Publicité qui commenceà faire chier.
gege89
Messages postés
326
Statut
Membre
-
gege89 Messages postés 326 Statut Membre -
gege89 Messages postés 326 Statut Membre -
Bonjour,
http://dl.free.fr/getfile.pl?file=/iBVzmSND
http://dl.free.fr/getfile.pl?file=/0irZCx8R
Voila quand j'ouvre moteur de recherche google et que je tape n'importe quoi j'ai toujours une fenetre publicitaire qui apparait en bas a droite comment la supprimer?
http://dl.free.fr/getfile.pl?file=/iBVzmSND
http://dl.free.fr/getfile.pl?file=/0irZCx8R
Voila quand j'ouvre moteur de recherche google et que je tape n'importe quoi j'ai toujours une fenetre publicitaire qui apparait en bas a droite comment la supprimer?
A voir également:
- Publicité qui commenceà faire chier.
- Supprimer publicité - Guide
- Bloquer publicité youtube - Accueil - Streaming
- Publicité sms - Guide
- Comment supprimer une publicité sur facebook - Guide
- Musique qui commence doucement puis accélère techno - Forum Musique / Radio / Clip
18 réponses
bonjour
fais ceci pour un diagnostic complet du PC :
Télécharge ZHPDiag ( de Nicolas coolman ).
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )
Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista )
Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.
Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.
Rend toi sur Cjoint : http://www.cijoint.fr/
Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "
Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau
Clique ensuite sur "Créer le lien cjoint " et copie/colle le dans ton prochain message
fais ceci pour un diagnostic complet du PC :
Télécharge ZHPDiag ( de Nicolas coolman ).
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )
Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista )
Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.
Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.
Rend toi sur Cjoint : http://www.cijoint.fr/
Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "
Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau
Clique ensuite sur "Créer le lien cjoint " et copie/colle le dans ton prochain message
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ok
plusieurs choses...
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)
▶ Télécharge et installe List&Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
coche la case "creer une icone sur le bureau"
une fois terminée , clic sur "terminer" et le programme se lancer seul
choisis la langue puis choisis l'option 1 = Mode Recherche
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
tu peux supprimer le rapport catchme.log de ton bureau maintenant.
plusieurs choses...
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)
▶ Télécharge et installe List&Kill'em et enregistre le sur ton bureau
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
coche la case "creer une icone sur le bureau"
une fois terminée , clic sur "terminer" et le programme se lancer seul
choisis la langue puis choisis l'option 1 = Mode Recherche
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.
▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
tu peux supprimer le rapport catchme.log de ton bureau maintenant.
c'est dingue cette pub sur google quand je fais des recherches dans ce moteur de recherche,ta une idée?
Merci d'essayer de m'aider.
List'em by g3n-h@ckm@n 1.2.5.3
User : JEANNETFOOT (Administrateurs)
Update on 19/02/2010 by g3n-h@ckm@n ::::: 13.15
Start at: 09:02:53 | 21/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7
AMD Sempron(tm) Processor 3000+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1368 [VPS 100220-1] 4.8.1368 [ (!) Disabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 29,99 Go (16,41 Go free) [HDD] | NTFS
D:\ -> Disque fixe local | 113,04 Go (38,92 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque CD-ROM
K:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Documents and Settings\JEANNETFOOT\Local Settings\Application Data\WahOO\WahOO.exe
C:\Program Files\FlashMute\FlashMute.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\alg.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\TV Orange\TV_Orange.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Documents and Settings\JEANNETFOOT\Local Settings\Temp\D2.tmp\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WahOO REG_SZ "D:\Documents and Settings\JEANNETFOOT\Local Settings\Application Data\WahOO\WahOO.exe" silent
FlashMute REG_SZ C:\Program Files\FlashMute\FlashMute.exe
H/PC Connection Agent REG_SZ "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
SpywareTerminatorUpdate REG_SZ "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
SoundMan REG_SZ SOUNDMAN.EXE
ATIPTA REG_SZ "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
ACTIVBOARD REG_SZ c:\apps\ABoard\ABoard.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
LogitechCommunicationsManager REG_SZ "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
<NO NAME> REG_SZ
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
SpywareTerminator REG_SZ "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoExpandedNewMenu REG_DWORD 1 (0x1)
ClearRecentDocsOnExit REG_DWORD 1 (0x1)
NoRecycleFiles REG_DWORD 1 (0x1)
NoDriveTypeAutoRun REG_BINARY 95000000
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoCDBurning REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ 1046850803166
DefaultUserName REG_SZ JEANNETFOOT
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 1
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 0 (0x0)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ JEANNETFOOT
AltDefaultDomainName REG_SZ 1046850803166
AutoAdminLogon REG_SZ 1
Background REG_SZ 0 0 0
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%ProgramFiles%\AOL 9.0\aol.exe REG_SZ %ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL
%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe REG_SZ %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA
%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe REG_SZ %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:PANDORA
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\APPS\Inventime\my.exe REG_SZ C:\APPS\Inventime\my.exe:*:Enabled:INVENTIME
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\Program Files\WinFax eXPert\WinFax.exe REG_SZ C:\Program Files\WinFax eXPert\WinFax.exe:*:Enabled:Winfax
C:\Program Files\WinFax eXPert\BvrpKrnl.exe REG_SZ C:\Program Files\WinFax eXPert\BvrpKrnl.exe:*:Enabled:Bvrpkrnl
C:\Program Files\PC-Telephone\PCTel.exe REG_SZ C:\Program Files\PC-Telephone\PCTel.exe:*:Enabled:PC-Telephone Executable
C:\Program Files\Internet Explorer\IEXPLORE.EXE REG_SZ C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer
C:\Program Files\adslTV\vlc.exe REG_SZ C:\Program Files\adslTV\vlc.exe:*:Enabled:VLC media player
C:\Program Files\adslTV\adsltv.exe REG_SZ C:\Program Files\adslTV\adsltv.exe:*:Enabled:adsltv
C:\Program Files\TeamViewer\Version4\TeamViewer.exe REG_SZ C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Application de pilotage à distance TeamViewer
C:\Program Files\Java\jre6\bin\java.exe REG_SZ C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary
D:\Documents and Settings\JEANNETFOOT\Local Settings\Temporary Internet Files\Content.IE5\GNINWNED\friptv-0.20-cvs_pack_porciello.com[1]\friptv\friptv.exe REG_SZ D:\Documents and Settings\JEANNETFOOT\Local Settings\Temporary Internet Files\Content.IE5\GNINWNED\friptv-0.20-cvs_pack_porciello.com[1]\friptv\friptv.exe:*:Enabled:friptv
D:\Documents and Settings\JEANNETFOOT\Local Settings\Temporary Internet Files\Content.IE5\ATR09WZY\friptv-0.20-cvs_pack_porciello.com[1]\friptv\friptv.exe REG_SZ D:\Documents and Settings\JEANNETFOOT\Local Settings\Temporary Internet Files\Content.IE5\ATR09WZY\friptv-0.20-cvs_pack_porciello.com[1]\friptv\friptv.exe:*:Enabled:friptv
C:\Program Files\VideoLAN\VLC\vlc.exe REG_SZ C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player
C:\Program Files\Java\jre6\bin\javaw.exe REG_SZ C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary
C:\Program Files\Microsoft ActiveSync\wcescomm.exe REG_SZ C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe REG_SZ C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application
C:\Program Files\MultiProxy\MProxy.exe REG_SZ C:\Program Files\MultiProxy\MProxy.exe:*:Enabled:MultiProxy personal proxy server
C:\Program Files\AnalogX\Proxy\proxy.exe REG_SZ C:\Program Files\AnalogX\Proxy\proxy.exe:*:Enabled:proxy
C:\Program Files\A4Proxy\A4Proxy.exe REG_SZ C:\Program Files\A4Proxy\A4Proxy.exe:*:Enabled:Anonymity 4 Proxy Application
C:\Program Files\PeerTV\PeerCast.exe REG_SZ C:\Program Files\PeerTV\PeerCast.exe:*:Enabled:PeerCast
C:\Program Files\PeerTV\VLC\vlc.exe REG_SZ C:\Program Files\PeerTV\VLC\vlc.exe:*:Enabled:VLC media player
C:\Program Files\TVUPlayer\TVUPlayer.exe REG_SZ C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component
C:\Program Files\Zattoo\zattood.exe REG_SZ C:\Program Files\Zattoo\zattood.exe:*:Enabled:zattood
C:\Program Files\Zattoo\Zattoo2.exe REG_SZ C:\Program Files\Zattoo\Zattoo2.exe:*:Enabled:
C:\Program Files\Vuze\Azureus.exe REG_SZ C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus
C:\Program Files\Babelgum\babelgum.exe REG_SZ C:\Program Files\Babelgum\babelgum.exe:*:Enabled:Babelgum Beta
C:\Program Files\PPLive\PPLive.exe REG_SZ C:\Program Files\PPLive\PPLive.exe:*:Enabled:PPLive
C:\Program Files\SwarmPlayer\swarmplayer.exe REG_SZ C:\Program Files\SwarmPlayer\swarmplayer.exe:*:Enabled:swarmplayer
C:\Program Files\SopCast\adv\SopAdver.exe REG_SZ C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver
C:\Program Files\SopCast\SopCast.exe REG_SZ C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
C:\Program Files\Joost\xulrunner\tvprunner.exe REG_SZ C:\Program Files\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner
C:\WINDOWS\system32\java.exe REG_SZ C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary
D:\Documents and Settings\JEANNETFOOT\Bureau\iMule-1.3.5\iMule-1.3.5\imule.exe REG_SZ D:\Documents and Settings\JEANNETFOOT\Bureau\iMule-1.3.5\iMule-1.3.5\imule.exe:*:Enabled:imule
C:\Program Files\eMule\Incoming\iMule-135\iMule-1.3.5\imule.exe REG_SZ C:\Program Files\eMule\Incoming\iMule-135\iMule-1.3.5\imule.exe:*:Enabled:imule
C:\Program Files\Kommute\kommute.exe REG_SZ C:\Program Files\Kommute\kommute.exe:*:Enabled:kommute
C:\Program Files\uTorrent\uTorrent.exe REG_SZ C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
D:\Documents and Settings\JEANNETFOOT\Bureau\imule_imule_1.3.5_francais_281298\iMule-1.3.5\imule.exe REG_SZ D:\Documents and Settings\JEANNETFOOT\Bureau\imule_imule_1.3.5_francais_281298\iMule-1.3.5\imule.exe:*:Enabled:imule
C:\Program Files\SHARE 1.0 EX2\Share.exe REG_SZ C:\Program Files\SHARE 1.0 EX2\Share.exe:*:Enabled:Share
C:\Program Files\StealthNet\stealthnet.exe REG_SZ C:\Program Files\StealthNet\stealthnet.exe:*:Enabled:StealthNet
C:\Program Files\Zattoo\Zattoo.exe REG_SZ C:\Program Files\Zattoo\Zattoo.exe:*:Enabled:
C:\Program Files\MSN Messenger\msnmsgr.exe REG_SZ C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
C:\WINDOWS\system32\dpvsetup.exe REG_SZ C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
C:\WINDOWS\system32\rundll32.exe REG_SZ C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application
D:\Documents and Settings\JEANNETFOOT\temp\TeamViewer\Version4\TeamViewer.exe REG_SZ D:\Documents and Settings\JEANNETFOOT\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application
C:\Program Files\IncrediMail\Bin\IncMail.exe REG_SZ C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\Bin\ImApp.exe REG_SZ C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\Bin\ImpCnt.exe REG_SZ C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail
C:\WINDOWS\system32\[Emoticons-plus.com] Winkaa 2.0.exe REG_SZ C:\WINDOWS\system32\[Emoticons-plus.com] Winkaa 2.0.exe:*:Enabled:[Emoticons-plus.com] Winkaa 2.0
C:\WINDOWS\system32\mcoinstall.exe REG_SZ C:\WINDOWS\system32\mcoinstall.exe:*:Enabled:mcoinstall
D:\Documents and Settings\JEANNETFOOT\Local Settings\Temporary Internet Files\Content.IE5\EMY55XGI\mcoview[1].exe REG_SZ D:\Documents and Settings\JEANNETFOOT\Local Settings\Temporary Internet Files\Content.IE5\EMY55XGI\mcoview[1].exe:*:Enabled:mcoview[1]
D:\Documents and Settings\JEANNETFOOT\Mes documents\mcoview.exe REG_SZ D:\Documents and Settings\JEANNETFOOT\Mes documents\mcoview.exe:*:Enabled:mcoview
C:\Program Files\DMV\MaxTV4\core\maxtv_xul.exe REG_SZ C:\Program Files\DMV\MaxTV4\core\maxtv_xul.exe:*:Enabled:MaxTV
C:\Program Files\DMV\MaxTV4\maxtv.exe REG_SZ C:\Program Files\DMV\MaxTV4\maxtv.exe:*:Enabled:MaxTV Framework
C:\Program Files\DMV\MaxTV4\recorder.exe REG_SZ C:\Program Files\DMV\MaxTV4\recorder.exe:*:Enabled:MaxTV Recorder
C:\Program Files\CounterPath\X-Lite\x-lite.exe REG_SZ C:\Program Files\CounterPath\X-Lite\x-lite.exe:*:Enabled:X-Lite
C:\Program Files\Gizmo5\mDNSResponder.exe REG_SZ C:\Program Files\Gizmo5\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\Gizmo5\Gizmo5.exe REG_SZ C:\Program Files\Gizmo5\Gizmo5.exe:*:Enabled:Gizmo5
C:\APPS\skype\Plugin Manager\skypePM.exe REG_SZ C:\APPS\skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
C:\APPS\skype\Phone\Skype.exe REG_SZ C:\APPS\skype\Phone\Skype.exe:*:Enabled:Skype
D:\Documents and Settings\JEANNETFOOT\Local Settings\Temp\Streamy_4.0_beta_M4.win32.win32.x86\Streamy\streamy.exe REG_SZ D:\Documents and Settings\JEANNETFOOT\Local Settings\Temp\Streamy_4.0_beta_M4.win32.win32.x86\Streamy\streamy.exe:*:Enabled:streamy
C:\Program Files\Spotify\spotify.exe REG_SZ C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify
C:\Program Files\Real\RealPlayer\realplay.exe REG_SZ C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
C:\Program Files\Universal Share Downloader\USDownloader.exe REG_SZ C:\Program Files\Universal Share Downloader\USDownloader.exe:*:Enabled:Universal Share Downloader
C:\Program Files\Megaupload\Mega Manager\MegaManager.exe REG_SZ C:\Program Files\Megaupload\Mega Manager\MegaManager.exe:*:Enabled:Mega Manager
D:\Documents and Settings\JEANNETFOOT\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe REG_SZ D:\Documents and Settings\JEANNETFOOT\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client
C:\Program Files\Opera\opera.exe REG_SZ C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser
C:\Program Files\Xi\NetXfer\NetTransport.exe REG_SZ C:\Program Files\Xi\NetXfer\NetTransport.exe:*:Enabled:NetXfer Download Manager
C:\Program Files\ma-config.com\maconfservice.exe REG_SZ C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe REG_SZ C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe:*:Enabled:Windows Internet Name Service
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\MSN Messenger\msnmsgr.exe REG_SZ C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{00000055-9980-0010-8000-00AA00389B71}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CCA191D-13A6-4E29-B746-314DEE697D83}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{644E432F-49D3-41A1-8DD5-E099162EEEC5}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{80DD2229-B8E4-4C77-B72F-F22972D723EA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{9DF1C00D-8426-4337-972C-DC042D19A916}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}
===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{083B525C-075A-8303-1EA5-6F7C285145FC}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3F7924B9-D148-3141-87B1-68F36043A940}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{74C4EB57-E71A-9FA3-8D89-22F14191193F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{83B80A9C-D91A-4F22-8DCF-EA7204039F79}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{BE8A4424-DC23-4493-A04D-AC20AD8EEBC2}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DFC29618-7A64-4F20-83D1-6E538E7FC57D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.fr/?gws_rd=ssl
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: D:\Documents and Settings\JEANNETFOOT\Local Settings\Temp\D2.tmp
## D:\> hashdeep C:\WINDOWS\System32\Drivers\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\System32\Drivers\atapi.sys
Sources
=======
Référence :
==========
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
=======
Drive :
=======
D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
113 Go total, 38,94 Go libre (34%), 0% fragment‚ (fragmentation du fichier 0%)
Il ne vous est pas n‚cessaire de d‚fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Program Files\AskSearch
Present !! : C:\Program Files\Internet Explorer\fxavx.ini
Present !! : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Present !! : C:\WINDOWS\System32\_*.dll
Present !! : C:\WINDOWS\System32\drivers\lvuvc.hs"
Present !! : C:\WINDOWS\System32\dumphive.exe"
Present !! : C:\WINDOWS\System32\Process.exe
Present !! : C:\WINDOWS\System32\SrchSTS.exe
Present !! : C:\WINDOWS\System32\tmp.reg"
Present !! : C:\WINDOWS\System32\VCCLSID.exe
Present !! : C:\WINDOWS\System32\WS2Fix.exe
Present !! : D:\Documents and Settings\JEANNETFOOT\Application Data\drivers
Present !! : D:\Documents and Settings\JEANNETFOOT\Local Settings\Temp\hp.7z
Present !! : D:\Documents and Settings\JEANNETFOOT\Local Settings\Temp\IP
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecycleFiles
Present !! : HKEY_USERS\S-1-5-21-3638438365-3339198277-660548392-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecycleFiles
Present !! : "HKCU\Software\Local AppWizard-Generated Applications\winupgro"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCU\Software\SweetIM
Present !! : HKLM\SOFTWARE\SweetIM
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_IPRIP
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NPF
Present !! : HKLM\SYSTEM\ControlSet003\Enum\Root\Legacy_IPRIP
Present !! : HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NPF
Present !! : HKLM\SYSTEM\ControlSet003\Services\Iprip
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_IPRIP
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NPF
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-21 09:16:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
? [5268]
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:c4,58,22,32,68,73,22,c8,fd,33,b3,8b,96,8d,dd,ff,83,dd,25,b0,d9,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,2a,13,66,23,f5,6f,76,26,36,8a,c9,16,5a,8c,00,ec,0c,..
"hdf12"=hex:cb,92,89,c6,9a,ab,d8,a5,c9,90,f2,36,dc,a0,7a,08,80,bb,07,4d,7c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:8b,74,9e,e5,81,d4,af,6d,1d,34,94,b3,46,e2,83,47,6d,6e,2c,53,0f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:c4,58,22,32,68,73,22,c8,fd,33,b3,8b,96,8d,dd,ff,83,dd,25,b0,d9,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,2a,13,66,23,f5,6f,76,26,36,8a,c9,16,5a,8c,00,ec,0c,..
"hdf12"=hex:cb,92,89,c6,9a,ab,d8,a5,c9,90,f2,36,dc,a0,7a,08,80,bb,07,4d,7c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:8b,74,9e,e5,81,d4,af,6d,1d,34,94,b3,46,e2,83,47,6d,6e,2c,53,0f,..
scanning hidden registry entries ...
scanning hidden files ...
folder error: D:\Documents and Settings\JEANNETFOOT
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85BD41F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x85bd41f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
==========
Programs
==========
7-Zip
a-squared Free
A4Proxy
Adobe
adslTV
AGICS
Ahead
Alliance MCA
Alwil Software
AMD
AnalogX
Anti Trojan Elite
Antipub
AskSearch
Avanquest update
AvantGo Connect
Avidemux 2.5
burnatonce
Canon
CanonBJ
CCleaner
Change Extension
Common Files
CoreCodec
CounterPath
CyberLink
DAEMON Tools Lite
deo
DivX
DMV
Dnote Software
EasyPrediction
Emoticons-plus.com
eMule
Fichiers communs
FlashMute
Free FLV Converter
GetASFStream
GMixon
Google
GSplit
Haali
InstallShield Installation Information
Internet Explorer
Inventel
Ipulp
Java
jv16 PowerTools
Learn2.com
List_Kill'em
LiveRadio
Logitech
ma-config.com
Malwarebytes' Anti-Malware
MediaCoder
Megaupload
Messenger
Microsoft ActiveSync
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Office
Microsoft Silverlight
Microsoft.NET
Movie Maker
Mozilla Firefox
MSBuild
MSN Gaming Zone
MSN Messenger
MSNFix
MSXML 4.0
MSXML 6.0
MultiProxy
MUTE_incoming_hashes
MUTE_INTERNAL
Navilog1
Navman
Net-Commando 2000
NetMeeting
Odebit Multim‚dia
Online TV Player 4
OpenOffice.org 3
Opera
Orange
Ord-ixSofts
Outlook Express
Pamela
PeerTV
PhotoFiltre
Picasa2
POI-Warner 3 GoPal Edition
PPLive
ProgDVB
QuickTime
Radio Fr Solo
Real
Reference Assemblies
RelayFax
RogueRemover FREE
Samsung
Seagrand
Securitoo
Services en ligne
Sonic
Spotify
Spybot - Search & Destroy
Spyware Terminator
StealthNet
SwarmPlayer
TeamViewer
Tomtomax Maxi-Box
trend micro
Trojan Killer
TubeMaster++
TV Orange
TVPlayerClassic
Ulead Systems
UnHackMe
Uninstall Information
Universal Share Downloader
URL2JPEG
uTorrent
V3CallCenter
VideoLAN
Wanadoo
Winamp
Windows Live SkyDrive
Windows Media Components
Windows Media Connect 2
Windows Media Player
Windows NT
WinRAR
xerox
Xi
Zattoo
ZHPDiag
============
Drive D:
============
089ca8240aa6395ed2
357a8983bf69290e7a502e468fea
3d230c4a11d3a1786ab8362b5b06
8ecde9f7867c0bc06c535fe7e3250a
91e5a9d7c7e5c11ca784
a9d5d3e040d68c7c68fd
Avenger c16867f3e5f4d5f50902 c2df3795b3391678d720bc
Config.Msi
ConvertTemp
Documents and Settings
Erase5E5.tmp
ffastun.ffa
ffastun.ffl
ffastun.ffo
ffastun0.ffx
film
film2
FILMS
found.000
Kill'em
List'em.txt
MSOCache
ntuser.dat
ntuser.dat.LOG
orange.bmp
Pigalle, la nuit
Program Files
RECYCLER
sqmdata00.sqm
sqmdata01.sqm
sqmdata02.sqm
sqmnoopt00.sqm
sqmnoopt01.sqm
sqmnoopt02.sqm
System Volume Information
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials
C:\Program Files\CyberLink\Shared Files\CLML_NTService\Install.exe
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 9:22:35,62
Merci d'essayer de m'aider.
List'em by g3n-h@ckm@n 1.2.5.3
User : JEANNETFOOT (Administrateurs)
Update on 19/02/2010 by g3n-h@ckm@n ::::: 13.15
Start at: 09:02:53 | 21/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7
AMD Sempron(tm) Processor 3000+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1368 [VPS 100220-1] 4.8.1368 [ (!) Disabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 29,99 Go (16,41 Go free) [HDD] | NTFS
D:\ -> Disque fixe local | 113,04 Go (38,92 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque CD-ROM
K:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Documents and Settings\JEANNETFOOT\Local Settings\Application Data\WahOO\WahOO.exe
C:\Program Files\FlashMute\FlashMute.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\alg.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\TV Orange\TV_Orange.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Documents and Settings\JEANNETFOOT\Local Settings\Temp\D2.tmp\pv.exe
======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WahOO REG_SZ "D:\Documents and Settings\JEANNETFOOT\Local Settings\Application Data\WahOO\WahOO.exe" silent
FlashMute REG_SZ C:\Program Files\FlashMute\FlashMute.exe
H/PC Connection Agent REG_SZ "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
SpywareTerminatorUpdate REG_SZ "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
SoundMan REG_SZ SOUNDMAN.EXE
ATIPTA REG_SZ "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
ACTIVBOARD REG_SZ c:\apps\ABoard\ABoard.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
LogitechCommunicationsManager REG_SZ "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
<NO NAME> REG_SZ
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
SpywareTerminator REG_SZ "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoExpandedNewMenu REG_DWORD 1 (0x1)
ClearRecentDocsOnExit REG_DWORD 1 (0x1)
NoRecycleFiles REG_DWORD 1 (0x1)
NoDriveTypeAutoRun REG_BINARY 95000000
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoCDBurning REG_DWORD 0 (0x0)
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell REG_DWORD 1 (0x1)
DefaultDomainName REG_SZ 1046850803166
DefaultUserName REG_SZ JEANNETFOOT
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 1
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
ShutdownWithoutLogon REG_SZ 0
System REG_SZ
Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
SfcQuota REG_DWORD -1 (0xffffffff)
allocatecdroms REG_SZ 0
allocatedasd REG_SZ 0
allocatefloppies REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
scremoveoption REG_SZ 0
AllowMultipleTSSessions REG_DWORD 0 (0x0)
UIHost REG_EXPAND_SZ logonui.exe
LogonType REG_DWORD 1 (0x1)
DebugServerCommand REG_SZ no
SFCDisable REG_DWORD 0 (0x0)
WinStationsDisabled REG_SZ 0
HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
ShowLogonOptions REG_DWORD 0 (0x0)
AltDefaultUserName REG_SZ JEANNETFOOT
AltDefaultDomainName REG_SZ 1046850803166
AutoAdminLogon REG_SZ 1
Background REG_SZ 0 0 0
===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]
===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ
===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%ProgramFiles%\AOL 9.0\aol.exe REG_SZ %ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL
%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe REG_SZ %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA
%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe REG_SZ %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:PANDORA
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\APPS\Inventime\my.exe REG_SZ C:\APPS\Inventime\my.exe:*:Enabled:INVENTIME
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\Program Files\WinFax eXPert\WinFax.exe REG_SZ C:\Program Files\WinFax eXPert\WinFax.exe:*:Enabled:Winfax
C:\Program Files\WinFax eXPert\BvrpKrnl.exe REG_SZ C:\Program Files\WinFax eXPert\BvrpKrnl.exe:*:Enabled:Bvrpkrnl
C:\Program Files\PC-Telephone\PCTel.exe REG_SZ C:\Program Files\PC-Telephone\PCTel.exe:*:Enabled:PC-Telephone Executable
C:\Program Files\Internet Explorer\IEXPLORE.EXE REG_SZ C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer
C:\Program Files\adslTV\vlc.exe REG_SZ C:\Program Files\adslTV\vlc.exe:*:Enabled:VLC media player
C:\Program Files\adslTV\adsltv.exe REG_SZ C:\Program Files\adslTV\adsltv.exe:*:Enabled:adsltv
C:\Program Files\TeamViewer\Version4\TeamViewer.exe REG_SZ C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Application de pilotage à distance TeamViewer
C:\Program Files\Java\jre6\bin\java.exe REG_SZ C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary
D:\Documents and Settings\JEANNETFOOT\Local Settings\Temporary Internet Files\Content.IE5\GNINWNED\friptv-0.20-cvs_pack_porciello.com[1]\friptv\friptv.exe REG_SZ D:\Documents and Settings\JEANNETFOOT\Local Settings\Temporary Internet Files\Content.IE5\GNINWNED\friptv-0.20-cvs_pack_porciello.com[1]\friptv\friptv.exe:*:Enabled:friptv
D:\Documents and Settings\JEANNETFOOT\Local Settings\Temporary Internet Files\Content.IE5\ATR09WZY\friptv-0.20-cvs_pack_porciello.com[1]\friptv\friptv.exe REG_SZ D:\Documents and Settings\JEANNETFOOT\Local Settings\Temporary Internet Files\Content.IE5\ATR09WZY\friptv-0.20-cvs_pack_porciello.com[1]\friptv\friptv.exe:*:Enabled:friptv
C:\Program Files\VideoLAN\VLC\vlc.exe REG_SZ C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player
C:\Program Files\Java\jre6\bin\javaw.exe REG_SZ C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary
C:\Program Files\Microsoft ActiveSync\wcescomm.exe REG_SZ C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe REG_SZ C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application
C:\Program Files\MultiProxy\MProxy.exe REG_SZ C:\Program Files\MultiProxy\MProxy.exe:*:Enabled:MultiProxy personal proxy server
C:\Program Files\AnalogX\Proxy\proxy.exe REG_SZ C:\Program Files\AnalogX\Proxy\proxy.exe:*:Enabled:proxy
C:\Program Files\A4Proxy\A4Proxy.exe REG_SZ C:\Program Files\A4Proxy\A4Proxy.exe:*:Enabled:Anonymity 4 Proxy Application
C:\Program Files\PeerTV\PeerCast.exe REG_SZ C:\Program Files\PeerTV\PeerCast.exe:*:Enabled:PeerCast
C:\Program Files\PeerTV\VLC\vlc.exe REG_SZ C:\Program Files\PeerTV\VLC\vlc.exe:*:Enabled:VLC media player
C:\Program Files\TVUPlayer\TVUPlayer.exe REG_SZ C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component
C:\Program Files\Zattoo\zattood.exe REG_SZ C:\Program Files\Zattoo\zattood.exe:*:Enabled:zattood
C:\Program Files\Zattoo\Zattoo2.exe REG_SZ C:\Program Files\Zattoo\Zattoo2.exe:*:Enabled:
C:\Program Files\Vuze\Azureus.exe REG_SZ C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus
C:\Program Files\Babelgum\babelgum.exe REG_SZ C:\Program Files\Babelgum\babelgum.exe:*:Enabled:Babelgum Beta
C:\Program Files\PPLive\PPLive.exe REG_SZ C:\Program Files\PPLive\PPLive.exe:*:Enabled:PPLive
C:\Program Files\SwarmPlayer\swarmplayer.exe REG_SZ C:\Program Files\SwarmPlayer\swarmplayer.exe:*:Enabled:swarmplayer
C:\Program Files\SopCast\adv\SopAdver.exe REG_SZ C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver
C:\Program Files\SopCast\SopCast.exe REG_SZ C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
C:\Program Files\Joost\xulrunner\tvprunner.exe REG_SZ C:\Program Files\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner
C:\WINDOWS\system32\java.exe REG_SZ C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary
D:\Documents and Settings\JEANNETFOOT\Bureau\iMule-1.3.5\iMule-1.3.5\imule.exe REG_SZ D:\Documents and Settings\JEANNETFOOT\Bureau\iMule-1.3.5\iMule-1.3.5\imule.exe:*:Enabled:imule
C:\Program Files\eMule\Incoming\iMule-135\iMule-1.3.5\imule.exe REG_SZ C:\Program Files\eMule\Incoming\iMule-135\iMule-1.3.5\imule.exe:*:Enabled:imule
C:\Program Files\Kommute\kommute.exe REG_SZ C:\Program Files\Kommute\kommute.exe:*:Enabled:kommute
C:\Program Files\uTorrent\uTorrent.exe REG_SZ C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
D:\Documents and Settings\JEANNETFOOT\Bureau\imule_imule_1.3.5_francais_281298\iMule-1.3.5\imule.exe REG_SZ D:\Documents and Settings\JEANNETFOOT\Bureau\imule_imule_1.3.5_francais_281298\iMule-1.3.5\imule.exe:*:Enabled:imule
C:\Program Files\SHARE 1.0 EX2\Share.exe REG_SZ C:\Program Files\SHARE 1.0 EX2\Share.exe:*:Enabled:Share
C:\Program Files\StealthNet\stealthnet.exe REG_SZ C:\Program Files\StealthNet\stealthnet.exe:*:Enabled:StealthNet
C:\Program Files\Zattoo\Zattoo.exe REG_SZ C:\Program Files\Zattoo\Zattoo.exe:*:Enabled:
C:\Program Files\MSN Messenger\msnmsgr.exe REG_SZ C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
C:\WINDOWS\system32\dpvsetup.exe REG_SZ C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
C:\WINDOWS\system32\rundll32.exe REG_SZ C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application
D:\Documents and Settings\JEANNETFOOT\temp\TeamViewer\Version4\TeamViewer.exe REG_SZ D:\Documents and Settings\JEANNETFOOT\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application
C:\Program Files\IncrediMail\Bin\IncMail.exe REG_SZ C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\Bin\ImApp.exe REG_SZ C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\Bin\ImpCnt.exe REG_SZ C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail
C:\WINDOWS\system32\[Emoticons-plus.com] Winkaa 2.0.exe REG_SZ C:\WINDOWS\system32\[Emoticons-plus.com] Winkaa 2.0.exe:*:Enabled:[Emoticons-plus.com] Winkaa 2.0
C:\WINDOWS\system32\mcoinstall.exe REG_SZ C:\WINDOWS\system32\mcoinstall.exe:*:Enabled:mcoinstall
D:\Documents and Settings\JEANNETFOOT\Local Settings\Temporary Internet Files\Content.IE5\EMY55XGI\mcoview[1].exe REG_SZ D:\Documents and Settings\JEANNETFOOT\Local Settings\Temporary Internet Files\Content.IE5\EMY55XGI\mcoview[1].exe:*:Enabled:mcoview[1]
D:\Documents and Settings\JEANNETFOOT\Mes documents\mcoview.exe REG_SZ D:\Documents and Settings\JEANNETFOOT\Mes documents\mcoview.exe:*:Enabled:mcoview
C:\Program Files\DMV\MaxTV4\core\maxtv_xul.exe REG_SZ C:\Program Files\DMV\MaxTV4\core\maxtv_xul.exe:*:Enabled:MaxTV
C:\Program Files\DMV\MaxTV4\maxtv.exe REG_SZ C:\Program Files\DMV\MaxTV4\maxtv.exe:*:Enabled:MaxTV Framework
C:\Program Files\DMV\MaxTV4\recorder.exe REG_SZ C:\Program Files\DMV\MaxTV4\recorder.exe:*:Enabled:MaxTV Recorder
C:\Program Files\CounterPath\X-Lite\x-lite.exe REG_SZ C:\Program Files\CounterPath\X-Lite\x-lite.exe:*:Enabled:X-Lite
C:\Program Files\Gizmo5\mDNSResponder.exe REG_SZ C:\Program Files\Gizmo5\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\Gizmo5\Gizmo5.exe REG_SZ C:\Program Files\Gizmo5\Gizmo5.exe:*:Enabled:Gizmo5
C:\APPS\skype\Plugin Manager\skypePM.exe REG_SZ C:\APPS\skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
C:\APPS\skype\Phone\Skype.exe REG_SZ C:\APPS\skype\Phone\Skype.exe:*:Enabled:Skype
D:\Documents and Settings\JEANNETFOOT\Local Settings\Temp\Streamy_4.0_beta_M4.win32.win32.x86\Streamy\streamy.exe REG_SZ D:\Documents and Settings\JEANNETFOOT\Local Settings\Temp\Streamy_4.0_beta_M4.win32.win32.x86\Streamy\streamy.exe:*:Enabled:streamy
C:\Program Files\Spotify\spotify.exe REG_SZ C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify
C:\Program Files\Real\RealPlayer\realplay.exe REG_SZ C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
C:\Program Files\Universal Share Downloader\USDownloader.exe REG_SZ C:\Program Files\Universal Share Downloader\USDownloader.exe:*:Enabled:Universal Share Downloader
C:\Program Files\Megaupload\Mega Manager\MegaManager.exe REG_SZ C:\Program Files\Megaupload\Mega Manager\MegaManager.exe:*:Enabled:Mega Manager
D:\Documents and Settings\JEANNETFOOT\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe REG_SZ D:\Documents and Settings\JEANNETFOOT\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client
C:\Program Files\Opera\opera.exe REG_SZ C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser
C:\Program Files\Xi\NetXfer\NetTransport.exe REG_SZ C:\Program Files\Xi\NetXfer\NetTransport.exe:*:Enabled:NetXfer Download Manager
C:\Program Files\ma-config.com\maconfservice.exe REG_SZ C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe REG_SZ C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe:*:Enabled:Windows Internet Name Service
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\MSN Messenger\msnmsgr.exe REG_SZ C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{00000055-9980-0010-8000-00AA00389B71}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CCA191D-13A6-4E29-B746-314DEE697D83}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{644E432F-49D3-41A1-8DD5-E099162EEEC5}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{80DD2229-B8E4-4C77-B72F-F22972D723EA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{9DF1C00D-8426-4337-972C-DC042D19A916}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}
===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{083B525C-075A-8303-1EA5-6F7C285145FC}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3F7924B9-D148-3141-87B1-68F36043A940}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{74C4EB57-E71A-9FA3-8D89-22F14191193F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}
==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{83B80A9C-D91A-4F22-8DCF-EA7204039F79}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{BE8A4424-DC23-4493-A04D-AC20AD8EEBC2}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DFC29618-7A64-4F20-83D1-6E538E7FC57D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr/
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.fr/?gws_rd=ssl
========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Ndisuio : 0x3 ( OK = 3 )
SharedAccess : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
=========
Atapi.sys
=========
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: D:\Documents and Settings\JEANNETFOOT\Local Settings\Temp\D2.tmp
## D:\> hashdeep C:\WINDOWS\System32\Drivers\atapi.sys
##
95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\System32\Drivers\atapi.sys
Sources
=======
Référence :
==========
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
=======
Drive :
=======
D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.
Rapport d'analyse
113 Go total, 38,94 Go libre (34%), 0% fragment‚ (fragmentation du fichier 0%)
Il ne vous est pas n‚cessaire de d‚fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Present !! : C:\Program Files\AskSearch
Present !! : C:\Program Files\Internet Explorer\fxavx.ini
Present !! : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Present !! : C:\WINDOWS\System32\_*.dll
Present !! : C:\WINDOWS\System32\drivers\lvuvc.hs"
Present !! : C:\WINDOWS\System32\dumphive.exe"
Present !! : C:\WINDOWS\System32\Process.exe
Present !! : C:\WINDOWS\System32\SrchSTS.exe
Present !! : C:\WINDOWS\System32\tmp.reg"
Present !! : C:\WINDOWS\System32\VCCLSID.exe
Present !! : C:\WINDOWS\System32\WS2Fix.exe
Present !! : D:\Documents and Settings\JEANNETFOOT\Application Data\drivers
Present !! : D:\Documents and Settings\JEANNETFOOT\Local Settings\Temp\hp.7z
Present !! : D:\Documents and Settings\JEANNETFOOT\Local Settings\Temp\IP
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecycleFiles
Present !! : HKEY_USERS\S-1-5-21-3638438365-3339198277-660548392-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecycleFiles
Present !! : "HKCU\Software\Local AppWizard-Generated Applications\winupgro"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCU\Software\SweetIM
Present !! : HKLM\SOFTWARE\SweetIM
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_IPRIP
Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NPF
Present !! : HKLM\SYSTEM\ControlSet003\Enum\Root\Legacy_IPRIP
Present !! : HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NPF
Present !! : HKLM\SYSTEM\ControlSet003\Services\Iprip
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_IPRIP
Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NPF
============
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-21 09:16:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
? [5268]
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:c4,58,22,32,68,73,22,c8,fd,33,b3,8b,96,8d,dd,ff,83,dd,25,b0,d9,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,2a,13,66,23,f5,6f,76,26,36,8a,c9,16,5a,8c,00,ec,0c,..
"hdf12"=hex:cb,92,89,c6,9a,ab,d8,a5,c9,90,f2,36,dc,a0,7a,08,80,bb,07,4d,7c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:8b,74,9e,e5,81,d4,af,6d,1d,34,94,b3,46,e2,83,47,6d,6e,2c,53,0f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:c4,58,22,32,68,73,22,c8,fd,33,b3,8b,96,8d,dd,ff,83,dd,25,b0,d9,..
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,2a,13,66,23,f5,6f,76,26,36,8a,c9,16,5a,8c,00,ec,0c,..
"hdf12"=hex:cb,92,89,c6,9a,ab,d8,a5,c9,90,f2,36,dc,a0,7a,08,80,bb,07,4d,7c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:8b,74,9e,e5,81,d4,af,6d,1d,34,94,b3,46,e2,83,47,6d,6e,2c,53,0f,..
scanning hidden registry entries ...
scanning hidden files ...
folder error: D:\Documents and Settings\JEANNETFOOT
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85BD41F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x85bd41f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
==========
Programs
==========
7-Zip
a-squared Free
A4Proxy
Adobe
adslTV
AGICS
Ahead
Alliance MCA
Alwil Software
AMD
AnalogX
Anti Trojan Elite
Antipub
AskSearch
Avanquest update
AvantGo Connect
Avidemux 2.5
burnatonce
Canon
CanonBJ
CCleaner
Change Extension
Common Files
CoreCodec
CounterPath
CyberLink
DAEMON Tools Lite
deo
DivX
DMV
Dnote Software
EasyPrediction
Emoticons-plus.com
eMule
Fichiers communs
FlashMute
Free FLV Converter
GetASFStream
GMixon
GSplit
Haali
InstallShield Installation Information
Internet Explorer
Inventel
Ipulp
Java
jv16 PowerTools
Learn2.com
List_Kill'em
LiveRadio
Logitech
ma-config.com
Malwarebytes' Anti-Malware
MediaCoder
Megaupload
Messenger
Microsoft ActiveSync
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Office
Microsoft Silverlight
Microsoft.NET
Movie Maker
Mozilla Firefox
MSBuild
MSN Gaming Zone
MSN Messenger
MSNFix
MSXML 4.0
MSXML 6.0
MultiProxy
MUTE_incoming_hashes
MUTE_INTERNAL
Navilog1
Navman
Net-Commando 2000
NetMeeting
Odebit Multim‚dia
Online TV Player 4
OpenOffice.org 3
Opera
Orange
Ord-ixSofts
Outlook Express
Pamela
PeerTV
PhotoFiltre
Picasa2
POI-Warner 3 GoPal Edition
PPLive
ProgDVB
QuickTime
Radio Fr Solo
Real
Reference Assemblies
RelayFax
RogueRemover FREE
Samsung
Seagrand
Securitoo
Services en ligne
Sonic
Spotify
Spybot - Search & Destroy
Spyware Terminator
StealthNet
SwarmPlayer
TeamViewer
Tomtomax Maxi-Box
trend micro
Trojan Killer
TubeMaster++
TV Orange
TVPlayerClassic
Ulead Systems
UnHackMe
Uninstall Information
Universal Share Downloader
URL2JPEG
uTorrent
V3CallCenter
VideoLAN
Wanadoo
Winamp
Windows Live SkyDrive
Windows Media Components
Windows Media Connect 2
Windows Media Player
Windows NT
WinRAR
xerox
Xi
Zattoo
ZHPDiag
============
Drive D:
============
089ca8240aa6395ed2
357a8983bf69290e7a502e468fea
3d230c4a11d3a1786ab8362b5b06
8ecde9f7867c0bc06c535fe7e3250a
91e5a9d7c7e5c11ca784
a9d5d3e040d68c7c68fd
Avenger c16867f3e5f4d5f50902 c2df3795b3391678d720bc
Config.Msi
ConvertTemp
Documents and Settings
Erase5E5.tmp
ffastun.ffa
ffastun.ffl
ffastun.ffo
ffastun0.ffx
film
film2
FILMS
found.000
Kill'em
List'em.txt
MSOCache
ntuser.dat
ntuser.dat.LOG
orange.bmp
Pigalle, la nuit
Program Files
RECYCLER
sqmdata00.sqm
sqmdata01.sqm
sqmdata02.sqm
sqmnoopt00.sqm
sqmnoopt01.sqm
sqmnoopt02.sqm
System Volume Information
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials
C:\Program Files\CyberLink\Shared Files\CLML_NTService\Install.exe
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 9:22:35,62
plusieurs infections...
1)
▶ Relance List&Kill'em avec le raccourci sur ton bureau ,
mais cette fois-ci :
▶ choisis l'option 2 = Mode Suppression
laisse travailler l'outil.
en fin de scan un rapport s'ouvre
▶ colle le contenu dans ta reponse
.................
relances ensuite killem et choisis l'option 6 restore mbr
1)
▶ Relance List&Kill'em avec le raccourci sur ton bureau ,
mais cette fois-ci :
▶ choisis l'option 2 = Mode Suppression
laisse travailler l'outil.
en fin de scan un rapport s'ouvre
▶ colle le contenu dans ta reponse
.................
relances ensuite killem et choisis l'option 6 restore mbr
option 6 c'est quoi? j'ai toujours cette pub a la con en plus quand je clique dessus ca s'ouvre avec IE alors que je suis avec firefox?
Je suis désespéré, c'est quoi cette pub qui s'est incrustée?
Je suis désespéré, c'est quoi cette pub qui s'est incrustée?
Je suis désespéré, c'est quoi cette pub qui s'est incrustée
soies patient..
pour l'heure,fais l'option 6 de killen pour une infection mbr possible
soies patient..
pour l'heure,fais l'option 6 de killen pour une infection mbr possible
option2
User : JEANNETFOOT (Administrateurs)
Update on 19/02/2010 by g3n-h@ckm@n ::::: 13.15
Start at: 09:45:12 | 21/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7
AMD Sempron(tm) Processor 3000+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1368 [VPS 100220-1] 4.8.1368 [ (!) Disabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 29,99 Go (16,41 Go free) [HDD] | NTFS
D:\ -> Disque fixe local | 113,04 Go (38,94 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque CD-ROM
K:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Documents and Settings\JEANNETFOOT\Local Settings\Application Data\WahOO\WahOO.exe
C:\Program Files\FlashMute\FlashMute.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\alg.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Documents and Settings\JEANNETFOOT\Local Settings\Temp\D7.tmp\ERUNT.EXE
D:\Documents and Settings\JEANNETFOOT\Local Settings\Temp\D7.tmp\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Program Files\AskSearch
Quarantined & Deleted !! : C:\Program Files\Internet Explorer\fxavx.ini
Quarantined & Deleted !! : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Quarantined & Deleted !! : C:\WINDOWS\System32\_psisdecd.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\lvuvc.hs
Quarantined & Deleted !! : C:\WINDOWS\system32\dumphive.exe
Quarantined & Deleted !! : C:\WINDOWS\system32\Process.exe
Quarantined & Deleted !! : C:\WINDOWS\system32\SrchSTS.exe
Quarantined & Deleted !! : C:\WINDOWS\system32\tmp.reg
Quarantined & Deleted !! : C:\WINDOWS\system32\VCCLSID.exe
Quarantined & Deleted !! : C:\WINDOWS\system32\WS2Fix.exe
Quarantined & Deleted !! : D:\Documents and Settings\JEANNETFOOT\Application Data\drivers
Quarantined & Deleted !! : D:\Documents and Settings\JEANNETFOOT\Local Settings\Temp\hp.7z
Quarantined & Deleted !! : D:\Documents and Settings\JEANNETFOOT\Local Settings\Temp\IP
==============
host file OK !
==============
========
Registry
========
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecycleFiles
Deleted : "HKCU\Software\Local AppWizard-Generated Applications\winupgro"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCU\Software\SweetIM
Deleted : HKLM\SOFTWARE\SweetIM
Deleted : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NPF
Deleted : HKLM\SYSTEM\ControlSet003\Enum\Root\Legacy_IPRIP
Deleted : HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NPF
Deleted : HKLM\SYSTEM\ControlSet003\Services\Iprip
========
Services
=========
Ndisuio : Start = 3
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
============
=================
anti-ver blaster : OK !!
=================
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
User : JEANNETFOOT (Administrateurs)
Update on 19/02/2010 by g3n-h@ckm@n ::::: 13.15
Start at: 09:45:12 | 21/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7
AMD Sempron(tm) Processor 3000+
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Disabled
AV : avast! antivirus 4.8.1368 [VPS 100220-1] 4.8.1368 [ (!) Disabled | Updated ]
A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 29,99 Go (16,41 Go free) [HDD] | NTFS
D:\ -> Disque fixe local | 113,04 Go (38,94 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque CD-ROM
K:\ -> Disque CD-ROM
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Documents and Settings\JEANNETFOOT\Local Settings\Application Data\WahOO\WahOO.exe
C:\Program Files\FlashMute\FlashMute.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\alg.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Documents and Settings\JEANNETFOOT\Local Settings\Temp\D7.tmp\ERUNT.EXE
D:\Documents and Settings\JEANNETFOOT\Local Settings\Temp\D7.tmp\pv.exe
Detections :
==========
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Program Files\AskSearch
Quarantined & Deleted !! : C:\Program Files\Internet Explorer\fxavx.ini
Quarantined & Deleted !! : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Quarantined & Deleted !! : C:\WINDOWS\System32\_psisdecd.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\lvuvc.hs
Quarantined & Deleted !! : C:\WINDOWS\system32\dumphive.exe
Quarantined & Deleted !! : C:\WINDOWS\system32\Process.exe
Quarantined & Deleted !! : C:\WINDOWS\system32\SrchSTS.exe
Quarantined & Deleted !! : C:\WINDOWS\system32\tmp.reg
Quarantined & Deleted !! : C:\WINDOWS\system32\VCCLSID.exe
Quarantined & Deleted !! : C:\WINDOWS\system32\WS2Fix.exe
Quarantined & Deleted !! : D:\Documents and Settings\JEANNETFOOT\Application Data\drivers
Quarantined & Deleted !! : D:\Documents and Settings\JEANNETFOOT\Local Settings\Temp\hp.7z
Quarantined & Deleted !! : D:\Documents and Settings\JEANNETFOOT\Local Settings\Temp\IP
==============
host file OK !
==============
========
Registry
========
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecycleFiles
Deleted : "HKCU\Software\Local AppWizard-Generated Applications\winupgro"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
Deleted : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Deleted : HKCU\Software\SweetIM
Deleted : HKLM\SOFTWARE\SweetIM
Deleted : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NPF
Deleted : HKLM\SYSTEM\ControlSet003\Enum\Root\Legacy_IPRIP
Deleted : HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NPF
Deleted : HKLM\SYSTEM\ControlSet003\Services\Iprip
========
Services
=========
Ndisuio : Start = 3
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2
============
Disk Cleaned
============
=================
anti-ver blaster : OK !!
=================
================
Prefetch cleaned
================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
Passes tous les logiciels qui vont suivre :
C cleaner
Spybot
Ad aware
auslogic defrag
Voila PC à peu prés neuf
C cleaner
Spybot
Ad aware
auslogic defrag
Voila PC à peu prés neuf
msn est revenu j'attends de savoir ce que pense moment de grace du rapport.
vous avez des fichiers host contre la pub sur msn messenger? pmu
vous avez des fichiers host contre la pub sur msn messenger? pmu
on continue
Téléchargez MalwareByte's Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
. Enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
. Une fois la mise à jour terminé
. Rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet (examen assez long)
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, clique sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. Rends toi dans l'onglet rapport/log
. Tu cliques dessus pour l'afficher, une fois affiché
. Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous
. Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller
Si tu as besoin d'aide regarde ces tutoriels :
Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam
Téléchargez MalwareByte's Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
. Enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
. Une fois la mise à jour terminé
. Rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet (examen assez long)
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, clique sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. Rends toi dans l'onglet rapport/log
. Tu cliques dessus pour l'afficher, une fois affiché
. Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous
. Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller
Si tu as besoin d'aide regarde ces tutoriels :
Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam
gege89
on arrêtes là
et on reprends là
https://forums.commentcamarche.net/forum/affich-16686077-comment-supprimer-pub-google?page=2#24
on arrêtes là
et on reprends là
https://forums.commentcamarche.net/forum/affich-16686077-comment-supprimer-pub-google?page=2#24
j'ai un pb j'ai plus rien dans host(systeme 32, etc)
j'ouvre le 1er copier-coller enregister
127.0.0.1 rad.msn.com
127.0.0.1 rad.live.com
http://dl.free.fr/getfile.pl?file=/dG4TKMIe
et j'ai toujours dans l'icone messenger en bas de la pub.
j'ouvre le 1er copier-coller enregister
127.0.0.1 rad.msn.com
127.0.0.1 rad.live.com
http://dl.free.fr/getfile.pl?file=/dG4TKMIe
et j'ai toujours dans l'icone messenger en bas de la pub.
