Publicité qui commenceà faire chier.

gege89 Messages postés 326 Statut Membre -  
gege89 Messages postés 326 Statut Membre -
Bonjour,
http://dl.free.fr/getfile.pl?file=/iBVzmSND
http://dl.free.fr/getfile.pl?file=/0irZCx8R

Voila quand j'ouvre moteur de recherche google et que je tape n'importe quoi j'ai toujours une fenetre publicitaire qui apparait en bas a droite comment la supprimer?
Configuration: Windows XP / Firefox 3.5.8

18 réponses

  1. Claude Lachance Messages postés 33456 Date d'inscription   Statut Contributeur Dernière intervention   1 035
     
    Salut

    Utilise AdBlock pour la bloquer cette publicité.

    A+
    0
  2. gege89 Messages postés 326 Statut Membre 104
     
    ca marche pas je suis avec firefox, tu peux pas la bloquer.
    0
  3. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    bonjour

    fais ceci pour un diagnostic complet du PC :

    Télécharge ZHPDiag ( de Nicolas coolman ).
    https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

    Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )

    Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista )

    Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.

    Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.

    Rend toi sur Cjoint : http://www.cijoint.fr/

    Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "

    Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau

    Clique ensuite sur "Créer le lien cjoint " et copie/colle le dans ton prochain message

    0
  4. gege89 Messages postés 326 Statut Membre 104
     
    http://www.cijoint.fr/cjlink.php?file=cj201002/cijYB9MZVo.txt
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    ok

    plusieurs choses...

    Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

    ▶ Télécharge et installe List&Kill'em et enregistre le sur ton bureau
    http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe

    double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

    coche la case "creer une icone sur le bureau"

    une fois terminée , clic sur "terminer" et le programme se lancer seul

    choisis la langue puis choisis l'option 1 = Mode Recherche

    ▶ laisse travailler l'outil

    à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

    un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

    ▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

    tu peux supprimer le rapport catchme.log de ton bureau maintenant.

    0
  7. gege89 Messages postés 326 Statut Membre 104
     
    c'est dingue cette pub sur google quand je fais des recherches dans ce moteur de recherche,ta une idée?

    Merci d'essayer de m'aider.

    List'em by g3n-h@ckm@n 1.2.5.3

    User : JEANNETFOOT (Administrateurs)
    Update on 19/02/2010 by g3n-h@ckm@n ::::: 13.15
    Start at: 09:02:53 | 21/02/2010
    Contact : https://forums.commentcamarche.net/forum/virus-securite-7

    AMD Sempron(tm) Processor 3000+
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
    Internet Explorer 6.0.2900.2180
    Windows Firewall Status : Disabled
    AV : avast! antivirus 4.8.1368 [VPS 100220-1] 4.8.1368 [ (!) Disabled | Updated ]

    A:\ -> Lecteur de disquettes 3 ½ pouces
    C:\ -> Disque fixe local | 29,99 Go (16,41 Go free) [HDD] | NTFS
    D:\ -> Disque fixe local | 113,04 Go (38,92 Go free) [DATA] | NTFS
    E:\ -> Disque CD-ROM
    F:\ -> Disque amovible
    G:\ -> Disque amovible
    H:\ -> Disque amovible
    I:\ -> Disque amovible
    J:\ -> Disque CD-ROM
    K:\ -> Disque CD-ROM

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\apps\ABoard\ABoard.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Documents and Settings\JEANNETFOOT\Local Settings\Application Data\WahOO\WahOO.exe
    C:\Program Files\FlashMute\FlashMute.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\WINDOWS\System32\alg.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS\system32\netdde.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\Program Files\TV Orange\TV_Orange.exe
    C:\Program Files\VideoLAN\VLC\vlc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\List_Kill'em\List_Kill'em.scr
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    D:\Documents and Settings\JEANNETFOOT\Local Settings\Temp\D2.tmp\pv.exe

    ======================
    Keys "Run"
    ======================
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    WahOO REG_SZ "D:\Documents and Settings\JEANNETFOOT\Local Settings\Application Data\WahOO\WahOO.exe" silent
    FlashMute REG_SZ C:\Program Files\FlashMute\FlashMute.exe
    H/PC Connection Agent REG_SZ "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    SpywareTerminatorUpdate REG_SZ "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    SoundMan REG_SZ SOUNDMAN.EXE
    ATIPTA REG_SZ "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    ACTIVBOARD REG_SZ c:\apps\ABoard\ABoard.exe
    QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
    LogitechCommunicationsManager REG_SZ "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    <NO NAME> REG_SZ
    TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    SpywareTerminator REG_SZ "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    =====================
    Other Keys
    =====================
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    dontdisplaylastusername REG_DWORD 0 (0x0)
    legalnoticecaption REG_SZ
    legalnoticetext REG_SZ
    shutdownwithoutlogon REG_DWORD 1 (0x1)
    undockwithoutlogon REG_DWORD 1 (0x1)

    ===============
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoExpandedNewMenu REG_DWORD 1 (0x1)
    ClearRecentDocsOnExit REG_DWORD 1 (0x1)
    NoRecycleFiles REG_DWORD 1 (0x1)
    NoDriveTypeAutoRun REG_BINARY 95000000

    ===============
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoCDBurning REG_DWORD 0 (0x0)

    ===============
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

    ===============
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    AutoRestartShell REG_DWORD 1 (0x1)
    DefaultDomainName REG_SZ 1046850803166
    DefaultUserName REG_SZ JEANNETFOOT
    LegalNoticeCaption REG_SZ
    LegalNoticeText REG_SZ
    PowerdownAfterShutdown REG_SZ 1
    ReportBootOk REG_SZ 1
    Shell REG_SZ Explorer.exe
    ShutdownWithoutLogon REG_SZ 0
    System REG_SZ
    Userinit REG_SZ C:\WINDOWS\system32\userinit.exe,
    VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
    SfcQuota REG_DWORD -1 (0xffffffff)
    allocatecdroms REG_SZ 0
    allocatedasd REG_SZ 0
    allocatefloppies REG_SZ 0
    cachedlogonscount REG_SZ 10
    forceunlocklogon REG_DWORD 0 (0x0)
    passwordexpirywarning REG_DWORD 14 (0xe)
    scremoveoption REG_SZ 0
    AllowMultipleTSSessions REG_DWORD 0 (0x0)
    UIHost REG_EXPAND_SZ logonui.exe
    LogonType REG_DWORD 1 (0x1)
    DebugServerCommand REG_SZ no
    SFCDisable REG_DWORD 0 (0x0)
    WinStationsDisabled REG_SZ 0
    HibernationPreviouslyEnabled REG_DWORD 1 (0x1)
    ShowLogonOptions REG_DWORD 0 (0x0)
    AltDefaultUserName REG_SZ JEANNETFOOT
    AltDefaultDomainName REG_SZ 1046850803166
    AutoAdminLogon REG_SZ 1
    Background REG_SZ 0 0 0

    ===============
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

    ===============
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    {AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

    ===============
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    %ProgramFiles%\AOL 9.0\aol.exe REG_SZ %ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL
    %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe REG_SZ %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA
    %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe REG_SZ %ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:PANDORA
    %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\APPS\Inventime\my.exe REG_SZ C:\APPS\Inventime\my.exe:*:Enabled:INVENTIME
    C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
    C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
    C:\Program Files\WinFax eXPert\WinFax.exe REG_SZ C:\Program Files\WinFax eXPert\WinFax.exe:*:Enabled:Winfax
    C:\Program Files\WinFax eXPert\BvrpKrnl.exe REG_SZ C:\Program Files\WinFax eXPert\BvrpKrnl.exe:*:Enabled:Bvrpkrnl
    C:\Program Files\PC-Telephone\PCTel.exe REG_SZ C:\Program Files\PC-Telephone\PCTel.exe:*:Enabled:PC-Telephone Executable
    C:\Program Files\Internet Explorer\IEXPLORE.EXE REG_SZ C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer
    C:\Program Files\adslTV\vlc.exe REG_SZ C:\Program Files\adslTV\vlc.exe:*:Enabled:VLC media player
    C:\Program Files\adslTV\adsltv.exe REG_SZ C:\Program Files\adslTV\adsltv.exe:*:Enabled:adsltv
    C:\Program Files\TeamViewer\Version4\TeamViewer.exe REG_SZ C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Application de pilotage à distance TeamViewer
    C:\Program Files\Java\jre6\bin\java.exe REG_SZ C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary
    D:\Documents and Settings\JEANNETFOOT\Local Settings\Temporary Internet Files\Content.IE5\GNINWNED\friptv-0.20-cvs_pack_porciello.com[1]\friptv\friptv.exe REG_SZ D:\Documents and Settings\JEANNETFOOT\Local Settings\Temporary Internet Files\Content.IE5\GNINWNED\friptv-0.20-cvs_pack_porciello.com[1]\friptv\friptv.exe:*:Enabled:friptv
    D:\Documents and Settings\JEANNETFOOT\Local Settings\Temporary Internet Files\Content.IE5\ATR09WZY\friptv-0.20-cvs_pack_porciello.com[1]\friptv\friptv.exe REG_SZ D:\Documents and Settings\JEANNETFOOT\Local Settings\Temporary Internet Files\Content.IE5\ATR09WZY\friptv-0.20-cvs_pack_porciello.com[1]\friptv\friptv.exe:*:Enabled:friptv
    C:\Program Files\VideoLAN\VLC\vlc.exe REG_SZ C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player
    C:\Program Files\Java\jre6\bin\javaw.exe REG_SZ C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe REG_SZ C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager
    C:\Program Files\Microsoft ActiveSync\WCESMgr.exe REG_SZ C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application
    C:\Program Files\MultiProxy\MProxy.exe REG_SZ C:\Program Files\MultiProxy\MProxy.exe:*:Enabled:MultiProxy personal proxy server
    C:\Program Files\AnalogX\Proxy\proxy.exe REG_SZ C:\Program Files\AnalogX\Proxy\proxy.exe:*:Enabled:proxy
    C:\Program Files\A4Proxy\A4Proxy.exe REG_SZ C:\Program Files\A4Proxy\A4Proxy.exe:*:Enabled:Anonymity 4 Proxy Application
    C:\Program Files\PeerTV\PeerCast.exe REG_SZ C:\Program Files\PeerTV\PeerCast.exe:*:Enabled:PeerCast
    C:\Program Files\PeerTV\VLC\vlc.exe REG_SZ C:\Program Files\PeerTV\VLC\vlc.exe:*:Enabled:VLC media player
    C:\Program Files\TVUPlayer\TVUPlayer.exe REG_SZ C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component
    C:\Program Files\Zattoo\zattood.exe REG_SZ C:\Program Files\Zattoo\zattood.exe:*:Enabled:zattood
    C:\Program Files\Zattoo\Zattoo2.exe REG_SZ C:\Program Files\Zattoo\Zattoo2.exe:*:Enabled:
    C:\Program Files\Vuze\Azureus.exe REG_SZ C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus
    C:\Program Files\Babelgum\babelgum.exe REG_SZ C:\Program Files\Babelgum\babelgum.exe:*:Enabled:Babelgum Beta
    C:\Program Files\PPLive\PPLive.exe REG_SZ C:\Program Files\PPLive\PPLive.exe:*:Enabled:PPLive
    C:\Program Files\SwarmPlayer\swarmplayer.exe REG_SZ C:\Program Files\SwarmPlayer\swarmplayer.exe:*:Enabled:swarmplayer
    C:\Program Files\SopCast\adv\SopAdver.exe REG_SZ C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver
    C:\Program Files\SopCast\SopCast.exe REG_SZ C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
    C:\Program Files\Joost\xulrunner\tvprunner.exe REG_SZ C:\Program Files\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner
    C:\WINDOWS\system32\java.exe REG_SZ C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary
    D:\Documents and Settings\JEANNETFOOT\Bureau\iMule-1.3.5\iMule-1.3.5\imule.exe REG_SZ D:\Documents and Settings\JEANNETFOOT\Bureau\iMule-1.3.5\iMule-1.3.5\imule.exe:*:Enabled:imule
    C:\Program Files\eMule\Incoming\iMule-135\iMule-1.3.5\imule.exe REG_SZ C:\Program Files\eMule\Incoming\iMule-135\iMule-1.3.5\imule.exe:*:Enabled:imule
    C:\Program Files\Kommute\kommute.exe REG_SZ C:\Program Files\Kommute\kommute.exe:*:Enabled:kommute
    C:\Program Files\uTorrent\uTorrent.exe REG_SZ C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
    D:\Documents and Settings\JEANNETFOOT\Bureau\imule_imule_1.3.5_francais_281298\iMule-1.3.5\imule.exe REG_SZ D:\Documents and Settings\JEANNETFOOT\Bureau\imule_imule_1.3.5_francais_281298\iMule-1.3.5\imule.exe:*:Enabled:imule
    C:\Program Files\SHARE 1.0 EX2\Share.exe REG_SZ C:\Program Files\SHARE 1.0 EX2\Share.exe:*:Enabled:Share
    C:\Program Files\StealthNet\stealthnet.exe REG_SZ C:\Program Files\StealthNet\stealthnet.exe:*:Enabled:StealthNet
    C:\Program Files\Zattoo\Zattoo.exe REG_SZ C:\Program Files\Zattoo\Zattoo.exe:*:Enabled:
    C:\Program Files\MSN Messenger\msnmsgr.exe REG_SZ C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
    C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
    C:\WINDOWS\system32\dpvsetup.exe REG_SZ C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
    C:\WINDOWS\system32\rundll32.exe REG_SZ C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application
    D:\Documents and Settings\JEANNETFOOT\temp\TeamViewer\Version4\TeamViewer.exe REG_SZ D:\Documents and Settings\JEANNETFOOT\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application
    C:\Program Files\IncrediMail\Bin\IncMail.exe REG_SZ C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail
    C:\Program Files\IncrediMail\Bin\ImApp.exe REG_SZ C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail
    C:\Program Files\IncrediMail\Bin\ImpCnt.exe REG_SZ C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail
    C:\WINDOWS\system32\[Emoticons-plus.com] Winkaa 2.0.exe REG_SZ C:\WINDOWS\system32\[Emoticons-plus.com] Winkaa 2.0.exe:*:Enabled:[Emoticons-plus.com] Winkaa 2.0
    C:\WINDOWS\system32\mcoinstall.exe REG_SZ C:\WINDOWS\system32\mcoinstall.exe:*:Enabled:mcoinstall
    D:\Documents and Settings\JEANNETFOOT\Local Settings\Temporary Internet Files\Content.IE5\EMY55XGI\mcoview[1].exe REG_SZ D:\Documents and Settings\JEANNETFOOT\Local Settings\Temporary Internet Files\Content.IE5\EMY55XGI\mcoview[1].exe:*:Enabled:mcoview[1]
    D:\Documents and Settings\JEANNETFOOT\Mes documents\mcoview.exe REG_SZ D:\Documents and Settings\JEANNETFOOT\Mes documents\mcoview.exe:*:Enabled:mcoview
    C:\Program Files\DMV\MaxTV4\core\maxtv_xul.exe REG_SZ C:\Program Files\DMV\MaxTV4\core\maxtv_xul.exe:*:Enabled:MaxTV
    C:\Program Files\DMV\MaxTV4\maxtv.exe REG_SZ C:\Program Files\DMV\MaxTV4\maxtv.exe:*:Enabled:MaxTV Framework
    C:\Program Files\DMV\MaxTV4\recorder.exe REG_SZ C:\Program Files\DMV\MaxTV4\recorder.exe:*:Enabled:MaxTV Recorder
    C:\Program Files\CounterPath\X-Lite\x-lite.exe REG_SZ C:\Program Files\CounterPath\X-Lite\x-lite.exe:*:Enabled:X-Lite
    C:\Program Files\Gizmo5\mDNSResponder.exe REG_SZ C:\Program Files\Gizmo5\mDNSResponder.exe:*:Enabled:Bonjour
    C:\Program Files\Gizmo5\Gizmo5.exe REG_SZ C:\Program Files\Gizmo5\Gizmo5.exe:*:Enabled:Gizmo5
    C:\APPS\skype\Plugin Manager\skypePM.exe REG_SZ C:\APPS\skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
    C:\APPS\skype\Phone\Skype.exe REG_SZ C:\APPS\skype\Phone\Skype.exe:*:Enabled:Skype
    D:\Documents and Settings\JEANNETFOOT\Local Settings\Temp\Streamy_4.0_beta_M4.win32.win32.x86\Streamy\streamy.exe REG_SZ D:\Documents and Settings\JEANNETFOOT\Local Settings\Temp\Streamy_4.0_beta_M4.win32.win32.x86\Streamy\streamy.exe:*:Enabled:streamy
    C:\Program Files\Spotify\spotify.exe REG_SZ C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify
    C:\Program Files\Real\RealPlayer\realplay.exe REG_SZ C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
    C:\Program Files\Universal Share Downloader\USDownloader.exe REG_SZ C:\Program Files\Universal Share Downloader\USDownloader.exe:*:Enabled:Universal Share Downloader
    C:\Program Files\Megaupload\Mega Manager\MegaManager.exe REG_SZ C:\Program Files\Megaupload\Mega Manager\MegaManager.exe:*:Enabled:Mega Manager
    D:\Documents and Settings\JEANNETFOOT\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe REG_SZ D:\Documents and Settings\JEANNETFOOT\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client
    C:\Program Files\Opera\opera.exe REG_SZ C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser
    C:\Program Files\Xi\NetXfer\NetTransport.exe REG_SZ C:\Program Files\Xi\NetXfer\NetTransport.exe:*:Enabled:NetXfer Download Manager
    C:\Program Files\ma-config.com\maconfservice.exe REG_SZ C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe REG_SZ C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe:*:Enabled:Windows Internet Name Service

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Program Files\MSN Messenger\msnmsgr.exe REG_SZ C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
    C:\Program Files\MSN Messenger\livecall.exe REG_SZ C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

    ===============
    ActivX controls
    ===============
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{00000055-9980-0010-8000-00AA00389B71}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CCA191D-13A6-4E29-B746-314DEE697D83}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4871A87A-BFDD-4106-8153-FFDE2BAC2967}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{644E432F-49D3-41A1-8DD5-E099162EEEC5}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{80DD2229-B8E4-4C77-B72F-F22972D723EA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{9DF1C00D-8426-4337-972C-DC042D19A916}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}

    ===============
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{083B525C-075A-8303-1EA5-6F7C285145FC}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3F7924B9-D148-3141-87B1-68F36043A940}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{74C4EB57-E71A-9FA3-8D89-22F14191193F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8b15971b-5355-4c82-8c07-7e181ea07608}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{94de52c8-2d59-4f1b-883e-79663d2d9a8c}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}

    ==============
    BHO :
    ======
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{83B80A9C-D91A-4F22-8DCF-EA7204039F79}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{BE8A4424-DC23-4493-A04D-AC20AD8EEBC2}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DFC29618-7A64-4F20-83D1-6E538E7FC57D}]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

    ================
    Internet Explorer :
    ================
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.msn.com/fr-fr/

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.google.fr/?gws_rd=ssl

    ========
    Services
    ========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

    Ndisuio : 0x3 ( OK = 3 )
    SharedAccess : 0x2 ( OK = 2 )
    wuauserv : 0x2 ( OK = 2 )

    =========
    Atapi.sys
    =========

    %%%% HASHDEEP-1.0
    %%%% size,md5,sha256,filename
    ## Invoked from: D:\Documents and Settings\JEANNETFOOT\Local Settings\Temp\D2.tmp
    ## D:\> hashdeep C:\WINDOWS\System32\Drivers\atapi.sys
    ##
    95360,cdfe4411a69c224bd1d11b2da92dac51,0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d,C:\WINDOWS\System32\Drivers\atapi.sys

    Sources
    =======

    Référence :
    ==========

    Win XP_32b : a64013e98426e1877cb653685c5c0009
    Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
    Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
    Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
    Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
    Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
    Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
    Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
    Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

    =======
    Drive :
    =======

    D‚fragmenteur de disque Windows
    Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

    Rapport d'analyse
    113 Go total, 38,94 Go libre (34%), 0% fragment‚ (fragmentation du fichier 0%)

    Il ne vous est pas n‚cessaire de d‚fragmenter ce volume.

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    Present !! : C:\Program Files\AskSearch
    Present !! : C:\Program Files\Internet Explorer\fxavx.ini
    Present !! : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
    Present !! : C:\WINDOWS\System32\_*.dll
    Present !! : C:\WINDOWS\System32\drivers\lvuvc.hs"
    Present !! : C:\WINDOWS\System32\dumphive.exe"
    Present !! : C:\WINDOWS\System32\Process.exe
    Present !! : C:\WINDOWS\System32\SrchSTS.exe
    Present !! : C:\WINDOWS\System32\tmp.reg"
    Present !! : C:\WINDOWS\System32\VCCLSID.exe
    Present !! : C:\WINDOWS\System32\WS2Fix.exe
    Present !! : D:\Documents and Settings\JEANNETFOOT\Application Data\drivers
    Present !! : D:\Documents and Settings\JEANNETFOOT\Local Settings\Temp\hp.7z
    Present !! : D:\Documents and Settings\JEANNETFOOT\Local Settings\Temp\IP

    ¤¤¤¤¤¤¤¤¤¤ Keys :

    Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
    Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecycleFiles
    Present !! : HKEY_USERS\S-1-5-21-3638438365-3339198277-660548392-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecycleFiles
    Present !! : "HKCU\Software\Local AppWizard-Generated Applications\winupgro"
    Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
    Present !! : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
    Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
    Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
    Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
    Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
    Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
    Present !! : HKCU\Software\SweetIM
    Present !! : HKLM\SOFTWARE\SweetIM
    Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\Legacy_IPRIP
    Present !! : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NPF
    Present !! : HKLM\SYSTEM\ControlSet003\Enum\Root\Legacy_IPRIP
    Present !! : HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NPF
    Present !! : HKLM\SYSTEM\ControlSet003\Services\Iprip
    Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\Legacy_IPRIP
    Present !! : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NPF

    ============

    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-02-21 09:16:38
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    ? [5268]

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
    "h0"=dword:00000000
    "hdf12"=hex:c4,58,22,32,68,73,22,c8,fd,33,b3,8b,96,8d,dd,ff,83,dd,25,b0,d9,..
    "u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
    "p0"="C:\Program Files\DAEMON Tools Lite\"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
    "a0"=hex:20,01,00,00,2a,13,66,23,f5,6f,76,26,36,8a,c9,16,5a,8c,00,ec,0c,..
    "hdf12"=hex:cb,92,89,c6,9a,ab,d8,a5,c9,90,f2,36,dc,a0,7a,08,80,bb,07,4d,7c,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
    "hdf12"=hex:8b,74,9e,e5,81,d4,af,6d,1d,34,94,b3,46,e2,83,47,6d,6e,2c,53,0f,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
    "h0"=dword:00000000
    "hdf12"=hex:c4,58,22,32,68,73,22,c8,fd,33,b3,8b,96,8d,dd,ff,83,dd,25,b0,d9,..
    "u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
    "p0"="C:\Program Files\DAEMON Tools Lite\"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
    "a0"=hex:20,01,00,00,2a,13,66,23,f5,6f,76,26,36,8a,c9,16,5a,8c,00,ec,0c,..
    "hdf12"=hex:cb,92,89,c6,9a,ab,d8,a5,c9,90,f2,36,dc,a0,7a,08,80,bb,07,4d,7c,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
    "hdf12"=hex:8b,74,9e,e5,81,d4,af,6d,1d,34,94,b3,46,e2,83,47,6d,6e,2c,53,0f,..

    scanning hidden registry entries ...

    scanning hidden files ...

    folder error: D:\Documents and Settings\JEANNETFOOT

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85BD41F8]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\atapi -> 0x85bd41f8
    Warning: possible MBR rootkit infection !
    user & kernel MBR OK
    Use "Recovery Console" command "fixmbr" to clear infection !

    ==========
    Programs
    ==========

    7-Zip
    a-squared Free
    A4Proxy
    Adobe
    adslTV
    AGICS
    Ahead
    Alliance MCA
    Alwil Software
    AMD
    AnalogX
    Anti Trojan Elite
    Antipub
    AskSearch
    Avanquest update
    AvantGo Connect
    Avidemux 2.5
    burnatonce
    Canon
    CanonBJ
    CCleaner
    Change Extension
    Common Files
    CoreCodec
    CounterPath
    CyberLink
    DAEMON Tools Lite
    deo
    DivX
    DMV
    Dnote Software
    EasyPrediction
    Emoticons-plus.com
    eMule
    Fichiers communs
    FlashMute
    Free FLV Converter
    GetASFStream
    GMixon
    Google
    GSplit
    Haali
    InstallShield Installation Information
    Internet Explorer
    Inventel
    Ipulp
    Java
    jv16 PowerTools
    Learn2.com
    List_Kill'em
    LiveRadio
    Logitech
    ma-config.com
    Malwarebytes' Anti-Malware
    MediaCoder
    Megaupload
    Messenger
    Microsoft ActiveSync
    Microsoft CAPICOM 2.1.0.2
    microsoft frontpage
    Microsoft Office
    Microsoft Silverlight
    Microsoft.NET
    Movie Maker
    Mozilla Firefox
    MSBuild
    MSN Gaming Zone
    MSN Messenger
    MSNFix
    MSXML 4.0
    MSXML 6.0
    MultiProxy
    MUTE_incoming_hashes
    MUTE_INTERNAL
    Navilog1
    Navman
    Net-Commando 2000
    NetMeeting
    Odebit Multim‚dia
    Online TV Player 4
    OpenOffice.org 3
    Opera
    Orange
    Ord-ixSofts
    Outlook Express
    Pamela
    PeerTV
    PhotoFiltre
    Picasa2
    POI-Warner 3 GoPal Edition
    PPLive
    ProgDVB
    QuickTime
    Radio Fr Solo
    Real
    Reference Assemblies
    RelayFax
    RogueRemover FREE
    Samsung
    Seagrand
    Securitoo
    Services en ligne
    Sonic
    Spotify
    Spybot - Search & Destroy
    Spyware Terminator
    StealthNet
    SwarmPlayer
    TeamViewer
    Tomtomax Maxi-Box
    trend micro
    Trojan Killer
    TubeMaster++
    TV Orange
    TVPlayerClassic
    Ulead Systems
    UnHackMe
    Uninstall Information
    Universal Share Downloader
    URL2JPEG
    uTorrent
    V3CallCenter
    VideoLAN
    Wanadoo
    Winamp
    Windows Live SkyDrive
    Windows Media Components
    Windows Media Connect 2
    Windows Media Player
    Windows NT
    WinRAR
    xerox
    Xi
    Zattoo
    ZHPDiag

    ============
    Drive D:
    ============

    089ca8240aa6395ed2
    357a8983bf69290e7a502e468fea
    3d230c4a11d3a1786ab8362b5b06
    8ecde9f7867c0bc06c535fe7e3250a
    91e5a9d7c7e5c11ca784
    a9d5d3e040d68c7c68fd
    Avenger c16867f3e5f4d5f50902 c2df3795b3391678d720bc
    Config.Msi
    ConvertTemp
    Documents and Settings
    Erase5E5.tmp
    ffastun.ffa
    ffastun.ffl
    ffastun.ffo
    ffastun0.ffx
    film
    film2
    FILMS
    found.000
    Kill'em
    List'em.txt
    MSOCache
    ntuser.dat
    ntuser.dat.LOG
    orange.bmp
    Pigalle, la nuit
    Program Files
    RECYCLER
    sqmdata00.sqm
    sqmdata01.sqm
    sqmdata02.sqm
    sqmnoopt00.sqm
    sqmnoopt01.sqm
    sqmnoopt02.sqm
    System Volume Information

    ¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

    C:\Program Files\CyberLink\Shared Files\CLML_NTService\Install.exe

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    End of scan : 9:22:35,62
    0
  8. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    plusieurs infections...

    1)

    ▶ Relance List&Kill'em avec le raccourci sur ton bureau ,

    mais cette fois-ci :

    ▶ choisis l'option 2 = Mode Suppression

    laisse travailler l'outil.

    en fin de scan un rapport s'ouvre

    ▶ colle le contenu dans ta reponse

    .................

    relances ensuite killem et choisis l'option 6 restore mbr
    0
  9. gege89 Messages postés 326 Statut Membre 104
     
    option 6 c'est quoi? j'ai toujours cette pub a la con en plus quand je clique dessus ca s'ouvre avec IE alors que je suis avec firefox?

    Je suis désespéré, c'est quoi cette pub qui s'est incrustée?
    0
  10. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    Je suis désespéré, c'est quoi cette pub qui s'est incrustée

    soies patient..

    pour l'heure,fais l'option 6 de killen pour une infection mbr possible

    0
  11. gege89 Messages postés 326 Statut Membre 104
     
    option2
    User : JEANNETFOOT (Administrateurs)
    Update on 19/02/2010 by g3n-h@ckm@n ::::: 13.15
    Start at: 09:45:12 | 21/02/2010
    Contact : https://forums.commentcamarche.net/forum/virus-securite-7

    AMD Sempron(tm) Processor 3000+
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
    Internet Explorer 6.0.2900.2180
    Windows Firewall Status : Disabled
    AV : avast! antivirus 4.8.1368 [VPS 100220-1] 4.8.1368 [ (!) Disabled | Updated ]

    A:\ -> Lecteur de disquettes 3 ½ pouces
    C:\ -> Disque fixe local | 29,99 Go (16,41 Go free) [HDD] | NTFS
    D:\ -> Disque fixe local | 113,04 Go (38,94 Go free) [DATA] | NTFS
    E:\ -> Disque CD-ROM
    F:\ -> Disque amovible
    G:\ -> Disque amovible
    H:\ -> Disque amovible
    I:\ -> Disque amovible
    J:\ -> Disque CD-ROM
    K:\ -> Disque CD-ROM

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\apps\ABoard\ABoard.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Documents and Settings\JEANNETFOOT\Local Settings\Application Data\WahOO\WahOO.exe
    C:\Program Files\FlashMute\FlashMute.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\WINDOWS\System32\alg.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    c:\APPS\HIDSERVICE\HIDSERVICE.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS\system32\netdde.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Windows Internet Name Service\wins.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\List_Kill'em\List_Kill'em.scr
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    D:\Documents and Settings\JEANNETFOOT\Local Settings\Temp\D7.tmp\ERUNT.EXE
    D:\Documents and Settings\JEANNETFOOT\Local Settings\Temp\D7.tmp\pv.exe

    Detections :
    ==========

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    Quarantined & Deleted !! : C:\Program Files\AskSearch
    Quarantined & Deleted !! : C:\Program Files\Internet Explorer\fxavx.ini
    Quarantined & Deleted !! : C:\Program Files\Mozilla FireFox\Components\AskSearch.js

    Quarantined & Deleted !! : C:\WINDOWS\System32\_psisdecd.dll
    Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\lvuvc.hs
    Quarantined & Deleted !! : C:\WINDOWS\system32\dumphive.exe
    Quarantined & Deleted !! : C:\WINDOWS\system32\Process.exe
    Quarantined & Deleted !! : C:\WINDOWS\system32\SrchSTS.exe
    Quarantined & Deleted !! : C:\WINDOWS\system32\tmp.reg
    Quarantined & Deleted !! : C:\WINDOWS\system32\VCCLSID.exe
    Quarantined & Deleted !! : C:\WINDOWS\system32\WS2Fix.exe
    Quarantined & Deleted !! : D:\Documents and Settings\JEANNETFOOT\Application Data\drivers
    Quarantined & Deleted !! : D:\Documents and Settings\JEANNETFOOT\Local Settings\Temp\hp.7z
    Quarantined & Deleted !! : D:\Documents and Settings\JEANNETFOOT\Local Settings\Temp\IP

    ==============
    host file OK !
    ==============

    ========
    Registry
    ========

    Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
    Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecycleFiles
    Deleted : "HKCU\Software\Local AppWizard-Generated Applications\winupgro"
    Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
    Deleted : "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
    Deleted : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
    Deleted : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
    Deleted : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
    Deleted : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
    Deleted : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
    Deleted : HKCU\Software\SweetIM
    Deleted : HKLM\SOFTWARE\SweetIM
    Deleted : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NPF
    Deleted : HKLM\SYSTEM\ControlSet003\Enum\Root\Legacy_IPRIP
    Deleted : HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NPF
    Deleted : HKLM\SYSTEM\ControlSet003\Services\Iprip
    ========
    Services
    =========

    Ndisuio : Start = 3
    Ip6Fw : Start = 2
    SharedAccess : Start = 2
    wuauserv : Start = 2
    wscsvc : Start = 2

    ============
    Disk Cleaned
    ============

    =================
    anti-ver blaster : OK !!
    =================

    ================
    Prefetch cleaned
    ================

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
  12. gege89 Messages postés 326 Statut Membre 104
     
    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user & kernel MBR OK
    0
  13. gege89 Messages postés 326 Statut Membre 104
     
    j'ai fait option 2 et 6 et windows live messenger ne veut plus se connecter
    0
  14. Enit
     
    Passes tous les logiciels qui vont suivre :

    C cleaner
    Spybot
    Ad aware
    auslogic defrag

    Voila PC à peu prés neuf
    0
  15. gege89 Messages postés 326 Statut Membre 104
     
    msn est revenu j'attends de savoir ce que pense moment de grace du rapport.

    vous avez des fichiers host contre la pub sur msn messenger? pmu
    0
  16. moment de grace Messages postés 29099 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 274
     
    on continue

    Téléchargez MalwareByte's Anti-Malware

    http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    . Enregistres le sur le bureau
    . Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
    . Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
    . Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
    . Une fois la mise à jour terminé
    . Rend-toi dans l'onglet, Recherche
    . Sélectionnes Exécuter un examen complet (examen assez long)
    . Cliques sur Rechercher
    . Le scan démarre.
    . A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    . Cliques sur Ok pour poursuivre.
    . Si des malwares ont été détectés, clique sur Afficher les résultats
    . Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
    . Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
    . Rends toi dans l'onglet rapport/log
    . Tu cliques dessus pour l'afficher, une fois affiché
    . Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous
    . Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
    . tu cliques droit dans le cadre de la reponse et coller

    Si tu as besoin d'aide regarde ces tutoriels :
    Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam
    0
    1. gege89 Messages postés 326 Statut Membre 104
       
      j'ai toujours cette pub à la con qui revient
      0
  17. gege89 Messages postés 326 Statut Membre 104
     
    j'ai un pb j'ai plus rien dans host(systeme 32, etc)
    j'ouvre le 1er copier-coller enregister
    127.0.0.1 rad.msn.com
    127.0.0.1 rad.live.com

    http://dl.free.fr/getfile.pl?file=/dG4TKMIe

    et j'ai toujours dans l'icone messenger en bas de la pub.
    0
  18. gege89 Messages postés 326 Statut Membre 104
     
    c'est bon j'ai un rectangle blanc avec marqué publicité? c'est bien ça?
    0