Hacked by Godzilla --- rapport Hijack

Résolu/Fermé
-
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
-
Bonjour,
voilà depuis quelques temps déjà j'ai un problème avec mon ordi.Il affiche Hacked by Godzilla...J'ai fais un scan avec Hijack,voici le rapport:

Pouvez-vous m'aidé à m'en débarasser svp....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:49, on 08/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Kiwee Toolbar\2.9.201\kwtbaim.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Shareaza Pro\Shareaza Pro.exe
C:\Users\Utilisateur\ynriw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Program Files\ZTE MF626\UIMain.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza Pro\RazaWebHook.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Shareware.Pro-FR Toolbar - {280b5d37-4a76-467a-b3d6-942fca90acde} - C:\Program Files\Shareware.Pro-FR\tbShar.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: GamesBarBHO Class - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Shareware.Pro-FR Toolbar - {280b5d37-4a76-467a-b3d6-942fca90acde} - C:\Program Files\Shareware.Pro-FR\tbShar.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.9.201\KiweeIEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar\2.9.201\kwtbaim.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Shareaza Pro] "C:\Program Files\Shareaza Pro\Shareaza Pro.exe" -tray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ynriw] C:\Users\Utilisateur\ynriw.exe
O4 - HKCU\..\Run: [Utilisateur] C:\Users\Utilisateur\Utilisateur.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza Pro\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{720DE3CC-C351-44B0-BF2D-EC62B8F0C14C}: NameServer = 217.175.160.164 217.175.160.177
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Service Google Update (gupdate1c9e5c0968507c0) (gupdate1c9e5c0968507c0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe

18 réponses

Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 262
bonjour


Note importante :
Pour les ordinateurs équipés de Windows Vista et Windows 7, la désactivation du Contrôle des comptes utilisateurs est obligatoire
sous peine de ne pas pouvoir faire fonctionner correctement l'outil.
Tuto : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

Téléchargez et enregistrez le fichier d installation sur le bureau
http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe


Double cliquez sur le fichier d'installation de AD-Remover, le programme s'installera automatiquement.
Sous Vista : clic droit sur AD-Remover et sélectionner "Exécuter en tant qu'administrateur"
Au menu principal choisir
Option L Lancer le nettoyage
et tapez sur [entrée] .
Laissez travailler l'outil et ne touchez à rien ...
Postez le rapport qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

J'ai bien désactivé le contrôle des comptes d'utilisateurs mais quand je clic sur le 2ème lien il y a une fenêtre qui s'ouvre et qui me dis:"internet explorer a cesser de fonctionner'' Il tente de réparer le problème mais ensuite,il y a une fenêtre qui s'ouvre et qui me dis que la mémoire ne peut pas être "written".....
Que dois-je faire?
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 262
on va prendre un autre outil



Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

▶ Télécharge et installe List&Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

coche la case "creer une icone sur le bureau"

une fois terminée , clic sur "terminer" et le programme se lancer seul

choisis la langue puis choisis l'option 1 = Mode Recherche

▶ laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

tu peux supprimer le rapport catchme.log de ton bureau maintenant.



Toujours le même problème,je ne peux pas ouvrir la page...Je pense que c'est à cause de la prévention de l'éxecution de données non?Car il me dis que cette prévention a fermé IE pour me proteger.......
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 262
vois ceci

https://www.commentcamarche.net/faq/3011-prevention-de-l-execution-des-donnees

si avec ce lien tu résouds le problème d'excution des outils, je préfèrerai que tu fasses en premier lieu le post 1

J'ai ajouté IE dans les exeptions mais rien y fais....
Je ne comprends pas pourquoi?
Quand je clic sur le lien il me dis que IE a cessé de fonctionner,ensuite il me dis que pour protéger l'odri,la prévention de données....etc et à chaque fois à la fin il y a une fenêtre d'erreur qui s'ouvre du style "la mémoire ne peut pas être written",ou alors "HP health....." Enfin je ne comprends plus rien T_T
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 262
!!!!!!!!

es tu bien sur la session administrateur du pc ?
Il n'y a qu'un seul compte (session) sur l'ordi,c'est donc en admi non?
ça serai pas windows defender qui me bloquerais?
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 262
peut être oui

desactives le provisoirement

sinon

tu peux le faire aussi en mode sans echec avec reseau
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 262
as tu réussi ou faut il envisager autre chose ?
Le premier lien,avec AD-REMOVER,le scan ne marché pas donc je l'ai fais avec list'em voici le rapport:
(c'était bien windows defender qui me bloqué =)

List'em by g3n-h@ckm@n 1.1.8.0

Thx to Chiquitine29.....& CCM team

User : Utilisateur (Administrateurs) # PC-DE-UTILISATE
Update on 09/12/2009 by g3n-h@ckm@n ::::: 12:20
Start at: 18:49:06 | 09/01/2010
Contact : g3n-h@ckm@n sur CCM

Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz
Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18865
Windows Firewall Status : Disabled

C:\ -> Disque fixe local | 139,15 Go (38,45 Go free) | NTFS
D:\ -> Disque fixe local | 9,9 Go (1,73 Go free) [RECOVERY] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\AGI\common\win32\PythonService.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Kiwee Toolbar\2.9.201\kwtbaim.exe
C:\Windows\system32\svchost.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Shareaza Pro\Shareaza Pro.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\ZTE MF626\UIMain.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Utilisateur\AppData\Local\Temp\EF3E.tmp\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
LightScribe Control Panel REG_SZ C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HPAdvisor REG_SZ C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
Skype REG_SZ "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
Shareaza Pro REG_SZ "C:\Program Files\Shareaza Pro\Shareaza Pro.exe" -tray
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Tok-Cirrhatus REG_SZ
ynriw REG_SZ C:\Users\Utilisateur\ynriw.exe
Utilisateur REG_SZ C:\Users\Utilisateur\Utilisateur.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IgfxTray REG_SZ C:\Windows\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\Windows\system32\hkcmd.exe
Persistence REG_SZ C:\Windows\system32\igfxpers.exe
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
QPService REG_SZ "C:\Program Files\HP\QuickPlay\QPService.exe"
UpdateLBPShortCut REG_SZ "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
UpdatePSTShortCut REG_SZ "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
UCam_Menu REG_SZ "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
QlbCtrl.exe REG_SZ C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
UpdateP2GoShortCut REG_SZ "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
UpdatePDIRShortCut REG_SZ "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
HP Health Check Scheduler REG_SZ c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
WirelessAssistant REG_SZ C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
KiweeHook REG_SZ "C:\Program Files\Kiwee Toolbar\2.9.201\kwtbaim.exe"
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SysTrayApp REG_EXPAND_SZ %ProgramFiles%\IDT\WDM\sttray.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
ConsentPromptBehaviorUser REG_DWORD 1 (0x1)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 0 (0x0)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 1 (0x1)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 0 (0x0)
EnableUIADesktopToggle REG_DWORD 0 (0x0)
HideFastUserSwitching REG_DWORD 0 (0x0)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoLogoff REG_DWORD 0 (0x0)
NoClose REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
BindDirectlyToPropertySetStorage REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}

==============
BHO :
======
[<NO NAME> REG_SZ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0EEDB912-C5FA-486F-8334-57288578C627}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{280b5d37-4a76-467a-b3d6-942fca90acde}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{CB0D163C-E9F4-4236-9496-0597E24B23A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.fr/?gws_rd=ssl

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3
EapHost : 0x3
Wlansvc : 0x2
SharedAccess : 0x4
windefend : 0x2
wuauserv : 0x2
wscsvc : 0x2

=========

=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.

Rapport d'analyse pour le volume C:

Taille du volume = 139 Go
Espace libre = 38.46 Go
tendue d'espace libre la plus grande = 27.44 Go
Pourcentage de fragmentation des fichiers = 0 %

Remarqueÿ: sur les volumes NTFS, les fragments de fichiers de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.

Il n'est pas n‚cessaire de d‚fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
C:\ProgramData\Kiwee Toolbar
C:\Program Files\AGI
C:\Program Files\AskBarDis
C:\Program Files\GamesBar
C:\Program Files\Kiwee Toolbar
C:\Program Files\Mozilla FireFox\Components\AskSearch.js
C:\Program Files\P2P_Energy
C:\Windows\System32\EZUPBH~1.DLL
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\Utilisateur\LOCAL Settings\Temp\GoogleUpdate.exebbb618
C:\Users\Utilisateur\LOCAL Settings\Temp\HPQSi.exe
C:\Users\Utilisateur\LOCAL Settings\Temp\kiwee_setup.exe
C:\Users\Utilisateur\LOCAL Settings\Temp\SearchWithGoogleUpdate.exe
C:\Users\Utilisateur\LOCAL Settings\Temp\Toolbar.exe
C:\Users\Utilisateur\LOCAL Settings\Temp\uttD238.tmp.exe

¤¤¤¤¤¤¤¤¤¤ Keys :

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Tok-Cirrhatus"
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{6F282B65-56BF-4BD1-A8B2-A4449A05863D}"
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoLogOff"
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr"
"HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"
"HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"
"HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239}"
"HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb0d163c-e9f4-4236-9496-0597e24b23a5}"
HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
HKCR\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
HKCR\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
HKCR\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}
HKCR\CLSID\{6E15D3C4-C6FC-4F02-B130-77CC5B1F09DB}
HKCR\CLSID\{6f282b65-56bf-4bd1-a8b2-a4449a05863d}
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
HKCR\CLSID\{cb0d163c-e9f4-4236-9496-0597e24b23a5}
HKCR\CLSID\{E03BAFDC-EB9D-4C35-A7A2-AB6C62FF0A68}
HKCR\CLSID\{E6375F37-E4D1-4F51-B651-4658C27AC5BF}
HKCR\ezUPBHook.ShellObj
HKCR\ezUPBHook.ShellObj.1
HKCR\interface\{5663B370-F3C3-40D1-9C46-0E800AA4D0E8}
HKCR\Interface\{daa37aad-f156-4c2c-ac48-3c22ef92ae2f}
HKCR\KiweeIEToolbar.KiweeToolbar
HKCR\KiweeIEToolbar.KiweeToolbar.1
HKCR\KiweeIEToolbar.ToolbarInfo
HKCR\KiweeIEToolbar.ToolbarInfo.1
HKCR\oberontb.band
HKCR\oberontb.band.1
HKCR\Typelib\{259EEB17-79AA-44DF-8410-8E55F82A902A}
HKCR\TypeLib\{478CAB91-9E28-11D4-97FF-0050047D51FB}
HKCR\TypeLib\{ad76633e-e50d-4844-9e7f-4dfbc7c18467}
HKCR\Typelib\{C7403C30-3644-43D8-A82F-4BD84B9682D9}
HKCU\Software\AGI
HKCU\Software\AppDataLow\AskBarDis
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6f282b65-56bf-4bd1-a8b2-a4449a05863d}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cb0d163c-e9f4-4236-9496-0597e24b23a5}
HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
HKLM\Software\Classes\CLSID\{201F27D4-3704-41D6-89C1-AA35E39143ED}
HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
HKLM\Software\Classes\CLSID\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}
HKLM\Software\Classes\CLSID\{6E15D3C4-C6FC-4F02-B130-77CC5B1F09DB}
HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
HKLM\Software\Classes\CLSID\{E03BAFDC-EB9D-4C35-A7A2-AB6C62FF0A68}
HKLM\Software\Classes\CLSID\{E6375F37-E4D1-4F51-B651-4658C27AC5BF}
HKLM\Software\Classes\Interface\{01009AEC-AFAA-4982-9F2B-6411C5C27E77}
HKLM\Software\Classes\Interface\{5663B370-F3C3-40D1-9C46-0E800AA4D0E8}
HKLM\Software\Classes\KiweeIEToolbar.KiweeToolbar
HKLM\Software\Classes\KiweeIEToolbar.KiweeToolbar.1
HKLM\Software\Classes\KiweeIEToolbar.ToolbarInfo
HKLM\Software\Classes\KiweeIEToolbar.ToolbarInfo.1
HKLM\Software\Classes\Typelib\{259EEB17-79AA-44DF-8410-8E55F82A902A}
HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
HKLM\Software\Classes\Typelib\{C7403C30-3644-43D8-A82F-4BD84B9682D9}
HKU\.DEFAULT\Software\AGI

================
Other infections
================

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-09 19:01:18
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

==========
Programs
==========

Activation Assistant for the 2007 Microsoft Office suites
Ad-Remover
Adobe
AGI
Alwil Software
AnmSMP
AOL
AskBarDis
Atheros
Avira
BoontyGames
Common Files
Conduit
CyberLink
desktop.ini
Electronic Arts
Fichiers communs
Free Video Converter
Gamenext
GamesBar
Google
Hewlett-Packard
Hewlett-Packard Company
HP
HP Games
IDT
InstallShield Installation Information
Intel
Internet Explorer
Java
JRE
K-Lite Codec Pack
Kiwee Toolbar
Lavalys
List_Kill'em
LSI SoftModem
Microsoft
Microsoft Games
Microsoft Office
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft Works
Microsoft.NET
Movie Maker
Mozilla Firefox
MSBuild
MSXML 4.0
muvee Technologies
Nobilis
Oberon Media
OpenOffice.org 3
P2P_Energy
PhotoFiltre
PhotoFiltre Studio
Realtek
Red Storm Entertainment
Reference Assemblies
Shareaza Pro
Shareware.Pro-FR
Skype
SMINST
Synaptics
TeraCopy
THQ
Trend Micro
Uninstall Information
uTorrent
VideoLAN
Windows Calendar
Windows Collaboration
Windows Defender
Windows Live
Windows Live SkyDrive
Windows Mail
Windows Media Player
Windows NT
Windows Photo Gallery
Windows Portable Devices
Windows Sidebar
ZTE MF626

============
Lecteur C:
============

$RECYCLE.BIN
autoexec.bat
Boonty
boot
bootmgr
Config.Msi
config.sys
debug.txt
Documents and Settings
hiberfil.sys
HP
Kill'em
List'em.txt
MicroGaming
MSOCache
pagefile.sys
PerfLogs
Program Files
ProgramData
SwSetup
System Volume Information
System.sav
Temp
Users
Windows

¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

C:\MicroGaming\Casino\CasinoClassic\global\gameregistry\crackerjack1.inf
C:\Program Files\HP Games\Polar Pool\levels\ice_cave\scene\crack.jpg
C:\Program Files\HP Games\Polar Pool\levels\ice_cave\scene\crack_alpha.jpg
C:\Program Files\Red Storm Entertainment\Ghost Recon\Mods\Origmiss\Textures\cracked_glass.rsb
C:\ProgramData\NortonInstaller\Logs\06-06-2009-08h39m24s\Patch-06-06-2009-08h39m24s.log
C:\ProgramData\NortonInstaller\Logs\06-06-2009-08h39m24s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\06-06-2009-08h39m27s\Patch-06-06-2009-08h39m27s.log
C:\ProgramData\NortonInstaller\Logs\06-06-2009-08h39m27s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\06-06-2009-08h39m29s\Patch-06-06-2009-08h39m29s.log
C:\ProgramData\NortonInstaller\Logs\06-06-2009-08h39m29s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\06-06-2009-08h39m30s\Patch-06-06-2009-08h39m30s.log
C:\ProgramData\NortonInstaller\Logs\06-06-2009-08h39m30s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h20m43s\Patch-06-08-2009-08h20m43s.log
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h20m43s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h20m46s\Patch-06-08-2009-08h20m46s.log
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h20m46s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h20m50s\Patch-06-08-2009-08h20m50s.log
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h20m50s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h20m55s\Patch-06-08-2009-08h20m55s.log
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h20m55s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h20m59s\Patch-06-08-2009-08h20m59s.log
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h20m59s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h21m02s\Patch-06-08-2009-08h21m02s.log
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h21m02s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h21m06s\Patch-06-08-2009-08h21m06s.log
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h21m06s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h21m10s\Patch-06-08-2009-08h21m10s.log
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h21m10s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h21m13s\Patch-06-08-2009-08h21m13s.log
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h21m13s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h21m16s\Patch-06-08-2009-08h21m16s.log
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h21m16s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h21m19s\Patch-06-08-2009-08h21m19s.log
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h21m19s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h21m22s\Patch-06-08-2009-08h21m22s.log
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h21m22s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h21m25s\Patch-06-08-2009-08h21m25s.log
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h21m25s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h21m29s\Patch-06-08-2009-08h21m29s.log
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h21m29s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h21m33s\Patch-06-08-2009-08h21m33s.log
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h21m33s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h21m36s\Patch-06-08-2009-08h21m36s.log
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h21m36s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h21m39s\Patch-06-08-2009-08h21m39s.log
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h21m39s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h21m42s\Patch-06-08-2009-08h21m42s.log
C:\ProgramData\NortonInstaller\Logs\06-08-2009-08h21m42s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\06-08-2009-12h22m11s\Patch-06-08-2009-12h22m11s.log
C:\ProgramData\NortonInstaller\Logs\06-08-2009-12h22m11s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\09-15-2009-08h07m03s\Patch-09-15-2009-08h07m03s.log
C:\ProgramData\NortonInstaller\Logs\09-15-2009-08h07m03s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\09-15-2009-08h07m05s\Patch-09-15-2009-08h07m05s.log
C:\ProgramData\NortonInstaller\Logs\09-15-2009-08h07m05s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\09-15-2009-08h07m07s\Patch-09-15-2009-08h07m07s.log
C:\ProgramData\NortonInstaller\Logs\09-15-2009-08h07m07s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\09-15-2009-08h07m08s\Patch-09-15-2009-08h07m08s.log
C:\ProgramData\NortonInstaller\Logs\09-15-2009-08h07m08s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\09-15-2009-08h07m09s\Patch-09-15-2009-08h07m09s.log
C:\ProgramData\NortonInstaller\Logs\09-15-2009-08h07m09s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\09-15-2009-08h07m12s\Patch-09-15-2009-08h07m12s.log
C:\ProgramData\NortonInstaller\Logs\09-15-2009-08h07m12s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\09-15-2009-08h07m13s\Patch-09-15-2009-08h07m13s.log
C:\ProgramData\NortonInstaller\Logs\09-15-2009-08h07m13s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\09-17-2009-11h50m42s\Patch-09-17-2009-11h50m42s.log
C:\ProgramData\NortonInstaller\Logs\09-17-2009-11h50m42s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\09-17-2009-11h50m43s\Patch-09-17-2009-11h50m43s.log
C:\ProgramData\NortonInstaller\Logs\09-17-2009-11h50m43s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\09-17-2009-11h50m45s\Patch-09-17-2009-11h50m45s.log
C:\ProgramData\NortonInstaller\Logs\09-17-2009-11h50m45s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\09-17-2009-11h50m46s\Patch-09-17-2009-11h50m46s.log
C:\ProgramData\NortonInstaller\Logs\09-17-2009-11h50m46s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\09-17-2009-11h50m48s\Patch-09-17-2009-11h50m48s.log
C:\ProgramData\NortonInstaller\Logs\09-17-2009-11h50m48s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\09-17-2009-11h50m51s\Patch-09-17-2009-11h50m51s.log
C:\ProgramData\NortonInstaller\Logs\09-17-2009-11h50m51s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\09-17-2009-11h50m53s\Patch-09-17-2009-11h50m53s.log
C:\ProgramData\NortonInstaller\Logs\09-17-2009-11h50m53s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\09-17-2009-11h50m55s\Patch-09-17-2009-11h50m55s.log
C:\ProgramData\NortonInstaller\Logs\09-17-2009-11h50m55s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\09-17-2009-11h50m57s\Patch-09-17-2009-11h50m57s.log
C:\ProgramData\NortonInstaller\Logs\09-17-2009-11h50m57s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\09-17-2009-11h50m58s\Patch-09-17-2009-11h50m58s.log
C:\ProgramData\NortonInstaller\Logs\09-17-2009-11h50m58s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\09-17-2009-11h50m59s\Patch-09-17-2009-11h50m59s.log
C:\ProgramData\NortonInstaller\Logs\09-17-2009-11h50m59s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\09-17-2009-11h51m02s\Patch-09-17-2009-11h51m02s.log
C:\ProgramData\NortonInstaller\Logs\09-17-2009-11h51m02s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\09-17-2009-11h51m03s\Patch-09-17-2009-11h51m03s.log
C:\ProgramData\NortonInstaller\Logs\09-17-2009-11h51m03s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\09-17-2009-11h51m05s\Patch-09-17-2009-11h51m05s.log
C:\ProgramData\NortonInstaller\Logs\09-17-2009-11h51m05s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\09-17-2009-11h51m06s\Patch-09-17-2009-11h51m06s.log
C:\ProgramData\NortonInstaller\Logs\09-17-2009-11h51m06s\Patch.1.mft.7z
C:\ProgramData\NortonInstaller\Logs\09-17-2009-13h30m35s\Patch-09-17-2009-13h30m35s.log
C:\ProgramData\NortonInstaller\Logs\09-17-2009-13h30m35s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\06-06-2009-08h39m24s\Patch-06-06-2009-08h39m24s.log
C:\Users\All Users\NortonInstaller\Logs\06-06-2009-08h39m24s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\06-06-2009-08h39m27s\Patch-06-06-2009-08h39m27s.log
C:\Users\All Users\NortonInstaller\Logs\06-06-2009-08h39m27s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\06-06-2009-08h39m29s\Patch-06-06-2009-08h39m29s.log
C:\Users\All Users\NortonInstaller\Logs\06-06-2009-08h39m29s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\06-06-2009-08h39m30s\Patch-06-06-2009-08h39m30s.log
C:\Users\All Users\NortonInstaller\Logs\06-06-2009-08h39m30s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h20m43s\Patch-06-08-2009-08h20m43s.log
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h20m43s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h20m46s\Patch-06-08-2009-08h20m46s.log
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h20m46s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h20m50s\Patch-06-08-2009-08h20m50s.log
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h20m50s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h20m55s\Patch-06-08-2009-08h20m55s.log
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h20m55s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h20m59s\Patch-06-08-2009-08h20m59s.log
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h20m59s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h21m02s\Patch-06-08-2009-08h21m02s.log
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h21m02s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h21m06s\Patch-06-08-2009-08h21m06s.log
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h21m06s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h21m10s\Patch-06-08-2009-08h21m10s.log
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h21m10s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h21m13s\Patch-06-08-2009-08h21m13s.log
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h21m13s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h21m16s\Patch-06-08-2009-08h21m16s.log
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h21m16s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h21m19s\Patch-06-08-2009-08h21m19s.log
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h21m19s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h21m22s\Patch-06-08-2009-08h21m22s.log
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h21m22s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h21m25s\Patch-06-08-2009-08h21m25s.log
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h21m25s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h21m29s\Patch-06-08-2009-08h21m29s.log
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h21m29s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h21m33s\Patch-06-08-2009-08h21m33s.log
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h21m33s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h21m36s\Patch-06-08-2009-08h21m36s.log
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h21m36s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h21m39s\Patch-06-08-2009-08h21m39s.log
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h21m39s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h21m42s\Patch-06-08-2009-08h21m42s.log
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-08h21m42s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-12h22m11s\Patch-06-08-2009-12h22m11s.log
C:\Users\All Users\NortonInstaller\Logs\06-08-2009-12h22m11s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\09-15-2009-08h07m03s\Patch-09-15-2009-08h07m03s.log
C:\Users\All Users\NortonInstaller\Logs\09-15-2009-08h07m03s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\09-15-2009-08h07m05s\Patch-09-15-2009-08h07m05s.log
C:\Users\All Users\NortonInstaller\Logs\09-15-2009-08h07m05s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\09-15-2009-08h07m07s\Patch-09-15-2009-08h07m07s.log
C:\Users\All Users\NortonInstaller\Logs\09-15-2009-08h07m07s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\09-15-2009-08h07m08s\Patch-09-15-2009-08h07m08s.log
C:\Users\All Users\NortonInstaller\Logs\09-15-2009-08h07m08s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\09-15-2009-08h07m09s\Patch-09-15-2009-08h07m09s.log
C:\Users\All Users\NortonInstaller\Logs\09-15-2009-08h07m09s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\09-15-2009-08h07m12s\Patch-09-15-2009-08h07m12s.log
C:\Users\All Users\NortonInstaller\Logs\09-15-2009-08h07m12s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\09-15-2009-08h07m13s\Patch-09-15-2009-08h07m13s.log
C:\Users\All Users\NortonInstaller\Logs\09-15-2009-08h07m13s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-11h50m42s\Patch-09-17-2009-11h50m42s.log
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-11h50m42s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-11h50m43s\Patch-09-17-2009-11h50m43s.log
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-11h50m43s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-11h50m45s\Patch-09-17-2009-11h50m45s.log
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-11h50m45s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-11h50m46s\Patch-09-17-2009-11h50m46s.log
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-11h50m46s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-11h50m48s\Patch-09-17-2009-11h50m48s.log
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-11h50m48s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-11h50m51s\Patch-09-17-2009-11h50m51s.log
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-11h50m51s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-11h50m53s\Patch-09-17-2009-11h50m53s.log
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-11h50m53s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-11h50m55s\Patch-09-17-2009-11h50m55s.log
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-11h50m55s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-11h50m57s\Patch-09-17-2009-11h50m57s.log
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-11h50m57s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-11h50m58s\Patch-09-17-2009-11h50m58s.log
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-11h50m58s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-11h50m59s\Patch-09-17-2009-11h50m59s.log
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-11h50m59s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-11h51m02s\Patch-09-17-2009-11h51m02s.log
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-11h51m02s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-11h51m03s\Patch-09-17-2009-11h51m03s.log
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-11h51m03s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-11h51m05s\Patch-09-17-2009-11h51m05s.log
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-11h51m05s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-11h51m06s\Patch-09-17-2009-11h51m06s.log
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-11h51m06s\Patch.1.mft.7z
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-13h30m35s\Patch-09-17-2009-13h30m35s.log
C:\Users\All Users\NortonInstaller\Logs\09-17-2009-13h30m35s\Patch.1.mft.7z
C:\Program Files\Microsoft Works\Install.exe
C:\SwSetup\MSWorks\Install.exe
C:\SwSetup\MSWorks\PFiles\MSWorks\Install.exe
C:\Windows\Help\OEM\scripts\HC_ProtectSmartPatch.exe




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Bonjours ,

Pour suivre le sujet merci .

Hello ,

J ai posté ce message pour suivre la discussion , mais si tu veux je peux t aider en attendant le retour de moment de grace .
Oui,je veux bien merci

Commence par ceci alors :

Télécharge UsbFix sur ton Bureau :


(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectées sans les ouvrir

• Double clic sur UsbFix.exe présent sur ton Bureau .

• Choisis l' option 2 ( Suppression )

• le pc redémarrera .

• Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

• Ensuite poste le rapport UsbFix.txt qui apparaitra.

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 262
me revoilà

je salue El desaparecido en passant

boom,

histoire de ne pas me perdre finnissons l'outil precedent

▶ Relance List&Kill'em avec le raccourci sur ton bureau ,

mais cette fois-ci :

▶ choisis l'option 2 = Mode Suppression

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

▶ colle le contenu dans ta reponse

ensuite

enchaine

avec usbfix comme indiqué au post 17