Mon pc rame

Résolu
balto64 Messages postés 81 Date d'inscription   Statut Membre Dernière intervention   -  
balto64 Messages postés 81 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour,
Depuis lundi mon pc rame, j'aimerais savoir s'il est infecté merci de votre aide
voici les 2 fichiers textes que j'ai fait avec Random

Logfile of random's system information tool 1.06 (written by random/random)
Run by Soria at 2010-02-18 20:03:54
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 16 GB (14%) free of 116 GB
Total RAM: 1023 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:03:57, on 18/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Fichiers communs\AOL\1172324924\ee\AOLSoftware.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Soria\Bureau\RSIT.exe
C:\Documents and Settings\Soria\Bureau\Soria.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://signin.ebay.fr/ws/eBayISAPI.dll?SignIn&UsingSSL=1&pUserId=&co_partnerId=2&siteid=71&ru=https%3A%2F%2Fmy.ebay.fr%2Fws%2FeBayISAPI.dll%3FMyEbayBeta%26MyeBay%3D%26CurrentPage%3DMyeBaySelling%26ssPageName%3DSTRK%253AME%253ALNLK%26guest%3D1&pageType=3984
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60446
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60446
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: (no name) - {C48F0939-992C-45C8-A9C2-B97A22D9B4BD} - (no file)
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1172324924\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Dialer] C:\Program Files\Fichiers communs\AOL\ACS\AOlDial.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F89B3CE-5706-40EA-9F6E-62C6BFF04DFC}: NameServer = 80.118.192.100,80.118.196.36
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7AD884B-CCB5-4D8E-8137-19079D3267A8}: NameServer = 192.168.1.1
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\Program Files\Inventel\Add-on\wlancfg.exe (file missing)

--
End of file - 14231 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3018402949-179813756-2520407004-1005Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3018402949-179813756-2520407004-1005UA.job
C:\WINDOWS\tasks\Maintenance en 1 clic.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\ctbr.dll [2009-06-26 1215488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-09 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-07-29 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Nero Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-09-30 1182088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\WINDOWS\system32\eDStoolbar.dll [2006-03-08 106496]
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - []
{C48F0939-992C-45C8-A9C2-B97A22D9B4BD}
{327C2873-E90D-4c37-AA9D-10AC9BABA46C}
{A057A204-BACC-4D26-9990-79A187E2698E}
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - Barre d'outils &Crawler - C:\PROGRA~1\Crawler\ctbr.dll [2009-06-26 1215488]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Nero Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-09-30 1182088]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"LaunchApp"=Alaunch []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-01 16208384]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-10 44032]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-10 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"Acer Empowering Technology Monitor"=C:\WINDOWS\system32\SysMonitor.exe [2006-04-18 49152]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2006-03-17 345088]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2006-06-01 413696]
"AOLDialer"=C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe [2007-06-21 70952]
"HostManager"=C:\Program Files\Fichiers communs\AOL\1172324924\ee\AOLSoftware.exe [2006-11-17 50736]
"AOLSAV"=C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe [2004-04-26 75776]
"Symantec PIF AlertEng"=C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]
"SSBkgdUpdate"=C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-30 155648]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-03-21 69632]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2008-08-06 1783808]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-04-27 7573504]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-04-27 86016]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2004-10-08 221184]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2004-10-08 458752]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2004-10-08 217088]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AOL Dialer"=C:\Program Files\Fichiers communs\AOL\ACS\AOlDial.exe [2007-06-21 70952]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-01-09 68856]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-01-08 2002160]
"Google Update"=C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-25 133104]
"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2004-10-08 196608]
"ccleaner"=C:\Program Files\CCleaner\ccleaner.exe [2010-01-26 1724728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-06 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"Nouvelle valeur #1"=00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe"="C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Fichiers communs\AOL\1172324924\ee\aolsoftware.exe"="C:\Program Files\Fichiers communs\AOL\1172324924\ee\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0b\waol.exe"="C:\Program Files\AOL 9.0b\waol.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0a\waol.exe"="C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fb2998a-f5bb-11dd-815d-00038a000015}]
shell\AutoRun\command - H:\start.exe
shell\iledefrance\command - H:\start.exe

======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2010-02-18 20:03:54 ----D---- C:\rsit
2010-02-18 09:01:34 ----D---- C:\Program Files\CCleaner
2010-02-14 19:15:10 ----D---- C:\Documents and Settings\Soria\Application Data\AskToolbar
2010-02-12 11:15:43 ----D---- C:\Program Files\Micro Application
2010-02-12 10:06:44 ----D---- C:\Documents and Settings\Soria\Application Data\Facebook
2010-02-10 11:51:32 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-10 11:51:27 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-10 11:49:31 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-10 11:49:26 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-10 11:49:21 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-10 11:49:14 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-10 11:48:35 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-10 11:48:24 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-10 11:48:10 ----DC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-02 11:21:53 ----D---- C:\Documents and Settings\Soria\Application Data\Nero
2010-02-02 11:20:30 ----D---- C:\Program Files\Nero
2010-02-02 11:20:14 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2010-02-02 11:20:13 ----D---- C:\Program Files\Fichiers communs\Nero
2010-02-02 11:19:47 ----D---- C:\Program Files\Ask.com

======List of files/folders modified in the last 1 months======

2010-02-18 19:49:20 ----D---- C:\WINDOWS\Prefetch
2010-02-18 19:34:21 ----SD---- C:\WINDOWS\Tasks
2010-02-18 19:34:20 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2010-02-18 19:07:28 ----D---- C:\WINDOWS\TEMP
2010-02-18 16:44:33 ----AD---- C:\WINDOWS
2010-02-18 16:37:35 ----D---- C:\WINDOWS\Registration
2010-02-18 16:37:30 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-18 16:37:11 ----N---- C:\WINDOWS\SC234684A.tmp
2010-02-18 11:57:31 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-02-18 11:00:44 ----D---- C:\Documents and Settings\Soria\Application Data\Spyware Terminator
2010-02-18 09:02:17 ----D---- C:\WINDOWS\Debug
2010-02-18 09:01:34 ----RD---- C:\Program Files
2010-02-16 14:41:01 ----D---- C:\Program Files\Spyware Terminator
2010-02-15 18:41:49 ----HD---- C:\WINDOWS\inf
2010-02-15 16:20:59 ----D---- C:\Documents and Settings\Soria\Application Data\uTorrent
2010-02-15 14:21:42 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2010-02-14 20:01:09 ----A---- C:\WINDOWS\win.ini
2010-02-14 19:14:23 ----D---- C:\Program Files\Crawler
2010-02-12 13:18:31 ----AD---- C:\WINDOWS\system32
2010-02-12 12:19:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-12 12:19:09 ----HD---- C:\WINDOWS\system32\drivers
2010-02-12 12:16:42 ----SHD---- C:\WINDOWS\Installer
2010-02-12 12:16:41 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-02-12 12:16:41 ----D---- C:\Config.Msi
2010-02-12 11:56:07 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-12 11:47:54 ----D---- C:\WINDOWS\system32\config
2010-02-12 11:47:33 ----D---- C:\WINDOWS\system32\wbem
2010-02-12 11:46:05 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-10 11:51:31 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-10 11:03:26 ----D---- C:\Program Files\Fichiers communs\Adobe
2010-02-10 11:03:24 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-02-10 10:44:16 ----RSD---- C:\WINDOWS\Fonts
2010-02-02 11:20:13 ----D---- C:\Program Files\Fichiers communs
2010-02-02 11:19:25 ----D---- C:\WINDOWS\WinSxS
2010-02-01 20:26:20 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-23 01:26:51 ----D---- C:\Program Files\CleanUp!
2010-01-22 19:57:18 ----D---- C:\WINDOWS\system32\fr-fr
2010-01-22 19:57:18 ----D---- C:\Program Files\Internet Explorer
2010-01-22 19:57:09 ----D---- C:\WINDOWS\ie7updates
2010-01-21 17:19:11 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-01-21 17:19:09 ----DC---- C:\WINDOWS\system32\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43520]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-07-13 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-12-10 56816]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-05 4284928]
R3 LVHybrid;LVHybrid service; C:\WINDOWS\system32\DRIVERS\LVHybrid.sys [2006-05-16 892032]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2004-10-08 22016]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-04-27 3663040]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-06-02 47360]
R3 psdfilter;psdfilter; \??\C:\WINDOWS\system32\Drivers\psdfilter.sys []
R3 psdvdisk;psdvdisk; \??\C:\WINDOWS\system32\Drivers\psdvdisk.sys []
R3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2004-10-08 585824]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-06-29 244864]
S3 AdfuUd;%USB\VID_10D6&PID_1160.DeviceDesc%; C:\WINDOWS\System32\Drivers\AdfuUd.sys []
S3 ATWPKT2;ATWPKT2; \??\C:\WINDOWS\system32\drivers\ATWPKT2.SYS []
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2004-10-19 20096]
S3 Bridge;Pont MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;Miniport de pont MAC; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2004-09-21 10804]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-01-17 23000]
S3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-01-13 12500]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-08-11 6144]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver; C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 217088]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SQTECH9080;MegaCam(PID_9080_00); C:\WINDOWS\System32\Drivers\Capt9080.sys [2005-01-12 51016]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USB_RNDIS;AOLbox; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
S3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2004-11-05 82148]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 402432]
S3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-10-04 280064]
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-05-11 28672]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-07-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-19 185089]
R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe [2006-10-23 46640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Service de planification Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-02-17 73728]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-04-27 143426]
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 100032]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-08-06 570880]
R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-08-27 65536]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
S2 Wlancfg;Service de lancement de WlanCfg; C:\Program Files\Inventel\Add-on\wlancfg.exe SVC []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Boonty Games;Boonty Games; C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-08-03 2119360]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2010-02-18 20:04:00

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
802.11 USB Wireless LAN Adapter-->C:\WINDOWS\system32\unwlsdrv.exe SiS163u
Acer eDataSecurity Management 2.0.3077-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{4AD13F68-CADA-4C6B-9759-C33753F89908} /l1036
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDStbmngr.exe UNINSTALL 1
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7057702F-6D71-4F30-8000-9E72BC771887}\setup.exe" -l0x40c -removeonly
Acer WLAN 11g USB Dongle-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{0CB98AC0-D691-4B21-AD3D-95982517021D} /l1036
Adobe AIR-->c:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001}
Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}
AOL - Assistant de désinstallation-->C:\Program Files\Fichiers communs\AOL\uninstaller.exe
AOL Auto-diagnostic-->C:\Program Files\TechCity Solutions\AOLSAV\uninstall.exe
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ArcSoft PhotoImpression-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35B8CC58-F128-4169-82EB-0E6CB0C3AFE6}\setup.exe" -l0x40c -uninst
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x40c
ArcSoft VideoImpression 1.6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEF2E5A3-0317-4822-B930-8B721EB483E4}\setup.exe" -l0x40c -uninst
Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Canon MP Navigator 3.0-->"C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP180-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP180\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP180 /L0x000c
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
commercial-->MsiExec.exe /I{38C65D12-79E3-49C0-B211-DE3BE0A7AB39}
Correctif n° 2 pour Windows XP Édition Media Center 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Crawler Toolbar with Web Security Guard-->C:\PROGRA~1\Crawler\CToolbar.exe uninst
Ecran de veille AOL Photos-->C:\Program Files\Fichiers communs\AOL\Screensaver\uninst_ygpss.exe
Enregistrement utilisateur de Canon MP180-->C:\Program Files\Canon\IJEREG\MP180\UNINST.EXE
GemMaster Mystic-->"C:\Program Files\GemMasterFrench\uninstallgemmaster.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"N:\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
IDENCIG-->C:\Program Files\IDENCIG\Uninstal.exe
INDEX EDUCATION - EDT Monoposte 2009-->C:\Program Files\InstallShield Installation Information\{039A9EBF-782C-40A1-BA18-BCD37E24B8E4}\setup.exe -runfromtemp -l0x040c -uninst -removeonly
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 5.4.4 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Language pack for Ad-Aware SE-->C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\INSTALL.LOG
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Logiciel QuickCam de Logitech-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c
Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Ma Cuisine Lapeyre Prima-->C:\PROGRA~1\MACUIS~1\UNWISE.EXE C:\PROGRA~1\MACUIS~1\INSTALL.LOG
MainConcept (MCE) MPEG Encoder-->"C:\WINDOWS\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MegaCam-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77F69001-4D35-4BEA-A074-26DA04EA0CDA}\Setup.exe" -l0x40c
Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB96

22 réponses

  • 1
  • 2
  1. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    bonjour, d'entrée sur ton rapport il y a bien des chose infectieuse , mais aussi la présencede 2 anti-virus car tu as norton et antivir d'actif sur le pc et cela pour le ralentir voir le planter c'est pas mal !!
    tu me dira celui que tu veux désinstaller et je te donnerais la procédure pour.

    sinon pour pas perdre trop de temps dans ton problème pour le côté infection tu fais ce qui suit , Merci

    1) passes ad-remover option L

    • Télécharge Ad-remover ( de C_XX ) sur ton bureau :

    https://www.androidworld.fr/

    ! Déconnecte toi et ferme toutes applications en cours !

    • Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

    • Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

    • Au menu principal choisis l'option "L" et tape sur [entrée] .

    • Laisse travailler l'outil et ne touche à rien ...

    --> Poste le rapport qui apparait à la fin , sur le forum ...

    ( Le rapport est sauvegardé sous C:\Ad-report-clean.log )

    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

    Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    2) passes usbfix option 2

    • Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    • Télécharges et installes : http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe

    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

    • Double clic sur le raccourci UsbFix présent sur ton bureau .

    • choisis l'option 2 ( Suppression )

    • Ton bureau disparaitra et le pc redémarrera .

    • Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

    • Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

    • Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Pendant son nettoyage, l'outil a récolté certains fichiers infectieux.
    Nous vous demandons de nous les faire parvenir pour des futures mises à jour, ainsi que pour un meilleur traitement des infections.
    Nous vous remercions pour votre contribution.


    . UsbFix te proposera d'uploader un dossier compressé à cette adresse : https://www.ionos.fr/?affiliate_id=77097

    Ce dossier a été créé par UsbFix et est enregistré sur ton bureau.

    Merci de l'envoyer à l'adresse indiquée afin d'aider l'auteur de UsbFix dans ses recherches.

    Merci d'avance pour ta contribution !!

    0
    1. balto64 Messages postés 81 Date d'inscription   Statut Membre Dernière intervention  
       
      Bonjour,
      j'ignorai que Norton était sur mon PC je pense garder avira quand pensez-vous?

      Voici le rapport ad-r

      .
      ======= RAPPORT D'AD-REMOVER 1.1.4.6_J | UNIQUEMENT XP/VISTA/7 =======
      .
      Mis à jour par C_XX le 05.02.2010 à 17:34
      Contact: AdRemover.contact@gmail.com
      Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
      .
      Lancé à: 8:41:27, 19/02/2010 | Mode Normal | Option: CLEAN
      Exécuté de: C:\Ad-Remover\
      Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
      Nom du PC: MOMO | Utilisateur actuel: Soria
      .
      ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
      .

      C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
      C:\Program Files\Mozilla FireFox\Components\AskSearch.js
      C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
      C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Barre d'outils Crawler
      C:\Program Files\Ask.com
      C:\Program Files\Crawler
      C:\Program Files\Viewpoint
      C:\DOCUME~1\Soria\APPLIC~1\AskToolbar
      C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
      C:\Documents and Settings\Soria\Local Settings\Application Data\AskToolbar

      (!) -- Fichiers temporaires supprimés.

      .
      HKCU\software\appdatalow\AskToolbarInfo
      HKCU\software\Ask.com
      HKCU\software\AskToolbar
      HKCU\software\CToolbar
      HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
      HKCU\Software\Microsoft\Internet Explorer\MenuExt\Crawler Search
      HKCU\software\microsoft\internet explorer\searchscopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
      HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
      HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
      HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
      HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
      HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}
      HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC}
      HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
      HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
      HKLM\software\classes\appid\GenericAskToolbar.DLL
      HKLM\software\classes\AxMetaStream.MetaStreamCtl
      HKLM\software\classes\AxMetaStream.MetaStreamCtl.1
      HKLM\software\classes\AxMetaStream.MetaStreamCtlSecondary
      HKLM\software\classes\AxMetaStream.MetaStreamCtlSecondary.1
      HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
      HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
      HKLM\Software\Classes\CLSID\{183643C8-EE67-4574-9A38-927852E34163}
      HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
      HKLM\Software\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
      HKLM\Software\Classes\CLSID\{1DDA201E-5B42-4352-933E-21A92B297E3B}
      HKLM\Software\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
      HKLM\Software\Classes\CLSID\{4D25FB7A-8902-4291-960E-9ADA051CFBBF}
      HKLM\Software\Classes\CLSID\{54ECA872-DB2A-4C6B-BBB2-F3777C6786CC}
      HKLM\Software\Classes\CLSID\{8736C681-37A0-40C6-A0F0-4C083409151C}
      HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
      HKLM\Software\Classes\CLSID\{DBDB6FAA-1F5F-4A18-B60B-7A905C7FF83F}
      HKLM\software\classes\ctbr.R404Pro
      HKLM\software\classes\CToolbar.TB4Client
      HKLM\software\classes\CToolbar.TB4Script
      HKLM\software\classes\CToolbar.TB4Server
      HKLM\software\classes\GenericAskToolbar.ToolbarWnd
      HKLM\software\classes\GenericAskToolbar.ToolbarWnd.1
      HKLM\software\classes\installer\Products\A28B4D68DEBAA244EB686953B7074FEF
      HKLM\Software\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
      HKLM\Software\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE}
      HKLM\Software\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808}
      HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
      HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
      HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
      HKLM\Software\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9}
      HKLM\Software\Classes\PROTOCOLS\Handler\tbr
      HKLM\Software\Classes\TypeLib\{04006843-5199-4CE4-B3CD-8092CC91706E}
      HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
      HKLM\Software\Classes\TypeLib\{4F7D1B07-6203-41F0-947B-A29CC9ECD9B0}
      HKLM\Software\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}
      HKLM\Software\Classes\TypeLib\{7D3F5DE4-E980-4407-A10F-9AC771ABAAE6}
      HKLM\Software\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
      HKLM\Software\Classes\TypeLib\{E79BB61D-7F1A-41DF-8AD0-402795E3B566}
      HKLM\software\CToolbar
      HKLM\software\MetaStream
      HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
      HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
      HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
      HKLM\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
      HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
      HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
      HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\Crawler
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
      HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
      HKLM\software\microsoft\windows\currentversion\uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
      HKLM\software\microsoft\windows\currentversion\uninstall\CToolbar_UNINSTALL
      HKLM\software\microsoft\windows\currentversion\uninstall\ViewpointMediaPlayer
      HKLM\software\Viewpoint
      HKU\.default\software\CToolbar
      .
      ============== Scan additionnel ==============
      .
      .
      * Mozilla FireFox Version [Impossible d'obtenir la version] *
      .
      Nom du profil: gzq58awn.default (Soria)
      .
      (Soria, prefs.js) Browser.download.dir, C:\Documents and Settings\Soria\Bureau\Telechargement AOL
      (Soria, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Soria\Bureau\Telechargement AOL
      (Soria, prefs.js) Browser.startup.homepage, hxxp://www.aol.fr
      (Soria, prefs.js) Browser.startup.homepage, hxxp://www.msn.fr/
      (Soria, prefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
      (Soria, prefs.js) Browser.search.selectedEngine, Live Search
      .
      .
      .
      * Internet Explorer Version 7.0.5730.11 *
      .
      [HKEY_CURRENT_USER\..\Internet Explorer\Main]
      .
      Do404Search: 01000000
      Local Page: C:\windows\system32\blank.htm
      Show_ToolBar: yes
      Enable Browser Extensions: yes
      Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Use Search Asst: no
      Start Page: hxxp://fr.msn.com/
      Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
      .
      [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
      .
      Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Delete_Temp_Files_On_Exit: yes
      Local Page: C:\windows\system32\blank.htm
      Start Page: hxxp://fr.msn.com/
      Search bar: hxxp://search.msn.com/spbasic.htm
      .
      [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
      .
      Tabs: res://ieframe.dll/tabswelcome.htm
      .
      ============== Suspect (Cracks, Serials, ...) ==============
      .
      C:\Documents and Settings\Soria\Favoris\Import‚(s) d'AOL\Telechargement\cracks\Serials & keys.url
      C:\Documents and Settings\Soria\Mes documents\Mes fichiers re‡us\TuneUp.Utilities.2007.v6.0.2200.FR.Incl-Keygen\http--www.emule-paradise.com-.url
      C:\Documents and Settings\Soria\Mes documents\Mes fichiers re‡us\TuneUp.Utilities.2007.v6.0.2200.FR.Incl-Keygen\TU2007TrialFR.exe
      C:\Documents and Settings\Soria\Mes documents\Mes fichiers re‡us\TuneUp.Utilities.2007.v6.0.2200.FR.Incl-Keygen\Keygen\Keygen-TSRh.exe
      .
      ===================================
      .
      9079 Octet(s) - C:\Ad-Report-CLEAN[1].log
      .
      3 Fichier(s) - C:\DOCUME~1\Soria\LOCALS~1\Temp
      3 Fichier(s) - C:\WINDOWS\Temp
      0 Fichier(s) - C:\WINDOWS\Prefetch
      .
      18 Fichier(s) - C:\Ad-Remover\BACKUP
      389 Fichier(s) - C:\Ad-Remover\QUARANTINE
      .
      Fin à: 8:45:13 | 19/02/2010 - CLEAN[1]
      .
      ============== E.O.F ==============
      .
      0
    2. balto64 Messages postés 81 Date d'inscription   Statut Membre Dernière intervention  
       
      re, voici le rapport avec usbfix


      ############################## | UsbFix V6.095 |

      User : Soria (Administrateurs) # MOMO
      Update on 15/02/2010 by El Desaparecido , C_XX & Chimay8
      Start at: 09:10:10 | 19/02/2010
      Website : http://pagesperso-orange.fr/NosTools/index.html
      Contact : FindyKill.Contact@gmail.com

      AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
      Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
      Internet Explorer 7.0.5730.11
      Windows Firewall Status : Enabled
      AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

      C:\ -> Disque fixe local # 113,27 Go (15,56 Go free) [ACER] # NTFS
      D:\ -> Disque fixe local # 113,73 Go (88,4 Go free) [ACERDATA] # FAT32
      E:\ -> Disque CD-ROM
      F:\ -> Disque amovible # 982,03 Mo (86,11 Mo free) [CLÉ USB 1GB] # FAT32
      G:\ -> Disque amovible
      H:\ -> Disque amovible
      I:\ -> Disque amovible
      J:\ -> Disque fixe local # 931,51 Go (452,16 Go free) [Packard Bell] # NTFS
      K:\ -> Disque amovible
      L:\ -> Disque amovible # 3,73 Go (968,54 Mo free) [CLE NOIR 4G] # FAT32
      M:\ -> Disque fixe local # 152,66 Go (6,8 Go free) [Externe] # NTFS
      N:\ -> Disque amovible # 3,74 Go (1,01 Go free) [CLE BLAN 4G] # FAT32
      O:\ -> Disque amovible # 1,86 Go (475,27 Mo free) [PHILIPS 2GB] # FAT32

      ############################## | Processus actifs |

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir Desktop\sched.exe
      C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
      C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\WINDOWS\eHome\ehRec.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\Program Files\Spyware Terminator\sp_rsser.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\wanmpsvc.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\WgaTray.exe

      ################## | Elements infectieux |

      Supprimé ! C:\Recycler\S-1-5-21-3018402949-179813756-2520407004-1005
      Supprimé ! J:\Recycler\S-1-5-21-3018402949-179813756-2520407004-1005
      Supprimé ! M:\Recycler\S-1-5-21-299502267-1606980848-854245398-1003
      Supprimé ! M:\Recycler\S-1-5-21-3018402949-179813756-2520407004-1005
      Supprimé ! M:\Recycler\S-1-5-21-776561741-507921405-1343024091-1003

      ################## | Registre |

      Supprimé ! [HKCU\SOFTWARE\MediaSolaris]
      Supprimé ! [HKCU\SOFTWARE\TurboNet]
      Supprimé ! [HKCU\SOFTWARE\XML]
      Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

      ################## | Mountpoints2 |

      Supprimé ! HKCU\...\Explorer\MountPoints2\{2fb2998a-f5bb-11dd-815d-00038a000015}\Shell\AutoRun\Command

      ################## | Listing des fichiers présent |

      [19/02/2010 08:45|--a------|9416] C:\Ad-Report-CLEAN[1].log
      [11/08/2006 18:52|--a------|50] C:\AUTOEXEC.BAT
      [19/02/2010 08:23|-rahs----|221] C:\boot.ini
      [10/08/2004 21:00|-rahs----|4952] C:\Bootfont.bin
      [29/05/2008 18:46|--a------|16472] C:\ComboFix.txt
      [11/08/2006 18:29|--a------|0] C:\CONFIG.SYS
      [31/01/2008 14:21|--a------|19150] C:\drwtsn32.log
      [26/02/2007 10:33|--ahs----|115343872] C:\eDS_PSD_drive.vmdf
      [?|?|?] C:\hiberfil.sys
      [18/03/2007 12:59|--a------|868] C:\INSTALL.LOG
      [11/08/2006 18:29|-rahs----|0] C:\IO.SYS
      [11/06/2007 14:57|--a------|7] C:\ISACER.id
      [27/08/2009 14:33|--a------|90] C:\LogiSetup.log
      [11/08/2006 18:29|-rahs----|0] C:\MSDOS.SYS
      [10/08/2004 21:00|-rahs----|47564] C:\NTDETECT.COM
      [06/08/2008 12:26|-rahs----|252240] C:\ntldr
      [?|?|?] C:\pagefile.sys
      [11/08/2006 20:18|--a------|79] C:\preload.aaa
      [04/06/2008 22:03|--a------|2049] C:\rapport.txt
      [03/06/2008 19:53|--a------|5237] C:\rapport_smit.txt
      [11/08/2006 18:41|--a------|499] C:\RHDSetup.log
      [21/03/2007 21:11|--a------|1417] C:\RNDIS.log
      [30/05/2008 20:50|--a------|5627] C:\smit.txt
      [19/02/2010 09:13|--a------|4674] C:\UsbFix.txt
      [28/01/2010 20:47|--a------|8806031] F:\02-sade-soldier_of_love.mp3
      [15/02/2010 15:11|--a------|1855858] F:\Alg‚rino Sur la tete de ma Mere.mp3
      [15/02/2010 15:05|--a------|3530880] F:\Christophe Mae.Jai Laiss‚.mp3
      [15/02/2010 15:10|--a------|5426447] F:\Jay-Z_feat._Mr_Hudson_-_Forever_-_SnB.mp3
      [15/02/2010 15:18|--a------|5757806] F:\Lisa Mitchell - Neopolitan Dreams.mp3
      [08/02/2010 10:10|--a------|784388096] L:\Le_Livre_D_Eli_up_by_thostar_for_wawa_mania.avi
      [08/02/2010 09:45|--a------|732985344] L:\The box.avi.avi
      [13/02/2010 22:38|--a------|737105920] L:\Hors.de.Controle.TS.up.by.radiant.avi
      [13/02/2010 22:29|--a------|733931520] L:\The.Code.LIMITED.TRUEFRENCH.SUBFORCED.DVDRiP.XviD-ATeam-wWw.Extreme-Down.Com.avi
      [28/10/2006 20:13|--ahs----|9728] M:\Thumbs.db
      [08/02/2010 18:23|--a------|733732568] N:\The.Princess.an d.the.Frog.DVDscr.avi
      [08/02/2010 18:10|--a------|728514560] N:\Lili.La.Petite.Sorciere.FRENCH.DVDRip.XviD-AYMO.avi
      [13/02/2010 22:10|--a------|729812992] N:\Florence.Foresti l'abribus.avi
      [08/02/2010 09:45|--a------|732985344] N:\The box.avi.avi
      [05/11/2008 19:25|---hs----|89] O:\license.dat

      ################## | Vaccination |

      # C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
      # D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
      # F:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
      # J:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
      # L:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
      # M:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
      # N:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
      # O:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

      ################## | Upload |

      Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_MOMO.zip : https://www.ionos.fr/?affiliate_id=77097
      Merci pour votre contribution .

      ################## | ! Fin du rapport # UsbFix V6.095 ! |
      0
  2. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    bonjour, ok tu vas virer norton depuis ajout suppression des programmes si tu pouvais le faire en mode sans echec cela serait mieux , et puis tu passeras l'outil spéciphique de chez sysmantec , et tu posteras un hijackthis pour contrôle , merci

    1) désinstalles norton de dans tes programmes en mode sans echec

    pour redémarrer en mode sans échec : /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

    (attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreurs ...)

    .Cliques sur Démarrer
    .Cliques sur Arrêter
    .Sélectionnes Redémarrer et au redémarrage
    .Appuis sur la touche F8 ou F5 celon les marques de pc sans discontinuer "1 appuis seconde" dès qu'un écran de texte apparaît puis disparaît
    .Utilises les touches de direction pour sélectionner mode sans échec
    .puis appuis sur ENTRÉE
    .Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre
    une fois démarré ne t'inquiette pas si les couleurs et les icônes ne sont pas comme d'abitude

    tuto:http://www.vista-xp.fr/forum/topic93.html

    2) passes cet outil

    http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

    en fin desuppression il ouvre une page comment réinstaller un produit symantec tu la ferme tous simplement c'est une pub !!

    3) postes un hijackthis de contrôle

    télécharge Hijackthis : http://www.trendsecure.com/portal/fr/_download/HJTInstall.exe

    .enregistres le sur le bureau
    .Tu fermes tout les programmes ouverts y compris le navigateur. sauf ton anti-virus et pare-feux
    .installes le , il va s'installer par défaut dans C:\Program Files\Trend Micro\HijackThis
    .Cliques sur "Do a system scan and save the logfile"
    .Cela va t'ouvrir un bloc note à la fin du scan.
    .Copie son contenu et poste le dans ton prochain message. sinon le rapport est dans C:\Program Files\Trend Micro\HijackThis\ hijackthis "document texte"

    si besion d'aide pour l'installation : https://www.androidworld.fr/

    des expliquations en images pour l'utiliser : http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
    0
  3. balto64 Messages postés 81 Date d'inscription   Statut Membre Dernière intervention  
     
    bonsoir, voici le rapport

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:30:23, on 19/02/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16981)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\WINDOWS\system32\SysMonitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\AOL\1172324924\ee\AOLSoftware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Soria\Bureau\Soria.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://signin.ebay.fr/ws/eBayISAPI.dll?SignIn&UsingSSL=1&pUserId=&co_partnerId=2&siteid=71&ru=https%3A%2F%2Fmy.ebay.fr%2Fws%2FeBayISAPI.dll%3FMyEbayBeta%26MyeBay%3D%26CurrentPage%3DMyeBaySelling%26ssPageName%3DSTRK%253AME%253ALNLK%26guest%3D1&pageType=3984
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O3 - Toolbar: (no name) - {C48F0939-992C-45C8-A9C2-B97A22D9B4BD} - (no file)
    O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
    O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1172324924\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AOL Dialer] C:\Program Files\Fichiers communs\AOL\ACS\AOlDial.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8F89B3CE-5706-40EA-9F6E-62C6BFF04DFC}: NameServer = 80.118.192.100,80.118.196.36
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B7AD884B-CCB5-4D8E-8137-19079D3267A8}: NameServer = 192.168.1.1
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\Program Files\Inventel\Add-on\wlancfg.exe (file missing)
    0
  4. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    bonjour, et comment va le pc il y a quelque lignes supperflut à fixer et finaliser le nettoyage
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. balto64 Messages postés 81 Date d'inscription   Statut Membre Dernière intervention  
     
    Bonsoir,
    j'ai l'impression qu'il rame moins est ce que le nettoyage est terminé, pourriez-vous me dire
    s'il faut supprimer des programmes inutiles
    0
  7. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    fais un examem complet de ton pc avec malwarebytes

    Télécharge Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    . enregistres le sur le bureau
    . Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
    . si le pare-feu demande l'autorisation de se connecter pour malwarebytes, acceptes
    . rend-toi dans l'onglet, Recherche
    . Sélectionnes Exécuter un examen complet
    . Cliques sur Rechercher
    . Le scan démarre.
    . A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    . Cliques sur Ok pour poursuivre.
    . Si des malwares ont été détectés, cliques sur Afficher les résultats
    . Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
    . Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
    . redemarre le pc si il le fait pas lui même
    . une fois redémarré double-cliques sur malwarebytes
    . rends toi dans l'onglet rapport/log
    . tu cliques dessus pour l'afficher une fois affiché
    . tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
    . tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
    . tu cliques droit dans le cadre de la reponse et coller

    Si tu as besoin d'aide regarde ce tutoriel :
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    0
    1. balto64 Messages postés 81 Date d'inscription   Statut Membre Dernière intervention  
       
      Bonjour, je reviens vers vous pour savoir si le nettoyage de mon pc est terminé
      pouvez-vous m'indiquer si je dois supprimer certains programmes
      Merci encore
      0
  8. balto64 Messages postés 81 Date d'inscription   Statut Membre Dernière intervention  
     
    voici le rapport

    Malwarebytes' Anti-Malware 1.44
    Version de la base de données: 3510
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.11

    20/02/2010 00:03:22
    mbam-log-2010-02-20 (00-03-22).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 204314
    Temps écoulé: 48 minute(s), 58 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  9. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    bonjour, tu fais ce qui suis , merci

    1) Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

    . Télécharge List&Kill'em et enregistre le sur ton bureau

    . Branche clés usb , disques durs externes , mp3 , mp4 , etc..

    double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

    coche la case "creer une icone sur le bureau"

    une fois terminée , clic sur "terminer" et le programme se lancera seul

    choisis la langue puis choisis l'option 1 = Mode Recherche

    . laisse travailler l'outil

    à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

    un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

    . Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

    tu peux supprimer le rapport catchme.log de ton bureau maintenant.

    ==============================

    2) . Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
    mais cette fois-ci :

    . choisis l'option 2 = Mode Suppression

    laisse travailler l'outil.

    en fin de scan un rapport s'ouvre

    . colle le contenu dans ta reponse

    0
  10. balto64 Messages postés 81 Date d'inscription   Statut Membre Dernière intervention  
     
    bonjour,
    voici le rapport

    List'em by g3n-h@ckm@n 1.2.7.0

    User : Soria (Administrateurs)
    Update on 23/02/2010 by g3n-h@ckm@n ::::: 16.30
    Start at: 08:24:47 | 24/02/2010
    Contact : https://forums.commentcamarche.net/forum/virus-securite-7

    AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
    Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 7.0.5730.11
    Windows Firewall Status : Enabled
    AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

    C:\ -> Disque fixe local | 113,27 Go (15,25 Go free) [ACER] | NTFS
    D:\ -> Disque fixe local | 113,73 Go (88,4 Go free) [ACERDATA] | FAT32
    E:\ -> Disque CD-ROM
    G:\ -> Disque amovible
    H:\ -> Disque amovible
    I:\ -> Disque amovible
    J:\ -> Disque fixe local | 931,51 Go (452,84 Go free) [Packard Bell] | NTFS
    K:\ -> Disque amovible
    M:\ -> Disque fixe local | 152,66 Go (9,08 Go free) [Externe] | NTFS

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\SysMonitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\AOL\1172324924\ee\AOLSoftware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\List_Kill'em\List_Kill'em.scr
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Documents and Settings\Soria\Local Settings\Temp\18.tmp\pv.exe

    ======================
    Keys "Run"
    ======================
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
    AOL Dialer REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOlDial.exe
    SUPERAntiSpyware REG_SZ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    Google Update REG_SZ "C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    LogitechSoftwareUpdate REG_SZ "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    ccleaner REG_SZ "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    ehTray REG_SZ C:\WINDOWS\ehome\ehtray.exe
    LaunchApp REG_SZ Alaunch
    RTHDCPL REG_SZ RTHDCPL.EXE
    SkyTel REG_SZ SkyTel.EXE
    IMJPMIG8.1 REG_SZ "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    IMEKRMIG6.1 REG_SZ C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    MSPY2002 REG_SZ C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    Acer Empowering Technology Monitor REG_SZ C:\WINDOWS\system32\SysMonitor.exe
    eDataSecurity Loader REG_SZ C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    eRecoveryService REG_SZ C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    AOLSAV REG_SZ C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    SSBkgdUpdate REG_SZ "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    OpwareSE4 REG_SZ "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    SpywareTerminator REG_SZ "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
    avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    LVCOMSX REG_SZ C:\WINDOWS\system32\LVCOMSX.EXE
    LogitechVideoRepair REG_SZ C:\Program Files\Logitech\Video\ISStart.exe
    LogitechVideoTray REG_SZ C:\Program Files\Logitech\Video\LogiTray.exe
    Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    Adobe ARM REG_SZ "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
    iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
    HostManager REG_SZ C:\Program Files\Fichiers communs\AOL\1172324924\ee\AOLSoftware.exe
    AOLDialer REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\avp6_post_uninstall

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    =====================
    Other Keys
    =====================
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    dontdisplaylastusername REG_DWORD 0 (0x0)
    legalnoticecaption REG_SZ
    legalnoticetext REG_SZ
    shutdownwithoutlogon REG_DWORD 1 (0x1)
    undockwithoutlogon REG_DWORD 1 (0x1)
    InstallVisualStyle REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    InstallTheme REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale.theme
    HideLegacyLogonScripts REG_DWORD 0 (0x0)
    HideLogoffScripts REG_DWORD 0 (0x0)
    RunLogonScriptSync REG_DWORD 1 (0x1)
    RunStartupScriptSync REG_DWORD 0 (0x0)
    HideStartupScripts REG_DWORD 0 (0x0)

    ===============
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoDriveTypeAutoRun REG_DWORD 255 (0xff)
    Nouvelle valeur #1 REG_BINARY 00000001
    NoDriveAutoRun REG_DWORD 255 (0xff)
    HonorAutoRunSetting REG_DWORD 0 (0x0)

    ===============
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoDriveAutoRun REG_DWORD 255 (0xff)
    NoDriveTypeAutoRun REG_DWORD 255 (0xff)
    HonorAutoRunSetting REG_DWORD 0 (0x0)

    ===============
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLS REG_SZ

    ===============
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    AutoRestartShell REG_DWORD 1 (0x1)
    DefaultUserName REG_SZ Soria
    LegalNoticeCaption REG_SZ
    LegalNoticeText REG_SZ
    PowerdownAfterShutdown REG_SZ 0
    ReportBootOk REG_SZ 1
    Shell REG_SZ explorer.exe
    ShutdownWithoutLogon REG_SZ 0
    System REG_SZ
    Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
    VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
    SfcQuota REG_DWORD -1 (0xffffffff)
    allocatecdroms REG_SZ 0
    allocatedasd REG_SZ 0
    allocatefloppies REG_SZ 0
    cachedlogonscount REG_SZ 10
    forceunlocklogon REG_DWORD 0 (0x0)
    passwordexpirywarning REG_DWORD 14 (0xe)
    scremoveoption REG_SZ 0
    AllowMultipleTSSessions REG_DWORD 1 (0x1)
    UIHost REG_EXPAND_SZ logonui.exe
    LogonType REG_DWORD 1 (0x1)
    Background REG_SZ 0 0 0
    DebugServerCommand REG_SZ no
    SFCDisable REG_DWORD 0 (0x0)
    WinStationsDisabled REG_SZ 0
    HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
    ShowLogonOptions REG_DWORD 0 (0x0)
    AltDefaultUserName REG_SZ Soria
    AltDefaultDomainName REG_SZ MOMO
    DefaultDomainName REG_SZ MOMO
    ChangePasswordUseKerberos REG_DWORD 1 (0x1)

    ===============
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

    ===============
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    {AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
    {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} REG_SZ

    ===============
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
    C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE REG_SZ C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
    C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
    C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe REG_SZ C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
    %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
    C:\Program Files\Real\RealPlayer\realplay.exe REG_SZ C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer
    C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL
    C:\Program Files\Fichiers communs\AOL\1172324924\ee\aolsoftware.exe REG_SZ C:\Program Files\Fichiers communs\AOL\1172324924\ee\aolsoftware.exe:*:Enabled:AOL Shared Components
    C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
    C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
    C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL
    C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe REG_SZ C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
    C:\Program Files\AOL 9.0b\waol.exe REG_SZ C:\Program Files\AOL 9.0b\waol.exe:*:Enabled:AOL
    C:\Program Files\AOL 9.0a\waol.exe REG_SZ C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL
    %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
    C:\Program Files\AOL 9.0\waol.exe REG_SZ C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL
    C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
    C:\Program Files\Windows Live\Messenger\wlcsdk.exe REG_SZ C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger

    ===============
    ActivX controls
    ===============
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}

    ===============
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{04F81CB6-8AAE-D6DD-2C5F-0E6BF4D2540E}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1325db73-d9f1-48f8-8895-6d814ec58889}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1BC46932-21B2-4130-86E0-B4EB4F7A7A7B}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B508B3F1-A24A-32C0-B310-85786919EF28}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BDE0FA43-6952-4BA8-8C58-09AF690F88E1}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DCECC7CA-D5F8-3AD0-347D-2C35D8AAE399}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E8EA5BD6-D931-4001-ABF6-81BAA500360A}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EA29D410-CE41-4953-A862-2DE706A1DAD7}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FDC11A6F-17D1-48f9-9EA3-9051954BAA24}

    ==============
    BHO :
    ======
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

    ============
    Recherche DNS
    ============

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{8F89B3CE-5706-40EA-9F6E-62C6BFF04DFC}: NameServer=80.118.192.100,80.118.196.36
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{B7AD884B-CCB5-4D8E-8137-19079D3267A8}: NameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{8F89B3CE-5706-40EA-9F6E-62C6BFF04DFC}: NameServer=80.118.192.100,80.118.196.36
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{B7AD884B-CCB5-4D8E-8137-19079D3267A8}: NameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{8F89B3CE-5706-40EA-9F6E-62C6BFF04DFC}: NameServer=80.118.192.100,80.118.196.36
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{B7AD884B-CCB5-4D8E-8137-19079D3267A8}: NameServer=192.168.1.1

    ================
    Internet Explorer :
    ================
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.msn.com/fr-fr

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://signin.ebay.fr/ws/eBayISAPI.dll?SignIn&UsingSSL=1&pUserId=&co_partnerId=2&siteid=71&ru=https%3A%2F%2Fmy.ebay.fr%2Fws%2FeBayISAPI.dll%3FMyEbayBeta%26MyeBay%3D%26CurrentPage%3DMyeBaySelling%26ssPageName%3DSTRK%253AME%253ALNLK%26guest%3D1&pageType=3984

    ========
    Services
    ========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

    Ndisuio : 0x4 ( OK = 3 )
    EapHost : 0x3 ( OK = 2 )
    SharedAccess : 0x2 ( OK = 2 )
    wuauserv : 0x2 ( OK = 2 )

    =========
    Atapi.sys
    =========

    %%%% HASHDEEP-1.0
    %%%% size,md5,sha256,filename
    ## Invoked from: C:\Documents and Settings\Soria\Local Settings\Temp\18.tmp
    ## C:\> hashdeep.exe C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    ##
    95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    %%%% HASHDEEP-1.0
    %%%% size,md5,sha256,filename
    ## Invoked from: C:\Documents and Settings\Soria\Local Settings\Temp\18.tmp
    ## C:\> hashdeep.exe C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    ##
    96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    %%%% HASHDEEP-1.0
    %%%% size,md5,sha256,filename
    ## Invoked from: C:\Documents and Settings\Soria\Local Settings\Temp\18.tmp
    ## C:\> hashdeep.exe C:\WINDOWS\system32\drivers\atapi.sys
    ##
    96512,9f3a2f5aa6875c72bf062c712cfa2674,b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9,C:\WINDOWS\system32\drivers\atapi.sys

    Référence :
    ==========

    Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
    Win XP_32b : a64013e98426e1877cb653685c5c0009
    Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
    Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
    Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
    Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
    Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
    Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
    Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
    Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

    =======
    Drive :
    =======

    D‚fragmenteur de disque Windows
    Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

    Rapport d'analyse
    113 Go total, 15,25 Go libre (13%), 23% fragment‚ (fragmentation du fichier 45%)

    Vous devriez d‚fragmenter ce volume.

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    Present !! : C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    Present !! : C:\WINDOWS\_delis32.ini
    Present !! : C:\WINDOWS\kb913800.exe
    Present !! : C:\WINDOWS\System32\autorun.*
    Present !! : C:\WINDOWS\System32\SET*.tmp
    Present !! : C:\WINDOWS\System32\tmp.reg"
    Present !! : C:\WINDOWS\unins000.dat
    Present !! : C:\WINDOWS\unins000.exe
    Present !! : C:\Documents and Settings\Soria\Application Data\pcouffin.inf
    Present !! : C:\Documents and Settings\Soria\Application Data\inst.exe
    Present !! : C:\Documents and Settings\Soria\LOCAL Settings\Temp\SSUPDATE.EXE

    ¤¤¤¤¤¤¤¤¤¤ Keys :

    Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
    Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"

    ============

    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-02-24 08:41:46
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    kernel: MBR read successfully
    user & kernel MBR OK

    ==========
    Programs
    ==========

    a-squared Free
    ACE Mega CoDecS Pack
    Acer WLAN 11g USB Dongle
    Adobe
    Apple Software Update
    ArcSoft
    Audacity
    Avira
    Canal
    Canon
    CanonBJ
    CCleaner
    CleanUp!
    commercial
    ComPlus Applications
    CyberLink
    DIFX
    Fichiers communs
    Free Audio Pack
    FrenchOtto
    GemMasterFrench
    Google
    IDENCIG
    IKEA HomePlanner
    InstallShield Installation Information
    Internet Explorer
    iPod
    iTunes
    IVT Corporation
    Java
    K-Lite Codec Pack
    Lavasoft
    Learn2.com
    List_Kill'em
    Logitech
    MaCuisineLapeyrePrima
    Malwarebytes' Anti-Malware
    Messenger
    Micro Application
    Microsoft
    Microsoft CAPICOM 2.1.0.2
    microsoft frontpage
    Microsoft Office
    Microsoft Visual Studio
    Microsoft Works
    Microsoft.NET
    Movie Maker
    Mozilla Firefox
    MSBuild
    MSN
    MSN Gaming Zone
    MSXML 4.0
    Nero
    NetMeeting
    Neuf
    NewTech Infosystems
    Nullsoft
    Oca History Tool
    Online Services
    Outlook Express
    Prolific Publishing, Inc
    QuickTime
    Real
    Realtek
    Reference Assemblies
    RegCleaner
    ScanSoft
    Services en ligne
    Spyware Terminator
    SUPERAntiSpyware
    TechCity Solutions
    TuneUp Utilities 2007
    Uninstall Information
    uTorrent
    VideoLAN
    Windows Live
    Windows Live SkyDrive
    Windows Media Connect 2
    Windows Media Player
    Windows NT
    Windows Plus
    WindowsUpdate
    WinRAR
    xerox

    ============
    Drive C:
    ============

    $AVG8.VAULT$
    Acer
    Ad-Remover
    Ad-Report-CLEAN[1].log
    AUTOEXEC.BAT
    autorun.inf
    boot.ini
    Bootfont.bin
    CMPNENTS
    ComboFix.txt
    Config.Msi
    CONFIG.SYS
    Documents and Settings
    dotnetfx
    drv
    drwtsn32.log
    eDS_PSD_drive.vmdf
    GUIDE
    hiberfil.sys
    i386
    INSTALL.LOG
    IO.SYS
    ISACER.id
    Kill'em
    List'em.txt
    LogiSetup.log
    MSDOS.SYS
    MSOCache
    My Downloads
    My Music
    NTDETECT.COM
    ntldr
    NVIDIA
    pagefile.sys
    Pontarolo Engineering
    preload.aaa
    Program Files
    QooBox
    rapport.txt
    rapport_smit.txt
    RECYCLER
    RHDSetup.log
    RNDIS.log
    rsit
    smit.txt
    SYSINFO
    System Volume Information
    UsbFix.txt
    UsbFix_Upload_Me_MOMO.zip
    VALUEADD
    WINDOWS

    ¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    End of scan : 9:03:32,82
    0
  11. balto64 Messages postés 81 Date d'inscription   Statut Membre Dernière intervention  
     
    voici le 2eme rapport
    Kill'em by g3n-h@ckm@n 1.2.7.0

    User : Soria (Administrateurs)
    Update on 23/02/2010 by g3n-h@ckm@n ::::: 16.30
    Start at: 09:07:47 | 24/02/2010
    Contact : https://forums.commentcamarche.net/forum/virus-securite-7

    AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
    Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 7.0.5730.11
    Windows Firewall Status : Enabled
    AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

    C:\ -> Disque fixe local | 113,27 Go (15,25 Go free) [ACER] | NTFS
    D:\ -> Disque fixe local | 113,73 Go (88,4 Go free) [ACERDATA] | FAT32
    E:\ -> Disque CD-ROM
    G:\ -> Disque amovible
    H:\ -> Disque amovible
    I:\ -> Disque amovible
    J:\ -> Disque fixe local | 931,51 Go (452,84 Go free) [Packard Bell] | NTFS
    K:\ -> Disque amovible
    M:\ -> Disque fixe local | 152,66 Go (9,08 Go free) [Externe] | NTFS

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\SysMonitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\AOL\1172324924\ee\AOLSoftware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\List_Kill'em\List_Kill'em.scr
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Documents and Settings\Soria\Local Settings\Temp\26.tmp\ERUNT.EXE
    C:\Documents and Settings\Soria\Local Settings\Temp\26.tmp\pv.exe

    Detections :
    ==========

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    Quarantined & Deleted !! : C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    Quarantined & Deleted !! : C:\WINDOWS\_delis32.ini
    Quarantined & Deleted !! : C:\WINDOWS\kb913800.exe

    Quarantined & Deleted !! : C:\WINDOWS\System32\SET100.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET101.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET102.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET103.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET104.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET105.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET106.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET107.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET108.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET109.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET10A.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET10B.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET10C.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET10D.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET10E.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET10F.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET110.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET111.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET112.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET113.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET114.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET115.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET116.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET117.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET118.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET119.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET11A.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET11B.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET11C.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET11D.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET11E.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET11F.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET120.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET121.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET122.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET123.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET124.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET125.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET126.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET127.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET128.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET129.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET12A.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET12B.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET12C.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET12D.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET12E.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET12F.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET130.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET131.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET132.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET133.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET134.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET135.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET136.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET137.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET138.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET139.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET13A.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET13B.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET13C.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET13D.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET13E.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET13F.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET140.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET141.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET142.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET143.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET144.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET145.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET146.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET147.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET148.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET149.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET14A.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET14B.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET14C.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET14D.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET14E.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET14F.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET150.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET151.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET152.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET153.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET154.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET155.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET156.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET157.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET158.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET159.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET15A.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET15B.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET15C.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET15D.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET15E.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET15F.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET16.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET160.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET161.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET162.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET163.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET164.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET165.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET166.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET167.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET168.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET169.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET16A.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET16B.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET16C.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET16D.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET16E.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET16F.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET17.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET170.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET171.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET172.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET173.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET174.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET175.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET176.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET177.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET178.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET179.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET17A.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET17B.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET17C.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET17D.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET17E.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET17F.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET18.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET180.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET181.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET182.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET183.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET184.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET185.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET186.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET187.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET188.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET189.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET18A.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET18B.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET18C.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET18D.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET18E.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET18F.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET19.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET190.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET191.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET192.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET193.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET194.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET195.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET196.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET197.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET198.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET199.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET19A.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET19B.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET19C.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET19D.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET19E.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET19F.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1A.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1A0.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1A1.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1A2.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1A3.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1A4.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1A5.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1A6.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1A7.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1A8.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1A9.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1AA.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1AB.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1AC.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1AD.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1AE.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1AF.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1B.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1B0.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1B1.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1B2.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1B3.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1B4.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1B5.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1B6.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1B7.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1B8.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1B9.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1BA.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1BB.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1BC.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1BD.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1BE.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1BF.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1C0.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1C1.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1C2.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1C3.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1C4.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1C5.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1C6.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1C7.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1C8.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1C9.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1CA.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1CB.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1CC.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1CD.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1CE.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1CF.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1D0.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1D1.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1D2.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1D3.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1D4.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1D5.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1D6.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1D7.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1D8.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1D9.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1DA.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1DB.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1DC.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1DD.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1DE.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1DF.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1E0.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1E1.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1E2.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1E5.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1E6.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1E7.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1E8.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1E9.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1EA.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1EC.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1ED.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1EE.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1EF.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1F0.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1F1.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1F2.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1F3.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1F4.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1F5.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1F6.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1F7.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1F8.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1F9.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1FA.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1FB.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1FC.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1FD.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET1FF.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET200.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET201.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET202.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET203.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET204.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET206.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET207.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET208.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET209.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET20A.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET20B.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET20C.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET20D.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET20E.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET20F.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET68.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET6B.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET6E.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET7B.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET7C.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET7D.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET7E.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET7F.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET80.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET81.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET82.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET83.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET86.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET87.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET88.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET89.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET8A.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET8B.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET8D.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET8E.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET8F.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET90.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET91.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET92.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET93.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET94.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET95.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET96.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET97.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET98.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET99.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET9A.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET9B.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET9C.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET9D.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET9E.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SET9F.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETA0.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETA1.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETA2.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETA3.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETA4.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETA5.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETA6.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETA7.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETA8.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETA9.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETAA.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETAB.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETAC.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETAD.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETAE.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETAF.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETB0.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETB1.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETB2.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETB3.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETB4.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETB5.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETB6.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETB7.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETBA.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETBB.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETBC.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETBD.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETBE.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETBF.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETC1.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETC2.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETC3.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETC4.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETC5.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETC6.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETC7.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETC8.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETC9.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETCA.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETCB.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETCC.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETCD.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETCE.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETCF.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETD0.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETD1.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETD2.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETD3.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETD4.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETD5.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETD6.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETD7.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETD8.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETD9.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETDA.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETDB.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETDC.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETDD.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETDE.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETDF.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETE0.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETE1.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETE2.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETE3.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETE4.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETE5.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETE6.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETE7.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETE8.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETE9.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETEA.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETEB.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETEE.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETEF.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETF0.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETF1.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETF2.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETF3.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETF4.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETF5.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETF6.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETF7.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETF8.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETF9.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETFA.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETFB.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETFC.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETFD.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETFE.tmp
    Quarantined & Deleted !! : C:\WINDOWS\System32\SETFF.tmp
    Quarantined & Deleted !! : C:\WINDOWS\system32\tmp.reg
    Quarantined & Deleted !! : C:\WINDOWS\unins000.dat
    Quarantined & Deleted !! : C:\WINDOWS\unins000.exe
    Quarantined & Deleted !! : C:\Documents and Settings\Soria\Application Data\pcouffin.inf
    Quarantined & Deleted !! : C:\Documents and Settings\Soria\Application Data\inst.exe
    Quarantined & Deleted !! : C:\Documents and Settings\Soria\LOCAL Settings\Temp\SSUPDATE.EXE

    ==============
    host file OK !
    ==============

    ========
    Registry
    ========

    Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
    Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
    ========
    Services
    =========

    Ndisuio : Start = 3
    EapHost : Start = 2
    Ip6Fw : Start = 2
    SharedAccess : Start = 2
    wuauserv : Start = 2
    wscsvc : Start = 2

    ============
    Disk Cleaned
    ============

    =================
    anti-ver blaster : OK !!
    =================

    ================
    Prefetch cleaned
    ================

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  12. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    bonjour, list&kill"em a trouver et supprimé pas mal de chose restante , comment va ton pc peux tu poster un nouveau hijackthis pour voir les lignes restante à fixer
    0
    1. balto64 Messages postés 81 Date d'inscription   Statut Membre Dernière intervention  
       
      bo,soir voici le rapport, le pc rame moins ça a l'air d'aller par contre il est lent pour les telechargements
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:17:03, on 24/02/2010
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16981)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir Desktop\sched.exe
      C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      C:\WINDOWS\Explorer.EXE
      C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
      C:\WINDOWS\ehome\ehtray.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\system32\SysMonitor.exe
      C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
      C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
      C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
      C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
      C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
      C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
      C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Logitech\Video\LogiTray.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
      C:\Program Files\Spyware Terminator\sp_rsser.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\wanmpsvc.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Fichiers communs\AOL\1172324924\ee\AOLSoftware.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Fichiers communs\AOL\ACS\AOlDial.exe
      C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      C:\Program Files\Logitech\Video\FxSvr2.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\eHome\ehmsas.exe
      C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
      C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
      C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
      C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
      C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
      C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
      C:\Documents and Settings\Soria\Bureau\Soria.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://signin.ebay.fr/ws/eBayISAPI.dll?SignIn&UsingSSL=1&pUserId=&co_partnerId=2&siteid=71&ru=https%3A%2F%2Fmy.ebay.fr%2Fws%2FeBayISAPI.dll%3FMyEbayBeta%26MyeBay%3D%26CurrentPage%3DMyeBaySelling%26ssPageName%3DSTRK%253AME%253ALNLK%26guest%3D1&pageType=3984
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - Default URLSearchHook is missing
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
      O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
      O3 - Toolbar: (no name) - {C48F0939-992C-45C8-A9C2-B97A22D9B4BD} - (no file)
      O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
      O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [LaunchApp] Alaunch
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
      O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
      O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
      O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
      O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
      O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
      O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1172324924\ee\AOLSoftware.exe
      O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [AOL Dialer] C:\Program Files\Fichiers communs\AOL\ACS\AOlDial.exe
      O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
      O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
      O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
      O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
      O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
      O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{8F89B3CE-5706-40EA-9F6E-62C6BFF04DFC}: NameServer = 80.118.192.100,80.118.196.36
      O17 - HKLM\System\CCS\Services\Tcpip\..\{B7AD884B-CCB5-4D8E-8137-19079D3267A8}: NameServer = 192.168.1.1
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
      O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
      O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
      O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
      O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
      O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
      O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
      O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\Program Files\Inventel\Add-on\wlancfg.exe (file missing)
      0
    2. balto64 Messages postés 81 Date d'inscription   Statut Membre Dernière intervention  
       
      Bonsoir, je me permets de revenir vers toi, pour savoir si le nettoyage est fini,
      par ailleurs peux-tu m'indiquer ce que je dois supprimer
      Merci
      0
      1. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645 > balto64 Messages postés 81 Date d'inscription   Statut Membre Dernière intervention  
         
        tu as bien fait de relancer le sujet car je sais pas ce qui c'est passer j'ai pas eu de retrour de mes< discution depuis plusieurs jour , et donc pas eu ta dernière réponse , je regarde donc ton dernier hijackthis et te dis cela !!
        0
  13. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    tu vas arrêter les services donné et puis tu repostes un hijackthis je regarderais demain la dodo boulot dans 7h

    Pour à accèder et arrêter un services

    .Cliques sur Démarrer
    .Cliques sur Executer
    .Tapes dans la fenêttre services.msc
    .Dans la liste déroulante trouves : les services et fais cela pour les 2
    Planificateur LiveUpdate automatique et Boonty Games
    .Cliques droit sur Propriétés
    .Cliques sur Arrêter
    .Cliques sur désacriver si proposé
    .cliques sur OKFerme la fenêttre des services

    0
  14. balto64 Messages postés 81 Date d'inscription   Statut Membre Dernière intervention  
     
    re,
    les services donnés n'etaient pas démarrer

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:13:47, on 25/02/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16981)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\SysMonitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\AOL\1172324924\ee\AOLSoftware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Soria\Bureau\Soria.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://signin.ebay.fr/ws/eBayISAPI.dll?SignIn&UsingSSL=1&pUserId=&co_partnerId=2&siteid=71&ru=https%3A%2F%2Fmy.ebay.fr%2Fws%2FeBayISAPI.dll%3FMyEbayBeta%26MyeBay%3D%26CurrentPage%3DMyeBaySelling%26ssPageName%3DSTRK%253AME%253ALNLK%26guest%3D1&pageType=3984
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O3 - Toolbar: (no name) - {C48F0939-992C-45C8-A9C2-B97A22D9B4BD} - (no file)
    O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
    O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1172324924\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AOL Dialer] C:\Program Files\Fichiers communs\AOL\ACS\AOlDial.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8F89B3CE-5706-40EA-9F6E-62C6BFF04DFC}: NameServer = 80.118.192.100,80.118.196.36
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B7AD884B-CCB5-4D8E-8137-19079D3267A8}: NameServer = 192.168.1.1
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\Program Files\Inventel\Add-on\wlancfg.exe (file missing)
    0
  15. balto64 Messages postés 81 Date d'inscription   Statut Membre Dernière intervention  
     
    voici le rapport que je viens de faire !!!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:17:30, on 01/03/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16981)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\SysMonitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\AOL\1172324924\ee\AOLSoftware.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Soria\Bureau\Soria.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.ebay.fr/ws/eBayISAPI.dll?MyeBay
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O3 - Toolbar: (no name) - {C48F0939-992C-45C8-A9C2-B97A22D9B4BD} - (no file)
    O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
    O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1172324924\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AOL Dialer] C:\Program Files\Fichiers communs\AOL\ACS\AOlDial.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Soria\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.05\AMVConverter\grab.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.05\MediaManager\grab.html
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8F89B3CE-5706-40EA-9F6E-62C6BFF04DFC}: NameServer = 80.118.192.100,80.118.196.36
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B7AD884B-CCB5-4D8E-8137-19079D3267A8}: NameServer = 192.168.1.1
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Unknown owner - C:\Program Files\Inventel\Add-on\wlancfg.exe (file missing)
    0
  16. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    bonjour, tu fais ce qui suit , merci

    1) Fixer les lignes

    .Tu fermes tout les programmes ouverts y compris le navigateur. sauf ton anti-virus et pare-feux
    .Lances HijackThis
    .Cliques sur "Do a system scan only"
    .Tu coches les lignes suivantes :
    R3 - Default URLSearchHook is missing
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O3 - Toolbar: (no name) - {C48F0939-992C-45C8-A9C2-B97A22D9B4BD} - (no file)
    O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
    O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)


    .Tu cliques sur "Fix Checked"
    .Tu fermes HijackThis

    des expliquations en images : http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm

    2) passes OTCleanIT

    Télécharge OTCleanIT d’Old Timer.
    http://www.geekstogo.com/forum/files/file/403-otc-oldtimers-clean-it/
    si ce lien ne marche pas essais avec celui-ci: http://www.geekstogo.com/forum/files/file/399-ots-oldtimers-system-scanner/
    Enregistre le fichier sur ton bureau.

    Double clique " si tu es sous vista cliques droit et en tant que administrateursur " OTCleanit.exe pour l’exécuter.
    Clique sur CleanUp !.
    Le logiciel va te demander de commencer l’analyse. Accepte.

    Il te sera demandé le redémarrage de ton PC pour finir la suppression des fichiers et supprimer également OTCleanIT. Accepte.

    3) passes ccleaner avec les réglages donnés je ne te donnes pas pour l'installer car je vois que tu est déjà avec et en automatique pour le nettoyage !!

    .double-cliques sur l'icône de Ccleaner pour l'ouvrir
    .une fois ouvert tu cliques sur option et puis avancé
    .tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 24 heures
    .cliques sur nettoyeur
    .cliques sur windows et dans la colonne avancé
    .cochesla première case vieilles données du perfetch que celle-la
    .cliques sur analyse une fois l'analyse terminé
    .cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vériffis en appuiant de nouveau sur analyse pour être sur qu'il n'y est plus rien
    .cliques maintenant sur registre et puis sur rechercher les erreurs
    .laisses tout cochées et cliques sur réparrer les erreurs sélectionnées
    .il te demande de sauvegarder OUI
    .tu lui donnes un nom pour pouvoir la retrouver et enregistre
    .cliques sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
    .il supprime et fermer tu vériffis en relancant rechercher les erreurs
    .tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
    .tu peux fermer Ccleaner

    pour aider si besion tutoriel: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

    ou plus ici: http://www.lescofofides.fr/forum/viewtopic.php?f=30&t=96

    4) et si plus de problème il restera le sujet à mettre en résolu et à purger la restauration système
    0
  17. balto64 Messages postés 81 Date d'inscription   Statut Membre Dernière intervention  
     
    il semble que ça va comment mettre le sujet en résolu et purger la restauration système
    0
  18. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    ok pour mettre en résolu regarde au niveau de ton premier message en haut tu as la possibilité de cocher résolu !!

    sinon nune chose que j'ai oublié de de dire c'est de mettre ton IE à jour avec IE 8 http://www.microsoft.com/downloads/details.aspx?FamilyID=341c2ad5-8c3d-4347-8c03-08cdecd8852b&DisplayLang=fr

    Après une désinfection il est utile de supprimer tous les points de restauration système de façon à ne pas remonter, par mégarde, un point de restauration infecté.

    Pour cela, il faut désactiver la restauration système (ce qui aura pour conséquence de supprimer tous les points de restauration existants) puis la réactiver juste après pour que Windows continue à faire des points de sauvegarde réguliers.

    Supprimer les anciens points de restauration : System Volume Information\_restore

    (1) Désactiver la Restauration du système

    cliques sur Démarrer
    Cliques droit sur Poste de travail
    cliques sur Propriétés
    Cliques sur l'onglet Restauration du système
    Coches Désactiver la Restauration du système sur tous les lecteurs
    Cliques sur Appliquer, Lorsque le message de confirmation apparaît,
    cliques sur Oui.
    Cliques sur OK.

    (2) Activer la Restauration du système

    cliques sur Démarrer
    Cliques droit sur Poste de travail
    cliques sur Propriétés
    Cliques sur l'onglet Restauration du système
    Décoches Désactiver la Restauration du système sur tous les lecteurs
    Cliques sur Appliquer, Lorsque le message de confirmation apparaît,
    cliques sur Oui.
    Cliques sur OK.

    (3) Créer un point de restauration

    .cliquer sur démarrer
    .cliquer sur tous les programmes
    .cliquer sur accessoires
    .cliquer sur outils système
    .cliquer sur restauration du système
    .sur la fenêtre qui s'ouvre cocher créer un point de restauration
    .cliquer sur suivant
    .dans la fenêtre description du point de restauration lui donner un nom explisitede façon à savoir à quoi il correspond
    .cliquer sur céer
    .une fois que la page s'affiche avec en haut sur gauche le nom et l'heure de ton point de restauration fermes la fenêtre

    0
    1. balto64 Messages postés 81 Date d'inscription   Statut Membre Dernière intervention  
       
      Je ne perds pas mes favoris en mettant a jour avec IE 8 ?
      0
  19. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    non il se réinstalles par dessus sans rien changer
    perso j'ai même trouver la solution pour pas perdre mes favorie de IE en cas de plantage du pc et de réinstallation usine
    0
    1. balto64 Messages postés 81 Date d'inscription   Statut Membre Dernière intervention  
       
      ok ! j'ai une autre question dois-je supprimer les logiciels qui ont servis pour la desinfection ?
      0
  20. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    normalement OTCleanIT devrait les avoir supprimé ??
    0
  21. balto64 Messages postés 81 Date d'inscription   Statut Membre Dernière intervention  
     
    sur le bureau il reste List_Kill'em et RSIT, peux-tu me dire si mon antivirus Avira antivir personal est efficace
    dois-je garder
    Malwarebytes' Anti-Malware,
    Spyware Terminator,
    SUPERAntiSpyware Free Edition,
    CCleaner sur mon Pc que me conseilles-tu? et encore merci pour ton aide
    0
  • 1
  • 2