Sujet Précédent Sujet Suivant

Publicités intempestives

yoyo170 Messages postés 7 Statut Membre -  
 vividejuin -
Bonjour,
je me permet de vous envoyer ce post, car depuis quelques jour, des publicités envahissent mon bureau.
j'ai regardé un peu sur le net, et j'ai installé malwarebytes.
Ci-joint le rapport :
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3510
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18882

20/02/2010 18:49:37
mbam-log-2010-02-20 (18-49-37).txt

Type de recherche: Examen rapide
Eléments examinés: 112503
Temps écoulé: 9 minute(s), 8 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 18
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 11

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fd4a3efe-0682-4eb5-bdc0-a4444658cd98} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fd4a3efe-0682-4eb5-bdc0-a4444658cd98} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{fd4a3efe-0682-4eb5-bdc0-a4444658cd98} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd4a3efe-0682-4eb5-bdc0-a4444658cd98} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{931c624a-1932-49f4-b1e4-b7ab60881f75} (Adware.EzLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{025b1d48-fda2-439b-a74d-ceca8b704028} (Adware.EzLife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ezLife (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fda30905-ba9b-48c2-a721-f358459e34f2} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fda30905-ba9b-48c2-a721-f358459e34f2} (Trojan.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\softwarehelper (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ezlife (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Ads-Solutions\SmartAds\1.3.2.0 (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Ads-Solutions\SmartAds\1.3.6.0 (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Program Files\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
C:\Program Files\ezLife\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
C:\Program Files\ezLife\ezLife\1.3.2.0 (Adware.EzLife) -> Quarantined and deleted successfully.
C:\Program Files\ezLife\ezLife\1.3.6.0 (Adware.EzLife) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Users\Yoan\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Windows\System32\ixohgcxm.dll (Adware.EZlife) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Ads-Solutions\SmartAds\1.3.2.0\SmartAdsxtra.dll (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Ads-Solutions\SmartAds\1.3.2.0\uninstall.exe (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Ads-Solutions\SmartAds\1.3.6.0\SmartAdsxtra.dll (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Ads-Solutions\SmartAds\1.3.6.0\uninstall.exe (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Program Files\ezLife\ezLife\1.3.2.0\uninstall.exe (Adware.EzLife) -> Quarantined and deleted successfully.
C:\Program Files\ezLife\ezLife\1.3.6.0\ezLifextra.dll (Adware.EzLife) -> Quarantined and deleted successfully.
C:\Program Files\ezLife\ezLife\1.3.6.0\uninstall.exe (Adware.EzLife) -> Quarantined and deleted successfully.
C:\Users\Yoan\AppData\Roaming\SystemProc\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\zbzppvbv.dll (Trojan.BHO) -> Quarantined and deleted successfully.

Merci d'avance.

25 réponses

  • 1
  • 2
Réponse 1 / 25
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
bonjour

A)- Tu utilises vista, tu dois donc aussi désactiver l'UAC avant d'utiliser ces logiciels.
Regarde ici pour savoir comment désactiver l'UAC sous vista ==> ICI
http://bibou0007.com/windows-vista-f102/tutorial-desactiver-l-uac-sur-vista-t132.htm

télécharge sur ton bureau :

http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe

/!\ Déconnectes toi et fermes toutes applications en cours

● installe le en faisant un clic droit et exécuter en tant qu'administrateur, et installe le dans son emplacement par défaut. ( C:\Program files )
● clique droit sur l'icône Ad-remover située sur ton bureau et exécute le en tant qu'admistrateur
● Au menu principal choisi l'option "S"
● Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...)
0
yoyo170
 
Merci Benurr de ton intervention.
Ci-joint le rapport de AD-REMOVER

======= RAPPORT D'AD-REMOVER 1.1.4.6_J | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 05.02.2010 à 17:34
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 12:11:33, 21/02/2010 | Mode Normal | Option: SCAN
Exécuté de: C:\Ad-Remover\
Système d'exploitation: Microsoft® Windows Vista™ HomePremium Service Pack 2 v6.0.6002
Nom du PC: BANDINI-YOAN | Utilisateur actuel: Yoan
.
============== ÉLÉMENT(S) TROUVÉ(S) ==============
.

C:\Program Files\EoRezo
C:\Program Files\Viewpoint
C:\Users\Yoan\AppData\Roaming\EoRezo
C:\Users\Yoan\AppData\LocalLow\Smart-Ads-Solutions
C:\ProgramData\Viewpoint
C:\Users\Yoan\AppData\Local\Temp\is-7P52K.tmp\EoRezo
.
HKCU\software\EoRezo
HKLM\software\classes\AxMetaStream.MetaStreamCtl
HKLM\software\classes\AxMetaStream.MetaStreamCtl.1
HKLM\software\classes\AxMetaStream.MetaStreamCtlSecondary
HKLM\software\classes\AxMetaStream.MetaStreamCtlSecondary.1
HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKLM\software\MetaStream
HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\EoEngine
HKLM\software\microsoft\windows\currentversion\uninstall\SoftwareUpdate_is1
HKLM\software\microsoft\windows\currentversion\uninstall\ViewpointMediaPlayer
HKLM\software\Viewpoint
HKU\.default\software\EoRezo
HKU\s-1-5-18\software\EoRezo
HKU\s-1-5-21-2099339373-4272136863-904444506-1000\software\EoRezo
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.8 [fr] *
.
Nom du profil: zr9wkkce.default (Yoan)
.
(Yoan, prefs.js) Browser.download.dir, C:
(Yoan, prefs.js) Browser.download.lastDir, C:\Users\Yoan\Desktop
(Yoan, prefs.js) Browser.startup.homepage, www.google.fr
(Yoan, prefs.js) Extensions.enabledItems, {9CE11043-9A15-4207-A565-0C94C42D590D}:2.0,illimitux@illimitux.net:3.5,{20a82645-c095-46ed-80e3-08825760534b}:1.1,web@veoh.com:1.4,{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8
(Yoan, prefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
(Yoan, prefs.js) Privacy.popups.showBrowserMessage, false
.
.
.
* Internet Explorer Version 8.0.6001.18882 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://google.fr/
Do404Search: 01000000
Local Page: C:\Windows\system32\blank.htm
Show_ToolBar: yes
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Enable Browser Extensions: yes
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop
Default_Page_URL: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=laptop
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\Windows\System32\blank.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: hxxp://y.lo.st
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Users\Yoan\AppData\Local\Temp\Temp1_Loki patch v1.0.8.3 multilangues.zip
C:\Users\Yoan\AppData\Local\Temp\Temp2_Loki patch v1.0.8.3 multilangues.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher2544\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher2544\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher2544\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher3888\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher3888\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher3888\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher4220\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher4220\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher4220\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher4280\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher4280\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher4280\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher4296\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher4296\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher4296\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher4352\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher4352\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher4352\StagingArea\5378.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher4352\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher4796\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher4956\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5064\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher520\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5512\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5512\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5512\StagingArea\1317.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5512\StagingArea\1318.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5512\StagingArea\1393.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5512\StagingArea\1423.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5512\StagingArea\1732.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5512\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5564\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5564\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5564\StagingArea\1111.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5564\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5576\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5576\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5576\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher560\Data.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher560\Installer\PatcherApplication.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher560\Installer\Required\AdobeLILOPatcher.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher560\Installer\Required\AdobeSINGPatcher.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher560\Installer\Required\WinsoftLILOPluginPatcher.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher560\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5620\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5620\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5620\StagingArea\12801.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5620\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5692\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5692\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5692\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5832\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5832\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5832\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5836\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5836\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5836\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher6148\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher6148\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher6148\StagingArea\5378.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher6148\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher6280\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher6280\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher6280\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher6512\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher6512\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher6512\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher6732\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher6732\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher6732\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7296\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7296\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7296\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7592\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7592\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7592\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7868\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7868\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7868\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7972\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7972\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7972\StagingArea\4185.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7972\StagingArea\4588.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7972\StagingArea\4615.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7972\StagingArea\4616.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7972\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher996\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher996\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher996\StagingArea\1074.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher996\StagingArea\1243.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher996\StagingArea\1342.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher996\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Temp1_Loki patch v1.0.8.3 multilangues.zip\lokipatchv1083multilangues221784_JeuxVideo.com_13639.exe
C:\Users\Yoan\AppData\Local\Temp\Temp2_Loki patch v1.0.8.3 multilangues.zip\lokipatchv1083multilangues221784_JeuxVideo.com_13639.exe
C:\Users\Yoan\AppData\Local\Temp\wz3275\patch.exe
C:\Users\Yoan\AppData\Local\Temp\wz387c\age of empire 3 patch fr complet\aoe3dialfr.zip
C:\Users\Yoan\Documents\Logiciels\Loki patch v1.0.8.3 multilangues.zip
C:\Users\Yoan\Downloads\aoe3patchfr.rar
C:\Users\Yoan\Downloads\cnc3_tw_crack_nocd_1.09.zip
.
===================================
.
11924 Octet(s) - C:\Ad-Report-SCAN[1].log
.
12978 Fichier(s) - C:\Users\Yoan\AppData\Local\Temp
251 Fichier(s) - C:\Windows\Temp
128 Fichier(s) - C:\Windows\Prefetch
.
1 Fichier(s) - C:\Ad-Remover\BACKUP
0 Fichier(s) - C:\Ad-Remover\QUARANTINE
.
Fin à: 12:37:35 | 21/02/2010 - SCAN[1]
.
============== E.O.F ==============
0
Réponse 2 / 25
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
Excellent.

Nettoyage avec Ad-Remover :

/!\ Déconnectes toi et fermes toutes applications en cours, désactive ton antivirus le temps de la manipulation/!\
● clique droit sur l'icône Ad-remover située sur ton bureau et exécute le en tant qu'administrateur
Au message d’avertissement qui s’affiche, sélectionne ‘Oui’.
Au menu principal choisi l’option "L" et tape ensuite sur la touche Entrée.Poste le rapport qui apparaît à la fin de l’analyse qui peut prendre du temps.
(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)
(CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
0
yoyo170
 
ci-joint le rapport :
======= RAPPORT D'AD-REMOVER 1.1.4.6_J | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 05.02.2010 à 17:34
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 12:50:09, 21/02/2010 | Mode Normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\
Système d'exploitation: Microsoft® Windows Vista™ HomePremium Service Pack 2 v6.0.6002
Nom du PC: BANDINI-YOAN | Utilisateur actuel: Yoan
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.

C:\Program Files\EoRezo
C:\Program Files\Viewpoint
C:\Users\Yoan\AppData\Roaming\EoRezo
C:\Users\Yoan\AppData\LocalLow\Smart-Ads-Solutions
C:\ProgramData\Viewpoint
C:\Users\Yoan\AppData\Local\Temp\is-7P52K.tmp\EoRezo

(!) -- Fichiers temporaires supprimés.

.
HKCU\software\EoRezo
HKLM\software\classes\AxMetaStream.MetaStreamCtl
HKLM\software\classes\AxMetaStream.MetaStreamCtl.1
HKLM\software\classes\AxMetaStream.MetaStreamCtlSecondary
HKLM\software\classes\AxMetaStream.MetaStreamCtlSecondary.1
HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKLM\software\MetaStream
HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\EoEngine
HKLM\software\microsoft\windows\currentversion\uninstall\SoftwareUpdate_is1
HKLM\software\microsoft\windows\currentversion\uninstall\ViewpointMediaPlayer
HKLM\software\Viewpoint
HKU\.default\software\EoRezo
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.8 [fr] *
.
Nom du profil: zr9wkkce.default (Yoan)
.
(Yoan, prefs.js) Browser.download.dir, C:
(Yoan, prefs.js) Browser.download.lastDir, C:\Users\Yoan\Desktop
(Yoan, prefs.js) Browser.startup.homepage, www.google.fr
(Yoan, prefs.js) Extensions.enabledItems, {9CE11043-9A15-4207-A565-0C94C42D590D}:2.0,illimitux@illimitux.net:3.5,{20a82645-c095-46ed-80e3-08825760534b}:1.1,web@veoh.com:1.4,{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8
(Yoan, prefs.js) Keyword.URL, hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
(Yoan, prefs.js) Privacy.popups.showBrowserMessage, false
.
.
.
* Internet Explorer Version 8.0.6001.18882 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Do404Search: 01000000
Local Page: C:\Windows\system32\blank.htm
Show_ToolBar: yes
Enable Browser Extensions: yes
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\Windows\System32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Users\Yoan\AppData\Local\Temp\Temp1_Loki patch v1.0.8.3 multilangues.zip
C:\Users\Yoan\AppData\Local\Temp\Temp2_Loki patch v1.0.8.3 multilangues.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher2544\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher2544\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher2544\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher3888\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher3888\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher3888\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher4220\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher4220\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher4220\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher4280\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher4280\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher4280\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher4296\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher4296\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher4296\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher4352\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher4352\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher4352\StagingArea\5378.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher4352\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher4796\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher4956\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5064\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher520\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5512\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5512\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5512\StagingArea\1317.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5512\StagingArea\1318.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5512\StagingArea\1393.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5512\StagingArea\1423.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5512\StagingArea\1732.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5512\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5564\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5564\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5564\StagingArea\1111.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5564\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5576\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5576\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5576\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher560\Data.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher560\Installer\PatcherApplication.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher560\Installer\Required\AdobeLILOPatcher.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher560\Installer\Required\AdobeSINGPatcher.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher560\Installer\Required\WinsoftLILOPluginPatcher.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher560\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5620\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5620\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5620\StagingArea\12801.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5620\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5692\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5692\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5692\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5832\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5832\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5832\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5836\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5836\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher5836\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher6148\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher6148\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher6148\StagingArea\5378.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher6148\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher6280\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher6280\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher6280\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher6512\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher6512\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher6512\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher6732\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher6732\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher6732\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7296\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7296\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7296\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7592\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7592\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7592\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7868\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7868\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7868\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7972\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7972\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7972\StagingArea\4185.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7972\StagingArea\4588.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7972\StagingArea\4615.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7972\StagingArea\4616.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher7972\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher996\PBSLocalizedStrings\PBSLocalizedStrings.zip
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher996\RTPatch\patch.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher996\StagingArea\1074.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher996\StagingArea\1243.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher996\StagingArea\1342.exe
C:\Users\Yoan\AppData\Local\Temp\Patcher\Patcher996\ZippedStagingArea\PatchFiles.zip
C:\Users\Yoan\AppData\Local\Temp\Temp1_Loki patch v1.0.8.3 multilangues.zip\lokipatchv1083multilangues221784_JeuxVideo.com_13639.exe
C:\Users\Yoan\AppData\Local\Temp\Temp2_Loki patch v1.0.8.3 multilangues.zip\lokipatchv1083multilangues221784_JeuxVideo.com_13639.exe
C:\Users\Yoan\AppData\Local\Temp\wz3275\patch.exe
C:\Users\Yoan\AppData\Local\Temp\wz387c\age of empire 3 patch fr complet\aoe3dialfr.zip
C:\Users\Yoan\Documents\Logiciels\Loki patch v1.0.8.3 multilangues.zip
C:\Users\Yoan\Downloads\aoe3patchfr.rar
C:\Users\Yoan\Downloads\cnc3_tw_crack_nocd_1.09.zip
.
===================================
.
12043 Octet(s) - C:\Ad-Report-CLEAN[1].log
12266 Octet(s) - C:\Ad-Report-SCAN[1].log
.
12726 Fichier(s) - C:\Users\Yoan\AppData\Local\Temp
222 Fichier(s) - C:\Windows\Temp
0 Fichier(s) - C:\Windows\Prefetch
.
20 Fichier(s) - C:\Ad-Remover\BACKUP
52 Fichier(s) - C:\Ad-Remover\QUARANTINE
.
Fin à: 13:03:23 | 21/02/2010 - CLEAN[1]
.
============== E.O.F ==============
0
Réponse 3 / 25
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

Télécharge et installe List&Kill'em et enregistre le sur ton bureau

http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe

Branche clés usb , disques durs externes , mp3 , mp4 , etc..

double clique ( clic droit "exécuter en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

coche la case "créer une icône sur le bureau"

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis la langue puis choisis l'option 1 = Mode Recherche

laisse travailler l'outil

à l'apparition de la fenêtre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'écran "COMPLETED"
0
Réponse 4 / 25
yoyo170 Messages postés 7 Statut Membre
 
ci-joint le rapport :
List'em by g3n-h@ckm@n 1.2.5.3

User : Yoan (Administrateurs)
Update on 19/02/2010 by g3n-h@ckm@n ::::: 13.15
Start at: 14:36:24 | 21/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 137,26 Go (37,81 Go free) [OS] | NTFS
D:\ -> Disque fixe local | 149,05 Go (14,75 Go free) [DATA] | NTFS
E:\ -> Disque fixe local | 11,79 Go (2,14 Go free) [HP_RECOVERY] | NTFS
F:\ -> Disque CD-ROM | 4,07 Go (0 Mo free) [Apr 03 06 21:58] | UDF
G:\ -> Disque CD-ROM
H:\ -> Disque CD-ROM
I:\ -> Disque amovible | 1,97 Go (368,19 Mo free) | FAT
J:\ -> Disque amovible | 15,03 Go (6,42 Go free) [IPOD YO YO] | FAT32

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\QTTask.exe
D:\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Yoan\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\Yoan\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
D:\iTunes.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\Windows\system32\cmd.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Yoan\AppData\Local\Temp\DE4F.tmp\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
ares REG_SZ "C:\Program Files\Ares\Ares.exe" -h
liberiwo REG_SZ C:\Users\Yoan\AppData\Local\bcvrbw\vxntsftav.exe
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SynTPStart REG_SZ C:\Program Files\Synaptics\SynTP\SynTPStart.exe
RtHDVCpl REG_SZ RtHDVCpl.exe
IAAnotif REG_SZ C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
QlbCtrl REG_EXPAND_SZ %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
OnScreenDisplay REG_EXPAND_SZ C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
hpWirelessAssistant REG_SZ C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
WAWifiMessage REG_SZ C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
<NO NAME> REG_SZ
Acrobat Assistant 8.0 REG_SZ "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
UCam_Menu REG_SZ "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Adobe ARM REG_SZ "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
NPSStartup REG_SZ
iTunesHelper REG_SZ "D:\iTunesHelper.exe"
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
ConsentPromptBehaviorUser REG_DWORD 1 (0x1)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 0 (0x0)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 1 (0x1)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 0 (0x0)
EnableUIADesktopToggle REG_DWORD 0 (0x0)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
BindDirectlyToPropertySetStorage REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ C:\Windows\System32\d3d10level932.dll

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
AutoRestartShell REG_DWORD 1 (0x1)
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ShutdownWithoutLogon REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
WinStationsDisabled REG_SZ 0
DisableCAD REG_DWORD 1 (0x1)
scremoveoption REG_SZ 0
ShutdownFlags REG_DWORD 39 (0x27)

===============

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

===============
ActivX controls
===============
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CCA191D-13A6-4E29-B746-314DEE697D83}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

===============
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1F91DFD1-DACC-81B8-6A01-67482238737E}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}

==============
BHO :
======
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AE7CD045-E861-484f-8273-0445EE161910}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
Wlansvc : 0x2 ( OK = 2 )
SharedAccess : 0x4 ( OK = 2 )
windefend : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
wscsvc : 0x2 ( OK = 2 )

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Users\Yoan\AppData\Local\Temp\DE4F.tmp
## C:\> hashdeep C:\Windows\System32\Drivers\atapi.sys
##
19944,1f05b78ab91c9075565a9d8a4b880bc4,737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd,C:\Windows\System32\Drivers\atapi.sys

Sources
=======

C:\Windows\System32\drivers\atapi.sys
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

Référence :
==========

Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.

Rapport d'analyse pour le volume C: OS

Taille du volume = 137 Go
Espace libre = 37.83 Go
tendue d'espace libre la plus grande = 18.74 Go
Pourcentage de fragmentation des fichiers = 2 %

Remarqueÿ: sur les volumes NTFS, les fragments de fichiers de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.

Il n'est pas n‚cessaire de d‚fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Windows\System32\drivers\etc\hosts.msn
Present !! : C:\Users\Yoan\AppData\Roaming\4412.tmp
Present !! : C:\Users\Yoan\AppData\Roaming\A44D.tmp
Present !! : C:\Users\Yoan\AppData\Roaming\DE71.tmp
Present !! : C:\Users\Yoan\AppData\Roaming\SystemProc
Present !! : C:\Users\Yoan\Local Settings\Temp\alm.log
Present !! : C:\Users\Yoan\Local Settings\Temp\amt.log
Present !! : C:\Users\Yoan\Local Settings\Temp\url.txt
Present !! : C:\Users\Yoan\Local Settings\Temp\_4.log
Present !! : C:\Users\Yoan\LOCAL Settings\Temp\09393D62-FA46-408b-9A69-833FB7E70874.exe
Present !! : C:\Users\Yoan\LOCAL Settings\Temp\DivXInstaller.exe
Present !! : C:\Users\Yoan\LOCAL Settings\Temp\FP_PL_MSI_INSTALLER.exe
Present !! : C:\Users\Yoan\LOCAL Settings\Temp\GoogleUpdate.exe374b91
Present !! : C:\Users\Yoan\LOCAL Settings\Temp\HPQSi.exe
Present !! : C:\Users\Yoan\LOCAL Settings\Temp\msgD179.exe
Present !! : C:\Users\Yoan\LOCAL Settings\Temp\rlfkow.exe
Present !! : C:\Users\Yoan\LOCAL Settings\Temp\WinZip-12.1.exe
Present !! : C:\Users\Yoan\LOCAL Settings\Temp\wlsetup-cvr.exe
Present !! : C:\Users\Yoan\LOCAL Settings\Temp\DefInstAction.dat
Present !! : C:\Users\Yoan\LOCAL Settings\Temp\FW_Register_Plugin_Action.dat
Present !! : C:\Users\Yoan\LOCAL Settings\Temp\QBackupInst.dat
Present !! : C:\Users\Yoan\LOCAL Settings\Temp\srtspse.dat
Present !! : C:\Users\Yoan\LOCAL Settings\Temp\srtspso.dat
Present !! : C:\Users\Yoan\LOCAL Settings\Temp\srtspsp.dat
Present !! : C:\Users\Yoan\LOCAL Settings\Temp\drm_dialogs.dll
Present !! : C:\Users\Yoan\LOCAL Settings\Temp\drm_dyndata_7290008.dll
Present !! : C:\Users\Yoan\LOCAL Settings\Temp\drm_dyndata_7340014.dll
Present !! : C:\Users\Yoan\LOCAL Settings\Temp\goopdate.dll374ba0
Present !! : C:\Users\Yoan\LOCAL Settings\Temp\goopdateres_fr.dll374bc0

¤¤¤¤¤¤¤¤¤¤ Keys :

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-21 15:01:38
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"h0"=dword:00000000
"hdf12"=hex:a9,fb,bc,6d,a6,3f,c0,af,53,f3,c4,c2,a1,d0,9e,52,2c,d1,94,ab,c3,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,74,96,29,ba,73,12,ff,69,dc,1f,e4,e9,88,5f,dc,52,1a,..
"hdf12"=hex:b2,1d,c6,4f,5c,7d,72,c5,6a,a9,a0,12,cf,a2,d9,0a,e3,3b,6b,9d,3a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:92,2a,c1,5e,1f,a1,25,c1,fd,8d,f7,f1,a3,06,b3,bd,bd,c2,33,30,45,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:83,e8,05,d3,48,d3,fa,68,62,9e,6d,cb,f7,f0,84,a8,99,be,7d,8b,86,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"u0"=hex:d4,c3,97,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"h0"=dword:00000000
"hdf12"=hex:25,98,93,5b,17,02,1f,74,99,58,83,53,7f,62,81,2c,87,9e,fb,1f,db,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,74,96,29,ba,73,12,ff,69,dc,1f,e4,e9,88,5f,dc,52,1a,..
"hdf12"=hex:b2,1d,c6,4f,5c,7d,72,c5,6a,a9,a0,12,cf,a2,d9,0a,e3,3b,6b,9d,3a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:92,2a,c1,5e,1f,a1,25,c1,fd,8d,f7,f1,a3,06,b3,bd,bd,c2,33,30,45,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1]
"hdf12"=hex:83,e8,05,d3,48,d3,fa,68,62,9e,6d,cb,f7,f0,84,a8,99,be,7d,8b,86,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys splj.sys >>UNKNOWN [0x858E1938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8592b1f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

==========
Programs
==========

Activation Assistant for the 2007 Microsoft Office suites
Adobe
AGEIA Technologies
Alwil Software
AOL
Apple Software Update
Aspyr
Autodesk
Bonjour
Common Files
Cyanide
CyberLink
DAEMON Tools Lite
desktop.ini
DIFX
directx
DivX
Electronic Arts
Fichiers communs
Google
Guitar Pro 5
Hewlett-Packard
Hp
HP Games
HPQ
InstallShield Installation Information
Intel
Internet Explorer
iPod
Java
LimeWire
List_Kill'em
Malwarebytes' Anti-Malware
MarkAny
Microsoft
Microsoft Games
Microsoft Office
Microsoft Silverlight
Microsoft Visual Studio
Microsoft Visual Studio 8
Microsoft Works
Microsoft.NET
Motorola
Movie Maker
Mozilla Firefox
MSBuild
MSXML 4.0
muvee Technologies
NVIDIA Corporation
PC Connectivity Solution
QuickTime
Realtek
Reference Assemblies
Samsung
Services en ligne
Sierra Entertainment
SoundSpectrum
Synaptics
think3
TmNationsForever
Uninstall Information
Veoh Networks
VideoLAN
Windows Calendar
Windows Collaboration
Windows Defender
Windows Journal
Windows Live
Windows Live SkyDrive
Windows Mail
Windows Media Player
Windows NT
Windows Photo Gallery
Windows Portable Devices
Windows Sidebar
WinRAR
WinTV
WinZip

============
Drive C:
============

$RECYCLE.BIN
AD-R.exe
Ad-Remover
Ad-Report-CLEAN[1].log
Ad-Report-SCAN[1].log
authlic.dat
Autodesk
autoexec.bat
boot
bootmgr
config.sys
CVS
Documents and Settings
hiberfil.sys
HP
IPH.PH
Kill'em
List'em.txt
MSOCache
MyTraining
NVIDIA
pagefile.sys
PerfLogs
Program Files
ProgramData
sqmdata00.sqm
sqmdata01.sqm
sqmdata02.sqm
sqmdata03.sqm
sqmdata04.sqm
sqmdata05.sqm
sqmdata06.sqm
sqmdata07.sqm
sqmdata08.sqm
sqmdata09.sqm
sqmdata10.sqm
sqmdata11.sqm
sqmdata12.sqm
sqmdata13.sqm
sqmdata14.sqm
sqmnoopt00.sqm
sqmnoopt01.sqm
sqmnoopt02.sqm
sqmnoopt03.sqm
sqmnoopt04.sqm
sqmnoopt05.sqm
sqmnoopt06.sqm
sqmnoopt07.sqm
sqmnoopt08.sqm
sqmnoopt09.sqm
sqmnoopt10.sqm
sqmnoopt11.sqm
sqmnoopt12.sqm
sqmnoopt13.sqm
sqmnoopt14.sqm
SWSETUP
System Volume Information
System.sav
Users
Windows

¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

C:\Program Files\Microsoft Works\Install.exe
C:\SWSETUP\MSWorks\FR\Install.exe
C:\SWSETUP\MSWorks\FR\PFiles\MSWorks\Install.exe
F:\MP2_Install\Install.exe

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 15:17:01,17
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 25
yoyo170
 
Puis-je passer à la seconde étape ?
Merci d'avance
0
Réponse 6 / 25
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
il y'a deux étapes a effrectuer

▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :

▶ choisis l'option 2 = Mode Suppression

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

▶ colle le contenu dans ta réponse

ensuite :

▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
mais cette fois-ci :

▶ choisis l'option 6 = Restore MBR

laisse travailler l'outil.

en fin de scan un rapport s'ouvre

▶ colle le contenu dans ta réponse
0
Réponse 7 / 25
yoyo170
 
merci Benurrr
ci-joint les rapports :
Kill'em by g3n-h@ckm@n 1.2.5.3

User : Yoan (Administrateurs)
Update on 19/02/2010 by g3n-h@ckm@n ::::: 13.15
Start at: 16:54:52 | 21/02/2010
Contact : https://forums.commentcamarche.net/forum/virus-securite-7

Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 137,26 Go (37,8 Go free) [OS] | NTFS
D:\ -> Disque fixe local | 149,05 Go (14,75 Go free) [DATA] | NTFS
E:\ -> Disque fixe local | 11,79 Go (2,14 Go free) [HP_RECOVERY] | NTFS
F:\ -> Disque CD-ROM | 4,07 Go (0 Mo free) [Apr 03 06 21:58] | UDF
G:\ -> Disque CD-ROM
H:\ -> Disque CD-ROM
I:\ -> Disque amovible | 1,97 Go (368,19 Mo free) | FAT
J:\ -> Disque amovible | 15,03 Go (6,42 Go free) [IPOD YO YO] | FAT32

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\QTTask.exe
D:\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Yoan\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\Yoan\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\List_Kill'em\List_Kill'em.scr
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Yoan\AppData\Local\Temp\C6FA.tmp\ERUNT.EXE
C:\Users\Yoan\AppData\Local\Temp\C6FA.tmp\pv.exe

Detections :
==========

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\Windows\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\Users\Yoan\AppData\Roaming\4412.tmp
Quarantined & Deleted !! : C:\Users\Yoan\AppData\Roaming\A44D.tmp
Quarantined & Deleted !! : C:\Users\Yoan\AppData\Roaming\DE71.tmp
Quarantined & Deleted !! : C:\Users\Yoan\AppData\Roaming\SystemProc
Quarantined & Deleted !! : C:\Users\Yoan\Local Settings\Temp\alm.log
Quarantined & Deleted !! : C:\Users\Yoan\Local Settings\Temp\amt.log
Quarantined & Deleted !! : C:\Users\Yoan\Local Settings\Temp\url.txt
Quarantined & Deleted !! : C:\Users\Yoan\Local Settings\Temp\_4.log
Quarantined & Deleted !! : C:\Users\Yoan\LOCAL Settings\Temp\09393D62-FA46-408b-9A69-833FB7E70874.exe
Quarantined & Deleted !! : C:\Users\Yoan\LOCAL Settings\Temp\DivXInstaller.exe
Quarantined & Deleted !! : C:\Users\Yoan\LOCAL Settings\Temp\FP_PL_MSI_INSTALLER.exe
Quarantined & Deleted !! : C:\Users\Yoan\LOCAL Settings\Temp\GoogleUpdate.exe374b91
Quarantined & Deleted !! : C:\Users\Yoan\LOCAL Settings\Temp\HPQSi.exe
Quarantined & Deleted !! : C:\Users\Yoan\LOCAL Settings\Temp\msgD179.exe
Quarantined & Deleted !! : C:\Users\Yoan\LOCAL Settings\Temp\rlfkow.exe
Quarantined & Deleted !! : C:\Users\Yoan\LOCAL Settings\Temp\WinZip-12.1.exe
Quarantined & Deleted !! : C:\Users\Yoan\LOCAL Settings\Temp\wlsetup-cvr.exe
Quarantined & Deleted !! : C:\Users\Yoan\LOCAL Settings\Temp\DefInstAction.dat
Quarantined & Deleted !! : C:\Users\Yoan\LOCAL Settings\Temp\FW_Register_Plugin_Action.dat
Quarantined & Deleted !! : C:\Users\Yoan\LOCAL Settings\Temp\QBackupInst.dat
Quarantined & Deleted !! : C:\Users\Yoan\LOCAL Settings\Temp\srtspse.dat
Quarantined & Deleted !! : C:\Users\Yoan\LOCAL Settings\Temp\srtspso.dat
Quarantined & Deleted !! : C:\Users\Yoan\LOCAL Settings\Temp\srtspsp.dat
Quarantined & Deleted !! : C:\Users\Yoan\LOCAL Settings\Temp\drm_dialogs.dll
Quarantined & Deleted !! : C:\Users\Yoan\LOCAL Settings\Temp\drm_dyndata_7290008.dll
Quarantined & Deleted !! : C:\Users\Yoan\LOCAL Settings\Temp\drm_dyndata_7340014.dll
Quarantined & Deleted !! : C:\Users\Yoan\LOCAL Settings\Temp\goopdate.dll374ba0
Quarantined & Deleted !! : C:\Users\Yoan\LOCAL Settings\Temp\goopdateres_fr.dll374bc0

==============
host file OK !
==============

========
Registry
========

========
Services
=========

Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
============

=================
anti-ver blaster : OK !!
=================

================
Prefetch cleaned
================

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
0
Réponse 8 / 25
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

Tutoriel pour t'aider

https://forum.pcastuces.com/randoms_system_information_tool_rsit-f31s31.htm
0
Réponse 9 / 25
yoyo170 Messages postés 7 Statut Membre
 
ci-joint le rapport RSIT :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Yoan at 2010-02-21 17:38:19
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 39 GB (28%) free of 141 GB
Total RAM: 3070 MB (47% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{24E665EE-AC97-4FB6-9D81-6C2346F8DD7F}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-12-18 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2007-07-30 1086816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-05-18 770048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2009-12-18 320928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2007-07-30 1086816]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-05-18 770048]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2009-12-18 320928]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2009-04-03 429816]
{52836EB0-631A-47B1-94A6-61F9D9112DAE} - Veoh Video Compass - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll [2009-02-14 404216]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-17 4702208]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-07-25 174616]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-19 202032]
"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-09-04 554320]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-09-13 480560]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-08 311296]
""= []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2009-12-18 624056]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-09-13 222504]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"NPSStartup"= []
"iTunesHelper"=D:\iTunesHelper.exe [2009-10-28 141600]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-12-18 40368]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"ares"=C:\Program Files\Ares\Ares.exe -h []
"liberiwo"=C:\Users\Yoan\AppData\Local\bcvrbw\vxntsftav.exe [2010-02-19 278784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2009-12-18 624056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-12-18 40368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\Program Files\Common Files\Symantec Shared\ccApp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2007-10-01 1783136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-08-23 455968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\Windows\system32\NvCpl.dll [2009-11-20 12685928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2009-11-20 110184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
C:\Program Files\HP\QuickPlay\QPService.exe [2007-09-30 181544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-01-17 634880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-09-13 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\ADOBEC~1.EXE [2009-12-18 738776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Acrobat.lnk]
C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2009-04-04 295606]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SketchBook Snapshot.lnk - C:\Program Files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe

C:\Users\Yoan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Outil de notification Live Search.lnk - C:\Users\Yoan\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\System32\d3d10level932.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14d9fdfd-2a86-11dd-8bbd-001e68267804}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b5d8d56-f8d0-11dd-956e-001e68267804}]
shell\Auto\command - G:\RavMonE.exe e
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36869884-c5bd-11dd-9f91-001e68267804}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\demarrer.html

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{382d2f93-83c5-11dd-90f9-001e68267804}]
shell\AutoRun\command - G:\memorybar.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58781b96-2510-11dd-a79c-001e68267804}]
shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cd81091-c750-11dd-b46d-001e68267804}]
shell\AutoRun\command - G:\ClickMe.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f385cd1a-9e71-11dd-abf5-001e68267804}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6c7b00a-197d-11df-974c-001e68267804}]
shell\AutoRun\command - G:\autorun.exe
shell\directx\command - G:\DirectX9\dxsetup.exe
shell\setup\command - G:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f70cafa3-8246-11dd-b48e-001e68267804}]
shell\AutoRun\command - G:\setupSNK.exe

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2010-02-21 17:38:19 ----D---- C:\rsit
2010-02-21 17:38:19 ----D---- C:\Program Files\trend micro
2010-02-21 17:27:41 ----D---- C:\Kill'em
2010-02-21 16:54:51 ----A---- C:\Kill'em.txt
2010-02-21 15:35:24 ----D---- C:\Program Files\CCleaner
2010-02-21 14:36:22 ----A---- C:\List'em.txt
2010-02-21 14:35:43 ----D---- C:\Program Files\List_Kill'em
2010-02-21 12:11:31 ----D---- C:\Ad-Remover
2010-02-21 12:09:13 ----A---- C:\AD-R.exe
2010-02-20 18:35:54 ----D---- C:\Users\Yoan\AppData\Roaming\Malwarebytes
2010-02-20 18:35:44 ----D---- C:\ProgramData\Malwarebytes
2010-02-20 18:35:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-20 16:54:11 ----A---- C:\Windows\ntbtlog.txt
2010-02-14 18:37:13 ----A---- C:\Windows\system32\d3dx9_2532.dll
2010-02-14 18:37:09 ----A---- C:\Windows\system32\d3d10level932.dll
2010-02-14 16:29:20 ----D---- C:\Program Files\DAEMON Tools Lite
2010-02-14 16:28:55 ----D---- C:\Users\Yoan\AppData\Roaming\DAEMON Tools Lite
2010-02-14 16:28:52 ----D---- C:\ProgramData\DAEMON Tools Lite
2010-02-11 10:56:04 ----D---- C:\Users\Yoan\AppData\Roaming\download
2010-02-10 12:57:06 ----A---- C:\Windows\system32\xinput1_1.dll
2010-02-10 12:57:06 ----A---- C:\Windows\system32\xactengine2_1.dll
2010-02-10 12:56:23 ----A---- C:\Windows\system32\d3dx9_30.dll
2010-02-10 12:56:21 ----A---- C:\Windows\system32\xactengine2_0.dll
2010-02-10 12:56:21 ----A---- C:\Windows\system32\x3daudio1_0.dll
2010-02-10 12:56:12 ----A---- C:\Windows\system32\d3dx9_28.dll
2010-02-10 12:56:04 ----A---- C:\Windows\system32\d3dx9_27.dll
2010-02-10 12:55:59 ----A---- C:\Windows\system32\d3dx9_26.dll
2010-02-10 12:55:59 ----A---- C:\Windows\system32\d3dx9_25.dll
2010-02-10 12:55:58 ----A---- C:\Windows\system32\d3dx9_24.dll
2010-02-10 12:55:24 ----D---- C:\Windows\85EBB28365AF4C539EBE7C0A232762F7.TMP
2010-02-10 12:48:30 ----D---- C:\Program Files\Sierra Entertainment
2010-02-10 12:45:39 ----D---- C:\Users\Yoan\AppData\Roaming\InstallShield
2010-02-10 10:19:44 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-10 10:19:44 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-10 10:19:25 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 10:19:24 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 10:19:24 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 10:19:24 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 10:19:24 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 10:19:24 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 10:19:24 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 10:19:23 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 10:19:23 ----A---- C:\Windows\system32\avifil32.dll
2010-02-09 00:42:39 ----D---- C:\Users\Yoan\AppData\Roaming\Command & Conquer 3 Tiberium Wars Demo
2010-02-09 00:41:20 ----A---- C:\Windows\system32\d3dx9_32.dll
2010-02-09 00:41:18 ----A---- C:\Windows\system32\d3dx9_29.dll
2010-02-08 20:33:22 ----D---- C:\Program Files\WinZip
2010-01-31 16:10:30 ----A---- C:\Windows\system32\dxqhxnll.dll
2010-01-31 16:10:12 ----A---- C:\Windows\system32\dckicgbd.dll
2010-01-22 19:28:08 ----A---- C:\Windows\system32\t2embed.dll
2010-01-22 19:28:08 ----A---- C:\Windows\system32\fontsub.dll
2010-01-22 19:28:04 ----A---- C:\Windows\system32\mshtml.dll
2010-01-22 19:28:03 ----A---- C:\Windows\system32\ieframe.dll
2010-01-22 19:28:02 ----A---- C:\Windows\system32\wininet.dll
2010-01-22 19:28:02 ----A---- C:\Windows\system32\urlmon.dll
2010-01-22 19:28:02 ----A---- C:\Windows\system32\iertutil.dll
2010-01-22 19:28:01 ----A---- C:\Windows\system32\occache.dll
2010-01-22 19:28:01 ----A---- C:\Windows\system32\msfeedssync.exe
2010-01-22 19:28:01 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-22 19:28:01 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-22 19:28:01 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-22 19:28:01 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-22 19:28:01 ----A---- C:\Windows\system32\ieui.dll
2010-01-22 19:28:01 ----A---- C:\Windows\system32\iesysprep.dll
2010-01-22 19:28:01 ----A---- C:\Windows\system32\iesetup.dll
2010-01-22 19:28:01 ----A---- C:\Windows\system32\iernonce.dll
2010-01-22 19:28:01 ----A---- C:\Windows\system32\iepeers.dll
2010-01-22 19:28:01 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-22 19:28:01 ----A---- C:\Windows\system32\ie4uinit.exe

======List of files/folders modified in the last 1 months======

2010-02-21 17:38:19 ----RD---- C:\Program Files
2010-02-21 17:38:17 ----D---- C:\Windows\Temp
2010-02-21 17:28:57 ----D---- C:\Program Files\Mozilla Firefox
2010-02-21 17:25:52 ----D---- C:\Windows\Debug
2010-02-21 17:25:52 ----A---- C:\autoexec.bat
2010-02-21 17:25:44 ----SD---- C:\Windows\Downloaded Program Files
2010-02-21 14:36:43 ----D---- C:\Windows\System32
2010-02-21 14:36:43 ----D---- C:\Windows\inf
2010-02-21 14:36:43 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-21 13:02:10 ----D---- C:\Windows\Prefetch
2010-02-21 13:00:17 ----HD---- C:\ProgramData
2010-02-20 18:50:44 ----RSD---- C:\Windows\Fonts
2010-02-20 18:50:44 ----D---- C:\Windows\system32\drivers
2010-02-20 16:54:11 ----D---- C:\Windows
2010-02-19 17:39:38 ----D---- C:\Users\Yoan\AppData\Roaming\Adobe
2010-02-19 02:20:07 ----SHD---- C:\System Volume Information
2010-02-17 16:37:24 ----D---- C:\Users\Yoan\AppData\Roaming\LimeWire
2010-02-14 19:23:36 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-14 19:23:28 ----RSD---- C:\Windows\assembly
2010-02-14 19:22:39 ----SHD---- C:\Windows\Installer
2010-02-14 19:13:38 ----D---- C:\Program Files\Microsoft Games
2010-02-14 16:29:47 ----D---- C:\Windows\system32\catroot2
2010-02-10 13:58:38 ----D---- C:\Windows\winsxs
2010-02-10 13:48:26 ----D---- C:\Windows\system32\catroot
2010-02-10 13:43:40 ----D---- C:\Program Files\Windows Mail
2010-02-10 13:04:02 ----D---- C:\ProgramData\Microsoft Help
2010-02-10 12:55:21 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-02-09 13:34:08 ----D---- C:\Windows\system32\WDI
2010-02-09 01:39:30 ----D---- C:\Windows\system32\Tasks
2010-02-09 00:37:10 ----D---- C:\Program Files\Electronic Arts
2010-02-08 20:33:54 ----D---- C:\ProgramData\WinZip
2010-02-06 20:10:55 ----D---- C:\Program Files\Internet Explorer
2010-02-01 20:26:20 ----A---- C:\Windows\system32\mrt.exe
2010-01-25 15:15:20 ----D---- C:\Users\Yoan\AppData\Roaming\Apple Computer
2010-01-25 09:27:23 ----D---- C:\ProgramData\Apple
2010-01-25 01:03:48 ----D---- C:\ProgramData\Adobe
2010-01-22 20:09:51 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-22 20:08:59 ----D---- C:\Windows\system32\migration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-22 1950552]
R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-31 2252800]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-11-21 11515752]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-09-18 98816]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2007-01-17 983936]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 aj7i5tv6;aj7i5tv6; C:\Windows\system32\drivers\aj7i5tv6.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 catchme;catchme; \??\C:\Users\Yoan\AppData\Local\Temp\catchme.sys []
S3 dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 Dot4Scan;Pilote de classe Scanneur pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2008-01-19 10752]
S3 dot4usb;Filtre Dot4USB Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 mbr;mbr; \??\C:\Users\Yoan\AppData\Local\Temp\mbr.sys []
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Pilote de carte Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 xnacc;Contrôleur XBOX 360 pour le service de pilote Windows; C:\Windows\system32\DRIVERS\xnacc.sys [2008-01-19 521216]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2007-08-28 55808]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-03-31 233472]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-07-25 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-08-23 79136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-11-20 122984]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-09-30 271760]
R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-09-30 112016]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-05-18 654848]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S2 pr2agqwc;Loki Drivers Auto Removal (pr2agqwc); C:\Windows\system32\pr2agqwc.exe [2007-05-18 407152]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2009-08-27 238328]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-05-20 322032]

-----------------EOF-----------------
0
Réponse 10 / 25
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
Télécharge UsbFix de C_XX & Chiquitine29

http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

• Double clic sur "UsbFix.exe" présent sur ton bureau ( clic droit "exécuter en tant qu'administrateur" pour Vista & 7 )

• Choisis l'option F pour français et tape sur [entrée] .

Choisis l'option 1 ( Recherche ) et tape sur [entrée] .

• Laisse travailler l'outil.

• Ensuite poste le rapport UsbFix.txt qui apparaitra.

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
Réponse 11 / 25
yoyo170 Messages postés 7 Statut Membre
 
Ci-Joint le rapport :

############################## | UsbFix V6.097 |

User : Yoan (Administrateurs) # BANDINI-YOAN
Update on 20/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 18:56:09 | 21/02/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 137,26 Go (40,45 Go free) [OS] # NTFS
D:\ -> Disque fixe local # 149,05 Go (14,75 Go free) [DATA] # NTFS
E:\ -> Disque fixe local # 11,79 Go (2,14 Go free) [HP_RECOVERY] # NTFS
F:\ -> Disque CD-ROM # 4,07 Go (0 Mo free) [Apr 03 06 21:58] # UDF
G:\ -> Disque CD-ROM
H:\ -> Disque CD-ROM
I:\ -> Disque amovible # 1,97 Go (368,19 Mo free) # FAT
J:\ -> Disque amovible # 15,03 Go (6,42 Go free) [IPOD YO YO] # FAT32

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\QTTask.exe
D:\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Yoan\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\Yoan\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## | Elements infectieux |

D:\DATA

################## | Registre |

################## | Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{14d9fdfd-2a86-11dd-8bbd-001e68267804}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

HKCU\..\..\Explorer\MountPoints2\{2b5d8d56-f8d0-11dd-956e-001e68267804}
shell\Auto\command =G:\RavMonE.exe e
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\RavMonE.exe e

HKCU\..\..\Explorer\MountPoints2\{36869884-c5bd-11dd-9f91-001e68267804}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\demarrer.html

HKCU\..\..\Explorer\MountPoints2\{382d2f93-83c5-11dd-90f9-001e68267804}
shell\AutoRun\command =G:\memorybar.exe

HKCU\..\..\Explorer\MountPoints2\{58781b96-2510-11dd-a79c-001e68267804}
shell\AutoRun\command =wd_windows_tools\setup.exe

HKCU\..\..\Explorer\MountPoints2\{8cd81091-c750-11dd-b46d-001e68267804}
shell\AutoRun\command =G:\ClickMe.exe

HKCU\..\..\Explorer\MountPoints2\{f385cd1a-9e71-11dd-abf5-001e68267804}
shell\Auto\command =AdobeR.exe e
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

HKCU\..\..\Explorer\MountPoints2\{f6c7b00a-197d-11df-974c-001e68267804}
shell\AutoRun\command =G:\autorun.exe
shell\directx\command =G:\DirectX9\dxsetup.exe
shell\setup\command =G:\setup.exe

HKCU\..\..\Explorer\MountPoints2\{f70cafa3-8246-11dd-b48e-001e68267804}
shell\AutoRun\command =G:\setupSNK.exe

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné !

################## | ! Fin du rapport # UsbFix V6.097 ! |
0
Réponse 12 / 25
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
Suppression

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe......) susceptibles d'avoir été infectés sans les ouvrir

(1) Double clic sur le raccourci UsbFix présent sur ton bureau

(2) Choisi l option 2 ( Suppression )

Ton bureau disparaitra et le pc redémarrera .

Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.

Ensuite poste le rapport UsbFix.txt qui apparaitra avec le bureau .

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
0
Réponse 13 / 25
yoyo170 Messages postés 7 Statut Membre
 
Ci-joint le rapport :

############################## | UsbFix V6.097 |

User : Yoan (Administrateurs) # BANDINI-YOAN
Update on 20/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 19:26:27 | 21/02/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 137,26 Go (43,05 Go free) [OS] # NTFS
D:\ -> Disque fixe local # 149,05 Go (14,75 Go free) [DATA] # NTFS
E:\ -> Disque fixe local # 11,79 Go (2,14 Go free) [HP_RECOVERY] # NTFS
F:\ -> Disque CD-ROM # 4,07 Go (0 Mo free) [Apr 03 06 21:58] # UDF
G:\ -> Disque CD-ROM
H:\ -> Disque CD-ROM

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\runonce.exe
C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\conime.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\DrvInst.exe
C:\Windows\System32\rundll32.exe

################## | Elements infectieux |

Supprimé ! C:\$Recycle.Bin\S-1-5-21-1623765812-1753939175-1515361805-500
Supprimé ! C:\$Recycle.Bin\S-1-5-21-2099339373-4272136863-904444506-1000
Supprimé ! C:\$Recycle.Bin\S-1-5-21-2099339373-4272136863-904444506-500
Supprimé ! D:\DATA
Supprimé ! D:\$Recycle.Bin\S-1-5-21-2099339373-4272136863-904444506-1000
Supprimé ! D:\$Recycle.Bin\S-1-5-21-2099339373-4272136863-904444506-500
Supprimé ! E:\$Recycle.Bin\S-1-5-21-2099339373-4272136863-904444506-1000
Supprimé ! E:\$Recycle.Bin\S-1-5-21-2099339373-4272136863-904444506-500

################## | Registre |

################## | Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{14d9fdfd-2a86-11dd-8bbd-001e68267804}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{2b5d8d56-f8d0-11dd-956e-001e68267804}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{36869884-c5bd-11dd-9f91-001e68267804}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{382d2f93-83c5-11dd-90f9-001e68267804}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{58781b96-2510-11dd-a79c-001e68267804}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{8cd81091-c750-11dd-b46d-001e68267804}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{f385cd1a-9e71-11dd-abf5-001e68267804}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{f6c7b00a-197d-11df-974c-001e68267804}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{f70cafa3-8246-11dd-b48e-001e68267804}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[21/02/2010 12:09|--a------|1263511] C:\AD-R.exe
[21/02/2010 13:03|--a------|12431] C:\Ad-Report-CLEAN[1].log
[21/02/2010 12:37|--a------|12266] C:\Ad-Report-SCAN[1].log
[29/11/2009 22:01|--a------|49] C:\authlic.dat
[21/02/2010 17:25|--a------|4] C:\autoexec.bat
[11/04/2009 07:36|-rahs----|333257] C:\bootmgr
[18/09/2006 22:43|--a------|10] C:\config.sys
[?|?|?] C:\hiberfil.sys
[27/11/2007 00:24|--ah-----|360] C:\IPH.PH
[21/02/2010 17:25|--a------|6998] C:\Kill'em.txt
[21/02/2010 15:17|--a------|24798] C:\List'em.txt
[?|?|?] C:\pagefile.sys
[21/02/2010 19:32|--a------|5107] C:\UsbFix.txt
[07/10/1999 13:36|--a------|62976] D:\3dfx.dll
[26/10/2009 08:38|--a------|59083] D:\Acknowledgements.rtf
[05/03/2008 15:30|---------|1348242] D:\Apr2005_d3dx9_25_x64.cab
[05/03/2008 15:30|---------|1079850] D:\Apr2005_d3dx9_25_x86.cab
[05/03/2008 15:30|---------|1398718] D:\Apr2006_d3dx9_30_x64.cab
[05/03/2008 15:30|---------|1116109] D:\Apr2006_d3dx9_30_x86.cab
[05/03/2008 15:30|---------|917318] D:\Apr2006_MDX1_x86.cab
[05/03/2008 15:30|---------|4163518] D:\Apr2006_MDX1_x86_Archive.cab
[05/03/2008 15:30|---------|180021] D:\Apr2006_XACT_x64.cab
[05/03/2008 15:30|---------|133991] D:\Apr2006_XACT_x86.cab
[05/03/2008 15:30|---------|87989] D:\Apr2006_xinput_x64.cab
[05/03/2008 15:30|---------|46898] D:\Apr2006_xinput_x86.cab
[05/03/2008 15:30|---------|702212] D:\APR2007_d3dx10_33_x64.cab
[05/03/2008 15:30|---------|699465] D:\APR2007_d3dx10_33_x86.cab
[05/03/2008 15:30|---------|1610958] D:\APR2007_d3dx9_33_x64.cab
[05/03/2008 15:30|---------|1609639] D:\APR2007_d3dx9_33_x86.cab
[05/03/2008 15:30|---------|199366] D:\APR2007_XACT_x64.cab
[05/03/2008 15:30|---------|154825] D:\APR2007_XACT_x86.cab
[05/03/2008 15:30|---------|100417] D:\APR2007_xinput_x64.cab
[05/03/2008 15:30|---------|56902] D:\APR2007_xinput_x86.cab
[05/03/2008 15:30|---------|1351430] D:\Aug2005_d3dx9_27_x64.cab
[05/03/2008 15:30|---------|1078532] D:\Aug2005_d3dx9_27_x86.cab
[05/03/2008 15:30|---------|183863] D:\AUG2006_XACT_x64.cab
[05/03/2008 15:30|---------|138195] D:\AUG2006_XACT_x86.cab
[05/03/2008 15:30|---------|88102] D:\AUG2006_xinput_x64.cab
[05/03/2008 15:30|---------|47018] D:\AUG2006_xinput_x86.cab
[05/03/2008 15:30|---------|855886] D:\AUG2007_d3dx10_35_x64.cab
[05/03/2008 15:30|---------|800467] D:\AUG2007_d3dx10_35_x86.cab
[05/03/2008 15:30|---------|1803760] D:\AUG2007_d3dx9_35_x64.cab
[05/03/2008 15:30|---------|1711752] D:\AUG2007_d3dx9_35_x86.cab
[05/03/2008 15:30|---------|201696] D:\AUG2007_XACT_x64.cab
[05/03/2008 15:30|---------|156612] D:\AUG2007_XACT_x86.cab
[05/03/2008 15:30|---------|1156363] D:\BDANT.cab
[05/03/2008 15:30|---------|976020] D:\BDAXP.cab
[07/10/1999 13:15|-ra------|172032] D:\binkw32.dll
[28/10/2009 20:21|--a------|722160] D:\CDDBControlApple.dll
[07/10/1999 13:36|--a------|80384] D:\d3ddll.dll
[07/10/1999 13:15|-ra------|56832] D:\D3DPoly.dll
[05/03/2008 15:30|---------|1358864] D:\Dec2005_d3dx9_28_x64.cab
[05/03/2008 15:30|---------|1080344] D:\Dec2005_d3dx9_28_x86.cab
[05/03/2008 15:30|---------|213767] D:\DEC2006_d3dx10_00_x64.cab
[05/03/2008 15:30|---------|192680] D:\DEC2006_d3dx10_00_x86.cab
[05/03/2008 15:30|---------|1572114] D:\DEC2006_d3dx9_32_x64.cab
[05/03/2008 15:30|---------|1575336] D:\DEC2006_d3dx9_32_x86.cab
[05/03/2008 15:30|---------|193435] D:\DEC2006_XACT_x64.cab
[05/03/2008 15:30|---------|146559] D:\DEC2006_XACT_x86.cab
[07/10/1999 13:15|-ra------|39424] D:\DMAGlide.dll
[07/10/1999 13:15|-ra------|60416] D:\Dmavideo.dll
[05/03/2008 15:30|---------|97288] D:\DSETUP.dll
[05/03/2008 15:30|---------|1694728] D:\dsetup32.dll
[05/03/2008 15:30|---------|47596] D:\dxdllreg_x86.cab
[05/03/2008 15:30|---------|13265040] D:\dxnt.cab
[05/03/2008 15:30|---------|527880] D:\DXSETUP.exe
[05/03/2008 15:30|---------|97396] D:\dxupdate.cab
[05/03/2008 15:30|---------|1248387] D:\Feb2005_d3dx9_24_x64.cab
[05/03/2008 15:30|---------|1014113] D:\Feb2005_d3dx9_24_x86.cab
[05/03/2008 15:30|---------|1363684] D:\Feb2006_d3dx9_29_x64.cab
[05/03/2008 15:30|---------|1085608] D:\Feb2006_d3dx9_29_x86.cab
[05/03/2008 15:30|---------|179247] D:\Feb2006_XACT_x64.cab
[05/03/2008 15:30|---------|133297] D:\Feb2006_XACT_x86.cab
[05/03/2008 15:30|---------|198275] D:\FEB2007_XACT_x64.cab
[05/03/2008 15:30|---------|151583] D:\FEB2007_XACT_x86.cab
[29/04/2004 10:27|--a------|479232] D:\gta2 manager.exe
[27/04/2004 14:29|--a------|1667072] D:\gta2.exe
[28/10/2009 20:21|--a------|648480] D:\iPodUpdaterExt.dll
[28/10/2009 20:21|--a------|111912] D:\ITDetector.ocx
[28/10/2009 20:21|--a------|14769448] D:\iTunes.dll
[28/10/2009 20:21|--a------|10358048] D:\iTunes.exe
[28/10/2009 20:21|--a------|384800] D:\iTunesAdmin.dll
[28/10/2009 20:21|--a------|211232] D:\iTunesHelper.dll
[28/10/2009 20:21|--a------|141600] D:\iTunesHelper.exe
[28/10/2009 20:21|--a------|124192] D:\iTunesMiniPlayer.dll
[28/10/2009 20:21|--a------|294688] D:\iTunesOutlookAddIn.dll
[28/10/2009 20:21|--a------|292640] D:\iTunesPhotoProcessor.exe
[05/03/2008 15:30|---------|1336890] D:\Jun2005_d3dx9_26_x64.cab
[05/03/2008 15:30|---------|1065813] D:\Jun2005_d3dx9_26_x86.cab
[05/03/2008 15:30|---------|181745] D:\JUN2006_XACT_x64.cab
[05/03/2008 15:30|---------|134631] D:\JUN2006_XACT_x86.cab
[05/03/2008 15:30|---------|702644] D:\JUN2007_d3dx10_34_x64.cab
[05/03/2008 15:30|---------|702072] D:\JUN2007_d3dx10_34_x86.cab
[05/03/2008 15:30|---------|1611374] D:\JUN2007_d3dx9_34_x64.cab
[05/03/2008 15:30|---------|1610886] D:\JUN2007_d3dx9_34_x86.cab
[05/03/2008 15:30|---------|200722] D:\JUN2007_XACT_x64.cab
[05/03/2008 15:30|---------|156509] D:\JUN2007_XACT_x86.cab
[05/03/2008 15:30|---------|848132] D:\Mar2008_d3dx10_37_x64.cab
[05/03/2008 15:30|---------|821508] D:\Mar2008_d3dx10_37_x86.cab
[05/03/2008 15:30|---------|1773110] D:\Mar2008_d3dx9_37_x64.cab
[05/03/2008 15:30|---------|1446530] D:\Mar2008_d3dx9_37_x86.cab
[05/03/2008 15:30|---------|58306] D:\Mar2008_X3DAudio_x64.cab
[05/03/2008 15:30|---------|25115] D:\Mar2008_X3DAudio_x86.cab
[05/03/2008 15:30|---------|125584] D:\Mar2008_XACT_x64.cab
[05/03/2008 15:30|---------|96982] D:\Mar2008_XACT_x86.cab
[05/03/2008 15:30|---------|254442] D:\Mar2008_XAudio_x64.cab
[05/03/2008 15:30|---------|229498] D:\Mar2008_XAudio_x86.cab
[07/10/1999 13:15|-ra------|331776] D:\mss32.dll
[07/10/1999 13:12|-ra------|49152] D:\MSSDS3DH.M3D
[05/03/2008 15:30|---------|867848] D:\NOV2007_d3dx10_36_x64.cab
[05/03/2008 15:30|---------|807132] D:\NOV2007_d3dx10_36_x86.cab
[05/03/2008 15:30|---------|1805306] D:\NOV2007_d3dx9_36_x64.cab
[05/03/2008 15:30|---------|1712608] D:\NOV2007_d3dx9_36_x86.cab
[05/03/2008 15:30|---------|49392] D:\NOV2007_X3DAudio_x64.cab
[05/03/2008 15:30|---------|21744] D:\NOV2007_X3DAudio_x86.cab
[05/03/2008 15:30|---------|200010] D:\NOV2007_XACT_x64.cab
[05/03/2008 15:30|---------|151512] D:\NOV2007_XACT_x86.cab
[05/03/2008 15:30|---------|86925] D:\Oct2005_xinput_x64.cab
[05/03/2008 15:30|---------|46247] D:\Oct2005_xinput_x86.cab
[05/03/2008 15:30|---------|1413862] D:\OCT2006_d3dx9_31_x64.cab
[05/03/2008 15:30|---------|1128177] D:\OCT2006_d3dx9_31_x86.cab
[05/03/2008 15:30|---------|183321] D:\OCT2006_XACT_x64.cab
[05/03/2008 15:30|---------|138977] D:\OCT2006_XACT_x86.cab
[07/10/1999 13:15|-ra------|452188] D:\Polygon.dll
[29/04/2004 10:47|--a------|5516] D:\readme.txt
[26/04/2002 14:49|--a------|5694] D:\rockstar.ico
[11/09/2005 16:18|---hs----|340] E:\AUTOMODE
[08/05/2008 16:34|---hs----|13] E:\BLOCK.RIN
[04/10/2006 00:02|---hs----|438328] E:\bootmgr
[06/09/2008 12:19|---hs----|891] E:\Desktop.ini
[10/09/2002 17:14|---hs----|8134] E:\Folder.htt
[08/05/2008 16:49|--ahs----|816] E:\MASTER.LOG
[16/09/2002 15:37|---hs----|181898] E:\protect.chinese hong kong
[16/09/2002 15:37|---hs----|181916] E:\protect.chinese simplified
[16/09/2002 15:37|---hs----|181898] E:\protect.chinese traditional
[27/04/2006 17:19|---hs----|181865] E:\protect.czech
[03/11/2005 16:21|---hs----|181726] E:\protect.danish
[10/09/2002 14:56|---hs----|181605] E:\protect.dutch
[10/09/2002 14:50|---hs----|181651] E:\protect.ed
[22/11/2004 16:28|---hs----|181648] E:\protect.english
[03/11/2005 16:20|---hs----|181673] E:\protect.finnish
[03/11/2005 16:19|---hs----|181736] E:\protect.french
[03/11/2005 16:18|---hs----|181669] E:\protect.german
[23/11/2005 16:56|---hs----|182689] E:\protect.greek
[23/01/2006 10:18|---hs----|182605] E:\protect.hebrew
[28/08/2007 15:58|---hs----|181696] E:\protect.hungarian
[03/11/2005 16:17|---hs----|181554] E:\protect.italian
[10/04/2006 10:46|---hs----|182566] E:\protect.japanese
[24/11/2005 12:24|---hs----|218295] E:\protect.korean
[03/11/2005 16:15|---hs----|181578] E:\protect.norwegian
[25/04/2006 15:44|---hs----|181789] E:\protect.polish
[03/11/2005 16:13|---hs----|181624] E:\protect.portuguese
[27/10/2005 20:24|---hs----|181882] E:\protect.portuguese brazilian
[28/06/2004 09:52|---hs----|211936] E:\protect.russian
[03/11/2005 16:11|---hs----|181586] E:\protect.spanish
[10/09/2002 15:15|---hs----|181602] E:\protect.swedish
[12/08/2003 11:37|---hs----|181783] E:\protect.turkish
[04/03/2008 09:13|---hs----|0] E:\USER
[13/12/2005 14:22|-ra------|571809792] F:\AOE III DISC 1.iso
[13/12/2005 14:27|-ra------|640905216] F:\AOE III DISC 2.iso
[13/12/2005 14:28|-ra------|530524160] F:\AOE III DISC 3.iso
[13/03/2006 16:17|-ra------|752291196] F:\Reussir Ou Mourir 50 Cent FR 2006.avi
[16/02/2064 04:07|---------|0] J:\.metadata_never_index

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# E:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# J:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

################## | Upload |

Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_Bandini-Yoan.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .

################## | ! Fin du rapport # UsbFix V6.097 ! |
0
Réponse 14 / 25
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
poste un rapport hijackthis (outil de diagnostic)
Télécharge http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

--) Enregistre HJTInstall.exe sur ton bureau
--) Double-clique sur HJTInstall.exe pour lancer le programme
--) Par défaut, il s'installera içi C:\Programme Files\Trend Micro\HijackThis
--) Accepte la license en cliquant sur le bouton "I Accept"
--) Choisis l'option "Do a system scan and save a log file"
--) Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
--) Clique sur "Édition -> Sélectionner tout", puis sur "Édition -> Copier" pour copier tout le contenu du rapport
--) Colle le rapport que tu viens de copier sur ce forum
--) Ne fixe encore AUCUNE ligne,
0
Réponse 15 / 25
yoyo170 Messages postés 7 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:14:39, on 21/02/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Users\Yoan\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\Yoan\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\Yoan\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: SketchBook Snapshot.lnk = C:\Program Files\Autodesk\SketchBookPro2010\SketchBookSnapshot.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\Windows\System32\d3d10level932.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Loki Drivers Auto Removal (pr2agqwc) (pr2agqwc) - Cyanide - C:\Windows\system32\pr2agqwc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
0
Réponse 16 / 25
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
> Télécharge Dr.Web CureIt sur ton Bureau :

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
- Double clique <drweb-cureit.exe> et ensuite clique sur <Analyse>;
- Clique <Ok> à l'invite de l'analyse rapide. S'il trouve des processus infectés alors clique le bouton <Oui>.
Note : une fenêtre s'ouvrira avec options pour "Commander" ou "50% de réduction" : Quitte en cliquant le "X".
- Lorsque le scan rapide est terminé, clique sur le menu <Options> puis <Changer la configuration> ; Choisis l'onglet <Scanner>, et décoche <Analyse heuristique>. Clique ensuite sur <Ok>.
- De retour à la fenêtre principale : clique pour activer <Analyse complète>
- Clique le bouton avec flèche verte sur la droite, et le scan débutera.
- Clique <Oui> pour tout à l'invite "Désinfecter ?" lorsqu'un fichier est détecté, et ensuite clique "Désinfecter".
- Lorsque le scan sera complété, regarde si tu peux cliquer sur l' icône, adjacente aux fichiers détectés (plusieurs feuilles l'une sur l'autres). Si oui, alors clique dessus et ensuite clique sur l'icône <Suivant>, au dessous, et choisis <Déplacer en quarantaine l'objet indésirable>.
- Du menu principal de l'outil, au haut à gauche, clique sur le menu <Fichier> et choisis <Enregistrer le rapport>. Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv
- Ferme Dr.Web Cureit
- Redémarre ton ordi (important car certains fichiers peuvent être déplacés/réparés au redémarrage).
- Suite au redémarrage, poste (Copie/Colle) le contenu du rapport de Dr.Web dans ta prochaine réponse.
0
Réponse 17 / 25
yoyo170
 
Ci-joint le rapport dr.web, désolé pour le retard petit problème :

2 Gérer les vues.EXE C:\Documents and Settings\Yoan\Desktop\Didactitiel Think ID 2008.1\1 - Démarrage, administration et présentation Adware.Ezula Quarantaine.
2 Gérer les vues.EXE C:\Users\Yoan\Desktop\Didactitiel Think ID 2008.1\1 - Démarrage, administration et présentation Adware.Ezula Chemin invalide pour le fichier
0
Réponse 18 / 25
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
bonkour

pour nettoyer les fix qui ont servit

Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.
http://pc-system.fr/

Double clique sur ToolsCleaner2.exe >
puis Recherche
et sur Suppression
Note : ton bureau va disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

tu poste le rapport générer après suppression
0
Réponse 19 / 25
yoyo170 Messages postés 7 Statut Membre
 
Ci-joint le rapport ToolsCleaner :

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Ad-R.exe: trouvé !
C:\UsbFix.txt: trouvé !
C:\UsbFix: trouvé !
C:\Rsit: trouvé !
C:\Ad-remover: trouvé !
C:\Program Files\trend micro\HijackThis: trouvé !
C:\Program Files\trend micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\trend micro\HijackThis\hijackthis.log: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\Yoan\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: trouvé !
C:\Users\Yoan\Desktop\HijackThis.lnk: trouvé !
C:\Users\Yoan\Desktop\HJTInstall.exe: trouvé !
C:\Users\Yoan\Desktop\mbr.log: trouvé !
C:\Users\Yoan\Desktop\UsbFix.exe: trouvé !
C:\Users\Yoan\Desktop\Rsit.exe: trouvé !

---------------------------------
--> Suppression:

C:\Ad-R.exe: supprimé !
C:\Program Files\trend micro\HijackThis\HijackThis.exe: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: ERREUR DE SUPPRESSION !!
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: ERREUR DE SUPPRESSION !!
C:\Users\Yoan\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: supprimé !
C:\Users\Yoan\Desktop\HijackThis.lnk: supprimé !
C:\Users\Yoan\Desktop\HJTInstall.exe: supprimé !
C:\UsbFix.txt: ERREUR DE SUPPRESSION !!
C:\Program Files\trend micro\HijackThis\hijackthis.log: ERREUR DE SUPPRESSION !!
C:\Users\Yoan\Desktop\mbr.log: supprimé !
C:\Users\Yoan\Desktop\UsbFix.exe: supprimé !
C:\Users\Yoan\Desktop\Rsit.exe: supprimé !
C:\UsbFix: supprimé !
C:\Rsit: supprimé !
C:\Ad-remover: supprimé !
C:\Program Files\trend micro\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: ERREUR DE SUPPRESSION !!
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: ERREUR DE SUPPRESSION !!
0
Réponse 20 / 25
benurrr Messages postés 9766 Statut Contributeur sécurité 107
 
Ok

tu va télécharger Ccleaner http://dl.commentcamarche.net/www.commentcamarche.net/download/files/ccsetup227_slim.exe

ouvre "Ccleaner" vas dans l'onglet "Option" puis "Avancé" puis décoches "Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures."

. Puis vas dans l'onglet "Nettoyeur" fais "Analyse" puis "Lancer le nettoyage".
Puis vas dans l'onglet "Registre" puis fait "Chercher des erreurs" puis "Réparer les erreurs sélectionnée"
. Tu refais tous ca 4-5 fois (le nettoyage et le registre).

Puis reste dans "Ccleaner" puis va dans "Option" puis "Propriété" puis coches "Nettoyer automatiquement l'ordinateur au démarrage".

içi mode d'emploi pour ccleaner

https://www.malekal.com/tutoriel-ccleaner/

-----après tu redémarre

HijackThis et listkillm tu les supprime manuellement via ajout et suppression de programme

et tu refait un coup de ccleaner

ccleaner et malwarbyte tu les garde et utilise les souvent
0

Discussions similaires

Message "Un bloqueur de publicité empêche la lecture..."
pistouri -
pistouri -

0 réponse
Comment bloquer les pubs du site dailymotion?
coulterfeith -
SeigneurSidious -

13 réponses
Débloquer les vidéos Dailymotion
Ross-D -
bbb -

6 réponses
comment desactiver un bloqueur de pub
amour10 -
MPMP10 -

4 réponses
M6 Replay désactiver le bloqueur de publicité
katydel88 -
Mathieu -

14 réponses