context menu item: traduire le texte sélectionné - C:\DOCUME~1\Elise\LOCALS~1\Temp\cceD0.html
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\orange\ToolbarFR\ToolbarContainer101000313.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\orange\ToolbarFR\ToolbarContainer101000313.dll
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\orange\ToolbarFR\ToolbarContainer101000313.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - "C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\..\Launcher\Exe\SilentLauncher.exe" (file missing)
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - "C:\PROGRA~1\Livecom\APPLIC~1\Exe\..\..\Launcher\Exe\SilentLauncher.exe" (file missing)
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/installer-hidden-test.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {39EA2F6F-3F50-4F58-9C63-4B3D53B0926E} - http://scripts.downloadv3.com/binaries/P2EClient/EGAUTH_1049_FR_XP.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://moielise22ans.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5392B545-31A5-4724-BEF3-4FED1D56FDAC} (CPlayFirstDinerDash2_frControl Object) - file:///C:/Documents%20and%20Settings/Elise/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/DinerDash2_fr.1.0.0.70.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {6AA85413-165C-4200-8154-71166077B22E} - http://scripts.downloadv3.com/binaries/IA/sysiasvc32_FR_XP.cab
    O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumblebugs/axhost.cab
    O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - http://scripts.downloadv3.com/binaries/IA/syswbsvc32_FR_XP.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
    O16 - DPF: {A13516A3-BE86-4517-813C-B5FF0C8ACDF3} (Toontown Installer ActiveX Control French) - http://downloadtoontown.goa.com/sv1.5.11.7/ttinst-french.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://caebmm.imgag.com/imgag/cp/install/crusher-cae.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file:///C:/Documents%20and%20Settings/Elise/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v10.cab
    O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab
    O22 - SharedTaskScheduler: {f8d02387-789a-4c0f-a1d8-8a93f33ee4df} - coursings - (no file)
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Google Update Service (gupdate1c9ecf7c509b116) (gupdate1c9ecf7c509b116) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe
    O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    0
    1. Utilisateur anonyme
       
      O2 - BHO: (no name) - {E6F3D849-220F-B5F1-C818-EE94D660FC51} - C:\DOCUME~1\Elise\APPLIC~1\CURBDU~1\MemoBash.exe (file missing)
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
      O4 - HKCU\..\Run: [RegDokFRT] C:\Program Files\RegistryDoktor 4.1\RegistryDoktor.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')



      Relance Hijackthis
      Clique sur do a system scan only
      Coche les lignes que je t'indique en gras
      Clique sur fix checked
      Redémarre le PC

      c:\program files\mailskinner\mailskinner.exe
      C:\Program Files\RegistryDoktor 4.1\RegistryDoktor.exe
      Supprime ce qui est en gras, et vide la corbeille
      0
  21. lilise
     
    voilà c fait j'ai un dossier qui est apparu au redemarrage : backups

    Par contre pour registry doctor je l'avai deja supprimer et j'ai chercher je ne trouve pas
    Pour mailskinner je ne trouve le fichier non plus mais il est dans ajout/suppression de programme mais il ne veut pas le supprimer un programme necessaire pour que ça se termine n'a pas pu etre executer

    et maintenant je fais quoi ?
    0
  • 1
  • 2