Sujet Précédent Sujet Suivant

Mon Pc est infecté de virus

Fermé
knostra Messages postés 149 Date d'inscription jeudi 12 avril 2007 Statut Membre Dernière intervention 13 décembre 2013 - 15 janv. 2010 à 18:04
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 - 17 janv. 2010 à 09:24
Bonjour,

Comme indiqué sur cette page : https://www.commentcamarche.net/faq/2490-supprimer-les-adwares-publicites-intempestives-pop-up-etc

j'ai téléchargé Random's System Information Tool (RSIT) et suivie les instruction je vous poste donc les deux fichier qui ont été généré, en espérant que vous pourrez m'aider ;)

Ah oui je pense être infecté car j'ai 50 mille pop-up qui s'ouvre toutes les 30 secondes quand je navigue sur internet.

voici le fichier log.txt 
Logfile of random's system information tool 1.06 (written by random/random)
Run by beatrice at 2010-01-15 17:50:42
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 2
System drive C: has 7 GB (3%) free of 229 GB
Total RAM: 3069 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:51:58, on 15/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Users\beatrice\AppData\Local\qknhkehc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Search Guard PlusU\sgpupdaters.exe
C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\beatrice\Desktop\desinfection\RSIT.exe
C:\Program Files\trend micro\beatrice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www8.hp.com/fr/fr/home.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=duxet&e=com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: GamesBarBHO Class - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [oozeaxis] "C:\ProgramData\Move Byte Byte.aivhmn4"
O4 - HKCU\..\Run: [Google Update] "C:\Users\beatrice\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [qknhkehc] "c:\users\beatrice\appdata\local\qknhkehc.exe" qknhkehc
O4 - HKCU\..\Run: [AdobeUpdater6] "C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\Windows\system32\drivers\CDAC11BA.EXE
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 11927 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-987366186-1126316390-497482987-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-987366186-1126316390-497482987-1000UA.job
C:\Windows\tasks\HPCeeScheduleForbeatrice.job
C:\Windows\tasks\RegCure Program Check.job
C:\Windows\tasks\RegCure.job
C:\Windows\tasks\User_Feed_Synchronization-{E6443B5F-FC79-4622-9000-749D11B0DB42}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-08-05 113512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}]
BrowserHelper Class - C:\Program Files\SGPSA\SearchAssistant.dll [2009-10-15 123904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB0D163C-E9F4-4236-9496-0597E24B23A5}]
GamesBarBHO Class - C:\Program Files\GamesBar\oberontb.dll [2008-01-06 540672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-13 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
Fast Browser Search Toolbar Helper - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [2009-08-13 2602368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{6F282B65-56BF-4BD1-A8B2-A4449A05863D} - GamesBar - C:\Program Files\GamesBar\oberontb.dll [2008-01-06 540672]
{1BB22D38-A411-4B13-A746-C2A4F4EC7344} - Fast Browser Search Toolbar - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [2009-08-13 2602368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NWEReboot"= []
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-04-15 442433]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"FBSSA"=C:\Program Files\SGPSA\ie3sh.exe [2009-08-27 765824]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe -autorun []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"oozeaxis"=C:\ProgramData\Move Byte Byte.aivhmn4 [2009-12-21 28688]
"Google Update"=C:\Users\beatrice\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-01 135664]
"qknhkehc"=c:\users\beatrice\appdata\local\qknhkehc.exe [2010-01-15 364544]
"AdobeUpdater6"=C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe [2009-01-08 2521464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-09-23 520024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-08-05 647520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-08-22 2363392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Long Internet Team Stupid]
C:\ProgramData\Settings Bait Bird.vdfer1 [2009-02-09 315408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oozeaxis]
C:\ProgramData\Move Byte Byte.k48u1qf []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-13 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
C:\Program Files\IDT\WDM\sttray.exe [2008-04-15 442433]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uqmokgm]
c:\users\beatrice\appdata\local\uqmokgm.exe uqmokgm []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2006-12-05 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^beatrice^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Notification de cadeaux MSN.lnk]
C:\Users\beatrice\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-04-13 135680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^beatrice^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2008-09-12 384000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableTaskMgr"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"HideFastUserSwitching"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoLogoff"=0
"NoClose"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e413f9b-d3fa-11dd-a17d-001eec84c788}]
shell\AutoRun\command - F:\AutoRunCardDetector.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f546ffb-81ae-11dd-8201-806e6f6e6963}]
shell\AutoRun\command - E:\setup.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2010-01-15 17:35:24 ----D---- C:\rsit
2010-01-15 17:35:24 ----D---- C:\Program Files\trend micro
2010-01-13 08:35:56 ----A---- C:\Windows\system32\t2embed.dll
2010-01-13 08:35:56 ----A---- C:\Windows\system32\fontsub.dll
2010-01-12 09:54:19 ----D---- C:\ProgramData\HideAndSecret3
2010-01-08 07:01:18 ----D---- C:\Users\beatrice\AppData\Roaming\iMaxGen
2010-01-06 14:28:03 ----D---- C:\ProgramData\PlayfulAge
2010-01-05 20:17:14 ----D---- C:\Users\beatrice\AppData\Roaming\casanova
2010-01-04 20:35:53 ----D---- C:\ProgramData\SOS
2009-12-30 15:10:53 ----D---- C:\Users\beatrice\AppData\Roaming\ElementalsTheMagicKey
2009-12-30 14:33:14 ----D---- C:\Windows\system32\AGEIA
2009-12-30 14:33:14 ----D---- C:\Program Files\AGEIA Technologies
2009-12-30 14:32:56 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-12-26 17:25:14 ----D---- C:\Users\beatrice\AppData\Roaming\Big Fish Games
2009-12-23 16:51:03 ----D---- C:\Users\beatrice\AppData\Roaming\EscapeTheMuseum2
2009-12-22 01:24:00 ----A---- C:\Windows\ntbtlog.txt
2009-12-18 19:24:29 ----D---- C:\Users\beatrice\AppData\Roaming\Gamers Digital
2009-12-18 19:24:29 ----D---- C:\ProgramData\Gamers Digital
2009-12-18 15:52:22 ----D---- C:\Users\beatrice\AppData\Roaming\GTM_Bodie
2009-12-18 08:15:15 ----D---- C:\Users\beatrice\AppData\Roaming\GOA
2009-12-18 08:15:15 ----D---- C:\ProgramData\GOA
2009-12-17 19:02:06 ----D---- C:\Users\beatrice\AppData\Roaming\MastersOfMystery2
2009-12-16 15:19:20 ----D---- C:\Users\beatrice\AppData\Roaming\Awem
2009-12-11 09:58:27 ----D---- C:\Users\beatrice\AppData\Roaming\V-Games
2009-12-10 13:01:17 ----D---- C:\ProgramData\Windows Genuine Advantage
2009-12-10 08:02:04 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-10 08:01:58 ----A---- C:\Windows\system32\httpapi.dll
2009-12-09 17:09:08 ----A---- C:\Windows\system32\winhttp.dll
2009-12-09 17:08:56 ----A---- C:\Windows\system32\mshtml.dll
2009-12-09 17:08:55 ----A---- C:\Windows\system32\ieframe.dll
2009-12-09 17:08:54 ----A---- C:\Windows\system32\iertutil.dll
2009-12-09 17:08:53 ----A---- C:\Windows\system32\wininet.dll
2009-12-09 17:08:53 ----A---- C:\Windows\system32\urlmon.dll
2009-12-09 17:08:52 ----A---- C:\Windows\system32\occache.dll
2009-12-09 17:08:52 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-09 17:08:52 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-09 17:08:51 ----A---- C:\Windows\system32\ieui.dll
2009-12-09 17:08:50 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-09 17:08:50 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-09 17:08:50 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-09 17:08:50 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-09 17:08:50 ----A---- C:\Windows\system32\iepeers.dll
2009-12-09 17:08:50 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-09 17:08:49 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-09 17:08:49 ----A---- C:\Windows\system32\iesetup.dll
2009-12-09 17:08:49 ----A---- C:\Windows\system32\iernonce.dll
2009-12-09 17:07:17 ----A---- C:\Windows\system32\rastls.dll
2009-11-29 11:17:43 ----D---- C:\Users\beatrice\AppData\Roaming\SaveThePuppy
2009-11-26 07:40:28 ----D---- C:\ProgramData\FarmFrenzy3
2009-11-26 03:03:30 ----A---- C:\Windows\system32\tzres.dll
2009-11-25 19:53:56 ----D---- C:\Users\beatrice\AppData\Roaming\runic games
2009-11-25 15:45:10 ----D---- C:\Users\beatrice\AppData\Roaming\World-LooM
2009-11-25 07:28:25 ----A---- C:\Windows\system32\msxml6.dll
2009-11-25 07:28:24 ----A---- C:\Windows\system32\msxml3.dll
2009-11-18 06:14:02 ----D---- C:\Program Files\Windows Portable Devices
2009-11-18 05:46:20 ----A---- C:\Windows\system32\UIAnimation.dll
2009-11-18 05:46:19 ----A---- C:\Windows\system32\UIRibbonRes.dll
2009-11-18 05:46:19 ----A---- C:\Windows\system32\UIRibbon.dll
2009-11-18 05:45:29 ----A---- C:\Windows\system32\WMPhoto.dll
2009-11-18 05:45:24 ----A---- C:\Windows\system32\cdd.dll
2009-11-18 05:45:21 ----A---- C:\Windows\system32\XpsRasterService.dll
2009-11-18 05:45:21 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2009-11-18 05:45:21 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-11-18 05:45:21 ----A---- C:\Windows\system32\d3d10warp.dll
2009-11-18 05:45:21 ----A---- C:\Windows\system32\d2d1.dll
2009-11-18 05:45:20 ----A---- C:\Windows\system32\XpsPrint.dll
2009-11-18 05:45:20 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-11-18 05:45:20 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-11-18 05:45:20 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-11-18 05:45:20 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-11-18 05:45:20 ----A---- C:\Windows\system32\dxdiagn.dll
2009-11-18 05:45:20 ----A---- C:\Windows\system32\dxdiag.exe
2009-11-18 05:45:19 ----A---- C:\Windows\system32\xpsservices.dll
2009-11-18 05:45:19 ----A---- C:\Windows\system32\OpcServices.dll
2009-11-18 05:45:19 ----A---- C:\Windows\system32\FntCache.dll
2009-11-18 05:45:19 ----A---- C:\Windows\system32\dxgi.dll
2009-11-18 05:45:19 ----A---- C:\Windows\system32\DWrite.dll
2009-11-18 05:45:19 ----A---- C:\Windows\system32\d3d11.dll
2009-11-18 05:45:19 ----A---- C:\Windows\system32\d3d10level9.dll
2009-11-18 05:45:19 ----A---- C:\Windows\system32\d3d10core.dll
2009-11-18 05:45:19 ----A---- C:\Windows\system32\d3d10_1core.dll
2009-11-18 05:45:18 ----A---- C:\Windows\system32\d3d10_1.dll
2009-11-18 05:45:18 ----A---- C:\Windows\system32\d3d10.dll
2009-11-18 05:44:46 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-11-18 05:44:46 ----A---- C:\Windows\system32\wpdbusenum.dll
2009-11-18 05:44:46 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2009-11-18 05:44:40 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2009-11-18 05:44:35 ----A---- C:\Windows\system32\WpdMtpUS.dll
2009-11-18 05:44:35 ----A---- C:\Windows\system32\WpdConns.dll
2009-11-18 05:44:34 ----A---- C:\Windows\system32\WPDSp.dll
2009-11-18 05:44:34 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2009-11-18 05:44:34 ----A---- C:\Windows\system32\wpdshext.dll
2009-11-18 05:44:34 ----A---- C:\Windows\system32\WpdMtp.dll
2009-11-18 05:44:34 ----A---- C:\Windows\system32\wpd_ci.dll
2009-11-18 05:44:34 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2009-11-18 05:44:34 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-11-18 05:44:34 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-11-18 05:44:34 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-11-18 05:42:10 ----A---- C:\Windows\system32\oleaccrc.dll
2009-11-18 05:42:09 ----A---- C:\Windows\system32\UIAutomationCore.dll
2009-11-18 05:42:09 ----A---- C:\Windows\system32\oleacc.dll
2009-11-15 11:44:41 ----D---- C:\Users\beatrice\AppData\Roaming\Thunderbird
2009-11-11 19:31:34 ----D---- C:\ProgramData\IM
2009-11-11 19:31:30 ----D---- C:\ProgramData\IncrediMail
2009-11-11 12:08:49 ----A---- C:\Windows\system32\WSDApi.dll
2009-11-09 07:50:15 ----D---- C:\Program Files\Securitoo
2009-11-07 22:43:14 ----D---- C:\Users\beatrice\AppData\Roaming\GTek
2009-11-07 08:18:59 ----D---- C:\Users\beatrice\AppData\Roaming\Hoyle FaceCreator
2009-11-07 08:18:57 ----D---- C:\Users\beatrice\AppData\Roaming\Hoyle Casino
2009-11-07 08:17:30 ----D---- C:\ProgramData\Sony Online Entertainment
2009-11-06 19:34:40 ----D---- C:\ProgramData\Fugazo
2009-11-03 09:59:05 ----D---- C:\Program Files\iPod
2009-11-03 09:58:55 ----D---- C:\Program Files\iTunes
2009-11-01 10:07:51 ----D---- C:\ProgramData\SugarGames
2009-10-31 16:50:08 ----D---- C:\Users\beatrice\AppData\Roaming\Go Go Gourmet
2009-10-31 09:13:52 ----D---- C:\Program Files\Search Guard PlusU
2009-10-31 09:13:52 ----D---- C:\Program Files\Search Guard Plus
2009-10-31 09:13:50 ----D---- C:\Program Files\SGPSA
2009-10-31 09:13:39 ----D---- C:\Program Files\Fast Browser Search
2009-10-30 07:53:45 ----A---- C:\Windows\system32\d3dx10_41.dll
2009-10-30 07:53:45 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2009-10-30 07:53:44 ----A---- C:\Windows\system32\XAudio2_4.dll
2009-10-30 07:53:44 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2009-10-30 07:53:44 ----A---- C:\Windows\system32\xactengine3_4.dll
2009-10-30 07:53:44 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2009-10-30 07:53:44 ----A---- C:\Windows\system32\D3DX9_41.dll
2009-10-30 07:53:43 ----A---- C:\Windows\system32\XAudio2_3.dll
2009-10-30 07:53:43 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2009-10-30 07:53:43 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-10-30 07:53:43 ----A---- C:\Windows\system32\d3dx10_40.dll
2009-10-30 07:53:43 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2009-10-30 07:53:42 ----A---- C:\Windows\system32\XAudio2_2.dll
2009-10-30 07:53:42 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2009-10-30 07:53:42 ----A---- C:\Windows\system32\xactengine3_3.dll
2009-10-30 07:53:42 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2009-10-30 07:53:41 ----A---- C:\Windows\system32\xactengine3_2.dll
2009-10-30 07:53:41 ----A---- C:\Windows\system32\d3dx10_39.dll
2009-10-30 07:53:41 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2009-10-30 07:53:40 ----A---- C:\Windows\system32\XAudio2_1.dll
2009-10-30 07:53:40 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2009-10-30 07:53:40 ----A---- C:\Windows\system32\D3DX9_39.dll
2009-10-30 07:53:37 ----A---- C:\Windows\system32\xactengine3_1.dll
2009-10-30 07:53:37 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2009-10-30 07:53:37 ----A---- C:\Windows\system32\d3dx10_38.dll
2009-10-30 07:53:37 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2009-10-30 07:53:34 ----A---- C:\Windows\system32\D3DX9_38.dll
2009-10-30 07:53:33 ----A---- C:\Windows\system32\XAudio2_0.dll
2009-10-30 07:53:33 ----A---- C:\Windows\system32\xactengine3_0.dll
2009-10-30 07:53:33 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2009-10-30 07:53:33 ----A---- C:\Windows\system32\d3dx10_37.dll
2009-10-30 07:53:33 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2009-10-30 07:53:32 ----A---- C:\Windows\system32\xactengine2_10.dll
2009-10-30 07:53:32 ----A---- C:\Windows\system32\D3DX9_37.dll
2009-10-30 07:53:32 ----A---- C:\Windows\system32\d3dx10_36.dll
2009-10-30 07:53:31 ----A---- C:\Windows\system32\d3dx9_36.dll
2009-10-30 07:53:31 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2009-10-30 07:53:30 ----A---- C:\Windows\system32\d3dx10_35.dll
2009-10-30 07:53:30 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2009-10-30 07:53:29 ----A---- C:\Windows\system32\xactengine2_8.dll
2009-10-30 07:53:29 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2009-10-30 07:53:29 ----A---- C:\Windows\system32\d3dx9_35.dll
2009-10-30 07:53:29 ----A---- C:\Windows\system32\d3dx10_34.dll
2009-10-30 07:53:28 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2009-10-30 07:53:27 ----A---- C:\Windows\system32\xinput1_3.dll
2009-10-30 07:53:27 ----A---- C:\Windows\system32\d3dx9_34.dll
2009-10-30 07:53:26 ----A---- C:\Windows\system32\xactengine2_7.dll
2009-10-30 07:53:26 ----A---- C:\Windows\system32\d3dx10_33.dll
2009-10-30 07:53:26 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2009-10-30 07:53:25 ----A---- C:\Windows\system32\xactengine2_6.dll
2009-10-30 07:53:24 ----A---- C:\Windows\system32\xactengine2_5.dll
2009-10-30 07:53:24 ----A---- C:\Windows\system32\d3dx10.dll
2009-10-30 07:53:23 ----A---- C:\Windows\system32\xactengine2_4.dll
2009-10-30 07:53:23 ----A---- C:\Windows\system32\x3daudio1_1.dll
2009-10-30 07:53:22 ----A---- C:\Windows\system32\xinput1_2.dll
2009-10-30 07:53:22 ----A---- C:\Windows\system32\xactengine2_3.dll
2009-10-30 07:53:22 ----A---- C:\Windows\system32\d3dx9_31.dll
2009-10-30 07:53:21 ----A---- C:\Windows\system32\xinput1_1.dll
2009-10-30 07:53:21 ----A---- C:\Windows\system32\xactengine2_2.dll
2009-10-30 07:53:21 ----A---- C:\Windows\system32\xactengine2_1.dll
2009-10-30 07:52:55 ----A---- C:\Windows\system32\d3dx9_30.dll
2009-10-30 07:52:54 ----A---- C:\Windows\system32\xactengine2_0.dll
2009-10-30 07:52:54 ----A---- C:\Windows\system32\x3daudio1_0.dll
2009-10-30 07:52:54 ----A---- C:\Windows\system32\d3dx9_29.dll
2009-10-30 07:52:51 ----A---- C:\Windows\system32\d3dx9_28.dll
2009-10-30 07:52:49 ----A---- C:\Windows\system32\d3dx9_27.dll
2009-10-30 07:52:48 ----A---- C:\Windows\system32\d3dx9_26.dll
2009-10-30 07:52:48 ----A---- C:\Windows\system32\d3dx9_25.dll
2009-10-30 07:52:47 ----A---- C:\Windows\system32\d3dx9_24.dll
2009-10-28 10:51:56 ----A---- C:\Windows\system32\wmp.dll
2009-10-28 10:51:52 ----A---- C:\Windows\system32\unregmp2.exe
2009-10-28 10:51:49 ----A---- C:\Windows\system32\wmploc.DLL
2009-10-27 17:35:25 ----D---- C:\ProgramData\Rumbic Studio
2009-10-26 20:00:39 ----A---- C:\Windows\system32\wups2.dll
2009-10-26 20:00:39 ----A---- C:\Windows\system32\wucltux.dll
2009-10-26 20:00:39 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-26 20:00:38 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-26 19:59:51 ----A---- C:\Windows\system32\wups.dll
2009-10-26 19:59:51 ----A---- C:\Windows\system32\wudriver.dll
2009-10-26 19:59:50 ----A---- C:\Windows\system32\wuapi.dll
2009-10-26 19:59:42 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-26 19:59:42 ----A---- C:\Windows\system32\wuapp.exe
2009-10-20 12:16:05 ----D---- C:\Users\beatrice\AppData\Roaming\Home Sweet Home Christmas
2009-10-20 11:54:50 ----D---- C:\ProgramData\Beanbag Studios
2009-10-19 19:47:56 ----D---- C:\Windows Sidebar
2009-10-18 10:38:58 ----D---- C:\Program Files\Microsoft Office Outlook Connector
2009-10-18 09:30:55 ----D---- C:\Users\beatrice\AppData\Roaming\Fabulous Finds
2009-10-17 07:54:08 ----D---- C:\ProgramData\GameXzone
2009-10-16 09:31:47 ----D---- C:\ProgramData\Becky Brogan
2009-10-16 07:52:43 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-16 07:52:28 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-10-16 07:52:27 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-10-16 07:50:19 ----A---- C:\Windows\system32\msasn1.dll
2009-10-16 07:50:05 ----A---- C:\Windows\system32\WMSPDMOD.DLL

======List of files/folders modified in the last 3 months======

2010-01-15 17:51:33 ----D---- C:\Windows\Temp
2010-01-15 17:51:15 ----D---- C:\Windows\Prefetch
2010-01-15 17:35:24 ----D---- C:\Program Files
2010-01-15 17:10:22 ----D---- C:\Program Files\Mozilla Firefox
2010-01-15 17:06:01 ----D---- C:\Windows
2010-01-15 07:28:28 ----SHD---- C:\System Volume Information
2010-01-15 07:23:55 ----D---- C:\Windows\tracing
2010-01-14 08:12:42 ----D---- C:\Windows\winsxs
2010-01-13 20:11:19 ----D---- C:\Windows\System32
2010-01-13 20:11:12 ----SHD---- C:\Windows\Installer
2010-01-13 20:11:11 ----D---- C:\ProgramData\Microsoft Help
2010-01-13 20:10:32 ----D---- C:\Windows\system32\catroot
2010-01-13 20:10:25 ----D---- C:\Program Files\Windows Mail
2010-01-13 20:03:49 ----D---- C:\Windows\Debug
2010-01-13 08:33:18 ----D---- C:\Windows\system32\catroot2
2010-01-12 15:57:13 ----D---- C:\Windows\Tasks
2010-01-12 15:57:13 ----D---- C:\Windows\system32\Tasks
2010-01-12 15:41:13 ----D---- C:\Users\beatrice\AppData\Roaming\MysteryStudio
2010-01-12 15:37:53 ----AD---- C:\ProgramData\TEMP
2010-01-12 13:33:21 ----D---- C:\ProgramData\WildTangent
2010-01-12 09:54:19 ----HD---- C:\ProgramData
2010-01-07 11:48:15 ----D---- C:\Users\beatrice\AppData\Roaming\PoBros
2010-01-07 11:48:15 ----D---- C:\ProgramData\PoBros
2010-01-07 10:24:21 ----D---- C:\Program Files\HP Games
2010-01-06 07:47:42 ----D---- C:\Users\beatrice\AppData\Roaming\Zylom
2010-01-06 07:47:42 ----D---- C:\Users\beatrice\AppData\Roaming\Identities
2010-01-05 07:45:45 ----D---- C:\Users\beatrice\AppData\Roaming\Friday's games
2010-01-05 01:17:46 ----A---- C:\Windows\system32\mrt.exe
2010-01-01 12:29:10 ----D---- C:\ProgramData\MumboJumbo
2009-12-31 10:20:23 ----D---- C:\Users\beatrice\AppData\Roaming\Playrix Entertainment
2009-12-30 14:36:00 ----RSD---- C:\Windows\assembly
2009-12-30 14:32:56 ----D---- C:\Program Files\Common Files
2009-12-30 11:33:29 ----D---- C:\ProgramData\JollyBear
2009-12-27 19:09:53 ----D---- C:\Windows\inf
2009-12-27 19:09:53 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-21 20:39:14 ----D---- C:\ProgramData\ObjPlay
2009-12-21 20:37:30 ----D---- C:\Program Files\Circle Developement
2009-12-21 20:37:29 ----D---- C:\Program Files\Messenger Plus! Live
2009-12-19 14:03:56 ----D---- C:\Users\beatrice\AppData\Roaming\PlayFirst
2009-12-19 14:03:56 ----D---- C:\ProgramData\PlayFirst
2009-12-19 10:22:31 ----D---- C:\Users\beatrice\AppData\Roaming\Merscom
2009-12-19 10:22:31 ----D---- C:\ProgramData\Merscom
2009-12-18 17:40:10 ----D---- C:\ProgramData\Alawar Stargaze
2009-12-15 10:43:05 ----D---- C:\Program Files\Oberon Media
2009-12-14 15:22:10 ----D---- C:\Users\beatrice\AppData\Roaming\Princess Isabella
2009-12-13 14:39:37 ----D---- C:\ProgramData\MythPeople
2009-12-11 16:58:20 ----D---- C:\Windows\system32\drivers
2009-12-11 14:46:37 ----SD---- C:\Windows\Downloaded Program Files
2009-12-10 08:38:55 ----D---- C:\Windows\rescache
2009-12-10 08:20:12 ----D---- C:\Windows\system32\migration
2009-12-10 08:20:12 ----D---- C:\Program Files\Internet Explorer
2009-12-10 08:20:11 ----D---- C:\Windows\system32\fr-FR
2009-12-07 19:43:31 ----D---- C:\Users\beatrice\AppData\Roaming\LimeWire
2009-11-29 14:28:34 ----D---- C:\Users\beatrice\AppData\Roaming\WildTangentv1002
2009-11-25 19:30:55 ----D---- C:\ProgramData\PopCap Games
2009-11-25 00:54:29 ----A---- C:\Windows\system32\aswBoot.exe
2009-11-18 06:14:01 ----D---- C:\Windows\system32\wbem
2009-11-18 06:13:55 ----D---- C:\Windows\system32\zh-HK
2009-11-18 06:13:55 ----D---- C:\Windows\system32\uk-UA
2009-11-18 06:13:55 ----D---- C:\Windows\system32\sl-SI
2009-11-18 06:13:55 ----D---- C:\Windows\system32\pt-PT
2009-11-18 06:13:55 ----D---- C:\Windows\system32\pt-BR
2009-11-18 06:13:55 ----D---- C:\Windows\system32\pl-PL
2009-11-18 06:13:55 ----D---- C:\Windows\system32\nl-NL
2009-11-18 06:13:55 ----D---- C:\Windows\system32\ko-KR
2009-11-18 06:13:55 ----D---- C:\Windows\system32\it-IT
2009-11-18 06:13:55 ----D---- C:\Windows\system32\hu-HU
2009-11-18 06:13:55 ----D---- C:\Windows\system32\hr-HR
2009-11-18 06:13:55 ----D---- C:\Windows\system32\he-IL
2009-11-18 06:13:55 ----D---- C:\Windows\system32\el-GR
2009-11-18 06:13:55 ----D---- C:\Windows\system32\bg-BG
2009-11-18 06:13:54 ----D---- C:\Windows\system32\zh-TW
2009-11-18 06:13:54 ----D---- C:\Windows\system32\zh-CN
2009-11-18 06:13:54 ----D---- C:\Windows\system32\tr-TR
2009-11-18 06:13:54 ----D---- C:\Windows\system32\th-TH
2009-11-18 06:13:54 ----D---- C:\Windows\system32\sv-SE
2009-11-18 06:13:54 ----D---- C:\Windows\system32\sr-Latn-CS
2009-11-18 06:13:54 ----D---- C:\Windows\system32\sk-SK
2009-11-18 06:13:54 ----D---- C:\Windows\system32\ru-RU
2009-11-18 06:13:54 ----D---- C:\Windows\system32\ro-RO
2009-11-18 06:13:54 ----D---- C:\Windows\system32\nb-NO
2009-11-18 06:13:54 ----D---- C:\Windows\system32\lv-LV
2009-11-18 06:13:54 ----D---- C:\Windows\system32\lt-LT
2009-11-18 06:13:54 ----D---- C:\Windows\system32\ja-JP
2009-11-18 06:13:54 ----D---- C:\Windows\system32\fi-FI
2009-11-18 06:13:54 ----D---- C:\Windows\system32\et-EE
2009-11-18 06:13:54 ----D---- C:\Windows\system32\es-ES
2009-11-18 06:13:54 ----D---- C:\Windows\system32\en-US
2009-11-18 06:13:54 ----D---- C:\Windows\system32\de-DE
2009-11-18 06:13:54 ----D---- C:\Windows\system32\da-DK
2009-11-18 06:13:54 ----D---- C:\Windows\system32\cs-CZ
2009-11-18 06:13:54 ----D---- C:\Windows\system32\ar-SA
2009-11-17 09:31:14 ----D---- C:\Program Files\Safari
2009-11-15 11:44:42 ----D---- C:\Users\beatrice\AppData\Roaming\Mozilla
2009-11-15 11:10:18 ----RSD---- C:\Windows\Fonts
2009-11-14 12:46:27 ----D---- C:\ProgramData\Meridian93
2009-11-14 12:46:00 ----D---- C:\Users\beatrice\AppData\Roaming\Meridian93
2009-11-10 13:45:36 ----D---- C:\Users\beatrice\AppData\Roaming\dvdcss
2009-11-03 09:59:04 ----D---- C:\Program Files\Common Files\Apple
2009-11-02 20:42:06 ----N---- C:\Windows\system32\MpSigStub.exe
2009-10-30 07:52:57 ----D---- C:\Windows\Microsoft.NET
2009-10-29 07:45:36 ----D---- C:\Program Files\Windows Media Player
2009-10-26 12:56:09 ----D---- C:\ProgramData\Google
2009-10-26 12:56:09 ----D---- C:\Program Files\Google
2009-10-26 07:34:56 ----D---- C:\ProgramData\GamesBar
2009-10-25 15:43:09 ----D---- C:\Program Files\GamesBar
2009-10-24 17:27:53 ----D---- C:\ProgramData\NOS
2009-10-22 09:12:29 ----D---- C:\Users\beatrice\AppData\Roaming\Flood Light Games
2009-10-22 09:12:29 ----D---- C:\ProgramData\Flood Light Games
2009-10-21 08:47:04 ----D---- C:\ProgramData\Adobe
2009-10-21 08:44:58 ----D---- C:\Program Files\Common Files\Adobe
2009-10-19 19:46:50 ----D---- C:\SWSETUP
2009-10-18 10:35:48 ----DC---- C:\Windows\system32\DRVSTORE
2009-10-18 10:33:00 ----D---- C:\Program Files\Windows Live
2009-10-17 02:29:27 ----D---- C:\Windows\ehome

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2007-05-24 64000]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R2 CdaC15BA;CdaC15BA; \??\C:\Windows\system32\drivers\CdaC15BA.SYS [2009-07-11 12464]
R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [2008-03-27 34664]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-04-27 909824]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-05-09 3552256]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-14 118784]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2008-04-15 378368]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\Windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys []
S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-06-13 23040]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-06-13 507904]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-06-13 30208]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2008-09-02 15352]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 GT72NDISIPXP;GT 72 IP NDIS; C:\Windows\system32\DRIVERS\Gt51Ip.sys [2007-11-13 95744]
S3 GT72UBUS;GT 72 U BUS; C:\Windows\system32\DRIVERS\gt72ubus.sys [2007-11-13 51968]
S3 GTPTSER;GT PT SER; C:\Windows\system32\DRIVERS\gtptser.sys [2007-11-13 8064]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-21 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 IvtBtBUs;IVT Bluetooth Bus Service; C:\Windows\System32\Drivers\IvtBtBus.sys []
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2009-02-03 28224]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2009-02-03 27072]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-06-13 149504]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2007-01-22 53376]
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-06-11 41856]
S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2007-07-11 12416]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2007-07-11 19840]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2007-07-11 21632]
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys []
S3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys []
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-21 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\aestsrv.exe [2008-02-12 73728]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-05-08 671744]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\Windows\system32\drivers\CDAC11BA.EXE [2009-07-11 54784]
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2008-03-18 19456]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-23 1028432]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-08-22 73728]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2008-05-14 292248]
R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2008-05-14 116112]
R2 Recovery Service for Windows;Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [2008-08-22 361808]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\STacSV.exe [2008-04-15 221239]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 125048]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S3 Boonty Games;Boonty Games; C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2008-09-19 69120]
S3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 GameConsoleService;GameConsoleService; C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe [2008-08-26 242424]
S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-01-25 148832]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-04-29 322032]

-----------------EOF-----------------


et le fichier info.txt

<code>
info.txt logfile of random's system information tool 1.06 2010-01-15 17:52:03

======Uninstall list======

-->"C:\Program Files\HP Games\18 Wheels of Steel - American Long Haul\Uninstall.exe"
-->"C:\Program Files\HP Games\7 Wonders - Treasures of Seven\Uninstall.exe"
-->"C:\Program Files\HP Games\7 Wonders II\Uninstall.exe"
-->"C:\Program Files\HP Games\7 Wonders of the Ancient World\Uninstall.exe"
-->"C:\Program Files\HP Games\Adventure Chronicles\Uninstall.exe"
-->"C:\Program Files\HP Games\Adventures of Robinson Crusoe\Uninstall.exe"
-->"C:\Program Files\HP Games\Agatha Christie - Death on the Nile\Uninstall.exe"
-->"C:\Program Files\HP Games\Agatha Christie - Peril at End House\Uninstall.exe"
-->"C:\Program Files\HP Games\Age of Castles\Uninstall.exe"
-->"C:\Program Files\HP Games\Alabama Smith in Escape from Pompeii\Uninstall.exe"
-->"C:\Program Files\HP Games\Alchemist's Apprentice\Uninstall.exe"
-->"C:\Program Files\HP Games\Alice Greenfingers 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Amazing Adventures Around the World\Uninstall.exe"
-->"C:\Program Files\HP Games\Amazing Adventures Special Edition Bundle\Uninstall.exe"
-->"C:\Program Files\HP Games\Amazing Adventures The Lost Tomb\Uninstall.exe"
-->"C:\Program Files\HP Games\Amazing Finds\Uninstall.exe"
-->"C:\Program Files\HP Games\Amelie's Cafe\Uninstall.exe"
-->"C:\Program Files\HP Games\American Girl - Mia Goes For Great\Uninstall.exe"
-->"C:\Program Files\HP Games\Annabel\Uninstall.exe"
-->"C:\Program Files\HP Games\Annie's Millions\Uninstall.exe"
-->"C:\Program Files\HP Games\Are You Smarter than a 5th Grader - Make the Grade\Uninstall.exe"
-->"C:\Program Files\HP Games\Around the World in 80 Days\Uninstall.exe"
-->"C:\Program Files\HP Games\Artist Colony\Uninstall.exe"
-->"C:\Program Files\HP Games\Ashley Jones and The Heart of Egypt\Uninstall.exe"
-->"C:\Program Files\HP Games\Ashton's Family Resort\Uninstall.exe"
-->"C:\Program Files\HP Games\Astro Avenger\Uninstall.exe"
-->"C:\Program Files\HP Games\AstroPop Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Atlantis Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Azteca\Uninstall.exe"
-->"C:\Program Files\HP Games\Babysitting Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\Beach Party Craze\Uninstall.exe"
-->"C:\Program Files\HP Games\Beebo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled Twist\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled\Uninstall.exe"
-->"C:\Program Files\HP Games\Big City Adventure - San Francisco\Uninstall.exe"
-->"C:\Program Files\HP Games\Big City Adventure - Sydney\Uninstall.exe"
-->"C:\Program Files\HP Games\Big Island Blends\Uninstall.exe"
-->"C:\Program Files\HP Games\BloodTies\Uninstall.exe"
-->"C:\Program Files\HP Games\Bob the Builder - Can-Do Carnival\Uninstall.exe"
-->"C:\Program Files\HP Games\Bob the Builder Can-Do-Zoo\Uninstall.exe"
-->"C:\Program Files\HP Games\Bone Out from Boneville\Uninstall.exe"
-->"C:\Program Files\HP Games\Book of Legends\Uninstall.exe"
-->"C:\Program Files\HP Games\Boonka\Uninstall.exe"
-->"C:\Program Files\HP Games\Brain Challenge\Uninstall.exe"
-->"C:\Program Files\HP Games\Brain Training for Dummies\Uninstall.exe"
-->"C:\Program Files\HP Games\Bratz Super Babyz\Uninstall.exe"
-->"C:\Program Files\HP Games\Bubble Town\Uninstall.exe"
-->"C:\Program Files\HP Games\Build in Time\Uninstall.exe"
-->"C:\Program Files\HP Games\Build-a-lot 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Build-a-lot 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Burger Island 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Bus Driver\Uninstall.exe"
-->"C:\Program Files\HP Games\Cake Mania 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Call of Atlantis\Uninstall.exe"
-->"C:\Program Files\HP Games\Can You See What I See - Curfuffle's Collectibles\Uninstall.exe"
-->"C:\Program Files\HP Games\Candace Kane's Candy Factory\Uninstall.exe"
-->"C:\Program Files\HP Games\Cannon Blast\Uninstall.exe"
-->"C:\Program Files\HP Games\Carnival Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\Carrie the Caregiver 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Carrie the Caregiver 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Carrie the Caregiver\Uninstall.exe"
-->"C:\Program Files\HP Games\Cate West - The Vanishing Files\Uninstall.exe"
-->"C:\Program Files\HP Games\Cate West - The Velvet Keys\Uninstall.exe"
-->"C:\Program Files\HP Games\Chocolatier - Decadence by Design\Uninstall.exe"
-->"C:\Program Files\HP Games\Christmasville\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Ciao Bella\Uninstall.exe"
-->"C:\Program Files\HP Games\CLUE Accusations and Alibis\Uninstall.exe"
-->"C:\Program Files\HP Games\Clueless\Uninstall.exe"
-->"C:\Program Files\HP Games\Color Up!\Uninstall.exe"
-->"C:\Program Files\HP Games\Continental Cafe\Uninstall.exe"
-->"C:\Program Files\HP Games\Cooking Academy 2 - World Cuisine\Uninstall.exe"
-->"C:\Program Files\HP Games\Cooking Academy\Uninstall.exe"
-->"C:\Program Files\HP Games\Cooking Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\County Fair\Uninstall.ex
A voir également:

23 réponses

  • 1
  • 2
Réponse 1 / 23
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
15 janv. 2010 à 18:18
bonjour

plusieurs infections

dans cet ordre (tu peux poster les rapports en suivant)

1)


Téléchargez USBFIX de El Desaparecido, C_xx

http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
ou
https://www.ionos.fr/?affiliate_id=77097

/!\ Utilisateur de vista et windows 7 :
ne pas oublier de désactiver Le contrôle des comptes utilisateurs
https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

/!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

• Double clic sur le raccourci UsbFix présent sur le bureau .

• Choisir l'option2
(d’autres options disponibles, voir le tutoriel).
• Laissez travailler l'outil.
Le menu démarrer et les icônes vont disparaître.. c'est normal.

Si un message te demande de redémarrer l'ordinateur fais le ...

● Au redémarrage, le fix se relance... laisses l'opération s'effectuer.

● Le bloc note s'ouvre avec un rapport, envoies le dans la prochaine réponse


• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html


UsbFix peut te demander d'uploader un dossier compressé à cette adresse : https://www.ionos.fr/?affiliate_id=77097

Il est enregistré sur ton bureau.

Merci de l'envoyer à l'adresse indiquée afin d'aider l'auteur de UsbFix dans ses recherches.

Merci

................

2)
Note importante :
Pour les ordinateurs équipés de Windows Vista et Windows 7, la désactivation du Contrôle des comptes utilisateurs est obligatoire
sous peine de ne pas pouvoir faire fonctionner correctement l'outil.
Tuto : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

Téléchargez et enregistrez le fichier d installation sur le bureau
http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe


Double cliquez sur le fichier d'installation de AD-Remover, le programme s'installera automatiquement.
Sous Vista : clic droit sur AD-Remover et sélectionner "Exécuter en tant qu'administrateur"
Au menu principal choisir
Option L Lancer le nettoyage
et tapez sur [entrée] .
Laissez travailler l'outil et ne touchez à rien ...
Postez le rapport qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

........................

3)
Infection Navipromo….Pour info :

Il s'installe via certains programmes, dont ceux-ci qu'il faut éviter à tout prix:
* Funky Emoticons
* go-astro
* Games Attack
* GoRecord
* HotTVPlayer / HotTVPlayer & Paris Hilton
* Live-Player
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* Officiale Emule (Version d'Emule modifiée)
* Original Solitaire
* SuperSexPlayer
* Speed Downloading
* Sudoplanet
* Webmediaplayer

il faudrait télécharge navilog1 sur le bureau :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Certaines infections bloquent les téléchargements d' outils de désinfection utilisez ce lien alternatif:
http://ww38.toofiles.com/fr/oip/documents/exe/yop3.html

/!\ Utilisateur de VISTA: il faudrait désactiver l’UAC juste le temps de désinfection de votre pc, Vous le réactiverez plus tard :

Tuto : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac



1°Double-clique sur navilog1.exe présent sur ton bureau
2°Sélectionnez la langue désirée dans le menu puis valide le choix par la touche « entrer »
3°Petit message d’avertissement, appuyez sur une touche pour passe à la suite
4°un nouveau avertissement, appuie sur une touche pour suivre
5°Vérification de l’installation de Navilog1 : si tout est bon, appuyez sur une touche pour continuer
6°Choisir option 1 : recherche/désinfection automatique
7°La recherche va se lancer automatiquement et peut durée quelques minutes, patientez
8°Une fois l’analyse terminé, fermez et enregistrez votre travail en cours, puis appuiez sur une touche pour que votre pc puisse démarrer
9°Au redémarrage du pc, Navilog va supprimer ce qu’il a trouvé, patientez quelques instants.

Un rapport est gèneré par l'outil. Il se trouve à cette emplacement :
XP : demarrer/poste de travail/c:/cleannavi.txt
Vista : logo « demarrer »/ordinateur/c:/ cleannavi.txt

...................

4)
Téléchargez MalwareByte's Anti-Malware

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

. Enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
. Une fois la mise à jour terminé
. Rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, clique sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. Rends toi dans l'onglet rapport/log
. Tu cliques dessus pour l'afficher, une fois affiché
. Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous
. Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller


Si tu as besoin d'aide regarde ces tutoriels :
Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam


1
Réponse 2 / 23
who? Messages postés 815 Date d'inscription mardi 29 décembre 2009 Statut Membre Dernière intervention 21 janvier 2012 114
15 janv. 2010 à 18:06
rien d'autre? :s
0
Réponse 3 / 23
knostra Messages postés 149 Date d'inscription jeudi 12 avril 2007 Statut Membre Dernière intervention 13 décembre 2013 3
15 janv. 2010 à 18:19
excuser moi j'avais pas lu jusqu'à la fin le tuto, je vais attendre de finir toutes les opérations et je mettrais les fichier en lien sa prendras moins de place sur le forum et ce seras plus complet.

merci beaucoup, je reviens dans une voir deux heures je pense.

d'accord je vais finir le premier tuto et je suivrais par vos instructions petit moment de grâce.

merci pour votre réponses
0
Réponse 4 / 23
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
15 janv. 2010 à 18:21
posts croisés

voir post 2
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 23
knostra Messages postés 149 Date d'inscription jeudi 12 avril 2007 Statut Membre Dernière intervention 13 décembre 2013 3
15 janv. 2010 à 18:24
ok donc je vais plutôt continuer avec vos instructions merci moment de grace et pas petit moment de grace je me suis tromper désolé :)

je reviens une fois fini
0
Réponse 6 / 23
knostra Messages postés 149 Date d'inscription jeudi 12 avril 2007 Statut Membre Dernière intervention 13 décembre 2013 3
15 janv. 2010 à 20:34
ok bon il me reste encore l'analyse de MalwareByte's Anti-Malware qui est en train de ce faire je vous met déjà les fichier log des première analyse

Pour USBFIX: http://www.cijoint.fr/cj201001/cijiOQ5Lon.txt

Pour AD-Remover: http://www.cijoint.fr/cj201001/cijfcj0kGw.txt

Pour navilog1: http://www.cijoint.fr/cj201001/cijTyxfsXD.txt

voilà je reviens dès que MalwareByte's Anti-Malware a fini l'analyse pour poster le rapport.

merci
0
Réponse 7 / 23
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
15 janv. 2010 à 21:04
vu les rapport

apres MBAM qui est assez long

tu pourras faire ceci

/!\ Utilisateur de vista et windows 7 : ne pas oublier de désactiver Le contrôle des comptes utilisateurs(uac)

https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac
Téléchargez Lop S&D.exe sur le Bueau

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
Certaines infections bloquent les telechargements d' outils de desinfection utilisez ce lien alternatif:
http://ww38.toofiles.com/fr/oip/documents/exe/yop4.html

Lop S&D est détecté par certains antivirus : il ne s'agit pas d'un virus (faux positif), mais d'un utilitaire destiné à mettre fin à des processus. Dans le cas d'une alerte de la part de votre antivirus, veuillez désactiver votre antivirus pendant la procédure

* Double-cliquez dessus pour lancer l'installation
* Puis double-cliquez sur le raccourci Lop S&D présent sur le Bureau
* Séléctionnez la langue souhaitée, puis choisir l'option 1 (Recherche)
* Patientez jusqu'à la fin du scan
* Postez le rapport généré sur un forum(C:\lopR.txt)

0
Réponse 8 / 23
knostra Messages postés 149 Date d'inscription jeudi 12 avril 2007 Statut Membre Dernière intervention 13 décembre 2013 3
16 janv. 2010 à 02:41
Voilà enfin fini punaise c'était rude :)

pour MalwareByte's Anti-Malware : http://www.cijoint.fr/cj201001/cijdvq3Orw.txt

pour Lop S&D: http://www.cijoint.fr/cj201001/cijCc9Guyj.txt

merci beaucoup et bonne nuit à demain.
0
Réponse 9 / 23
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
16 janv. 2010 à 08:05
bon

tu as vraiment fait le plein de virus...

MalwareByte'...no action taken = tu ne les as pas supprimer

refais un scan rapide (complet a dure 5h) et supprimes ce qu'il trouve +rapport

.............

lop : relancer Lop S&D option 2 suppression +hosts, poster le rapport

...............

présence de rookits:

/!\ Il faut impérativement désactiver tous tes logiciels de protection pour utiliser ce programme/!\


▶ Télécharge : Gmer (by Przemyslaw Gmerek)

http://www.gmer.net/



▶ Dezippe gmer ,cliques sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.

▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)

Ensuite

▶ sur les lignes rouge:

▶ Services:cliques droit delete service
▶ Process:cliques droit kill process
▶ Adl ,file:cliques droit delete files


0
Réponse 10 / 23
knostra Messages postés 149 Date d'inscription jeudi 12 avril 2007 Statut Membre Dernière intervention 13 décembre 2013 3
16 janv. 2010 à 13:42
Bonjour moment de grace,

Oui effectivement l'ordinateur est blindé de virus, en faite c'est le pc de ma mère qui adore les jeux bidon et qui télécharge et installe tout et n'importe quoi , alors je suis obligé de lui reformater tout les 6 mois !

mais là j'avais envie de voir si on pouvait faire quelque chose sans reformatage :)

j'ai refais l'analyse MalwareByte's Anti-Malware en rapide mais il n'a rien trouvé alors je la refais complète il en ai à 2h30 donc encore 3 bonne heures et je reposterais le rapport à ce moment avec tout le reste.

merci beaucoup pour votre aide.
0
Réponse 11 / 23
knostra Messages postés 149 Date d'inscription jeudi 12 avril 2007 Statut Membre Dernière intervention 13 décembre 2013 3
16 janv. 2010 à 17:56
voilà c'est fini mais MalwareByte n'a rien trouvé même en faisant le scan complet
voici le rapport:

MalwareByte: http://www.cijoint.fr/cj201001/cij1HuU78Y.txt

Pour Lop S&D: http://www.cijoint.fr/cj201001/cijViKWV12.txt

par contre gmer sa ne fonctionne pas, j'arrive à l'ouvrir et lancer le scan, sa scan pendant 5 minutes et vista me met un message pour me dire que:

gmer.exe a cessé de fonctionner
un problème a fait que gmer.exe a cessé de fonctionner ..........

Pourtant j'ai bien désactivé avast enfin c'est tout ce que j'ai désactivé

merci
0
Réponse 12 / 23
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
16 janv. 2010 à 18:03
peut tu poster ici le contenu du rapport Lop S&D (je ne peux pour l'heure le consulter que sur le forum)

pour gmer, on va voir autrement

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

▶ Télécharge et installe List&Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/Seven ) sur le raccourci sur ton bureau pour lancer l'installation

coche la case "creer une icone sur le bureau"

une fois terminée , clic sur "terminer" et le programme se lancer seul

choisis la langue puis choisis l'option 1 = Mode Recherche

▶ laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

Poste sur le forum le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

tu peux supprimer le rapport catchme.log de ton bureau maintenant.

0
Réponse 13 / 23
knostra Messages postés 149 Date d'inscription jeudi 12 avril 2007 Statut Membre Dernière intervention 13 décembre 2013 3
16 janv. 2010 à 18:11
Rapport Lop S&D

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Turion(tm) X2 Dual-Core Mobile RM-70 )
BIOS : Default System BIOS
USER : beatrice ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:223 Go (Free:10 Go)
D:\ (Local Disk) - NTFS - Total:9 Go (Free:1 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 16/01/2010|17:25 )

[ UAC => 1 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\ProgramData\comp two long internet\1 Option.dat
Supprime! - C:\Program Files\Circle Developement\Uninstall.exe
Supprime! - C:\ProgramData\Move Byte Byte.47ah5
Supprime! - C:\ProgramData\Move Byte Byte.d7d4ra
Supprime! - C:\ProgramData\Settings Bait Bird.vdfer1
Supprime! - C:\ProgramData\Move Byte Byte.aivhmn4
Supprime! - C:\ProgramData\Move Byte Byte.pgdhudd
Supprime! - C:\ProgramData\Move Byte Byte.uve7cjt
Supprime! - C:\ProgramData\comp two long internet
Supprime! - C:\Program Files\Circle Developement
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans Local

[15/01/2010|17:47] C:\Users\beatrice\AppData\Local\Adobe
[15/01/2010|17:47] C:\Users\beatrice\AppData\Local\Apple Computer
[13/09/2008|19:01] C:\Users\beatrice\AppData\Local\Application Data
[11/10/2008|12:01] C:\Users\beatrice\AppData\Local\Apps
[19/07/2009|12:35] C:\Users\beatrice\AppData\Local\Artist Colony
[28/05/2009|11:42] C:\Users\beatrice\AppData\Local\Astar Games
[13/09/2008|19:03] C:\Users\beatrice\AppData\Local\ATI
[13/09/2008|19:02] C:\Users\beatrice\AppData\Local\AtStart.txt
[15/01/2010|17:08] C:\Users\beatrice\AppData\Local\d3d9caps.dat
[28/12/2009|10:34] C:\Users\beatrice\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[01/01/2010|20:28] C:\Users\beatrice\AppData\Local\Deployment
[23/10/2008|16:50] C:\Users\beatrice\AppData\Local\Downloaded Installations
[28/02/2009|08:31] C:\Users\beatrice\AppData\Local\DownloadLog.txt
[13/09/2008|19:02] C:\Users\beatrice\AppData\Local\DSwitch.txt
[13/09/2008|21:45] C:\Users\beatrice\AppData\Local\eMule
[01/09/2009|16:50] C:\Users\beatrice\AppData\Local\FlyOrDie
[28/10/2008|07:07] C:\Users\beatrice\AppData\Local\gaabbbe.bat
[10/12/2008|21:08] C:\Users\beatrice\AppData\Local\Game Mill Files
[13/06/2009|12:17] C:\Users\beatrice\AppData\Local\Gamenauts
[26/08/2009|15:13] C:\Users\beatrice\AppData\Local\GDIPFONTCACHEV1.DAT
[26/10/2009|12:11] C:\Users\beatrice\AppData\Local\Google
[20/10/2009|12:11] C:\Users\beatrice\AppData\Local\Grubby Games
[16/09/2008|06:08] C:\Users\beatrice\AppData\Local\Hewlett-Packard
[13/09/2008|19:01] C:\Users\beatrice\AppData\Local\Historique
[28/09/2009|18:27] C:\Users\beatrice\AppData\Local\HP Guide
[16/01/2010|02:42] C:\Users\beatrice\AppData\Local\IconCache.db
[11/11/2009|19:36] C:\Users\beatrice\AppData\Local\IM
[09/10/2008|06:59] C:\Users\beatrice\AppData\Local\IsolatedStorage
[30/12/2009|11:33] C:\Users\beatrice\AppData\Local\JollyBear
[19/08/2009|14:29] C:\Users\beatrice\AppData\Local\Microsoft
[14/02/2009|18:16] C:\Users\beatrice\AppData\Local\Microsoft Games
[24/02/2009|07:38] C:\Users\beatrice\AppData\Local\Microsoft Help
[05/11/2008|17:41] C:\Users\beatrice\AppData\Local\Mozilla
[27/10/2009|13:13] C:\Users\beatrice\AppData\Local\Oberon Games
[13/05/2009|12:47] C:\Users\beatrice\AppData\Local\Plan It Green Files
[07/10/2009|21:20] C:\Users\beatrice\AppData\Local\PUTTY.RND
[13/09/2008|19:02] C:\Users\beatrice\AppData\Local\QSwitch.txt
[16/05/2009|10:06] C:\Users\beatrice\AppData\Local\QuickPlay
[26/10/2008|20:04] C:\Users\beatrice\AppData\Local\Seven Zip
[25/10/2009|13:39] C:\Users\beatrice\AppData\Local\slot1.mm1
[06/11/2008|11:12] C:\Users\beatrice\AppData\Local\SpookyManor
[18/02/2009|07:15] C:\Users\beatrice\AppData\Local\STARGAZE_IMAGE_CACHE
[16/01/2010|17:25] C:\Users\beatrice\AppData\Local\Temp
[13/09/2008|19:01] C:\Users\beatrice\AppData\Local\Temporary Internet Files
[01/09/2009|19:21] C:\Users\beatrice\AppData\Local\The Wonderful End of the World
[15/11/2009|11:44] C:\Users\beatrice\AppData\Local\Thunderbird
[08/01/2009|17:57] C:\Users\beatrice\AppData\Local\TimeParadox
[23/10/2008|11:38] C:\Users\beatrice\AppData\Local\Toshiba
[02/10/2008|17:57] C:\Users\beatrice\AppData\Local\VirtualStore
[08/12/2008|08:43] C:\Users\beatrice\AppData\Local\Xenocode
[12/01/2010|15:39] C:\Users\beatrice\AppData\Local\Zylom Games

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[16/01/2010 16:33][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-987366186-1126316390-497482987-1000UA.job
[15/01/2010 20:33][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-987366186-1126316390-497482987-1000Core.job
[13/01/2010 08:27][--a------] C:\Windows\tasks\HPCeeScheduleForbeatrice.job
[13/01/2010 19:31][--a------] C:\Windows\tasks\Ad-Aware Update (Weekly).job
[16/01/2010 17:00][--a------] C:\Windows\tasks\RegCure Program Check.job
[26/11/2009 03:17][--a------] C:\Windows\tasks\RegCure.job
[16/01/2010 17:25][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{E6443B5F-FC79-4622-9000-749D11B0DB42}.job
[16/01/2010 10:59][--ah-----] C:\Windows\tasks\SA.DAT
[16/01/2010 02:42][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[31/03/2009|08:19] C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[22/09/2009|08:28] C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[22/04/2009|18:27] C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
[28/04/2009|08:24] C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[26/10/2008|18:44] C:\ProgramData\118300.34
[15/01/2010|18:36] C:\ProgramData\Adobe
[07/07/2009|19:24] C:\ProgramData\AdventureChronicles1
[18/12/2009|17:40] C:\ProgramData\Alawar Stargaze
[24/10/2008|17:47] C:\ProgramData\AOL
[13/09/2008|19:50] C:\ProgramData\AOL OCP
[11/12/2008|16:30] C:\ProgramData\Apple
[31/03/2009|08:19] C:\ProgramData\Apple Computer
[02/11/2006|14:02] C:\ProgramData\Application Data
[19/07/2009|12:53] C:\ProgramData\Artist Colony
[06/11/2008|09:18] C:\ProgramData\Artogon
[08/03/2009|19:11] C:\ProgramData\Astar Games
[31/07/2008|00:29] C:\ProgramData\Atheros
[31/07/2008|01:24] C:\ProgramData\ATI
[29/09/2008|08:38] C:\ProgramData\AVS4YOU
[19/09/2008|02:54] C:\ProgramData\Azureus
[01/12/2008|10:51] C:\ProgramData\BC Soft Games
[20/10/2009|11:54] C:\ProgramData\Beanbag Studios
[16/10/2009|09:32] C:\ProgramData\Becky Brogan
[31/03/2009|18:43] C:\ProgramData\blg
[29/04/2009|23:24] C:\ProgramData\Blizzard
[23/07/2009|20:15] C:\ProgramData\BOONTY
[04/12/2008|20:26] C:\ProgramData\Boontyv1005fr
[13/09/2008|19:00] C:\ProgramData\Bureau
[15/10/2008|10:09] C:\ProgramData\CanonBJ
[24/10/2008|11:46] C:\ProgramData\CheckPoint
[28/07/2009|17:06] C:\ProgramData\Christmasville
[19/10/2008|18:09] C:\ProgramData\CyberLink
[10/02/2009|08:03] C:\ProgramData\Dekovir
[02/11/2006|14:02] C:\ProgramData\Desktop
[02/11/2006|14:02] C:\ProgramData\Documents
[05/01/2009|20:46] C:\ProgramData\Droppix
[13/09/2008|22:05] C:\ProgramData\eMule
[28/04/2009|10:46] C:\ProgramData\Enkord
[03/08/2009|16:30] C:\ProgramData\Escape From Paradise
[22/07/2009|12:19] C:\ProgramData\EscapeTheMuseum
[29/09/2008|12:55] C:\ProgramData\ezsid.dat
[26/11/2009|08:04] C:\ProgramData\FarmFrenzy3
[13/09/2008|19:00] C:\ProgramData\Favoris
[02/11/2006|14:02] C:\ProgramData\Favorites
[09/10/2008|14:40] C:\ProgramData\Fighters
[22/10/2009|09:12] C:\ProgramData\Flood Light Games
[21/02/2009|09:06] C:\ProgramData\FloodLightGames
[07/06/2009|14:50] C:\ProgramData\Fuel Industries
[06/11/2009|19:34] C:\ProgramData\Fugazo
[11/12/2008|07:59] C:\ProgramData\GameHouse
[18/12/2009|19:24] C:\ProgramData\Gamers Digital
[17/10/2009|07:54] C:\ProgramData\GameXzone
[18/12/2009|08:15] C:\ProgramData\GOA
[15/09/2009|06:06] C:\ProgramData\GoBit Games
[23/05/2009|06:41] C:\ProgramData\Gogii
[10/03/2009|19:56] C:\ProgramData\Gogii Games
[09/12/2008|20:22] C:\ProgramData\Gold Casual Games
[26/10/2009|12:56] C:\ProgramData\Google
[25/11/2008|06:21] C:\ProgramData\Hewlett-Packard
[23/03/2009|12:04] C:\ProgramData\HiddenSecretsNightmare
[12/01/2010|09:54] C:\ProgramData\HideAndSecret3
[28/09/2009|08:53] C:\ProgramData\HipSoft
[08/07/2009|10:30] C:\ProgramData\hitpointstudios
[19/02/2009|13:12] C:\ProgramData\HoverBee Studios
[15/10/2008|12:38] C:\ProgramData\HP
[11/11/2009|19:33] C:\ProgramData\IM
[11/11/2009|19:31] C:\ProgramData\IncrediMail
[25/05/2009|18:14] C:\ProgramData\Intenium
[08/06/2009|14:52] C:\ProgramData\InterAction studios
[24/09/2009|09:53] C:\ProgramData\IronCode
[30/12/2009|11:33] C:\ProgramData\JollyBear
[22/04/2009|18:27] C:\ProgramData\Lavasoft
[06/01/2009|13:40] C:\ProgramData\LightScribe
[14/10/2008|14:58] C:\ProgramData\ma-config.com
[11/07/2009|09:48] C:\ProgramData\Macrovision
[28/10/2008|08:52] C:\ProgramData\Malwarebytes
[13/10/2009|17:46] C:\ProgramData\McAfee
[13/10/2009|08:04] C:\ProgramData\McAfee Security Scan
[13/09/2008|19:00] C:\ProgramData\Menu D‚marrer
[14/11/2009|12:46] C:\ProgramData\Meridian93
[19/12/2009|10:22] C:\ProgramData\Merscom
[23/02/2009|20:58] C:\ProgramData\Messenger Plus!
[19/02/2009|13:03] C:\ProgramData\Microsoft
[13/01/2010|20:11] C:\ProgramData\Microsoft Help
[16/05/2009|06:47] C:\ProgramData\MissTeriTale2
[13/09/2008|19:00] C:\ProgramData\ModŠles
[01/01/2010|12:29] C:\ProgramData\MumboJumbo
[13/06/2008|04:29] C:\ProgramData\muvee Technologies
[10/12/2008|21:55] C:\ProgramData\MysteryChronicles
[13/12/2009|14:39] C:\ProgramData\MythPeople
[29/01/2009|11:08] C:\ProgramData\NCH Swift Sound
[01/03/2009|12:56] C:\ProgramData\NeptunesAdve
[08/10/2008|11:41] C:\ProgramData\NortonInstaller
[24/10/2009|17:27] C:\ProgramData\NOS
[21/12/2009|20:39] C:\ProgramData\ObjPlay
[09/06/2009|12:51] C:\ProgramData\PBGsavesDirectory
[12/01/2009|17:14] C:\ProgramData\Player Metaboli
[19/12/2009|14:03] C:\ProgramData\PlayFirst
[06/01/2010|14:28] C:\ProgramData\PlayfulAge
[11/10/2009|11:28] C:\ProgramData\PlayPond
[26/03/2009|10:32] C:\ProgramData\Playrix Entertainment
[04/07/2009|09:39] C:\ProgramData\Playtonium Games
[07/01/2010|11:48] C:\ProgramData\PoBros
[25/11/2009|19:30] C:\ProgramData\PopCap Games
[21/07/2009|15:04] C:\ProgramData\Product
[21/07/2009|15:04] C:\ProgramData\QuickClick
[23/01/2009|07:11] C:\ProgramData\RFA_Backups
[27/10/2009|17:35] C:\ProgramData\Rumbic Studio
[17/06/2009|17:21] C:\ProgramData\Sandlot Games
[15/09/2008|08:12] C:\ProgramData\ScanSoft
[29/09/2008|12:53] C:\ProgramData\Skype
[07/11/2009|08:17] C:\ProgramData\Sony Online Entertainment
[04/01/2010|20:35] C:\ProgramData\SOS
[01/12/2008|13:06] C:\ProgramData\SpecialBit Games
[27/03/2009|18:29] C:\ProgramData\SpinTop Games
[14/03/2009|07:45] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|14:02] C:\ProgramData\Start Menu
[01/11/2009|10:07] C:\ProgramData\SugarGames
[22/09/2009|19:57] C:\ProgramData\Symantec
[12/01/2010|15:37] C:\ProgramData\TEMP
[02/11/2006|14:02] C:\ProgramData\Templates
[26/06/2009|16:21] C:\ProgramData\UClick
[12/10/2009|15:16] C:\ProgramData\ValuSoft
[25/05/2009|15:09] C:\ProgramData\Wild Tangent
[12/01/2010|13:33] C:\ProgramData\WildTangent
[08/06/2009|12:53] C:\ProgramData\WildTangentv1005
[22/03/2009|15:13] C:\ProgramData\WildWestQuest2
[10/12/2009|13:01] C:\ProgramData\Windows Genuine Advantage
[11/12/2008|13:50] C:\ProgramData\WindowsSearch
[28/09/2008|13:00] C:\ProgramData\WinZip
[15/09/2008|19:47] C:\ProgramData\WLInstaller
[28/01/2009|17:25] C:\ProgramData\wmp
[03/06/2009|09:37] C:\ProgramData\Word Whomp Underground
[23/10/2008|16:52] C:\ProgramData\ywasvxup.hvs
[02/02/2009|15:04] C:\ProgramData\Zeal Deluxe
[13/10/2009|13:34] C:\ProgramData\ZEMNOTT
[06/11/2008|17:20] C:\ProgramData\Zylom

--------------------\\ Listing des dossiers dans C:\Program Files

[01/04/2009|15:52] C:\Program Files\Adobe
[30/12/2009|14:33] C:\Program Files\AGEIA Technologies
[26/08/2009|09:21] C:\Program Files\AIM6
[06/01/2009|20:09] C:\Program Files\Alex Feinman
[15/09/2008|16:13] C:\Program Files\Alwil Software
[05/01/2009|08:37] C:\Program Files\AML Products
[11/12/2008|16:32] C:\Program Files\Apple Software Update
[15/09/2008|08:09] C:\Program Files\ArcSoft
[31/07/2008|00:31] C:\Program Files\Atheros
[31/07/2008|00:32] C:\Program Files\ATI
[31/07/2008|00:35] C:\Program Files\ATI Technologies
[05/01/2009|08:38] C:\Program Files\AviSynth 2.5
[26/01/2009|07:04] C:\Program Files\AVS4YOU
[06/01/2009|09:38] C:\Program Files\Bonjour
[11/10/2009|20:50] C:\Program Files\BoontyGames
[06/01/2009|19:48] C:\Program Files\Canon
[14/10/2008|15:28] C:\Program Files\CanonBJ
[06/01/2009|19:09] C:\Program Files\CCleaner
[31/07/2008|00:29] C:\Program Files\Cisco
[30/12/2009|14:32] C:\Program Files\Common Files
[31/07/2008|01:20] C:\Program Files\CyberLink
[26/04/2009|14:45] C:\Program Files\DivX
[18/10/2008|19:00] C:\Program Files\eMule
[13/09/2008|19:00] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[11/10/2008|17:03] C:\Program Files\Fighters
[07/06/2009|18:34] C:\Program Files\FileZilla FTP Client
[14/11/2008|20:18] C:\Program Files\Full Tilt Poker
[26/10/2009|12:56] C:\Program Files\Google
[16/03/2009|21:16] C:\Program Files\Hewlett-Packard
[13/06/2008|05:09] C:\Program Files\HP
[07/01/2010|10:24] C:\Program Files\HP Games
[31/07/2008|00:40] C:\Program Files\IDT
[16/03/2009|21:16] C:\Program Files\InstallShield Installation Information
[10/12/2009|08:20] C:\Program Files\Internet Explorer
[03/11/2009|09:59] C:\Program Files\iPod
[03/11/2009|09:59] C:\Program Files\iTunes
[11/01/2009|22:52] C:\Program Files\Java
[21/10/2008|15:06] C:\Program Files\JRE
[22/04/2009|18:27] C:\Program Files\Lavasoft
[26/01/2009|12:54] C:\Program Files\Le Mystere de la Momie Demo
[22/10/2008|11:10] C:\Program Files\LG Electronics
[22/10/2008|11:08] C:\Program Files\LG PC Suite 2
[17/06/2009|18:33] C:\Program Files\LimeWire
[14/10/2008|14:58] C:\Program Files\ma-config.com
[15/01/2010|18:14] C:\Program Files\Malwarebytes' Anti-Malware
[21/12/2009|20:37] C:\Program Files\Messenger Plus! Live
[04/01/2009|20:28] C:\Program Files\Microsoft
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[11/01/2009|19:01] C:\Program Files\Microsoft Office
[18/10/2009|10:38] C:\Program Files\Microsoft Office Outlook Connector
[23/09/2009|06:21] C:\Program Files\Microsoft Silverlight
[13/09/2008|21:06] C:\Program Files\Microsoft SQL Server Compact Edition
[04/01/2009|20:27] C:\Program Files\Microsoft Sync Framework
[11/01/2009|19:01] C:\Program Files\Microsoft Visual Studio
[11/01/2009|18:57] C:\Program Files\Microsoft Visual Studio 8
[11/06/2009|08:48] C:\Program Files\Microsoft Works
[11/01/2009|19:00] C:\Program Files\Microsoft.NET
[23/09/2009|06:56] C:\Program Files\Movie Maker
[16/01/2010|02:30] C:\Program Files\Mozilla Firefox
[11/01/2009|19:02] C:\Program Files\MSBuild
[11/01/2009|18:54] C:\Program Files\MSECache
[13/09/2008|19:19] C:\Program Files\MSXML 4.0
[13/06/2008|04:29] C:\Program Files\muvee Technologies
[08/01/2009|20:07] C:\Program Files\MySoft
[15/01/2010|20:21] C:\Program Files\Navilog1
[29/01/2009|11:08] C:\Program Files\NCH Software
[27/02/2009|06:51] C:\Program Files\NCH Swift Sound
[17/09/2008|19:08] C:\Program Files\NOS
[07/10/2009|20:47] C:\Program Files\Notepad++
[15/12/2009|10:43] C:\Program Files\Oberon Media
[06/05/2009|06:45] C:\Program Files\Objective Tarot
[05/01/2009|19:45] C:\Program Files\ONES (F)
[15/09/2008|18:39] C:\Program Files\Online Services
[21/10/2008|15:06] C:\Program Files\OpenOffice.org 3
[30/09/2009|08:12] C:\Program Files\orange
[24/10/2008|17:58] C:\Program Files\Panda Security
[24/10/2008|18:09] C:\Program Files\POPUPKILLER
[05/10/2008|10:19] C:\Program Files\Portrait Professional 6
[22/09/2009|08:24] C:\Program Files\QuickTime
[31/07/2008|00:37] C:\Program Files\Realtek
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[26/02/2009|06:13] C:\Program Files\RegCure
[17/11/2009|09:31] C:\Program Files\Safari
[13/09/2008|21:07] C:\Program Files\Satsuki Decoder Pack
[15/09/2008|08:11] C:\Program Files\ScanSoft
[15/01/2010|19:59] C:\Program Files\Search Guard Plus
[15/01/2010|19:59] C:\Program Files\Search Guard PlusU
[09/11/2009|07:50] C:\Program Files\Securitoo
[06/05/2009|06:46] C:\Program Files\Skype
[05/03/2009|13:14] C:\Program Files\Spybot - Search & Destroy
[11/05/2009|07:45] C:\Program Files\Steam
[31/07/2008|00:36] C:\Program Files\Synaptics
[23/04/2009|23:19] C:\Program Files\Teamspeak2_RC2
[23/10/2008|11:07] C:\Program Files\Toshiba
[15/01/2010|17:50] C:\Program Files\trend micro
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[22/09/2009|08:32] C:\Program Files\Utilitaire de configuration iPhone
[16/09/2008|06:00] C:\Program Files\uTorrent
[24/09/2008|18:59] C:\Program Files\VideoLAN
[08/06/2009|08:59] C:\Program Files\WildGames
[23/09/2009|06:56] C:\Program Files\Windows Calendar
[23/09/2009|06:56] C:\Program Files\Windows Collaboration
[23/09/2009|06:56] C:\Program Files\Windows Defender
[23/09/2009|06:56] C:\Program Files\Windows Journal
[18/10/2009|10:33] C:\Program Files\Windows Live
[04/01/2009|20:22] C:\Program Files\Windows Live SkyDrive
[13/01/2010|20:10] C:\Program Files\Windows Mail
[29/10/2009|07:45] C:\Program Files\Windows Media Player
[13/09/2008|19:00] C:\Program Files\Windows NT
[23/09/2009|06:56] C:\Program Files\Windows Photo Gallery
[18/11/2009|06:14] C:\Program Files\Windows Portable Devices
[23/09/2009|06:56] C:\Program Files\Windows Sidebar
[29/09/2008|07:06] C:\Program Files\WinRAR
[07/10/2009|20:20] C:\Program Files\WinSCP
[30/04/2009|01:44] C:\Program Files\World of Warcraft
[24/10/2008|17:52] C:\Program Files\Yahoo!
[03/08/2009|16:26] C:\Program Files\Zylom Games

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[15/01/2010|18:36] C:\Program Files\Common Files\Adobe
[05/01/2009|10:56] C:\Program Files\Common Files\Ahead
[15/09/2008|18:02] C:\Program Files\Common Files\AOL
[03/11/2009|09:59] C:\Program Files\Common Files\Apple
[30/10/2008|18:05] C:\Program Files\Common Files\AVSMedia
[28/10/2008|15:00] C:\Program Files\Common Files\BitDefender
[29/04/2009|22:26] C:\Program Files\Common Files\Blizzard Entertainment
[19/09/2008|15:45] C:\Program Files\Common Files\BOONTY Shared
[14/09/2008|06:40] C:\Program Files\Common Files\CANON
[11/01/2009|19:01] C:\Program Files\Common Files\DESIGNER
[26/04/2009|14:45] C:\Program Files\Common Files\DivX Shared
[05/01/2009|20:47] C:\Program Files\Common Files\Droppix
[15/09/2008|08:11] C:\Program Files\Common Files\InstallShield
[13/06/2008|05:09] C:\Program Files\Common Files\Java
[30/11/2008|15:09] C:\Program Files\Common Files\LightScribe
[11/07/2009|09:48] C:\Program Files\Common Files\Macrovision Shared
[26/08/2009|14:36] C:\Program Files\Common Files\microsoft shared
[28/10/2008|14:24] C:\Program Files\Common Files\MSSoap
[13/06/2008|04:29] C:\Program Files\Common Files\muvee Technologies
[30/09/2009|08:12] C:\Program Files\Common Files\Oberon Media
[22/10/2008|11:13] C:\Program Files\Common Files\PX Storage Engine
[02/03/2009|08:47] C:\Program Files\Common Files\Real
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[29/04/2009|20:21] C:\Program Files\Common Files\Steam
[22/09/2009|19:59] C:\Program Files\Common Files\Symantec Shared
[23/09/2009|06:56] C:\Program Files\Common Files\System
[04/01/2009|20:05] C:\Program Files\Common Files\Windows Live
[15/09/2008|19:50] C:\Program Files\Common Files\WindowsLiveInstaller
[30/12/2009|14:33] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 77 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-16 17:26:45
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 3

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\PROGRA~2\Fugazo\World Mosaics\cached\sounds\Tilecrack.wav


[F:10][D:6]-> C:\Users\beatrice\AppData\Local\Temp
[F:32][D:1]-> C:\Users\beatrice\AppData\Roaming\MICROS~1\Windows\Cookies
[F:284][D:6]-> C:\Users\beatrice\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:3][D:1]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 16/01/2010| 2:37 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 16/01/2010|17:29 - Option : [2]

--------------------\\ Fin du rapport a 17:29:53
[ UAC => 1 ]
0
Réponse 14 / 23
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
16 janv. 2010 à 18:22
vu

killem donc
0
Réponse 15 / 23
knostra Messages postés 149 Date d'inscription jeudi 12 avril 2007 Statut Membre Dernière intervention 13 décembre 2013 3
16 janv. 2010 à 19:28
voilà Kill c bon :

List'em by g3n-h@ckm@n 1.1.8.3

Thx to El Desaparecido.....& CCM team

User : beatrice (Administrateurs)
Update on 14/01/2010 by g3n-h@ckm@n ::::: 18:30
Start at: 18:14:56 | 16/01/2010
Contact : g3n-h@ckm@n sur CCM

AMD Turion(tm) X2 Dual-Core Mobile RM-70
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18865
Windows Firewall Status : Disabled

C:\ -> Disque fixe local | 223,73 Go (10,96 Go free) | NTFS
D:\ -> Disque fixe local | 9,15 Go (1,66 Go free) [HP_RECOVERY] | NTFS
E:\ -> Disque CD-ROM

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\FirewallControlPanel.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\beatrice\AppData\Local\Temp\4F11.tmp\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
Google Update REG_SZ "C:\Users\beatrice\AppData\Local\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NWEReboot REG_SZ
AppleSyncNotifier REG_SZ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
SysTrayApp REG_EXPAND_SZ %ProgramFiles%\IDT\WDM\sttray.exe
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM REG_SZ "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
ConsentPromptBehaviorUser REG_DWORD 1 (0x1)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 1 (0x1)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 1 (0x1)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 1 (0x1)
EnableUIADesktopToggle REG_DWORD 0 (0x0)
HideFastUserSwitching REG_DWORD 0 (0x0)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoLogoff REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 128 (0x80)
NoDriveTypeAutoRun REG_DWORD 128 (0x80)
HonorAutoRunSetting REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
BindDirectlyToPropertySetStorage REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 128 (0x80)
NoDriveTypeAutoRun REG_DWORD 128 (0x80)
HonorAutoRunSetting REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\D27CDB6E-AE6D-11CF-96B8-444553540000
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{06E7240D-D7D5-B646-D631-B48F9C9ED978}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{07AD0FD2-116A-8A48-C7E3-83159CE22237}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10B6F6AB-EAFC-E7DE-A6D8-89A9E4E14906}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C939776-9ABA-EE6E-3B22-03671B86A17B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2F291CF2-8D08-37B0-55CF-410163C744D1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3A2C6A7C-C12C-571E-E6F4-D90BDD286CF2}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4218CC4E-3E55-5040-F083-4F4979584A1A}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4569F293-D73A-18E7-0D38-854A6EB2CF97}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4947691F-0601-9720-889F-835ACD9E9FCF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FD3B88E-34B7-090A-0587-053951AF475E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E6E6D0-4E46-5D34-465B-4FE9C2268516}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6429643D-09DB-3A08-73FE-4F1E689AB594}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6DF4AC9E-E1D5-DA41-E34A-C557CD6F1FB8}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6F9BCEED-B7D2-AD58-5446-6E5840B844BD}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{722FDAEE-FA91-3B75-95E4-3A5617572924}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{74EE36D8-2165-A00B-BC7F-36AFF696D1FE}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{75EA5DA3-8111-F34C-1C95-7C8485585A24}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{77EE854A-B0FA-3E6B-C43C-1C66E36B63D8}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{82C75D0C-10E1-C0A4-D581-6055038CDCA7}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{83A8ED03-6B2B-7ED9-ED9D-2C07F71255BF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8CF37354-9068-A061-CF6C-B12C35679473}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8D8C98E4-6753-C424-3182-7C4B6747B4FE}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{909D6C90-1D84-D845-8E99-3259397182F5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{91708F02-2C69-78CD-ABDA-FB8C3C3B378E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{93E30C13-FA9E-8588-25CC-CABB6324DC97}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{93F52ADA-EAAA-D768-43A4-722C6D30B22C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9ACFBD8C-754D-0A46-1C47-481611DF7C83}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9B6687EF-4674-C6FB-98A9-B6692CD7B701}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9F52E356-B80C-7D26-211B-69609AA4E7BE}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A1CF7563-466E-CA92-9539-35EECCE6864F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A9B12AE9-1397-2DF6-465D-4B1611487755}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B0E089D4-02F5-69D5-0220-16D60F268B49}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B6266A8C-5606-8774-EBA9-567F8568ACBE}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B70C83B4-B535-760C-5D80-D5D1FA2E2A70}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BB9F909D-6C64-F2D4-79B4-F8E8C7E04B7F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BC3E3095-0EF2-0DC2-0035-54E5A86B4FDB}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D132CACF-7104-31F9-BA33-CE6FEA875F21}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DE156264-EA3B-627B-51FD-C9AAE4BC3B9D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E0511F5D-B47C-7906-FCAA-CDCB7B664B7B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E18DCB60-1B50-B999-69F3-4442AC8D3270}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EC16E32C-72B7-465F-F3A4-505B8CD925CD}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F94C2F6F-B66D-EE6C-F140-AF9667801D22}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F96E0748-B019-4A81-45A5-A7307217C831}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FE1F6ACB-F73A-F26E-3BD4-D2D734902FB6}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3
EapHost : 0x3
Wlansvc : 0x2
SharedAccess : 0x2
windefend : 0x2
wuauserv : 0x2
wscsvc : 0x2

=========

=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.

Rapport d'analyse pour le volume C:

Taille du volume = 224 Go
Espace libre = 10.97 Go
tendue d'espace libre la plus grande = 53 Mo
Pourcentage de fragmentation des fichiers = 1 %

Remarqueÿ: sur les volumes NTFS, les fragments de fichiers de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.

Il n'est pas n‚cessaire de d‚fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

C:\install.exe
C:\ProgramData\Valusoft
C:\Program Files\Search Guard PlusU
C:\Windows\System32\EZUPBH~1.DLL
C:\Windows\System32\logs

¤¤¤¤¤¤¤¤¤¤ Keys :

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoLogOff"
"HKCU\software\microsoft\internet explorer\searchscopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}"
HKCR\ezUPBHook.ShellObj
HKCR\ezUPBHook.ShellObj.1
HKCR\ImageOle.GifAnimator
HKCR\ImageOle.GifAnimator.1
HKCR\interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
HKCR\Interface\{daa37aad-f156-4c2c-ac48-3c22ef92ae2f}
HKCR\TypeLib\{478CAB91-9E28-11D4-97FF-0050047D51FB}
HKCR\Typelib\{710993A2-4F87-41D7-B6FE-F5A20368465F}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cb0d163c-e9f4-4236-9496-0597e24b23a5}
HKLM\SOFTWARE\Classes\CLSID\{06ADA938-0FB0-4BC0-B19B-0A38AB17F182}

================
Other infections
================

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-16 18:33:36
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37b5b6f4]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e37b5b6f4]

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E94CB806-CB04-366E-FF42-2549A02EB6A5}]
"oabanofdmajecmlleandpidkmhmigp"=hex:6a,61,68,6d,6c,65,6b,61,69,64,6f,6d,6b,65,61,63,62,6c,66,6e,00,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

==========
Programs
==========

Adobe
AGEIA Technologies
AIM6
Alex Feinman
Alwil Software
AML Products
Apple Software Update
ArcSoft
Atheros
ATI
ATI Technologies
AviSynth 2.5
AVS4YOU
Bonjour
BoontyGames
Canon
CanonBJ
CCleaner
Cisco
Common Files
CyberLink
desktop.ini
DivX
eMule
Fichiers communs
Fighters
FileZilla FTP Client
Full Tilt Poker
Google
Hewlett-Packard
HP
HP Games
IDT
InstallShield Installation Information
Internet Explorer
iPod
iTunes
Java
JRE
Lavasoft
Le Mystere de la Momie Demo
LG Electronics
LG PC Suite 2
LimeWire
List_Kill'em
ma-config.com
Malwarebytes' Anti-Malware
Messenger Plus! Live
Microsoft
Microsoft Games
Microsoft Office
Microsoft Office Outlook Connector
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft Visual Studio
Microsoft Visual Studio 8
Microsoft Works
Microsoft.NET
Movie Maker
Mozilla Firefox
MSBuild
MSECache
MSXML 4.0
muvee Technologies
MySoft
Navilog1
NCH Software
NCH Swift Sound
NOS
Notepad++
Oberon Media
Objective Tarot
ONES (F)
Online Services
OpenOffice.org 3
orange
Panda Security
POPUPKILLER
Portrait Professional 6
QuickTime
Realtek
Reference Assemblies
RegCure
RngInterstitial.dll
Safari
Satsuki Decoder Pack
ScanSoft
Search Guard Plus
Search Guard PlusU
Securitoo
Skype
Spybot - Search & Destroy
Steam
Synaptics
Teamspeak2_RC2
Toshiba
trend micro
Uninstall Information
Utilitaire de configuration iPhone
uTorrent
VideoLAN
WildGames
Windows Calendar
Windows Collaboration
Windows Defender
Windows Journal
Windows Live
Windows Live SkyDrive
Windows Mail
Windows Media Player
Windows NT
Windows Photo Gallery
Windows Portable Devices
Windows Sidebar
WinRAR
WinSCP
World of Warcraft
Yahoo!
Zylom Games

============
Lecteur C:
============

$RECYCLE.BIN
aaw7boot.log
Ad-Remover
Archivos de programa
autoexec.bat
autorun.inf
Avenger
avenger.txt
Boonty
boot
bootmgr
Config.Msi
config.sys
coreuninstall.log
divx
Documents and Settings
Downloads
Driver
DrvSetup
FtpCmd.txt
globdata.ini
HP
install.dat
install.exe
install.ini
install.res.1028.dll
install.res.1031.dll
install.res.1033.dll
install.res.1036.dll
install.res.1040.dll
install.res.1041.dll
install.res.1042.dll
install.res.2052.dll
install.res.3082.dll
IO.SYS
IPH.PH
Kill'em
lgupload
List'em.txt
Lop SD
lopR.txt
Movavi files
MSDOS.SYS
MSOCache
My Download Files
My Games
NIS2006FR.exe
orange.bmp
OUT_MEDIA_FILES
pagefile.sys
PerfLogs
Program Files
ProgramData
ProgramData.LOG1
ProgramData.LOG2
Programs
README
Remote Programs
rsit
SWSETUP
System Volume Information
System.sav
Tech_Vista.log
TMOTM
UCD
UsbFix
UsbFix.txt
Users
vcredist.bmp
VC_RED.cab
VC_RED.MSI
Windows
Windows Sidebar

¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

C:\Program Files\HP Games\Campfire Legends - The Hookman\sound\environment\cracking_twig.ogg
C:\Program Files\HP Games\Deep Sea Tycoon\save_game\Patch.apf
C:\Program Files\HP Games\Dynomite\Images\crackmask1.gif
C:\Program Files\HP Games\Dynomite\Images\crackmask2.gif
C:\Program Files\HP Games\Dynomite\Images\crackmask3.gif
C:\Program Files\HP Games\Dynomite\Images\crackmask4.gif
C:\Program Files\HP Games\Eets\Data\Sound\Patch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Blink.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Bob Activation.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Boing.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Crashing_Bang.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Angry Eating 1.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Angry Eating 2.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Angry Emotion Change.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Angry Jumping 1.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Angry Jumping 2.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Angry Landing.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Angry Walking 1.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Angry Walking 2.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Happy Eating End.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Happy Eating.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Happy Emotion Change.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Happy Jumping.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Happy Landing.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Happy Walking 1.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Happy Walking 2.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Scared Eating 1.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Scared Eating 2.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Scared Emotion Change.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Scared Landing.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Scared Stopping.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Scared Walking.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Eets Tripping.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Error.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Explosion.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Fanfare.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Firing Sound.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Freedom.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\GUI Click 1.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\GUI Click 2.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\GUI MouseOver.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\GUI Radial Menu Popup.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Hint.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Level Complete.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Marshomech Buildup.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Marshomech Roar.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Marshomech Walk 1.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Marshomech Walk 2.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Merch Bite 1.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Merch Bite 2.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Merch Bite 3.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Merch Kreee.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Merch Poomph.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Popup.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Power Baby.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Puzzle Piece Down Explosion.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Puzzle Piece Get.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Sneezy Sow Firing.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Sneezy Sow Windup 2.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Sneezy Sow Windup.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Squeaky Hammer of Power.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Star Hit.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Whale Eating 1.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Whale Eating 2.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Whale Eating 3.ptch
C:\Program Files\HP Games\Eets\Data\Sound\Patch\Whale Grinning.ptch
C:\Program Files\HP Games\Sea Journey\Data\Textures\Map\Patch1.png
C:\Program Files\HP Games\Sea Journey\Data\Textures\Map\Patch2.png
C:\Program Files\HP Games\Sea Journey\Data\Textures\Map\Patch3.png
C:\Program Files\HP Games\Sea Journey\Data\Textures\Map\Patch4.png
C:\Program Files\HP Games\Sea Journey\Data\Textures\Map\Patch5.png
C:\SWSETUP\Inetsec\NCO\NCO\APP\Patch25d.dll
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-frFR-Win-patch
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-frFR-Win-patch\Blizzard Updater.exe
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-frFR-Win-patch\wow-final.MPQ
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-frFR-Win-patch\wow-partial-1.MPQ
C:\Users\Public\Documents\Blizzard Entertainment\World of Warcraft\Patches\WoW-3.0.9-to-3.1.0-frFR-Win-patch\wow-partial-2.MPQ
C:\Program Files\Microsoft Works\Install.exe
C:\SWSETUP\MSWorks\Install.exe
C:\SWSETUP\MSWorks\PFiles\MSWorks\Install.exe
C:\Windows\Help\OEM\scripts\HC_ProtectSmartPatch.exe




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 16 / 23
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
16 janv. 2010 à 19:37
ok

▶ Relance List&Kill'em (clic droit "exécuter en tant qu'administrateur" pour Vista/Seven) avec le raccourci sur ton bureau ,


mais cette fois-ci :

▶ choisis l'option 2 = Mode Suppression

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

▶ colle le contenu dans ta reponse

..................

ensuite retentes GMER en supprimant celui que tu as et en le retéléchargeant,

si ca coince dis le, compte tenu du comportement du pc , on fera plus fort ou pas...
0
Réponse 17 / 23
knostra Messages postés 149 Date d'inscription jeudi 12 avril 2007 Statut Membre Dernière intervention 13 décembre 2013 3
16 janv. 2010 à 21:14
Kill'em by g3n-h@ckm@n 1.1.8.3

User : beatrice (Administrateurs)
Update on 14/01/2010 by g3n-h@ckm@n ::::: 18:30
Start at: 19:42:14 | 16/01/2010
Contact : g3n-h@ckm@n sur CCM

AMD Turion(tm) X2 Dual-Core Mobile RM-70
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18865
Windows Firewall Status : Disabled

C:\ -> Disque fixe local | 223,73 Go (10,97 Go free) | NTFS
D:\ -> Disque fixe local | 9,15 Go (1,66 Go free) [HP_RECOVERY] | NTFS
E:\ -> Disque CD-ROM


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_9a642328\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\FirewallControlPanel.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\beatrice\AppData\Local\Temp\7834.tmp\pv.exe

Detections :
==========


¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quaranteend & Deleted !! : C:\install.exe
Quaranteend & Deleted !! : C:\ProgramData\Valusoft
Quaranteend & Deleted !! : C:\Program Files\Search Guard PlusU

Quaranteend & Deleted !! : C:\Windows\SYSTEM32\EZUPBH~1.DLL
Quaranteend & Deleted !! : C:\Windows\system32\logs

==============
host file OK !
==============

========
Registry
========
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff
Deleted : HKCU\software\microsoft\internet explorer\searchscopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}
Deleted : HKCR\ezUPBHook.ShellObj
Deleted : HKCR\ezUPBHook.ShellObj.1
Deleted : HKCR\ImageOle.GifAnimator
Deleted : HKCR\ImageOle.GifAnimator.1
Deleted : HKCR\interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
Deleted : HKCR\Interface\{daa37aad-f156-4c2c-ac48-3c22ef92ae2f}
Deleted : HKCR\TypeLib\{478CAB91-9E28-11D4-97FF-0050047D51FB}
Deleted : HKCR\Typelib\{710993A2-4F87-41D7-B6FE-F5A20368465F}
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cb0d163c-e9f4-4236-9496-0597e24b23a5}
Deleted : HKLM\SOFTWARE\Classes\CLSID\{06ADA938-0FB0-4BC0-B19B-0A38AB17F182}

============
Disk Cleaned
============

================
Prefetch cleaned
================



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 18 / 23
knostra Messages postés 149 Date d'inscription jeudi 12 avril 2007 Statut Membre Dernière intervention 13 décembre 2013 3
16 janv. 2010 à 21:16
Apparement gmer à l'air de fonctionner par contre il scan déja depuis un bon moment et il a pas fini alors j'ai mis le rapport de kill et je mettrais l'autre quand il aura fini.
merci
0
Réponse 19 / 23
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
16 janv. 2010 à 22:11
apres relecture des rapports

supprimes manuellement ceci de tes programmes

RegCure (rogue)
0
Réponse 20 / 23
knostra Messages postés 149 Date d'inscription jeudi 12 avril 2007 Statut Membre Dernière intervention 13 décembre 2013 3
17 janv. 2010 à 01:42
ok bon j'ai supprimé le dossier que vous m'avez indiqué, quant à gmer ba c'est pas concluant j'ai essayé plusieurs fois mais ca ne fonctionne pas pourtant il avait l'air de fonctionner mais au bout du compte sa fais buger le pc!
0