Sujet Précédent Sujet Suivant

Logiciel espion ou publicitaire

fanette42 Messages postés 33 Statut Membre -  
 Utilisateur anonyme -
Bonjour,
depuis qq jours mon antivirus Antivir bloque des entrées du type ADSPY Gibmed A.5, Gibmed B.2, Bho. WSZ, HTML Webpage. gen et d'autres encore. J'ai fait un scan, utilisé MalWarebytes et j'ai beau mettre tout cela en quarantaine, ils reviennent et en plus ça ralenti énormément mon ordi.
Je viens vous demander de m'aider spv.
Merci.

29 réponses

Précédent
  • 1
  • 2
Réponse 21 / 29
fanette42 Messages postés 33 Statut Membre
 
Bonjour, décidément je n'ai pas de chance, la page ne s'affiche pas (HTTP error 404) :(
0
Utilisateur anonyme
 
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe
0
Réponse 22 / 29
fanette42 Messages postés 33 Statut Membre
 
je clique quand même dessus, malgré le triangle jaune? Merci (c'est à partir d'ici que j'ai pu afficher la page)
0
Utilisateur anonyme
 
oui, lance le à partir du bureau
0
Réponse 23 / 29
fanette42 Messages postés 33 Statut Membre
 
je n'ai pas eu de rapport au nom de catchme, juste le final.

List'em by g3n-h@ckm@n 1.2.1.4
User : Martine GUICHARD (Administrateurs)
Update on 02/02/2010 by g3n-h@ckm@n ::::: 00.45
Start at: 11:37:07 | 02/02/2010
Contact : g3n-h@ckm@n sur CCM

AMD Athlon(tm) XP 2400+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 33,25 Go (3,41 Go free) [HDD] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local | 76,69 Go (58,96 Go free) [Disque externe] | NTFS

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\vphc600.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Neuf\Kit\9props.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Philips\SPC 600NC PC Camera\TrayMin.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\WINDOWS\system32\slrundll.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Martine GUICHARD\Local Settings\Temp\22.tmp\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
EPSON Stylus D92 Series REG_SZ C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\WINDOWS\TEMP\E_S21.tmp" /EF "HKCU"
PcSync REG_SZ C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
WebCamRT.exe REG_SZ
Connexion SFR 9props.exe REG_SZ "C:\Program Files\Neuf\Kit\9props.exe" /trayicon
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Skype REG_SZ "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ATIPTA REG_SZ C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
DSLAGENTEXE REG_SZ dslagent.exe USB
PCSuiteTrayApplication REG_SZ C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
phc600 REG_SZ C:\WINDOWS\vphc600.exe
Totocam REG_SZ
aloRSS REG_SZ
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
NeroCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
InCD REG_SZ C:\Program Files\Ahead\InCD\InCD.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
Adobe Photo Downloader REG_SZ "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
Google Updater REG_SZ "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -systray -startup
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
NoLogoff REG_DWORD 0 (0x0)
NoClose REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoCDBurning REG_DWORD 0 (0x0)
HonorAutoRunSetting REG_DWORD 1 (0x1)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ MARTINE
DefaultUserName REG_SZ Martine GUICHARD
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 1 (0x1)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ Martine GUICHARD
AltDefaultDomainName REG_SZ MARTINE
ChangePasswordUseKerberos REG_DWORD 1 (0x1)

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Amsn\bin\wish.exe REG_SZ C:\Program Files\Amsn\bin\wish.exe:*:Enabled:Wish Application
C:\Program Files\Wanadoo\WOOBrowser\WOOBrowser.exe REG_SZ C:\Program Files\Wanadoo\WOOBrowser\WOOBrowser.exe:*:Enabled:Navigateur Internet
C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\Program Files\Real\RealOne Player\realplay.exe REG_SZ C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealOne Player
C:\Documents and Settings\Martine GUICHARD\Local Settings\Temp\Rar$EX00.500\MCO Viewer\MCO Viewer.exe REG_SZ C:\Documents and Settings\Martine GUICHARD\Local Settings\Temp\Rar$EX00.500\MCO Viewer\MCO Viewer.exe:*:Enabled:MCO Viewer
C:\Documents and Settings\Martine GUICHARD\Local Settings\Temp\Rar$EX18.610\MCO Viewer\MCO Viewer.exe REG_SZ C:\Documents and Settings\Martine GUICHARD\Local Settings\Temp\Rar$EX18.610\MCO Viewer\MCO Viewer.exe:*:Enabled:MCO Viewer
C:\Documents and Settings\Martine GUICHARD\Local Settings\Temp\Rar$EX23.016\MCO Viewer\MCO Viewer.exe REG_SZ C:\Documents and Settings\Martine GUICHARD\Local Settings\Temp\Rar$EX23.016\MCO Viewer\MCO Viewer.exe:*:Enabled:MCO Viewer
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\VoipCheapCom\VoipCheapCom.exe REG_SZ C:\Program Files\VoipCheapCom\VoipCheapCom.exe:*:Enabled:VoipCheapCom
C:\WINDOWS\system32\rtcshare.exe REG_SZ C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Partage de l'application RTC
C:\Program Files\LimeWire\LimeWire.exe REG_SZ C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
C:\Program Files\Allocam Multi Visio\allocam.exe REG_SZ C:\Program Files\Allocam Multi Visio\allocam.exe:*:Enabled:Multi Video
C:\WINDOWS\system32\mmc.exe REG_SZ C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console
C:\Program Files\NetMeeting\conf.exe REG_SZ C:\Program Files\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting®
C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe REG_SZ C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix
C:\Program Files\Common files\Sierra On-Line\Account Wizard\AccountWizard.exe REG_SZ C:\Program Files\Common files\Sierra On-Line\Account Wizard\AccountWizard.exe:*:Enabled:Account Wizard
C:\Documents and Settings\Martine GUICHARD\Local Settings\Temporary Internet Files\Content.IE5\LFHQNALA\spades[1].jsp REG_SZ C:\Documents and Settings\Martine GUICHARD\Local Settings\Temporary Internet Files\Content.IE5\LFHQNALA\spades[1].jsp:*:Enabled:spades[1].jsp
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe REG_SZ C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Firewall GUI
C:\Program Files\Yahoo!\Messenger\YServer.exe REG_SZ C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server
C:\Program Files\Yahoo!\Messenger\YPager.exe REG_SZ C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Disabled:Yahoo! Messenger
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe REG_SZ C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger
C:\Program Files\Java\jre6\bin\java.exe REG_SZ C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
C:\Program Files\Skype\Plugin Manager\skypePM.exe REG_SZ C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
C:\Program Files\Skype\Phone\Skype.exe REG_SZ C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\DirectAnimation Java Classes
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{20A60F0D-9AFA-4515-A0FD-83BD84642501}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{233C1507-6A77-46A4-9443-F871F945D258}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4B48D5DF-9021-45F7-A240-60304302A215}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{A031D222-B496-11D2-9CC8-00105A10AAF6}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{A8658086-E6AC-4957-BC8E-7D54A7E8A78E}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{A90A5822-F108-45AD-8482-9BC8B12DD539}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D71F9A27-723E-4B8B-B428-B725E47CBA3E}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608555}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2cc9d512-6db6-4f1c-8979-9a41fae88de0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30F71986-F2F2-33C8-89AA-99E566B04FD2}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5f3c70b3-ac2f-432c-8f9c-1624df61f54f}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{689e5762-8d75-4346-90cf-bc1902c32d63}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{795d0712-722c-43ec-906a-fc5e678eada9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{82ced0ff-a00d-4405-ba5f-ef4699159333}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A17E30C4-A9BA-11D4-8673-60DB54C10000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AA218328-0EA8-4D70-8972-E987A9190FF4}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{eddbec60-89cb-44ef-8291-0850fd28ff6a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F5776D81-AE53-4935-8E84-B0B283D8BCEF}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.sfr.fr/

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3
EapHost : 0x3
SharedAccess : 0x2
wuauserv : 0x2

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Documents and Settings\Martine GUICHARD\Local Settings\Temp\22.tmp
## C:\> hashdeep C:\WINDOWS\System32\Drivers\atapi.sys
##
96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\System32\Drivers\atapi.sys

Sources
=======

C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
C:\WINDOWS\$NtUninstallQ331060$\atapi.sys
C:\WINDOWS\ServicePackFiles\i386\atapi.sys
C:\WINDOWS\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\atapi.sys
C:\WINDOWS\system32\drivers\atapi.sys

Référence :
==========

Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
33,25 Go total, 3,41 Go libre (10%), 12% fragment‚ (fragmentation du fichier 21%)

Vous devriez d‚fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Documents and Settings\All Users\Application Data\118300.34
Present !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Present !! : C:\FLIPART.exe
Present !! : C:\GETDRIVE.exe
Present !! : C:\Program Files\Internet Explorer\fxavx.ini
Present !! : C:\WINDOWS\002505_.tmp
Present !! : C:\WINDOWS\005723_.tmp
Present !! : C:\WINDOWS\DUMP4390.tmp
Present !! : C:\WINDOWS\DUMP4391.tmp
Present !! : C:\WINDOWS\DUMP465f.tmp
Present !! : C:\WINDOWS\DUMP6409.tmp
Present !! : C:\WINDOWS\DUMP6496.tmp
Present !! : C:\WINDOWS\DUMP64b5.tmp
Present !! : C:\WINDOWS\DUMP64d4.tmp
Present !! : C:\WINDOWS\DUMP6522.tmp
Present !! : C:\WINDOWS\DUMP6541.tmp
Present !! : C:\WINDOWS\DUMP65be.tmp
Present !! : C:\WINDOWS\DUMP684f.tmp
Present !! : C:\WINDOWS\DUMP687e.tmp
Present !! : C:\WINDOWS\DUMP689d.tmp
Present !! : C:\WINDOWS\DUMP69f5.tmp
Present !! : C:\WINDOWS\DUMP6a14.tmp
Present !! : C:\WINDOWS\DUMP6a23.tmp
Present !! : C:\WINDOWS\DUMP6a24.tmp
Present !! : C:\WINDOWS\DUMP6a33.tmp
Present !! : C:\WINDOWS\DUMP6a43.tmp
Present !! : C:\WINDOWS\DUMP6adf.tmp
Present !! : C:\WINDOWS\DUMP6aef.tmp
Present !! : C:\WINDOWS\DUMP6b0e.tmp
Present !! : C:\WINDOWS\DUMP6b2d.tmp
Present !! : C:\WINDOWS\DUMP6b2e.tmp
Present !! : C:\WINDOWS\DUMP6b3d.tmp
Present !! : C:\WINDOWS\DUMP6b3e.tmp
Present !! : C:\WINDOWS\DUMP6b4c.tmp
Present !! : C:\WINDOWS\DUMP6b5c.tmp
Present !! : C:\WINDOWS\DUMP6b6c.tmp
Present !! : C:\WINDOWS\DUMP6b6d.tmp
Present !! : C:\WINDOWS\DUMP6b7b.tmp
Present !! : C:\WINDOWS\DUMP6b7c.tmp
Present !! : C:\WINDOWS\DUMP6b7d.tmp
Present !! : C:\WINDOWS\DUMP6b7e.tmp
Present !! : C:\WINDOWS\DUMP6b7f.tmp
Present !! : C:\WINDOWS\DUMP6b80.tmp
Present !! : C:\WINDOWS\DUMP6b8b.tmp
Present !! : C:\WINDOWS\DUMP6b8c.tmp
Present !! : C:\WINDOWS\DUMP6b9a.tmp
Present !! : C:\WINDOWS\DUMP6b9b.tmp
Present !! : C:\WINDOWS\DUMP6baa.tmp
Present !! : C:\WINDOWS\DUMP6bab.tmp
Present !! : C:\WINDOWS\DUMP6bac.tmp
Present !! : C:\WINDOWS\DUMP6bad.tmp
Present !! : C:\WINDOWS\DUMP6bba.tmp
Present !! : C:\WINDOWS\DUMP6bbb.tmp
Present !! : C:\WINDOWS\DUMP6bc9.tmp
Present !! : C:\WINDOWS\DUMP6bca.tmp
Present !! : C:\WINDOWS\DUMP6bd9.tmp
Present !! : C:\WINDOWS\DUMP6be9.tmp
Present !! : C:\WINDOWS\DUMP6bea.tmp
Present !! : C:\WINDOWS\DUMP6bf8.tmp
Present !! : C:\WINDOWS\DUMP6c08.tmp
Present !! : C:\WINDOWS\DUMP6c09.tmp
Present !! : C:\WINDOWS\DUMP6c37.tmp
Present !! : C:\WINDOWS\DUMP6c46.tmp
Present !! : C:\WINDOWS\DUMP6c56.tmp
Present !! : C:\WINDOWS\DUMP6c75.tmp
Present !! : C:\WINDOWS\DUMP6ec7.tmp
Present !! : C:\WINDOWS\_tmp
Present !! : C:\WINDOWS\aucfg.ini
Present !! : C:\WINDOWS\mouse32.vxd
Present !! : C:\WINDOWS\patch.exe
Present !! : C:\WINDOWS\svchost
Present !! : C:\WINDOWS\System32\_Source21.Dll
Present !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Present !! : C:\WINDOWS\system32\rnaph.dll
Present !! : C:\WINDOWS\System32\SrchSTS.exe
Present !! : C:\Documents and Settings\Martine GUICHARD\Application Data\GDIPFONTCACHEV1.DAT
Present !! : C:\Documents and Settings\Martine GUICHARD\Application Data\GDIPFONTCACHEV1.DAT
Present !! : C:\Documents and Settings\Martine GUICHARD\application data\Bitdownload

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NeroCheck
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogoff
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}
Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-02 11:53:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{613870B2-2B3F-11C3-2651-5456C9F9E63A}]
"iabenjefafgcpgmljj"=hex:6a,61,61,6e,65,63,62,6a,65,6d,67,67,6b,63,67,69,6a,6a,6e,62,00,..
"halekbamjfdhiogh"=hex:6b,61,61,6e,65,63,62,6a,6d,6c,63,69,68,61,6a,69,69,65,6e,70,64,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

==========
Programs
==========

Ad-remover
Adobe
AdvancedAdvisor
Ahead
Allocam Multi Visio
Alwil Software
Apple Software Update
ArcSoft
Ascentive
AT&T
ATI Technologies
Avira
AxBx
CA Yahoo! Anti-Spy
Camgoo TwoPlay
CCleaner
Common files
ComPlus Applications
corps-a-corps
crocpopup+
CyberLink
delir.gio
DIFX
DivX
ECI Telecom
Emjysoft
eMule
EPSON
Fichiers communs
FLIPSIDE
Google
GOTO.games
HardwareDetection
Hardwood Euchre
Hardwood Hearts
Hardwood Spades
Hewlett-Packard
Illustrate
Image-Line
Imikimi
inKline Global
InstallShield Installation Information
Internet Explorer
Java
Jeux classiques
Kodak
Lavalys
Lavasoft
LimeWire
List_Kill'em
LiveUpdate
ma-config.com
Malwarebytes' Anti-Malware
Media Player Classic
Messenger
Messenger Plus! Live
Micro Application
Microsoft
microsoft frontpage
Microsoft Office
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft Works
mobile PhoneTools
Movie Maker
MSBuild
MSN
MSN Games
MSN Gaming Zone
MSN Messenger
MSN Pictures Displayer
MSXML 4.0
NeoTrace Express
NetMeeting
Neuf
Nokia
Norton Security Scan
OLYMPUS
Orange
Outlook Express
Panda Security
Philips
Philips ToUcam Camera
PIXELA
polygamie.zip
QuickTime
Real
Reference Assemblies
ReflexiveArcade
SafeHarborGames.net
Services en ligne
shizmoo
Sierra On-Line
Silver Creek Installer
SilverCreekCommonFiles
Skype
Sony Ericsson
Spam-Aware
Spybot - Search & Destroy
Spyware Doctor
StofWare
Sun
Sunbelt Software
tchat
TooX
Trend Micro
Ulead Systems
Uniblue
Uninstall Information
Unlocker
VeriSign
VideoLAN
VstPlugins
Wanadoo
Webcams_Internet
WildTangent
Windows Journal Viewer
Windows Live
Windows Live Safety Center
Windows Live SkyDrive
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
WON
WordBiz
xerox
Yahoo!
ZD Soft
Zylom Games

============
Drive C:
============

$VAULT$.AVG
42a78fd2818ea9d98ab155
8eba7f9cc62858521fb9dae1ee1602
ACTIVDOC
Ad-Remover
Ad-Report-Clean-11.03.2009.log
Ad-Report-CLEAN[1].log
Ad-Report-CLEAN[2].log
Ad-Report-CLEAN[2].log2.txt
Ad-Report-Scan-09.03.2009.log
AHCache
ANDR3
APPS
ASTRO
astrofic32
ATI
ATI Technologies
AVG7QT.DAT
avguard.Log
BOOT(2).INI
BOOT.BAK
BOOT.INI
Bootfont.bin
Casino
cleannavi.txt 2.txt
cmdcons
cmldr
Config.Msi
DBS.TXT
DCIM
DIVTOOLS
divx
Documents and Settings
DRIVERS
DWNLOG.TXT
EPSON
FLIPART.EXE
GETBOOTD.BAT
GETDRIVE.EXE
HP PCL5 Universal Print Driver
install_comp.txt
IO.SYS
IPH.PH
Kill'em
Language-pack 2
List'em.txt
lj1200
log
logiciels1
makeover.jpg
MicroGaming
mirwin32
MSDOS.SYS
My Download Files
My Downloads
My Games
My Music
NTDETECT.COM
ntldr
NV930TD
OEMCUST
OLALB
pagefile.sys
pawin
photothumb.db
PNP
preupd.log
Program Files
rapport.txt 2.txt
rapport_clean.txt2.txt
RECYCLER
resultat_clean.txt
rsit
ScanPanel
Screen Recordings
snapshot.bmp
System Volume Information
T.wav
TCleaner.txt
telechargements4
telecharger-soft
Temp
test2.txt
upload_moi_MARTINE
users
WINDOWS
write.log
xscan.txt
YServer.txt

¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

C:\Ad-Remover\QUARANTINE\MICROG~1\Casino\PRIMEC~1\global\GAMERE~1\crackerjack1.inf.vir
C:\Ad-Remover\QUARANTINE\MICROG~1\Casino\RUBYFO~1\global\GAMERE~1\crackerjack1.inf.vir
C:\Documents and Settings\All Users\Application Data\MGS\cache\c\crackerjack1.a67bc53dc3f76ad51f07ff7b93734168.inf
C:\Documents and Settings\All Users\Application Data\MGS\cache\c\crackerjack1.b49d2ddd320948ad790aa39df760c775.inf
C:\Documents and Settings\All Users\Application Data\MGS\cache\c\crackerjack1.f97d5f24e7d2d1a2b7f52b4dc211ed43.inf
C:\Documents and Settings\All Users\Application Data\MGS\cache\c\crackerjackcommon.30e8e1c899235111d3b1b84c91bce0ae.inf
C:\Documents and Settings\All Users\Application Data\MGS\cache\c\crackerjackcommon.b4fc0002a0c341b1251a31ea5012f803.inf
C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\driverscanner\65B78854\1A9B0B16\SerialView.dll
C:\MicroGaming\Casino\CasinoClassic\global\gameregistry\crackerjack1.inf
C:\Program Files\Uniblue\DRIVER~1\designer\SerialView.dll
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\data\Patches
C:\WINDOWS\system32\o4Patch.exe

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 24 / 29
fanette42 Messages postés 33 Statut Membre
 
oups ! sur mon bureau j'ai bien le rapport catchme :)
0
Utilisateur anonyme
 
▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :

▶ choisis l'option 2 = Mode Suppression

laisse travailler l'outil.

en fin de scan un rapport s'ouvre
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 29
fanette42 Messages postés 33 Statut Membre
 
rapport de list_kill avec 2. Merci

Kill'em by g3n-h@ckm@n 1.2.1.4

User : Martine GUICHARD (Administrateurs)
Update on 02/02/2010 by g3n-h@ckm@n ::::: 00.45
Start at: 00:37:03 | 03/02/2010
Contact : g3n-h@ckm@n sur CCM

AMD Athlon(tm) XP 2400+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 33,25 Go (3,32 Go free) [HDD] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque fixe local | 76,69 Go (58,96 Go free) [Disque externe] | NTFS

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\vphc600.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Neuf\Kit\9props.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Philips\SPC 600NC PC Camera\TrayMin.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\WINDOWS\system32\slrundll.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Martine GUICHARD\Local Settings\Temp\33.tmp\pv.exe

Detections :
==========

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\Documents and Settings\All Users\Application Data\118300.34
Quarantined & Deleted !! : C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
Quarantined & Deleted !! : C:\FLIPART.exe
Quarantined & Deleted !! : C:\GETDRIVE.exe
Quarantined & Deleted !! : C:\Program Files\Internet Explorer\fxavx.ini
Quarantined & Deleted !! : C:\WINDOWS\002505_.tmp
Quarantined & Deleted !! : C:\WINDOWS\005723_.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP4390.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP4391.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP465f.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6409.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6496.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP64b5.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP64d4.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6522.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6541.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP65be.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP684f.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP687e.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP689d.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP69f5.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6a14.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6a23.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6a24.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6a33.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6a43.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6adf.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6aef.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6b0e.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6b2d.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6b2e.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6b3d.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6b3e.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6b4c.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6b5c.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6b6c.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6b6d.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6b7b.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6b7c.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6b7d.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6b7e.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6b7f.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6b80.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6b8b.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6b8c.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6b9a.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6b9b.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6baa.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6bab.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6bac.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6bad.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6bba.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6bbb.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6bc9.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6bca.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6bd9.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6be9.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6bea.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6bf8.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6c08.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6c09.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6c37.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6c46.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6c56.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6c75.tmp
Quarantined & Deleted !! : C:\WINDOWS\DUMP6ec7.tmp
Quarantined & Deleted !! : C:\WINDOWS\_tmp
Quarantined & Deleted !! : C:\WINDOWS\aucfg.ini
Quarantined & Deleted !! : C:\WINDOWS\mouse32.vxd
Quarantined & Deleted !! : C:\WINDOWS\patch.exe
Quarantined & Deleted !! : C:\WINDOWS\svchost

Quarantined & Deleted !! : C:\WINDOWS\System32\_Source21.Dll
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\WINDOWS\system32\rnaph.dll
Quarantined & Deleted !! : C:\WINDOWS\system32\SrchSTS.exe
Quarantined & Deleted !! : C:\Documents and Settings\Martine GUICHARD\Application Data\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Documents and Settings\Martine GUICHARD\application data\Bitdownload

==============
host file OK !
==============

========
Registry
========
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NeroCheck
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogoff
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{4897bba6-48d9-468c-8efa-846275d7701b}
Deleted : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}

============
Disk Cleaned
============

================
Prefetch cleaned
================

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Utilisateur anonyme
 
bonjour
l'outil fait du nettoyage
pourrai tu me faire un dernier RSIT, et après, on va finaliser
0
Réponse 26 / 29
fanette42 Messages postés 33 Statut Membre
 
Voila.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Martine GUICHARD at 2010-02-03 13:54:10
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 3 GB (10%) free of 34 GB
Total RAM: 767 MB (11% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:55:15, on 03/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\vphc600.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Neuf\Kit\9props.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Philips\SPC 600NC PC Camera\TrayMin.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\WINDOWS\system32\slrundll.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Documents and Settings\Martine GUICHARD\Bureau\RSIT.exe
C:\Program Files\trend micro\Martine GUICHARD.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sfr.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\Neuf\Kit\SFRNavErrorHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [phc600] C:\WINDOWS\vphc600.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\WINDOWS\TEMP\E_S21.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\Neuf\Kit\9props.exe" /trayicon
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; FBSMTWB; .NET CLR 2.0.50727; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://king.jeux.fr/single_play.jsp?game=magicspinball&altVer=false&gameMode=2"
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: TrayMin.lnk = ?
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Groom - {66F83792-DAE1-4823-8F20-ADA94B33A4FF} - C:\Documents and Settings\Martine GUICHARD\Mes documents\Groom\Groom.exe (HKCU)
O15 - Trusted Zone: http://hoylegames.sierra.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.orderingmemory.com/controls/cpcScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
0
Utilisateur anonyme
 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


Relance Hijackthis
Clique sur do a system scan only
Coche les lignes que je t'indique en gras
Clique sur fix checked
Redémarre le PC


Il faut nettoyer le outils de désinfection:

* Télécharge ToolsCleaner2 sur ton Bureau
https://www.commentcamarche.net/telecharger/
* Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

supprime toolscleaner2 manuellement


*Désactive ta restauration pour supprimer les points de restauration infectés:

Clique droit sur Poste de travail, clique sur Propriétés, puis sur Restauration système Coche la case désactiver la restauration Clique sur appliquer, puis sur OK
---> Redémarre ton PC ...

*Réactive ta restauration :
Clique droit sur Poste de travail, clique sur Propriétés, puis sur Restauration système Décoche la case désactiver la restauration Clique sur appliquer, puis sur OK
--->Redémarre ton PC ...

( Note : tu peux aussi y accéder via panneau de configuration->" système "->" restauration système " ).

Créer un point de restauration propre manuellement:
Démarrer, Programmes
Va dans accèssoires, et dans outils système
Sélectionne restauration système
Clique sur suivant
Entre la date du point de restauration que tu veux créer
Clique sur créer, et le point de restauration se crée automatiquement


Un dernier petit nettoyage pour ton PC:
* Double-clique sur l'icône de C Cleaner pour l'ouvrir
* Clique sur option, et puis avancé
* Tu décoches effacer uniquement les fichiers du dossier temp de windows plus vieux que 48 heures
* Clique sur nettoyeur
* Clique sur windows, et dans la colonne avancé
* Coche la première case vieilles données du perfetch que celle-là, ce qui te donnes la case vieilles données du perfetch et la case avancé qui c'est coché automatiquement mais que celle-là
* Clique sur analyser
*Clique sur nettoyer et sur la demande de confirmation OK. Tu recommences jusqu'à ce que C Cleaner ne trouve plus rien
* Clique maintenant sur registre et puis sur chercher les erreurs
* Laisse tout coché, et clique sur corriger les erreurs sélectionnées
*Il te demande de sauvegarder OUI
*Tu lui donnes un nom pour pouvoir la retrouver et enregistre
* Clique sur chercher les erreurs sélectionnées et sur la demande de confirmation OK
* Il supprime, et fermer, tu vérifies en relançant chercher les erreurs
*Tu retournes dans options, et tu recoches la case effacer uniquement les fichiers, du dossier temps de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du prefetch
* Tu peux fermer C Cleaner



* Télécharge Update Checker
http://www.filehippo.com/updatechecker/FHSetup.exe
* Installe le avec les paramètres par défaut en cliquant chaques fois sur Suivant.
* Une fois installé, patiente quelques secondes et tu verras apparaître une icône verte dans ta barre des tâches te signalant qu'il y a des mises à jour disponibles.
* Double-cliques sur l'icône pour être redirrigé sur le site de téléchargement des mises à jour.
* Un conseil : n'installe pas les BETA qui sont listées en dessous.
* Tu installes les mises à jour que tu désires

Ce petit logiciel indique les mises à jour disponibles à installer sur le PC


Dernières recommandations:
*Il faut garder Malwarebytes pour scanner une fois de temps en temps ton PC, et pense à le mettre à jour avant chaque scan
*Pense à garder à jour Windows et tous tes logiciels pour éviter les failles de sécurité
*Nettoye ton PC régulièrement, et il faut défragmenter régulièrement le disque dur pour éviter les ralentissements
*Soit prudent quand tu surfes, et fait attention lorsque tu installes un logiciel gratuit et que tu le met à jour, il faut refuser les compléments telles que les barres d'outil, ne télécharge pas de logiciels que tu ne connais pas et sur des sites que tu ne connais pas
*Les logicels P2P( Shaeraza, Bittorent, Emule, limewire), sont à bannir, car on risque de télécharger avec des fichiers infectés
*Sache que le meilleur anti-virus, c'est ta vigilence
*Fait très attention aussi aux pubs qui proposent des logiciels de sécurité qui sont des faux et qui sont appelés rogues, ne clique jamais sur les pubs
*Mieux vaut télécharger des logiciels connus sur des sites de très bonne réputation, si tu as un doute sur un logiciel que tu veux télécharger, vérifie d'abord sa légitimité
*Ne télécharge aussi jamais de logiciels proposés par EoRezo, car ils sont néfastes
*Il est indispensable de faire des sauvegardes régulièrement dans un support externe, car en cas d'infection, tu auras un double des tes documents
0
Réponse 27 / 29
fanette42 Messages postés 33 Statut Membre
 
je n'ai pas Hijackthis, où le trouver? merci
0
Utilisateur anonyme
 
C:\Program Files\trend micro\Martine GUICHARD.exe
0
Réponse 28 / 29
fanette42 Messages postés 33 Statut Membre
 
:( le scan de ToolsCleaner ne veut pas démarrer, j'ai le sablier mais je ne pense pas qu'il cherche. Merci
0
Utilisateur anonyme
 
c'est pas grave, supprime Tools Cleaner
puis supprime manuellement tout ceci, et vide la corbeille
C:\Program Files\Trend Micro
C:\Kill'em.txt
C:\Kill'em
C:\List'em.txt
C:\Program Files\List_Kill'em
C:\Ad-Report-CLEAN[2].log2.txt
C:\Ad-Remover
C:\rsit

puis supprime les outils qui sont sur le bureau
0
Réponse 29 / 29
fanette42 Messages postés 33 Statut Membre
 
Je pense que tout est fini et je vous remercie pour cette aide.
0
Utilisateur anonyme
 
de rien, et bonne soirée
0

Discussions similaires

Logiciel skillkorp
Mae -
txiki -

1 réponse