Problemes peut etre du a un virus

Kaz62820 Messages postés 31 Statut Membre -  
 Utilisateur anonyme -
Bonjour,

Voila depuis quelques temps, mon PC est plus lent que d'habitude, crash au demarrage (souvant du a un virus que je supprime ou a une mise a jour, tout rentre dans l'ordre apres une restauration)

AUssi Firefox met du temps a démarrer, et il y a le processus svchost qui me bouffe plein de ram.

Donc j'aimerais régler ces différents problemes avec votre aide svp, il y a sans doute des virus la dessous

Voici le rapport Hijacthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:38, on 28/02/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\FSGK32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\SFR\Pack Sécurité\Common\FSHDLL32.EXE
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\SFR\Kit\9props.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fssm32.exe
C:\Program Files\SFR\Pack Sécurité\FWES\Program\fsdfwd.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsav32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ww12.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ww12.cherche.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww12.cherche.us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ww12.cherche.us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://ww12.cherche.us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 69.16.243.105 L2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: ::1 localhost
O1 - Hosts: 69.16.243.105 L2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: ::1 localhost
O1 - Hosts: 69.16.243.105 L2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: ::1 localhost
O1 - Hosts: 69.16.243.105 L2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: ::1 localhost
O1 - Hosts: 69.16.243.105 L2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: ::1 localhost
O1 - Hosts: 69.16.243.105 L2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: ::1 localhost
O1 - Hosts: 69.16.243.105 L2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: ::1 localhost
O1 - Hosts: 69.16.243.105 L2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Mirar - {3532B267-CD81-4157-8EEF-FC9196B34EC3} - C:\Windows\system32\b178.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\SFR\Pack Sécurité\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Mirar - {3532B266-CD81-4157-8EEF-FC9196B34EC3} - C:\Windows\system32\b178.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\SFR\Pack Sécurité\NRS\iescript\baselitmus.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\SFR\Kit\9props.exe" /trayicon
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: winesm32.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Recherche avec cherche.us - C:\Users\Alex\scriptjava.html
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (Ma-Config control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
O23 - Service: Findbasic Service - Unknown owner - C:\ProgramData\Findbasic\findbasic121.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 14123 bytes
Configuration: Champ	Valeur
Ordinateur	
Système d'exploitation	Microsoft Windows Vista Home Edition
Service Pack du système	Service Pack 1
DirectX	4.09.00.0904 (DirectX 9.0c)
Nom du système	PC-DE-ALEX (PC-DE-ALEX)
Nom de l'utilisateur	Alex
	
Carte mère	
Type de processeur	Unknown, 2300 MHz
Nom de la carte mère	Inconnu
Chipset de la carte mère	Inconnu
Mémoire système	3072 Mo
Type de BIOS	AMI (08/21/08)
	
Moniteur	
Carte vidéo	GeForce 8400 GS
Carte vidéo	GeForce 8400 GS
Moniteur	BenQ FP567  [15" LCD]  (1303950)
	
Multimédia	
Carte audio	Haut-parleurs (Avnex Virtual Au
Carte audio	Haut-parleurs (Realtek High Def
Carte audio	Realtek Digital Output (Realtek
	
Stockage	
Contrôleur IDE	Contrôleur IDE standard double canal PCI
Contrôleur IDE	Contrôleur IDE standard double canal PCI
Contrôleur SCSI/RAID	AYCB5Z6W IDE Controller
Contrôleur SCSI/RAID	Initiateur Microsoft iSCSI
Disque dur	WDC WD3200AAJS-22B4A0 ATA Device  (298 Go, IDE)
Disque dur	Generic USB SD Reader USB Device
Disque dur	Generic USB CF Reader USB Device
Disque dur	Generic USB SM Reader USB Device
Disque dur	Generic USB MS Reader USB Device
Lecteur optique	ATAPI DVD A  DH16A6S ATA Device
Lecteur optique	XGZK 16JG9QF8 SCSI CdRom Device
État des disques durs SMART	OK
	
Partitions	
C: (NTFS)	116075 Mo (19689 Mo libre)
D: (NTFS)	174160 Mo (173488 Mo libre)
Taille totale	283.4 Go (188.6 Go libre)
	
Entrée	
Clavier	Clavier standard PS/2
Souris	Souris Microsoft PS/2
	
Réseau	
Carte réseau	Marvell Yukon 88E8071 PCI-E Gigabit Ethernet Controller  (192.168.1.32)
	
Périphériques	
Imprimante	Envoyer à OneNote 2007
Imprimante	hp deskjet 920c
Périphérique USB	CanoScan N670U/N676U
Périphérique USB	Périphérique de stockage de masse USB
Périphérique USB	Prise en charge d'impression USB

31 réponses

  • 1
  • 2
Résumé de la discussion

Des performances lentes et des plantages au démarrage, associées à un ralentissement de Firefox et à une consommation élevée de RAM par svchost, suggèrent une infection et des modifications système. Le rapport HijackThis montre de nombreuses entrées suspectes et des modifications du navigateur, notamment des pages d'accueil et des barres de recherche redirigeant vers cherche.us inconnues. Plusieurs extensions et services apparaissent dans la liste, notamment des barres d'outils, des BHO, des tâches planifiées, ainsi que des modifications du fichier hosts et des paramètres proxy. D'autres éléments évoqués indiquent une coexistence de composants légitimes et potentiellement indésirables, ce qui suggère une infection complexe nécessitant une analyse approfondie et une remise à zéro des paramètres.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Utilisateur anonyme
     
    Bonjour

    1)Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
    https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac
    * Va dans démarrer puis panneau de configuration
    * Double Clique sur l'icône "Comptes d'utilisateurs"
    * Clique ensuite sur désactiver et valide.

    2)Télécharge R-Hosts (de S!ri) à cette adresse : http://siri.urz.free.fr/RHosts.php

    Clique sur " download ", puis télécharge le sur ton bureau

    Exécute le puis clique sur restaurer

    Confirme, puis quitte le programme.

    3)Lance hijackthis ; ici : F:\LOGICIELS\HijackThis\MARTINI.exe

    mais cette fois clic sur "Do a system scan only"

    ensuite coches les cases sur la gauche des ces lignes :
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww12.cherche.us
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cherche.us
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ww12.cherche.us
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cherche.us
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://ww12.cherche.us

    ;ensuite tu cliques sur la fenêtre "Fix cheked".
    HijackThis va te demander de confirmer que tu veux supprimer ces éléments. Cliques sur Yes (Oui) ) .

    Tuto ici:https://www.bleepingcomputer.com/tutorials/comment-utiliser-hijackthis/#RDiag

    4)Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3 ou celui ci
    http://eric71.geekstogo.com/tools/ToolBarSD.exe
    Lors du scan coupe ta connexion internet.

    * Lance l'installation du programme en exécutant le fichier téléchargé.
    * Double-clique ou (clic droit sous Vista) maintenant sur le raccourci de Toolbar-S&D.
    * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    * Choisis maintenant l'option 1. Patiente jusqu'à la fin de la recherche.
    * Poste le rapport généré. (C:\TB.txt)

    Poste les rapports au fur et à mesure;merci
    @+
    2
  2. Kaz62820 Messages postés 31 Statut Membre 2
     
    -----------\\ ToolBar S&D 1.2.9 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : AMD Athlon(tm) Dual Core Processor 4450e )
    BIOS : Default System BIOS
    USER : Alex ( Not Administrator ! )
    BOOT : Normal boot
    C:\ (Local Disk) - NTFS - Total:113 Go (Free:19 Go)
    D:\ (Local Disk) - NTFS - Total:170 Go (Free:169 Go)
    E:\ (CD or DVD)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)
    J:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
    Option : [1] ( 28/02/2010|15:07 )

    [ UAC => 0 ]

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\Program Files\DAEMON Tools Toolbar
    C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
    C:\Users\Alex\AppData\Local\Temp\nsuBF9E.tmp

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://www.msn.com/fr-fr/"
    "Local Page"="C:\\Windows\\system32\\blank.htm"
    "Default_Secondary_Page_URL"="http://ww12.cherche.us"
    "SearchMigratedDefaultURL"="http://ww12.cherche.us{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
    "Url"="https://www.msn.com/fr-fr/actualite/"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Bar"="http://www.mirarsearch.com/?useie5=1&q="

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\Users\Alex\AppData\Local\Opera\Opera\profile\bt_metadata\AGE.OF.EMPIRES.III.FRENCH+Warchieps+AsianDynasties+Crack+Keys.dat
    C:\Users\Alex\AppData\Local\Opera\Opera\profile\images\icecrack.deviantart.com.idx
    C:\Users\Alex\AppData\Local\Temp\AGE OF EMPIRES III FRENCH+Warchieps+AsianDynasties+Crack+Keys.torrent
    C:\Users\Alex\AppData\Local\Temp\MIDConverter_4.2___Crack.3715892.TPB.torrent
    C:\Users\Alex\AppData\Roaming\uTorrent\AGE.OF.EMPIRES.III.FRENCH+Warchieps+AsianDynasties+Crack+Keys.torrent
    C:\Users\Alex\Documents\Adobe_CS3_Master_Collection_(Keygen)
    C:\Users\Alex\Documents\Adobe_CS3_Master_Collection_(Keygen)\adobe-master-cs3-keygen.exe
    C:\Users\Alex\Documents\Adobe_CS3_Master_Collection_(Keygen)\Color_Finesse_serial.txt
    C:\Users\Alex\Documents\Adobe_CS3_Master_Collection_(Keygen)\file_id.diz
    C:\Users\Alex\Documents\Adobe_CS3_Master_Collection_(Keygen)\x-force.nfo

    [ UAC => 1 ]

    1 - "C:\ToolBar SD\TB_1.txt" - 28/02/2010|15:08 - Option : [1]

    -----------\\ Fin du rapport a 15:08:27,91

    Voila ^^
    1
    1. Utilisateur anonyme
       
      Re

      1)Relance Toolbar-S&D en double-cliquant(ou clic droit sous Vista) sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".

      ! Ne ferme pas la fenêtre lors de la suppression !

      Un rapport sera généré, poste son contenu ici.

      NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
      Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
      Tape explorer puis valide.

      2)As tu fais le reste;si c'est le cas poste moi un RSIT pour contôle;merci:

      Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

      -> http://images.malwareremoval.com/random/RSIT.exe

      ! Déconnecte toi et ferme toutes tes applications en cours !

      Double-clique sur " RSIT.exe " pour le lancer.

      Clic droit sous VISTA (exécuter en tant que…)

      -> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

      * Devant l'option "List files/folders created ..." , tu choisis : 2 months

      * clique ensuite sur " Continue " pour lancer l'analyse ...


      -> laisse faire le scan et ne touche pas au PC ...

      Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-notes).

      Poste le contenu de " log.txt " (c'est celui qui apparaît à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

      Important : poste un rapport, puis l'autre dans la réponse suivante ...
      Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum ...
      ( Et si "log.txt" seul, ne passe pas non plus , fais le en 2 fois ... merci ... )

      ( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit


      Poste les rapports au fur et à mesure;merci
      @+
      0
  3. Kaz62820 Messages postés 31 Statut Membre 2
     
    -----------\\ ToolBar S&D 1.2.9 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : AMD Athlon(tm) Dual Core Processor 4450e )
    BIOS : Default System BIOS
    USER : Alex ( Not Administrator ! )
    BOOT : Normal boot
    C:\ (Local Disk) - NTFS - Total:113 Go (Free:19 Go)
    D:\ (Local Disk) - NTFS - Total:170 Go (Free:169 Go)
    E:\ (CD or DVD)
    F:\ (USB)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)
    J:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
    Option : [2] ( 28/02/2010|15:15 )

    [ UAC => 1 ]

    -----------\\ SUPPRESSION

    Supprime! - C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
    Supprime! - C:\Users\Alex\AppData\Local\Temp\nsuBF9E.tmp
    Supprime! - C:\Program Files\DAEMON Tools Toolbar

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://www.msn.com/fr-fr/"
    "Local Page"="C:\\Windows\\system32\\blank.htm"
    "Default_Secondary_Page_URL"="http://ww12.cherche.us"
    "SearchMigratedDefaultURL"="http://ww12.cherche.us{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
    "Url"="https://www.msn.com/fr-fr/actualite/"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Bar"="http://www.mirarsearch.com/?useie5=1&q="
    "Start Page"="https://www.msn.com/fr-fr/"

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\Users\Alex\AppData\Local\Opera\Opera\profile\bt_metadata\AGE.OF.EMPIRES.III.FRENCH+Warchieps+AsianDynasties+Crack+Keys.dat
    C:\Users\Alex\AppData\Local\Opera\Opera\profile\images\icecrack.deviantart.com.idx
    C:\Users\Alex\AppData\Local\Temp\AGE OF EMPIRES III FRENCH+Warchieps+AsianDynasties+Crack+Keys.torrent
    C:\Users\Alex\AppData\Local\Temp\MIDConverter_4.2___Crack.3715892.TPB.torrent
    C:\Users\Alex\AppData\Roaming\uTorrent\AGE.OF.EMPIRES.III.FRENCH+Warchieps+AsianDynasties+Crack+Keys.torrent
    C:\Users\Alex\Documents\Adobe_CS3_Master_Collection_(Keygen)
    C:\Users\Alex\Documents\Adobe_CS3_Master_Collection_(Keygen)\adobe-master-cs3-keygen.exe
    C:\Users\Alex\Documents\Adobe_CS3_Master_Collection_(Keygen)\Color_Finesse_serial.txt
    C:\Users\Alex\Documents\Adobe_CS3_Master_Collection_(Keygen)\file_id.diz
    C:\Users\Alex\Documents\Adobe_CS3_Master_Collection_(Keygen)\x-force.nfo

    [ UAC => 1 ]

    1 - "C:\ToolBar SD\TB_1.txt" - 28/02/2010|15:08 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 28/02/2010|15:17 - Option : [2]

    -----------\\ Fin du rapport a 15:17:43,88

    Voila la partie 1 de faite, j'attend ta réponse pour lancer RSIT ^^
    1
    1. Utilisateur anonyme
       
      Re

      C'est parti pour le RSIT ;)
      0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. Kaz62820 Messages postés 31 Statut Membre 2
     
    Voici l'info.txt

    info.txt logfile of random's system information tool 1.06 2010-02-28 15:16:12

    ======Uninstall list======

    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS2"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ExploitShield"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gadget"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ISP News"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure NRS"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ORSP Client"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
    -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
    -->MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
    µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
    Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
    Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
    Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
    Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
    Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
    Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
    Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
    Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
    Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
    Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
    Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
    Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
    Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
    Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
    Adobe Download Manager 1.2 (Supprimer uniquement)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
    Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
    Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
    Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
    Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
    Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
    Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
    Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe
    Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}
    Adobe Reader 6.0.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A00000000001}
    Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
    Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}
    Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
    Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
    Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
    Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
    Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
    Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
    Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
    Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
    Canon MP Navigator EX 1.0-->"C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
    Canon ScanGear Toolbox 3.0-->C:\Windows\IsUn040c.exe -f"C:\Program Files\Canon\ScanGear Toolbox Ver3\Uninst.isu" -c"C:\Program Files\Canon\ScanGear Toolbox Ver3\uninst.dll"
    Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
    Celestia 1.6.0-->"C:\Program Files\Celestia\unins000.exe"
    Cool Edit Pro 2.0-->C:\Program Files\coolpro2\cep2unin.exe
    Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB945282)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
    Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB946040)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
    Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB946308)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
    Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB946344)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
    Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB947540)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
    Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB947789)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
    Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB948127)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
    Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB951708)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter Mobile-->C:\Program Files\DivX\DivXConverterMeUninstall.exe /CONVERTERME
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    eMule-->"C:\Program Files\eMule\Uninstall.exe"
    Europa Universalis III-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59C80C5E-8C92-40FF-B910-2BB5C7281F61}\Setup.exe" -l0x9
    EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
    FL Studio 9-->C:\Program Files\Image-Line\FL Studio 9\uninstall.exe
    Google Chrome-->"C:\Program Files\Google\Chrome\Application\4.0.249.89\Installer\setup.exe" --uninstall --system-level
    Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
    Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
    Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    Google Earth-->MsiExec.exe /X{2EAF7E61-068E-11DF-953C-005056806466}
    Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
    Hardcore-->C:\Program Files\Image-Line\Hardcore\uninstall.exe
    Hercules WiFi Station for Livebox-->C:\Program Files\InstallShield Installation Information\{DECE22F4-EEDD-4615-BC56-2F4827FAD64B}\setup.exe -runfromtemp -l0x040c -removeonly
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
    In Nomine 3.2-->"C:\Program Files\Paradox Interactive\Europa Universalis III\unins000.exe"
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
    IntelliBOT V 2.0-->c:\Kotake\IntelliBOT V 2.0\Uninstal.exe
    IziSpot 4-->MsiExec.exe /X{9BC9D542-3EAE-4310-8BDC-68A325596446}
    Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Kaiba Corp Virtual Duel System 1.16-->"C:\Program Files\Kaiba Corp VDS\unins000.exe"
    K-Lite Codec Pack 3.9.0 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
    LibUSB-Win32-0.1.12.1-->"C:\Program Files\LibUSB-Win32\unins000.exe"
    LimeWire 5.4.6-->"C:\Program Files\LimeWire\uninstall.exe"
    Ma-Config.com-->MsiExec.exe /X{15CBA4AC-2298-40F1-98EB-529809999E04}
    Manga Studio EX Demo 3.0-->C:\Windows\IsUninst.exe -f"C:\Program Files\e frontier\Manga Studio3 EX Demo\MS_EX3Demo.isu"
    Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe
    Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
    Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
    Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft SQL Server 2008 Management Objects-->MsiExec.exe /I{F5E87B12-3C27-452F-8E78-21D42164FD83}
    Microsoft SQL Server Compact 3.5 SP1 - Français-->MsiExec.exe /I{58FD9176-17BF-4D9A-8773-5ECA2947D391}
    Microsoft Visual Basic 2008 Express Edition with SP1 - FRA-->MsiExec.exe /X{EAF461BE-79BE-340B-AEBA-82D1230EC024}
    Microsoft Visual Basic 2008 Express SP1 - Français-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition with SP1 - FRA\setup.exe
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
    Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - fra-->MsiExec.exe /X{484AB636-ADBC-3A85-AB82-41873BDD1083}
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32-->MsiExec.exe /X{044F9133-B8D7-4d11-BF39-803FA20F5C8B}
    Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
    Mirar-->mshta.exe http://remove.getmirar.com/
    mIRC-->"c:\kotake\intellibot v 2.0\bot.exe" -uninstall
    Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
    Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
    Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
    Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
    Mozilla Firefox (3.0.18)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Mp3Doctor PRO-->"C:\Program Files\Mp3DoctorPRO\unins000.exe"
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
    MYO 1.9-->"C:\Program Files\Metal-Yugioh\unins000.exe"
    NetBattle-->"C:\Program Files\NetBattle\unins000.exe"
    Notepad++-->C:\Program Files\Notepad++\uninstall.exe
    NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x040c
    NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x040c
    NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
    NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
    OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{25E98ECB-5727-408E-B30A-2CAF86F5B310}
    OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
    Opera 9.63-->MsiExec.exe /X{1BC4026B-1957-4514-9058-2B542557F143}
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Outils de conception SQL Server Compact 3.5 SP1 - Français-->MsiExec.exe /X{A5D20C78-D226-4B41-A553-EEEBEB824853}
    Pack Sécurité SFR-->"C:\Program Files\SFR\Pack Sécurité\FSGUI\PostInstall.exe" /tUnInstall
    Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
    Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
    PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
    PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
    PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
    PhotoNow!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" -uninstall
    PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
    PowerDVD 7.0 with 5.1ch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
    Protectis-->"C:\Program Files\Protectis\unins000.exe"
    QuickFreedom 1.2.0-->"C:\Program Files\QuickFreedom\unins000.exe"
    RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
    RGSS de RMXP version 1.0.1-->"C:\Program Files\Bodom-Child - RaBBi\RGSS\unins000.exe"
    Royal-Yugi Online-->C:\Program Files\Royal-Yugi Online\Uninstal.exe
    Sakura-->C:\Program Files\Image-Line\Sakura\uninstall.exe
    SAMSUNG Mobile Composite Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
    Samsung Mobile Modem Device Software-->C:\Windows\system32\Samsung_USB_Drivers\7\SSECUninstall.exe
    SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
    Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
    SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
    SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
    Samsung New PC Studio USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{AF7E85DC-317C-47F5-810E-B82EE093A612}\setup.exe" -runfromtemp -l0x040c -removeonly
    Samsung New PC Studio USB Driver Installer-->MsiExec.exe /I{AF7E85DC-317C-47F5-810E-B82EE093A612}
    Samsung New PC Studio-->"C:\Program Files\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x040c -removeonly
    Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A}
    SAMSUNG USB Mobile Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6\SS_BUninstall.exe
    SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}
    Sawer-->C:\Program Files\Image-Line\Sawer\uninstall.exe
    Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
    Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
    Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
    Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
    Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
    Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
    SFR - Kit de connexion-->C:\Program Files\SFR\Kit\uninstall.exe
    SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}
    Star Wars JK II Jedi Outcast Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD1513FC-273F-4744-8934-A6E5B1741E98}\Setup.exe"
    Star Wars JK II Jedi Outcast-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{576E71DA-3000-48F6-9B21-B9A70D47DFCF}\Setup.exe"
    Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
    Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
    Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
    Update for Microsoft Office Word
    0
  6. Kaz62820 Messages postés 31 Statut Membre 2
     
    Voici l'info.txt

    info.txt logfile of random's system information tool 1.06 2010-02-28 15:16:12

    ======Uninstall list======

    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS2"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ExploitShield"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gadget"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ISP News"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure NRS"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ORSP Client"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
    -->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
    -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
    -->MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
    µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
    Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
    Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
    Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
    Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
    Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
    Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
    Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
    Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
    Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
    Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
    Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
    Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
    Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
    Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
    Adobe Download Manager 1.2 (Supprimer uniquement)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
    Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
    Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
    Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
    Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
    Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
    Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
    Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe
    Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}
    Adobe Reader 6.0.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A00000000001}
    Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
    Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}
    Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
    Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
    Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
    Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
    Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
    Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
    Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
    Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
    ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
    Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
    Canon MP Navigator EX 1.0-->"C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
    Canon ScanGear Toolbox 3.0-->C:\Windows\IsUn040c.exe -f"C:\Program Files\Canon\ScanGear Toolbox Ver3\Uninst.isu" -c"C:\Program Files\Canon\ScanGear Toolbox Ver3\uninst.dll"
    Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
    Celestia 1.6.0-->"C:\Program Files\Celestia\unins000.exe"
    Cool Edit Pro 2.0-->C:\Program Files\coolpro2\cep2unin.exe
    Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB945282)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
    Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB946040)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
    Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB946308)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
    Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB946344)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
    Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB947540)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
    Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB947789)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
    Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB948127)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
    Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB951708)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter Mobile-->C:\Program Files\DivX\DivXConverterMeUninstall.exe /CONVERTERME
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    eMule-->"C:\Program Files\eMule\Uninstall.exe"
    Europa Universalis III-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59C80C5E-8C92-40FF-B910-2BB5C7281F61}\Setup.exe" -l0x9
    EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
    FL Studio 9-->C:\Program Files\Image-Line\FL Studio 9\uninstall.exe
    Google Chrome-->"C:\Program Files\Google\Chrome\Application\4.0.249.89\Installer\setup.exe" --uninstall --system-level
    Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
    Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
    Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    Google Earth-->MsiExec.exe /X{2EAF7E61-068E-11DF-953C-005056806466}
    Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
    Hardcore-->C:\Program Files\Image-Line\Hardcore\uninstall.exe
    Hercules WiFi Station for Livebox-->C:\Program Files\InstallShield Installation Information\{DECE22F4-EEDD-4615-BC56-2F4827FAD64B}\setup.exe -runfromtemp -l0x040c -removeonly
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
    In Nomine 3.2-->"C:\Program Files\Paradox Interactive\Europa Universalis III\unins000.exe"
    Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
    IntelliBOT V 2.0-->c:\Kotake\IntelliBOT V 2.0\Uninstal.exe
    IziSpot 4-->MsiExec.exe /X{9BC9D542-3EAE-4310-8BDC-68A325596446}
    Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Kaiba Corp Virtual Duel System 1.16-->"C:\Program Files\Kaiba Corp VDS\unins000.exe"
    K-Lite Codec Pack 3.9.0 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
    LibUSB-Win32-0.1.12.1-->"C:\Program Files\LibUSB-Win32\unins000.exe"
    LimeWire 5.4.6-->"C:\Program Files\LimeWire\uninstall.exe"
    Ma-Config.com-->MsiExec.exe /X{15CBA4AC-2298-40F1-98EB-529809999E04}
    Manga Studio EX Demo 3.0-->C:\Windows\IsUninst.exe -f"C:\Program Files\e frontier\Manga Studio3 EX Demo\MS_EX3Demo.isu"
    Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe
    Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
    Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
    Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
    Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
    Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
    Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
    Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
    Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
    Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
    Microsoft SQL Server 2008 Management Objects-->MsiExec.exe /I{F5E87B12-3C27-452F-8E78-21D42164FD83}
    Microsoft SQL Server Compact 3.5 SP1 - Français-->MsiExec.exe /I{58FD9176-17BF-4D9A-8773-5ECA2947D391}
    Microsoft Visual Basic 2008 Express Edition with SP1 - FRA-->MsiExec.exe /X{EAF461BE-79BE-340B-AEBA-82D1230EC024}
    Microsoft Visual Basic 2008 Express SP1 - Français-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition with SP1 - FRA\setup.exe
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
    Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - fra-->MsiExec.exe /X{484AB636-ADBC-3A85-AB82-41873BDD1083}
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32-->MsiExec.exe /X{044F9133-B8D7-4d11-BF39-803FA20F5C8B}
    Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
    Mirar-->mshta.exe http://remove.getmirar.com/
    mIRC-->"c:\kotake\intellibot v 2.0\bot.exe" -uninstall
    Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
    Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
    Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
    0
  7. Kaz62820 Messages postés 31 Statut Membre 2
     
    Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
    Mozilla Firefox (3.0.18)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Mp3Doctor PRO-->"C:\Program Files\Mp3DoctorPRO\unins000.exe"
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
    MYO 1.9-->"C:\Program Files\Metal-Yugioh\unins000.exe"
    NetBattle-->"C:\Program Files\NetBattle\unins000.exe"
    Notepad++-->C:\Program Files\Notepad++\uninstall.exe
    NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x040c
    NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x040c
    NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
    NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
    OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{25E98ECB-5727-408E-B30A-2CAF86F5B310}
    OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
    Opera 9.63-->MsiExec.exe /X{1BC4026B-1957-4514-9058-2B542557F143}
    Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Outils de conception SQL Server Compact 3.5 SP1 - Français-->MsiExec.exe /X{A5D20C78-D226-4B41-A553-EEEBEB824853}
    Pack Sécurité SFR-->"C:\Program Files\SFR\Pack Sécurité\FSGUI\PostInstall.exe" /tUnInstall
    Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
    Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
    PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
    PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
    PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
    PhotoNow!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" -uninstall
    PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
    PowerDVD 7.0 with 5.1ch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
    Protectis-->"C:\Program Files\Protectis\unins000.exe"
    QuickFreedom 1.2.0-->"C:\Program Files\QuickFreedom\unins000.exe"
    RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
    RGSS de RMXP version 1.0.1-->"C:\Program Files\Bodom-Child - RaBBi\RGSS\unins000.exe"
    Royal-Yugi Online-->C:\Program Files\Royal-Yugi Online\Uninstal.exe
    Sakura-->C:\Program Files\Image-Line\Sakura\uninstall.exe
    SAMSUNG Mobile Composite Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
    Samsung Mobile Modem Device Software-->C:\Windows\system32\Samsung_USB_Drivers\7\SSECUninstall.exe
    SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
    Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
    SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
    SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
    Samsung New PC Studio USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{AF7E85DC-317C-47F5-810E-B82EE093A612}\setup.exe" -runfromtemp -l0x040c -removeonly
    Samsung New PC Studio USB Driver Installer-->MsiExec.exe /I{AF7E85DC-317C-47F5-810E-B82EE093A612}
    Samsung New PC Studio-->"C:\Program Files\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x040c -removeonly
    Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A}
    SAMSUNG USB Mobile Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6\SS_BUninstall.exe
    SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}
    Sawer-->C:\Program Files\Image-Line\Sawer\uninstall.exe
    Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
    Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
    Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
    Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
    Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
    Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
    SFR - Kit de connexion-->C:\Program Files\SFR\Kit\uninstall.exe
    SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}
    Star Wars JK II Jedi Outcast Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD1513FC-273F-4744-8934-A6E5B1741E98}\Setup.exe"
    Star Wars JK II Jedi Outcast-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{576E71DA-3000-48F6-9B21-B9A70D47DFCF}\Setup.exe"
    Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
    Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
    Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
    Update for Microsoft Office Word
    0
  8. Kaz62820 Messages postés 31 Statut Membre 2
     
    et le log.txt

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Alex at 2010-02-28 15:21:35
    Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
    System drive C: has 20 GB (17%) free of 116 GB
    Total RAM: 3070 MB (63% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:21:37, on 28/02/2010
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18385)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    C:\Program Files\SFR\Kit\9props.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\conime.exe
    C:\Users\Alex\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Alex.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll
    O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Mirar - {3532B267-CD81-4157-8EEF-FC9196B34EC3} - C:\Windows\system32\b178.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\SFR\Pack Sécurité\NRS\iescript\baselitmus.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O3 - Toolbar: Mirar - {3532B266-CD81-4157-8EEF-FC9196B34EC3} - C:\Windows\system32\b178.dll
    O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\SFR\Pack Sécurité\NRS\iescript\baselitmus.dll
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\SFR\Kit\9props.exe" /trayicon
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Startup: winesm32.exe
    O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O8 - Extra context menu item: Recherche avec cherche.us - C:\Users\Alex\scriptjava.html
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
    O13 - Gopher Prefix:
    O15 - Trusted Zone: *.chat-land.org
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (Ma-Config control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
    O23 - Service: Findbasic Service - Unknown owner - C:\ProgramData\Findbasic\findbasic121.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe
    O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
    O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    0
  9. Kaz62820 Messages postés 31 Statut Membre 2
     
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-04 149280]
    "F-Secure Manager"=C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE [2009-11-18 201128]
    "F-Secure TNB"=C:\Program Files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe [2009-11-18 1655208]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
    "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-25 68856]
    "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
    "AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-04-02 102400]
    "Connexion SFR 9props.exe"=C:\Program Files\SFR\Kit\9props.exe [2009-10-15 959808]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
    C:\Program Files\Acer\Empowering Technology\SysMonitor.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
    C:\Program Files\Ares\Ares.exe -h []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-25 28672]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmpoweringTechnology]
    C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
    C:\Program Files\Free Download Manager\fdm.exe -autorun []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-01-25 24064]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
    C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Peer2Me]
    C:\Program Files\Peer2Me\Peer2Me.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\QTTask.exe -atboottime []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-01-08 68640]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    C:\Windows\RtHDVCpl.exe [2008-01-29 4911104]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-07-18 198160]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
    C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
    C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
    oobefldr.dll,ShowWelcomeCenter []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WiFi Station pour Livebox.lnk]
    C:\PROGRA~1\Hercules\WIFIST~1\WiFiLB.exe [2007-06-11 102400]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
    C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2008-10-25 98696]

    C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe
    winesm32.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "FilterAdministratorToken"=1
    "EnableUIADesktopToggle"=0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
    shell\AutoRun\command - K:\sources\sperr32.exe x64

    ======File associations======

    .reg - open - "regedit.exe" "%1"

    ======List of files/folders created in the last 2 months======

    2010-02-28 15:15:44 ----D---- C:\rsit
    2010-02-28 15:07:13 ----A---- C:\TB.txt
    2010-02-28 15:06:05 ----D---- C:\ToolBar SD
    2010-02-28 15:05:15 ----A---- C:\MyHosts.txt
    2010-02-28 14:33:10 ----D---- C:\Program Files\Trend Micro
    2010-02-24 22:36:59 ----D---- C:\Program Files\LucasArts
    2010-02-17 11:23:06 ----D---- C:\Users\Alex\AppData\Roaming\Malwarebytes
    2010-02-17 11:23:02 ----D---- C:\ProgramData\Malwarebytes
    2010-02-17 11:23:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2010-02-10 09:44:44 ----A---- C:\Windows\system32\ntoskrnl.exe
    2010-02-10 09:44:44 ----A---- C:\Windows\system32\ntkrnlpa.exe
    2010-02-10 09:44:36 ----A---- C:\Windows\system32\quartz.dll
    2010-02-10 09:44:35 ----A---- C:\Windows\system32\tsbyuv.dll
    2010-02-10 09:44:35 ----A---- C:\Windows\system32\msyuv.dll
    2010-02-10 09:44:35 ----A---- C:\Windows\system32\msvidc32.dll
    2010-02-10 09:44:35 ----A---- C:\Windows\system32\msrle32.dll
    2010-02-10 09:44:35 ----A---- C:\Windows\system32\mciavi32.dll
    2010-02-10 09:44:35 ----A---- C:\Windows\system32\iyuv_32.dll
    2010-02-10 09:44:35 ----A---- C:\Windows\system32\avicap32.dll
    2010-02-10 09:44:34 ----A---- C:\Windows\system32\msvfw32.dll
    2010-02-10 09:44:34 ----A---- C:\Windows\system32\avifil32.dll
    2010-02-07 13:44:42 ----D---- C:\Program Files\Paradox Interactive
    2010-02-07 13:33:50 ----D---- C:\Users\Alex\AppData\Roaming\F-Secure
    2010-02-06 13:37:09 ----D---- C:\Users\Alex\AppData\Roaming\e frontier
    2010-02-06 13:36:25 ----D---- C:\Program Files\e frontier
    2010-02-06 13:36:16 ----A---- C:\Windows\IsUninst.exe
    2010-01-30 19:31:40 ----D---- C:\Users\Alex\AppData\Roaming\LimeWire
    2010-01-30 19:31:02 ----D---- C:\Program Files\LimeWire
    2010-01-29 08:50:51 ----D---- C:\Program Files\ASIO4ALL v2
    2010-01-22 19:14:30 ----A---- C:\Windows\system32\rewire.dll
    2010-01-22 19:11:21 ----D---- C:\Program Files\Image-Line
    2010-01-22 16:02:52 ----D---- C:\Users\Alex\AppData\Roaming\Syntrillium
    2010-01-22 16:00:53 ----D---- C:\Program Files\coolpro2
    2010-01-22 15:50:46 ----D---- C:\Program Files\Mp3DoctorPRO
    2010-01-22 15:05:37 ----D---- C:\Program Files\Kaiba Corp VDS
    2010-01-22 13:44:01 ----A---- C:\Windows\system32\mshtml.dll
    2010-01-22 13:44:00 ----A---- C:\Windows\system32\occache.dll
    2010-01-22 13:43:59 ----A---- C:\Windows\system32\wininet.dll
    2010-01-22 13:43:59 ----A---- C:\Windows\system32\urlmon.dll
    2010-01-22 13:43:59 ----A---- C:\Windows\system32\ieframe.dll
    2010-01-22 13:43:58 ----A---- C:\Windows\system32\ieapfltr.dll
    2010-01-22 13:43:57 ----A---- C:\Windows\system32\msfeeds.dll
    2010-01-22 13:43:57 ----A---- C:\Windows\system32\iertutil.dll
    2010-01-22 13:43:57 ----A---- C:\Windows\system32\iedkcs32.dll
    2010-01-22 13:43:56 ----A---- C:\Windows\system32\ieUnatt.exe
    2010-01-22 13:43:56 ----A---- C:\Windows\system32\iepeers.dll
    2010-01-22 13:43:56 ----A---- C:\Windows\system32\ieaksie.dll
    2010-01-22 13:43:55 ----A---- C:\Windows\system32\mstime.dll
    2010-01-22 13:43:55 ----A---- C:\Windows\system32\jsproxy.dll
    2010-01-22 13:43:55 ----A---- C:\Windows\system32\ieencode.dll
    2010-01-22 09:35:21 ----A---- C:\Windows\system32\msvcp50.dll
    2010-01-22 09:34:29 ----D---- C:\ProgramData\eMule
    2010-01-22 09:33:58 ----D---- C:\Program Files\eMule
    2010-01-22 09:32:57 ----D---- C:\ProgramData\fssg
    2010-01-22 09:29:25 ----D---- C:\ProgramData\f-secure
    2010-01-17 17:18:42 ----D---- C:\Program Files\Bodom-Child - RaBBi
    2010-01-16 22:13:16 ----D---- C:\Program Files\Wolfenstein - Enemy Territory
    2010-01-15 16:53:18 ----D---- C:\Program Files\Metal-Yugioh
    2010-01-15 12:01:23 ----D---- C:\Program Files\Microsoft SQL Server
    2010-01-14 21:24:16 ----D---- C:\Program Files\Celestia
    2010-01-13 19:15:49 ----D---- C:\Program Files\gPotato.eu
    2010-01-13 14:31:54 ----A---- C:\Windows\system32\t2embed.dll
    2010-01-13 14:31:54 ----A---- C:\Windows\system32\fontsub.dll
    2010-01-13 10:29:34 ----A---- C:\Windows\system32\bass.dll
    2010-01-13 10:29:33 ----D---- C:\Program Files\NetBattle
    2010-01-11 22:53:13 ----D---- C:\Windows\Profiles
    2010-01-11 17:28:14 ----D---- C:\Program Files\Royal-Yugi Online
    2010-01-11 17:17:54 ----D---- C:\Program Files\Yu-Gi-Oh Virtual Battle 5
    2010-01-10 14:44:12 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
    2010-01-10 14:32:28 ----A---- C:\Windows\psmplay.ini
    2010-01-10 14:26:11 ----A---- C:\Windows\system32\Uninstal.exe
    2010-01-09 09:04:28 ----D---- C:\Windows\system32\EventProviders
    2010-01-09 09:04:26 ----D---- C:\a7d7f665ebd1e81d1e06649e6cccfb0c
    2010-01-08 14:38:56 ----D---- C:\Program Files\SFR

    ======List of files/folders modified in the last 2 months======

    2010-02-28 22:09:26 ----D---- C:\Windows\system32\config
    2010-02-28 22:09:21 ----D---- C:\Windows\Tasks
    2010-02-28 22:09:21 ----D---- C:\Windows\system32\spool
    2010-02-28 22:09:21 ----D---- C:\Windows\system32\Msdtc
    2010-02-28 22:09:21 ----D---- C:\Windows\system32\drivers
    2010-02-28 22:09:21 ----D---- C:\Windows\system32\catroot2
    2010-02-28 22:09:21 ----D---- C:\Windows\System32
    2010-02-28 22:09:21 ----D---- C:\Windows\inf
    2010-02-28 22:09:21 ----D---- C:\Users\Alex\AppData\Roaming\Winamp
    2010-02-28 22:09:20 ----D---- C:\Windows\system32\wbem
    2010-02-28 22:09:20 ----D---- C:\Windows\registration
    2010-02-28 15:21:33 ----D---- C:\Windows\Temp
    2010-02-28 15:17:05 ----D---- C:\Program Files
    2010-02-28 15:06:07 ----D---- C:\Windows\Prefetch
    2010-02-28 14:31:42 ----D---- C:\Program Files\Mozilla Firefox
    2010-02-28 14:04:10 ----A---- C:\Windows\system32\PnkBstrB.exe
    2010-02-28 13:10:17 ----D---- C:\Windows\Minidump
    2010-02-28 13:10:12 ----D---- C:\Windows
    2010-02-26 23:58:50 ----SHD---- C:\System Volume Information
    2010-02-26 16:57:49 ----RD---- C:\Users
    2010-02-25 14:37:05 ----SHD---- C:\Windows\Installer
    2010-02-25 10:56:31 ----HD---- C:\Program Files\InstallShield Installation Information
    2010-02-24 14:40:21 ----D---- C:\Program Files\mIRC
    2010-02-17 21:39:34 ----D---- C:\Users\Alex\AppData\Roaming\Notepad++
    2010-02-17 21:39:33 ----D---- C:\ProgramData\FLEXnet
    2010-02-17 21:39:33 ----D---- C:\Program Files\Winamp Toolbar
    2010-02-17 21:39:33 ----D---- C:\Program Files\PC Connectivity Solution
    2010-02-17 21:39:33 ----D---- C:\Program Files\ma-config.com
    2010-02-17 21:39:33 ----D---- C:\Program Files\DAEMON Tools Lite
    2010-02-17 21:39:33 ----D---- C:\Program Files\Common Files\LightScribe
    2010-02-17 21:39:33 ----D---- C:\Program Files\Bonjour
    2010-02-17 21:37:16 ----D---- C:\Windows\system32\LogFiles
    2010-02-17 12:35:16 ----D---- C:\Windows\new mario62
    2010-02-17 11:23:02 ----HD---- C:\ProgramData
    2010-02-11 21:56:23 ----D---- C:\Users\Alex\AppData\Roaming\Canon
    2010-02-11 11:07:45 ----D---- C:\Windows\winsxs
    2010-02-11 10:57:37 ----D---- C:\Windows\system32\catroot
    2010-02-11 03:14:56 ----D---- C:\Program Files\Windows Mail
    2010-02-09 17:09:43 ----RSD---- C:\Windows\Fonts
    2010-02-07 02:39:11 ----D---- C:\Program Files\Google
    2010-02-01 20:26:20 ----A---- C:\Windows\system32\mrt.exe
    2010-01-31 19:36:42 ----A---- C:\Windows\SGTBox.INI
    2010-01-29 23:07:58 ----D---- C:\Program Files\Canon
    2010-01-29 08:47:22 ----D---- C:\Program Files\VstPlugins
    2010-01-24 17:49:11 ----D---- C:\ProgramData\Messenger Plus!
    2010-01-24 17:41:06 ----D---- C:\Program Files\Messenger Plus! Live
    2010-01-23 09:48:01 ----D---- C:\Users\Alex\AppData\Roaming\uTorrent
    2010-01-22 17:51:41 ----D---- C:\TEMP
    2010-01-22 17:27:05 ----D---- C:\Program Files\Internet Explorer
    2010-01-22 16:03:06 ----A---- C:\Windows\win.ini
    2010-01-22 16:03:06 ----A---- C:\Windows\system.ini
    2010-01-22 09:35:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2010-01-20 19:03:13 ----D---- C:\ProgramData\Microsoft Help
    2010-01-20 19:03:11 ----RSD---- C:\Windows\assembly
    2010-01-20 19:01:54 ----D---- C:\Program Files\Common Files\microsoft shared
    2010-01-20 19:01:40 ----D---- C:\Program Files\Microsoft Works
    2010-01-15 12:30:17 ----D---- C:\Windows\Microsoft.NET
    2010-01-14 21:31:45 ----D---- C:\Windows\system32\Tasks
    2010-01-14 11:12:06 ----N---- C:\Windows\system32\MpSigStub.exe
    2010-01-11 22:53:24 ----SHD---- C:\$RECYCLE.BIN
    2010-01-11 22:53:13 ----D---- C:\Program Files\Windows Media Player
    2010-01-10 14:50:42 ----SHD---- C:\RECYCLER
    2010-01-09 20:09:09 ----D---- C:\Windows\tracing
    2010-01-09 19:19:37 ----D---- C:\Windows\ModemLogs
    2010-01-09 17:12:33 ----D---- C:\Windows\system32\zh-TW
    2010-01-09 17:12:33 ----D---- C:\Windows\system32\zh-CN
    2010-01-09 17:12:33 ----D---- C:\Windows\system32\uk-UA
    2010-01-09 17:12:33 ----D---- C:\Windows\system32\tr-TR
    2010-01-09 17:12:33 ----D---- C:\Windows\system32\th-TH
    2010-01-09 17:12:33 ----D---- C:\Windows\system32\sv-SE
    2010-01-09 17:12:33 ----D---- C:\Windows\system32\sr-Latn-CS
    2010-01-09 17:12:33 ----D---- C:\Windows\system32\SLUI
    2010-01-09 17:12:33 ----D---- C:\Windows\system32\sl-SI
    2010-01-09 17:12:33 ----D---- C:\Windows\system32\sk-SK
    2010-01-09 17:12:33 ----D---- C:\Windows\system32\setup
    2010-01-09 17:12:33 ----D---- C:\Windows\system32\ru-RU
    2010-01-09 17:12:33 ----D---- C:\Windows\system32\RTCOM
    2010-01-09 17:12:33 ----D---- C:\Windows\system32\ro-RO
    2010-01-09 17:12:33 ----D---- C:\Windows\system32\pt-PT
    2010-01-09 17:12:33 ----D---- C:\Windows\system32\pt-BR
    2010-01-09 17:12:33 ----D---- C:\Windows\system32\pl-PL
    2010-01-09 17:12:32 ----D---- C:\Windows\system32\oobe
    2010-01-09 17:12:32 ----D---- C:\Windows\system32\nl-NL
    2010-01-09 17:12:32 ----D---- C:\Windows\system32\nb-NO
    2010-01-09 17:12:32 ----D---- C:\Windows\system32\migwiz
    2010-01-09 17:12:32 ----D---- C:\Windows\system32\migration
    2010-01-09 17:12:32 ----D---- C:\Windows\system32\lv-LV
    2010-01-09 17:12:32 ----D---- C:\Windows\system32\lt-LT
    2010-01-09 17:12:32 ----D---- C:\Windows\system32\ko-KR
    2010-01-09 17:12:32 ----D---- C:\Windows\system32\ja-JP
    2010-01-09 17:12:32 ----D---- C:\Windows\system32\it-IT
    2010-01-09 17:12:31 ----D---- C:\Windows\system32\hu-HU
    2010-01-09 17:12:31 ----D---- C:\Windows\system32\hr-HR
    2010-01-09 17:12:31 ----D---- C:\Windows\system32\he-IL
    2010-01-09 17:12:31 ----D---- C:\Windows\system32\fr-FR
    2010-01-09 17:12:31 ----D---- C:\Windows\system32\fr
    2010-01-09 17:12:31 ----D---- C:\Windows\system32\fi-FI
    2010-01-09 17:12:31 ----D---- C:\Windows\system32\et-EE
    2010-01-09 17:12:31 ----D---- C:\Windows\system32\es-ES
    2010-01-09 17:12:31 ----D---- C:\Windows\system32\en-US
    2010-01-09 17:12:31 ----D---- C:\Windows\system32\el-GR
    2010-01-09 17:12:30 ----D---- C:\Windows\system32\de-DE
    2010-01-09 17:12:30 ----D---- C:\Windows\system32\da-DK
    2010-01-09 17:12:30 ----D---- C:\Windows\system32\cs-CZ
    2010-01-09 17:12:30 ----D---- C:\Windows\system32\CodeIntegrity
    2010-01-09 17:12:30 ----D---- C:\Windows\system32\bg-BG
    2010-01-09 17:12:30 ----D---- C:\Windows\system32\ar-SA
    2010-01-09 17:12:30 ----D---- C:\Windows\system32\AdvancedInstallers
    2010-01-09 17:12:30 ----D---- C:\Windows\servicing
    2010-01-09 17:12:30 ----D---- C:\Windows\rescache
    2010-01-09 17:12:29 ----D---- C:\Windows\IME
    2010-01-09 17:12:25 ----D---- C:\Program Files\Windows Sidebar
    2010-01-09 17:12:25 ----D---- C:\Program Files\Windows Photo Gallery
    2010-01-09 17:12:25 ----D---- C:\Program Files\Windows Defender
    2010-01-09 17:12:25 ----D---- C:\Program Files\Windows Collaboration
    2010-01-09 17:12:25 ----D---- C:\Program Files\Windows Calendar
    2010-01-09 17:12:25 ----D---- C:\Program Files\Movie Maker
    2010-01-09 17:12:25 ----D---- C:\Program Files\Common Files\System
    2010-01-09 17:11:47 ----D---- C:\Windows\system32\XPSViewer
    2010-01-09 17:11:47 ----D---- C:\Windows\system32\WCN
    2010-01-09 14:21:29 ----SHD---- C:\Boot
    2010-01-07 22:30:42 ----D---- C:\Users\Alex\AppData\Roaming\Desktopicon
    2010-01-07 22:24:09 ----D---- C:\Program Files\Nvu
    2010-01-07 22:23:45 ----D---- C:\Program Files\FreeTime
    2010-01-07 22:23:11 ----D---- C:\Program Files\Acer GameZone
    2010-01-07 22:20:11 ----D---- C:\Program Files\MSN Password Recovery
    2010-01-07 22:19:37 ----D---- C:\Program Files\MadTracker
    2010-01-07 22:19:04 ----D---- C:\Program Files\mnProjects
    2010-01-07 22:18:50 ----D---- C:\Windows\system32\MAGIX
    2010-01-07 22:18:11 ----D---- C:\ProgramData\Apple Computer
    2010-01-07 22:16:55 ----D---- C:\Program Files\REAPER
    2010-01-07 22:16:26 ----D---- C:\Program Files\Cakewalk
    2010-01-07 22:15:29 ----D---- C:\Program Files\MSECACHE
    2010-01-07 22:13:07 ----D---- C:\Program Files\Common Files
    2010-01-07 22:12:50 ----DC---- C:\Windows\system32\DRVSTORE
    2010-01-07 22:09:05 ----D---- C:\ProgramData\Apple
    2010-01-07 15:37:31 ----D---- C:\Users\Alex\AppData\Roaming\mIRC

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 F-Secure HIPS;F-Secure HIPS Driver; \??\C:\Program Files\SFR\Pack Sécurité\HIPS\drivers\fshs.sys [2009-11-18 69928]
    R1 FSES;F-Secure Email Scanning Driver; C:\Windows\System32\drivers\fses.sys [2009-11-18 37544]
    R1 FSFW;F-Secure Firewall Driver; C:\Windows\System32\drivers\fsdfw.sys [2009-11-18 72904]
    R1 fsvista;F-Secure Vista Support Driver; \??\C:\Program Files\SFR\Pack Sécurité\Anti-Virus\minifilter\fsvista.sys [2009-11-18 14248]
    R2 Aspi32;Aspi32; C:\Windows\system32\drivers\Aspi32.sys [1999-09-10 25244]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\SFR\Pack Sécurité\Anti-Virus\minifilter\fsgk.sys [2010-01-22 107104]
    R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-30 2058528]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1; C:\Windows\system32\drivers\libusb0.sys [2007-03-20 28672]
    R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848]
    R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-17 7379872]
    R3 StillCam;Pilote d'appareil photo numérique série; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]
    R3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
    R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); C:\Windows\system32\DRIVERS\vcsvad.sys [2008-12-10 17792]
    R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
    R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
    S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\Windows\System32\DRIVERS\ASPI32.sys [1999-09-10 25244]
    S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-04-13 952832]
    S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-02-25 4385792]
    S3 aycb5z6w;aycb5z6w; C:\Windows\system32\drivers\aycb5z6w.sys []
    S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2008-01-21 93696]
    S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2008-01-21 93696]
    S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2009-12-11 14336]
    S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
    S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
    S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
    S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
    S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
    S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
    S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
    S3 netr73;Hercules Wireless USB Dongle Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2007-01-31 256000]
    S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
    S3 RDID1061;UA-4FX; C:\Windows\system32\Drivers\rdwm1061.sys [2009-02-18 146432]
    S3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\Windows\system32\drivers\ScreamingBAudio.sys [2009-04-06 23064]
    S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
    S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
    S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
    S3 tapvpn;TAP VPN Adapter; C:\Windows\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
    S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4; \??\C:\Program Files\Ufasoft\Sniffer\usft_sn4.sys []
    S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys []
    S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]
    S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys []
    S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys []
    S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys []
    S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
    S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2009-04-21 312320]
    S4 ahcix86s;ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 170000]
    S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
    S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\SFR\Pack Sécurité\Anti-Virus\Win2K\FSfilter.sys [2009-11-18 41640]
    S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\SFR\Pack Sécurité\Anti-Virus\Win2K\FSrec.sys [2009-11-18 27048]
    S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2009-02-25 733184]
    R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
    R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe [2009-11-18 221608]
    R2 FSMA;F-Secure Management Agent; C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE [2009-11-18 188840]
    R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-03-31 233472]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
    R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
    R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-17 196608]
    R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-08-14 75064]
    R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2008-04-29 241734]
    R2 yksvc;Marvell Yukon Service; C:\Windows\System32\svchost.exe [2008-01-21 21504]
    R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\SFR\Pack Sécurité\FWES\Program\fsdfwd.exe [2009-11-18 524712]
    R3 FSORSPClient;F-Secure ORSP Client; C:\Program Files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe [2010-01-25 56000]
    S2 Findbasic Service;Findbasic Service; C:\ProgramData\Findbasic\findbasic121.exe C:\Program Files\Findbasic\findbasic.dll Service []
    S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-14 135664]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-02-22 654848]
    S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-01-25 24064]
    S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-28 182768]
    S3 HssTrayService;Hotspot Shield Tray Service; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE []
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-12-11 238960]
    S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2010-01-04 3404560]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
    S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-21 21504]

    -----------------EOF-----------------
    0
    1. Utilisateur anonyme
       
      Re

      1)
      # Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
      Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
      Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.



      Télécharge et install UsbFix de C_XX
      Ici : : http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
      Tutorial de Malekal_Morte si besoin, merci à lui : https://www.malekal.com/usbfix-supprimer-virus-usb/

      Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir


      # Clic droit "Exécuter en tant qu'administrateur" sur le raccourci UsbFix présent sur ton bureau.

      # Choisi l option 1 (Recherche)

      # Laisse travailler l outil.

      # Ensuite post le rapport UsbFix.txt qui apparaîtra.

      # Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

      ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )


      2)Télécharge Malwaresbytes anti malware ici
      http://www.malwarebytes.org/mbam.php

      * Installe le (choisis bien "français" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

      (NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/

      * Potasse le tuto pour te familiariser avec le prg :

      https://forum.pcastuces.com/sujet.asp?f=31&s=3

      (cela dis, il est très simple d’utilisation).

      relance Malwaresbytes en suivant scrupuleusement ces consignes :

      ! Déconnecte toi et ferme toutes applications en cours !

      * Lance Malwarebyte’s.

      Fais un examen dit "Complet"

      --> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
      --> à la fin tu cliques sur "Afficher les résultats" " .
      --> Vérifie que tous les objets infectés soient validés, puis clique sur " supprimer la sélection " .

      Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


      Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwaresbytes, le dernier en date)

      Poste les rapports au fur et à mesure;merci
      @+
      0
  10. Kaz62820 Messages postés 31 Statut Membre 2
     
    Malwarebytes' Anti-Malware 1.44
    Version de la base de données: 3806
    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000

    28/02/2010 17:40:16
    mbam-log-2010-02-28 (17-40-15).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
    Eléments examinés: 452531
    Temps écoulé: 1 hour(s), 39 minute(s), 39 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 9
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 411

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{3532b266-cd81-4157-8eef-fc9196b34ec3} (Adware.Mirar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3532b266-cd81-4157-8eef-fc9196b34ec3} (Adware.Mirar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3532b266-cd81-4157-8eef-fc9196b34ec3} (Adware.Mirar) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3532b267-cd81-4157-8eef-fc9196b34ec3} (Adware.Mirar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3532b267-cd81-4157-8eef-fc9196b34ec3} (Adware.Mirar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3532b267-cd81-4157-8eef-fc9196b34ec3} (Adware.Mirar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Findbasic Service (Adware.FindBasic) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Findbasic (Adware.FindBasic) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Recherche avec cherche.us (Redir.ChercheUs) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{3532b266-cd81-4157-8eef-fc9196b34ec3} (Adware.Mirar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3532b266-cd81-4157-8eef-fc9196b34ec3} (Adware.Mirar) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Users\Alex\AppData\Local\Temp\93.exe (Adware.Mirar) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA8O8ASV.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA1ZBZF2.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\load[4].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\load[5].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\load[6].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\load[7].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\load[8].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\load[9].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA2OX79J.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA2QR7RZ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA2TECHV.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA2WMH23.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA34OAG1.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA34WQLB.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA3CI78J.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA3ELNCM.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA3IWT5A.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA3MG6L5.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA3RV8OV.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA3YDGQC.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA3ZIZRE.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA4PKQO1.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA4Y3SYN.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA53H90N.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA53ROW0.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA5QPSLS.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA5SY9IN.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA69Z8VU.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA6TYANN.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA80OP17.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA87NETG.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCANA318A.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCANE8JMM.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCANO0AF0.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAO0M1AW.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAOLHYUC.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAPERKQ1.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAPGO00B.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAPO0FYF.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAPPK3H4.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAPW1HY0.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAPWQJ6Z.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAQNZ11Y.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAR38A6R.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCARERL50.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCARXQOMN.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCASGK5M2.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCASUEJGQ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCASYSL6S.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCASZK20W.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCATWL8DQ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAURI3EV.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAVFMVDH.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAVT31OD.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAW0FZP9.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAW0RLMJ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAW84DJC.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAXNW8RD.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAXOLKUJ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAXP29EN.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAXQKK43.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAYLPSSS.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAZ0DE7R.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\load[10].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\load[11].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\load[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA02UVHM.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA0NTAIT.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA12JJ1R.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA12XP2O.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA15MJ1Z.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA1L17BW.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA92X813.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA9YFKPK.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAAG4HU5.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAB16QOW.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCACHX4FS.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCACWUJKY.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCACY2PDK.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAE0ZEI4.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAE1JPVF.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAECYCLX.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAF1I6BF.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAFF9IA5.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAFMLXRW.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAGHRGE7.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAGZWFU8.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAHJH3L2.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAHV24NY.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAJFO7CG.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAJMTAW3.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAKHXED4.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAKN1GEC.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAKV2TZU.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAL4N9HX.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAMAWP87.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAMBL2LR.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAMF1O50.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAN65ZJL.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAN8NXYU.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAUXGB5Y.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA1UO44D.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA9KXI9Y.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAJAQ7SJ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAW6YE11.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\load[6].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\load[7].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\load[8].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\load[9].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAK26RY5.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAKKDFOF.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAKQGKTV.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAKU7P03.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCALFL8PQ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCALHS9H3.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCALPPBRN.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCALVDM8I.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAMALHEL.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAMOIS5M.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAMP1LFN.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCANGIO6C.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAOUERR0.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAOVKZ7M.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAPH2IFY.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAPLW3H8.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAPQZXKW.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAQ0VN2V.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAQMHW8Q.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAR13UQL.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAR53D0S.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCARDQZ95.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAREY090.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCARX5S4P.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAS9KFMF.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCASEMP5Q.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCATFCWPE.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAU0TUUN.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAUEM27J.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAUO2PRQ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAUW75ZO.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAVFGYM5.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA1VPLT1.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA1XLVIA.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA232956.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA2IN0OE.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA2VNTF1.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA2ZHEXD.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA32JPO8.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA392JJQ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA3I0LQK.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA3NE384.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA43CSNX.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA49T3BX.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA4OYNWZ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA4RE1GF.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA4V4Y44.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA5OES3H.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA64OICH.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA6D2J53.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA6ITGJ5.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA7E1CLH.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA7I5UQS.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA7IYL1Z.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA7UEH6W.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA7WF54I.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA8CEQWI.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA8FWF2W.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAWG46CH.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAWU2EBF.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAXVNSUJ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAYGDOGV.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAYIHTFL.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAYQ843B.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAZ3A9DZ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\load[10].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\load[11].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\load[5].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA0S7NA8.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA1C1I2P.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAA2VVZR.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAA9CDBE.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAAP7HOZ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAAPFUS2.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAB1EFKS.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAC89PJE.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCACBF8A4.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCACF1HCS.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAD9H1TH.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCADFSRNK.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAEEFI06.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAEGK7F3.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAEMPYA0.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAF4KPGG.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAFEPDIS.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAGALKHO.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAGFJYV9.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAH519IJ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAHYWTFY.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAI4PGI6.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAIN323F.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAJ7ZTA9.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA3L0OW0.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCADEER89.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCALYSHBL.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAV65ZHX.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\load[10].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\load[11].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\load[4].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\load[5].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\load[6].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\load[7].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\load[8].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\load[9].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA3NTV78.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA3XN7MF.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA43MF94.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA4CB40A.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA4DWBED.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA4ZUJ2I.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA501RPW.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA5M4R21.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA6NN6E8.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA80ZA2I.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA85WNS4.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA981WJW.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA9OKT62.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA9ZWBUG.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAA3LQ2X.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAB4TNOM.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCABT592Q.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCACC9TB1.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAD7SDMF.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAMIJU4I.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAMMXJ2Y.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAMWHEBG.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAN44J8S.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAOEG9V0.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAOOSOKN.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAQ50W0R.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAQ7XLTV.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAQKSK13.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCARB0QCV.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCARH0BEY.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAS55KO6.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCASJONK1.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAT8IYQH.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCATDBHZW.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAUBK187.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAUIAKHV.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAUSB639.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAUZLEJH.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAV2JNP9.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCADJ37GW.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCADTV9N4.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAEBOCZR.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAEC1VF8.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAEFGI40.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAEHL3V5.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAFMDE2R.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAFNOE27.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAFQHQDP.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAG281OB.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAGD8697.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAGGJK8W.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAH7Q24E.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAHG723Q.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAI3KMZ1.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAISSYMP.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAJ4RB68.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAJ7JCZ0.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAKCSZZ0.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAKONO96.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAKZCOD2.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCALPK62P.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA0RVD2W.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA19B33D.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA1EXW3F.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA1IPIKN.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA1ISOQS.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA24609S.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA29QR2H.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA2NY5FT.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA3238R1.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA391YEC.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA3IYT2G.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAVKQSP8.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAW6DHKU.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAW81808.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAWL1H1A.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAWL6URW.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAWPQS9E.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAWRIBUR.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAX34RTB.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAX8MPQT.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAXAVL10.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAXCPGYX.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAXDKLC4.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAXJ2F1J.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAXP7EWR.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAY1JHWS.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAYLO5DH.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAZONSMA.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA49N5FJ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA95D9UB.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAGATYZS.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCARJIRXD.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\MediaPlayerUpgrade[1].exe (Adware.Mirar) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\MediaPlayerUpgrade[2].exe (Adware.Mirar) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\load[10].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\load[11].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\load[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\load[4].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\load[5].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\load[6].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\load[7].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\load[8].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\load[9].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA99MR5P.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA9YUSK1.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAA1RE4M.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAAC3KWB.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAADYCMA.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAAJA7VC.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAB2F2IU.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAB73Z20.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCABFGQM4.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCABJE1DZ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCABTFCUZ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCABX1Z59.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAC2P191.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCACR1TZ3.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCADRSESL.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCADVGSML.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAG4NUQ9.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA1BSHB1.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA1K133O.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA1SOUCL.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA1WVXJ4.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA2C5TM8.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA2GTMLY.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA2ICT50.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA2L3B6C.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA2T5O3R.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA3GOF1F.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA3RWB6G.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAS04242.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCATTJIPA.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAU0S3YM.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAU1O045.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAUH86H9.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAUOI0XZ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAVGYH7Y.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAVV9J20.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAXA4155.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAXL2IX0.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAXWYF0Y.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAY0X16X.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAYPX362.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAYVRE5I.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAYWQF7X.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAYY3F0W.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAZA4I6I.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAZDH5HL.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAZH0N0E.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAZMJA7X.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAZMQADR.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA4MZ2PD.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA56KM0R.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA57DY5A.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA5I7QXV.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temp
    0
  11. Kaz62820 Messages postés 31 Statut Membre 2
     
    ############################## | UsbFix V6.097 |

    User : Alex (Administrateurs) # PC-DE-ALEX
    Update on 20/02/2010 by El Desaparecido , C_XX & Chimay8
    Start at: 15:50:16 | 28/02/2010
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    AMD Athlon(tm) Dual Core Processor 4450e
    Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6001 32-bit) # Service Pack 1
    Internet Explorer 7.0.6001.18000
    Windows Firewall Status : Disabled

    C:\ -> Disque fixe local # 113,36 Go (19,23 Go free) [ACER] # NTFS
    D:\ -> Disque fixe local # 170,08 Go (169,42 Go free) [Data] # NTFS
    E:\ -> Disque CD-ROM
    F:\ -> Disque amovible
    G:\ -> Disque amovible
    H:\ -> Disque amovible
    I:\ -> Disque amovible
    J:\ -> Disque CD-ROM

    ############################## | Processus actifs |

    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
    C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE
    C:\Windows\system32\FsUsbExService.Exe
    C:\Program Files\SFR\Pack Sécurité\Anti-Virus\FSGK32.EXE
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\SFR\Pack Sécurité\Common\FSHDLL32.EXE
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    C:\Program Files\SFR\Kit\9props.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fssm32.exe
    C:\Program Files\SFR\Pack Sécurité\FWES\Program\fsdfwd.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe
    C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsav32.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\conime.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\mIRC\mirc.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ################## | Elements infectieux |

    C:\Users\Alex\AppData\Local\Temp\93.exe
    C:\Users\Alex\AppData\Local\Temp\das.exe
    C:\Users\Alex\AppData\Local\Temp\e.exe
    C:\Users\Alex\AppData\Local\Temp\e.exe
    C:\Users\Alex\AppData\Local\Temp\xmlUpdater.exe

    ################## | Registre |

    ################## | Mountpoints2 |

    HKCU\..\..\Explorer\MountPoints2\K
    shell\AutoRun\command =K:\sources\sperr32.exe x64

    ################## | Vaccin |

    (!) Cet ordinateur n'est pas vacciné !

    ################## | ! Fin du rapport # UsbFix V6.097 ! |
    0
    1. Utilisateur anonyme
       
      Re

      1)Vide la quarantaine de Malwaresbytes.

      2) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

      # Clic droit"exécuter en temps qu'administrateur" sur le raccourci UsbFix présent sur ton bureau

      # choisi l option 2 (Suppression)

      # Ton bureau disparaîtra et le pc redémarrera.

      # Au redémarrage, UsbFix scannera ton pc, laisse travailler l outil.

      # Ensuite post le rapport UsbFix.txt qui apparaîtra avec le bureau.

      # Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:UsbFix.txt )

      ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

      3)Poste un nouveau RSIT pur contrôle(il n'y aura que le log.txt)

      Poste les rapports au fur et à mesure;merci

      @+
      0
  12. Kaz62820 Messages postés 31 Statut Membre 2
     
    Voici deja le usbfix

    ############################## | UsbFix V6.097 |

    User : Alex (Administrateurs) # PC-DE-ALEX
    Update on 20/02/2010 by El Desaparecido , C_XX & Chimay8
    Start at: 17:55:29 | 28/02/2010
    Website : http://pagesperso-orange.fr/NosTools/index.html
    Contact : FindyKill.Contact@gmail.com

    AMD Athlon(tm) Dual Core Processor 4450e
    Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6001 32-bit) # Service Pack 1
    Internet Explorer 7.0.6001.18000
    Windows Firewall Status : Disabled

    C:\ -> Disque fixe local # 113,36 Go (18,94 Go free) [ACER] # NTFS
    D:\ -> Disque fixe local # 170,08 Go (169,42 Go free) [Data] # NTFS
    E:\ -> Disque CD-ROM
    F:\ -> Disque amovible
    G:\ -> Disque amovible
    H:\ -> Disque amovible
    I:\ -> Disque amovible
    J:\ -> Disque CD-ROM

    ############################## | Processus actifs |

    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\LogonUI.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\userinit.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
    C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE
    C:\Windows\system32\FsUsbExService.Exe
    C:\Program Files\SFR\Pack Sécurité\Anti-Virus\FSGK32.EXE
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\SFR\Pack Sécurité\Common\FSHDLL32.EXE
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe
    C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fssm32.exe
    C:\Program Files\SFR\Pack Sécurité\FWES\Program\fsdfwd.exe
    C:\Windows\system32\runonce.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsav32.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ################## | Elements infectieux |

    Supprimé ! C:\Users\Alex\AppData\Local\Temp\das.exe
    Supprimé ! C:\Users\Alex\AppData\Local\Temp\e.exe
    Supprimé ! C:\Users\Alex\AppData\Local\Temp\xmlUpdater.exe
    Supprimé ! C:\$Recycle.Bin\S-1-5-21-1487363990-143758708-288422109-1000
    Supprimé ! C:\$Recycle.Bin\S-1-5-21-1487363990-143758708-288422109-1001
    Supprimé ! C:\$Recycle.Bin\S-1-5-21-1487363990-143758708-288422109-1002
    Supprimé ! C:\$Recycle.Bin\S-1-5-21-1487363990-143758708-288422109-1003
    Supprimé ! C:\$Recycle.Bin\S-1-5-21-1487363990-143758708-288422109-1004
    Supprimé ! C:\$Recycle.Bin\S-1-5-21-1487363990-143758708-288422109-1005
    Supprimé ! C:\$Recycle.Bin\S-1-5-21-1487363990-143758708-288422109-500
    Supprimé ! D:\$Recycle.Bin\S-1-5-21-1487363990-143758708-288422109-1000

    ################## | Registre |

    ################## | Mountpoints2 |

    Supprimé ! HKCU\...\Explorer\MountPoints2\K\Shell\AutoRun\Command

    ################## | Listing des fichiers présent |

    [18/09/2006 22:43|--a------|24] C:\autoexec.bat
    [11/04/2009 07:36|-rahs----|333257] C:\bootmgr
    [18/09/2006 22:43|--a------|10] C:\config.sys
    [25/01/2009 20:11|-rahs----|0] C:\IO.SYS
    [25/01/2009 20:11|-rahs----|0] C:\MSDOS.SYS
    [28/02/2010 15:05|--a------|241] C:\MyHosts.txt
    [?|?|?] C:\pagefile.sys
    [28/02/2010 15:17|--a------|3046] C:\TB.txt
    [28/02/2010 18:00|--a------|4429] C:\UsbFix.txt

    ################## | Vaccination |

    # C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
    # D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

    ################## | Upload |

    Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_PC-DE-ALEX.zip : https://www.ionos.fr/?affiliate_id=77097
    Merci pour votre contribution .
    0
  13. Kaz62820 Messages postés 31 Statut Membre 2
     
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Alex at 2010-02-28 18:04:51
    Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
    System drive C: has 19 GB (17%) free of 116 GB
    Total RAM: 3070 MB (67% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:05:04, on 28/02/2010
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18385)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\conime.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\svchost.exe
    C:\Users\Alex\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Alex.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll
    O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\SFR\Pack Sécurité\NRS\iescript\baselitmus.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\SFR\Pack Sécurité\NRS\iescript\baselitmus.dll
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\SFR\Kit\9props.exe" /trayicon
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Startup: winesm32.exe
    O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
    O13 - Gopher Prefix:
    O15 - Trusted Zone: *.chat-land.org
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (Ma-Config control) - http://fichiers.touslesdrivers.com/...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE
    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe
    O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
    O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    0
    1. Utilisateur anonyme
       
      Re

      Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
      Ou ici : https://forospyware.com
      >Renomme le pour l’enregistrer sur ton bureau en asdehi (tout simplement pour que l’infection ne le contre pas)
      -> Double clique combofix.exe.(ou clic droit sous vista « exécuter en tant que… » )
      -> Tape sur la touche 1 (Yes) pour démarrer le scan.
      -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

      NOTE : Le rapport se trouve également ici : C:\Combofix.txt

      Avant d'utiliser ComboFix :

      -> Déconnecte toi d'Internet et referme les fenêtres de tous les programmes en cours.

      -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

      Une fois fait, sur ton bureau double-clic sur Combofix.exe ; (ou clic droit sous vista « exécuter en tant que… »)


      - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

      - Attention Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programme. Risque de figer l'ordinateur

      - En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

      - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

      -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

      -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

      /!\ Ne touche à rien tant que le scan n'est pas terminé. /!\ : risque de figer l'ordinateur (plantage complet)


      ::Si combofix détecte quelque chose et de demande a redémarrer tu acceptes

      @+
      0
  14. Kaz62820 Messages postés 31 Statut Membre 2
     
    ComboFix 10-02-27.04 - Alex 28/02/2010 18:26:39.1.2 - x86
    Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.3070.2213 [GMT 1:00]
    Lancé depuis: c:\users\Alex\AppData\Local\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Royal-Yugi Online\bton\Desktop_.ini
    c:\program files\Royal-Yugi Online\btonv\Desktop_.ini
    c:\program files\Royal-Yugi Online\Field\Desktop_.ini
    c:\program files\Royal-Yugi Online\Icon\Desktop_.ini
    c:\program files\Royal-Yugi Online\Icon\ico_flags\Desktop_.ini
    c:\users\Alex\Ae.exe
    c:\users\Alex\AppDae.exe
    c:\users\Alex\AppData\Local\Tempe.exe
    c:\users\Alex\AppData\Roaming\.#
    c:\users\Alex\AppData\Roaming\Desktopicon
    c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winesm32.exe
    c:\users\Alex\AppDatae.exe
    c:\users\Alex\Appe.exe
    c:\windows\2afbd66b-251d-4389-8ddb-6f8a3f253f1f.ocx
    c:\windows\jestertb.dll
    c:\windows\system32\6ffdbcaf-f6c1-42d3-a4a9-c7957224a70b.dll
    c:\windows\system32\twain_32.dll
    c:\windows\wpe pro.INI

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2010-01-28 au 2010-02-28 ))))))))))))))))))))))))))))))))))))
    .

    2010-02-28 17:35 . 2010-02-28 17:35 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-02-28 17:35 . 2010-02-28 17:35 -------- d-----w- c:\users\yvb2\AppData\Local\temp
    2010-02-28 17:35 . 2010-02-28 17:35 -------- d-----w- c:\users\YVB\AppData\Local\temp
    2010-02-28 17:35 . 2010-02-28 17:35 -------- d-----w- c:\users\Brigitte\AppData\Local\temp
    2010-02-28 17:00 . 2010-02-28 17:00 148860 ----a-w- C:\UsbFix_Upload_Me_PC-DE-ALEX.zip
    2010-02-17 10:23 . 2010-02-17 10:23 -------- d-----w- c:\programdata\Malwarebytes
    2010-02-07 12:44 . 2010-02-07 12:44 -------- d-----w- c:\program files\Paradox Interactive
    2010-02-07 12:33 . 2010-02-07 12:33 -------- d-----w- c:\users\Alex\AppData\Roaming\F-Secure
    2010-02-06 12:37 . 2010-02-06 12:37 -------- d-----w- c:\users\Alex\AppData\Roaming\e frontier
    2010-02-06 12:36 . 2010-02-06 12:36 -------- d-----w- c:\program files\e frontier
    2010-02-06 12:36 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
    2010-01-30 18:31 . 2010-02-28 17:23 -------- d-----w- c:\users\Alex\AppData\Roaming\LimeWire
    2010-01-30 18:31 . 2010-01-30 18:31 -------- d-----w- c:\program files\LimeWire

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-02-28 21:09 . 2009-08-15 18:05 -------- d-----w- c:\users\Alex\AppData\Roaming\Winamp
    2010-02-28 14:53 . 2010-02-17 10:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-02-28 14:52 . 2009-01-25 16:07 -------- d-----w- c:\program files\mIRC
    2010-02-28 13:33 . 2010-02-28 13:33 -------- d-----w- c:\program files\Trend Micro
    2010-02-28 13:04 . 2009-04-27 18:59 138328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2010-02-28 13:04 . 2009-04-27 18:59 214816 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-02-26 16:02 . 2010-02-26 16:02 29184 ----a-w- c:\users\Alex\AppData\Local\Tee.exe
    2010-02-26 16:01 . 2010-02-26 16:01 29184 ----a-w- c:\users\Alex\AppData\Local\e.exe
    2010-02-26 15:54 . 2010-02-26 15:54 8 ----a-w- c:\users\Alex\AppData\Roaming\rbuwzv.dat
    2010-02-25 09:56 . 2008-03-16 21:20 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-02-25 09:56 . 2010-02-24 21:36 -------- d-----w- c:\program files\LucasArts
    2010-02-20 09:09 . 2010-01-16 21:13 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory
    2010-02-17 20:39 . 2009-01-27 23:42 -------- d-----w- c:\users\Alex\AppData\Roaming\Notepad++
    2010-02-17 20:39 . 2009-11-04 11:11 -------- d-----w- c:\program files\PC Connectivity Solution
    2010-02-17 20:39 . 2009-08-15 18:06 -------- d-----w- c:\program files\Winamp Toolbar
    2010-02-17 20:39 . 2009-02-22 18:39 -------- d-----w- c:\programdata\FLEXnet
    2010-02-17 20:39 . 2009-02-22 18:31 -------- d-----w- c:\program files\Bonjour
    2010-02-17 20:39 . 2009-02-19 13:50 -------- d-----w- c:\program files\DAEMON Tools Lite
    2010-02-17 20:39 . 2009-01-25 18:53 -------- d-----w- c:\program files\ma-config.com
    2010-02-17 20:39 . 2008-03-16 21:59 -------- d-----w- c:\program files\Common Files\LightScribe
    2010-02-17 10:23 . 2010-02-17 10:23 -------- d-----w- c:\users\Alex\AppData\Roaming\Malwarebytes
    2010-02-16 23:54 . 2010-02-16 23:54 16 ----a-w- c:\users\Alex\AppData\Roaming\sgcpom.dat
    2010-02-14 10:33 . 2009-12-06 12:39 439816 ----a-w- c:\users\Alex\AppData\Roaming\Real\Update\setup3.09\setup.exe
    2010-02-11 20:56 . 2009-10-02 08:53 -------- d-----w- c:\users\Alex\AppData\Roaming\Canon
    2010-02-11 02:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-02-10 08:50 . 2009-01-30 19:00 1 ----a-w- c:\users\Alex\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-02-09 16:11 . 2009-01-25 14:56 102736 ----a-w- c:\users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-02-07 01:39 . 2009-01-25 14:56 -------- d-----w- c:\program files\Google
    2010-02-03 17:47 . 2010-01-11 16:17 -------- d-----w- c:\program files\Yu-Gi-Oh Virtual Battle 5
    2010-01-29 22:07 . 2009-10-02 08:49 -------- d-----w- c:\program files\Canon
    2010-01-29 07:50 . 2010-01-29 07:50 -------- d-----w- c:\program files\ASIO4ALL v2
    2010-01-29 07:47 . 2009-02-08 20:20 -------- d-----w- c:\program files\VstPlugins
    2010-01-24 16:49 . 2009-01-31 11:38 -------- d-----w- c:\programdata\Messenger Plus!
    2010-01-24 16:41 . 2009-01-31 10:20 -------- d-----w- c:\program files\Messenger Plus! Live
    2010-01-23 08:48 . 2009-10-28 10:26 -------- d-----w- c:\users\Alex\AppData\Roaming\uTorrent
    2010-01-22 18:14 . 2010-01-22 18:11 -------- d-----w- c:\program files\Image-Line
    2010-01-22 15:02 . 2010-01-22 15:02 -------- d-----w- c:\users\Alex\AppData\Roaming\Syntrillium
    2010-01-22 15:02 . 2010-01-22 15:00 -------- d-----w- c:\program files\coolpro2
    2010-01-22 14:50 . 2010-01-22 14:50 -------- d-----w- c:\program files\Mp3DoctorPRO
    2010-01-22 14:06 . 2010-01-22 14:05 -------- d-----w- c:\program files\Kaiba Corp VDS
    2010-01-22 08:40 . 2010-01-22 08:35 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
    2010-01-22 08:35 . 2008-01-21 07:23 676456 ----a-w- c:\windows\system32\perfh00C.dat
    2010-01-22 08:35 . 2008-01-21 07:23 126594 ----a-w- c:\windows\system32\perfc00C.dat
    2010-01-22 08:35 . 2010-01-22 08:29 -------- d-----w- c:\programdata\f-secure
    2010-01-22 08:34 . 2010-01-22 08:34 -------- d-----w- c:\programdata\eMule
    2010-01-22 08:34 . 2010-01-08 13:38 -------- d-----w- c:\program files\SFR
    2010-01-22 08:34 . 2010-01-22 08:33 -------- d-----w- c:\program files\eMule
    2010-01-22 08:33 . 2010-01-22 08:32 -------- d-----w- c:\programdata\fssg
    2010-01-20 18:03 . 2008-03-16 21:41 -------- d-----w- c:\programdata\Microsoft Help
    2010-01-20 18:01 . 2008-03-16 21:43 -------- d-----w- c:\program files\Microsoft Works
    2010-01-17 16:18 . 2010-01-17 16:18 -------- d-----w- c:\program files\Bodom-Child - RaBBi
    2010-01-15 15:53 . 2010-01-15 15:53 -------- d-----w- c:\program files\Metal-Yugioh
    2010-01-15 11:01 . 2010-01-15 11:01 -------- d-----w- c:\program files\Microsoft SQL Server
    2010-01-15 11:00 . 2009-01-27 10:17 195232 ----a-w- c:\programdata\Microsoft\VBExpress\9.0\1036\ResourceCache.dll
    2010-01-15 11:00 . 2009-01-27 10:17 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1036\ResourceCache.dll
    2010-01-15 10:58 . 2010-01-10 13:44 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
    2010-01-14 20:56 . 2010-01-14 20:55 419 ----a-w- c:\users\Alex\errorlog.tmp
    2010-01-14 20:24 . 2010-01-14 20:24 -------- d-----w- c:\program files\Celestia
    2010-01-14 10:12 . 2009-10-03 09:34 181120 ------w- c:\windows\system32\MpSigStub.exe
    2010-01-13 18:15 . 2010-01-13 18:15 -------- d-----w- c:\program files\gPotato.eu
    2010-01-13 09:37 . 2010-01-13 09:29 -------- d-----w- c:\program files\NetBattle
    2010-01-11 21:49 . 2009-01-28 19:21 98744 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
    2010-01-11 16:32 . 2010-01-11 16:28 -------- d-----w- c:\program files\Royal-Yugi Online
    2010-01-10 13:26 . 2010-01-10 13:26 82993 ----a-w- c:\windows\system32\Uninstal.exe
    2010-01-09 16:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
    2010-01-09 16:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
    2010-01-09 16:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
    2010-01-09 16:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
    2010-01-09 16:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
    2010-01-07 21:24 . 2009-10-31 13:00 -------- d-----w- c:\program files\Nvu
    2010-01-07 21:23 . 2009-10-28 08:11 -------- d-----w- c:\program files\FreeTime
    2010-01-07 21:23 . 2008-03-16 21:29 -------- d-----w- c:\program files\Acer GameZone
    2010-01-07 21:20 . 2009-12-06 13:48 -------- d-----w- c:\program files\MSN Password Recovery
    2010-01-07 21:19 . 2009-12-27 09:47 -------- d-----w- c:\program files\MadTracker
    2010-01-07 21:19 . 2009-08-28 20:27 -------- d-----w- c:\program files\mnProjects
    2010-01-07 21:18 . 2009-06-15 17:32 -------- d-----w- c:\programdata\Apple Computer
    2010-01-07 21:16 . 2009-12-27 09:58 -------- d-----w- c:\program files\REAPER
    2010-01-07 21:16 . 2009-12-26 20:55 -------- d-----w- c:\program files\Cakewalk
    2010-01-07 21:15 . 2009-01-31 10:40 -------- d-----w- c:\program files\MSECACHE
    2010-01-07 21:09 . 2009-06-15 17:31 -------- d-----w- c:\programdata\Apple
    2010-01-07 15:07 . 2010-02-28 14:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-07 15:07 . 2010-02-28 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-01-07 14:37 . 2009-01-25 16:07 -------- d-----w- c:\users\Alex\AppData\Roaming\mIRC
    2009-12-30 14:33 . 2009-01-31 10:21 1356 ----a-w- c:\users\Alex\AppData\Local\d3d9caps.dat
    2009-12-28 12:35 . 2010-02-10 08:44 11776 ----a-w- c:\windows\system32\tsbyuv.dll
    2009-12-28 12:35 . 2010-02-10 08:44 1314816 ----a-w- c:\windows\system32\quartz.dll
    2009-12-28 12:32 . 2010-02-10 08:44 22528 ----a-w- c:\windows\system32\msyuv.dll
    2009-12-28 12:32 . 2010-02-10 08:44 31744 ----a-w- c:\windows\system32\msvidc32.dll
    2009-12-28 12:32 . 2010-02-10 08:44 123904 ----a-w- c:\windows\system32\msvfw32.dll
    2009-12-28 12:32 . 2010-02-10 08:44 13312 ----a-w- c:\windows\system32\msrle32.dll
    2009-12-28 12:31 . 2010-02-10 08:44 82944 ----a-w- c:\windows\system32\mciavi32.dll
    2009-12-28 12:31 . 2010-02-10 08:44 50176 ----a-w- c:\windows\system32\iyuv_32.dll
    2009-12-28 12:28 . 2010-02-10 08:44 65024 ----a-w- c:\windows\system32\avicap32.dll
    2009-12-28 12:28 . 2010-02-10 08:44 91136 ----a-w- c:\windows\system32\avifil32.dll
    2009-12-18 13:05 . 2010-01-22 12:43 833024 ----a-w- c:\windows\system32\wininet.dll
    2009-12-18 13:01 . 2010-01-22 12:43 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-12-18 10:14 . 2010-01-22 12:43 26624 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-12-11 12:07 . 2010-02-10 08:44 301568 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-11 12:07 . 2010-02-10 08:44 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2009-12-08 20:52 . 2010-02-10 08:44 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .

    ------- Sigcheck -------

    [-] 2006-11-10 . 921D359C1168867B515C219ACCED9609 . 245248 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]

    [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
    2009-10-15 08:53 165184 ----a-w- c:\program files\SFR\Kit\SFRNavErrorHelper.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-25 68856]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
    "AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]
    "Connexion SFR 9props.exe"="c:\program files\SFR\Kit\9props.exe" [2009-10-15 959808]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-18 198160]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-04 149280]
    "F-Secure Manager"="c:\program files\SFR\Pack Sécurité\Common\FSM32.EXE" [2009-11-18 201128]
    "F-Secure TNB"="c:\program files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe" [2009-11-18 1655208]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

    c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "FilterAdministratorToken"= 1 (0x1)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HonorAutoRunSetting"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "HonorAutoRunSetting"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WiFi Station pour Livebox.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WiFi Station pour Livebox.lnk
    backup=c:\windows\pss\WiFi Station pour Livebox.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
    path=c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
    backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
    2008-04-25 20:36 28672 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2009-01-25 14:57 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2007-01-08 21:26 68640 ----a-w- c:\program files\Cyberlink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2008-01-29 10:51 4911104 ----a-w- c:\windows\RtHDVCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2009-02-25 13:38 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2008-06-10 03:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2009-07-18 20:59 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
    2008-01-29 08:03 303104 ----a-w- c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
    2008-01-21 02:33 2153472 ----a-w- c:\windows\System32\oobefldr.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1487363990-143758708-288422109-1000]
    "EnableNotificationsRef"=dword:00000001

    R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [22/01/2010 09:35 33920]
    R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\SFR\Pack Sécurité\HIPS\drivers\fshs.sys [22/01/2010 09:34 69928]
    R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [22/01/2010 09:35 37544]
    R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [22/01/2010 09:35 72904]
    R1 fsvista;F-Secure Vista Support Driver;c:\program files\SFR\Pack Sécurité\Anti-Virus\minifilter\fsvista.sys [22/01/2010 09:34 14248]
    R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 13:11 16384]
    R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [04/11/2009 12:12 233472]
    R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25/04/2008 21:36 45056]
    R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe -k yksvcs [21/01/2008 03:33 21504]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\SFR\Pack Sécurité\Anti-Virus\minifilter\fsgk.sys [22/01/2010 09:34 107104]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [04/11/2009 12:12 36608]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\System32\drivers\libusb0.sys [16/06/2009 08:00 28672]
    R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\System32\drivers\vcsvad.sys [09/10/2009 15:33 17792]
    S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [19/02/2009 13:00 721904]
    S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14/01/2010 21:31 135664]
    S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25/04/2008 21:36 131072]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\drivers\aspi32.sys [21/03/2009 20:24 25244]
    S3 FSORSPClient;F-Secure ORSP Client;c:\program files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe [22/01/2010 09:34 56000]
    S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [25/01/2009 15:57 24064]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [11/12/2009 15:43 238960]
    S3 netr73;Hercules Wireless USB Dongle Driver for Vista;c:\windows\System32\drivers\netr73.sys [25/01/2009 16:03 256000]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 RDID1061;UA-4FX;c:\windows\System32\drivers\Rdwm1061.sys [28/12/2009 18:36 146432]
    S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [06/04/2009 12:19 23064]
    S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\System32\drivers\ss_bbus.sys [04/11/2009 12:18 90112]
    S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\System32\drivers\ss_bmdfl.sys [04/11/2009 12:18 14976]
    S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\System32\drivers\ss_bmdm.sys [04/11/2009 12:18 121856]
    S4 F-Secure Filter;F-Secure File System Filter;c:\program files\SFR\Pack Sécurité\Anti-Virus\win2k\fsfilter.sys [22/01/2010 09:34 41640]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\SFR\Pack Sécurité\Anti-Virus\win2k\fsrec.sys [22/01/2010 09:34 27048]

    --- Autres Services/Pilotes en mémoire ---

    *Deregistered* - xayhimp

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    yksvcs REG_MULTI_SZ yksvc
    .
    Contenu du dossier 'Tâches planifiées'

    2010-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 20:31]

    2010-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 20:31]
    .
    .
    ------- Examen supplémentaire -------
    .
    uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
    mWindow Title =
    uInternet Settings,ProxyOverride = local;*.local
    IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    LSP: c:\program files\SFR\Pack Se9,curite9,\FSPS\program\FSLSP.DLL
    Trusted Zone: chat-land.org
    Trusted Zone: localhost
    FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0sgj9159.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
    FF - prefs.js: browser.search.selectedEngine - GoogleCOM
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
    FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
    FF - component: c:\program files\SFR\Pack Sécurité\NRS\litmus-ff@f-secure.com\components\litmus-ff.dll
    FF - component: c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0sgj9159.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
    FF - component: c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0sgj9159.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
    FF - plugin: c:\program files\Opera\program\plugins\NPAdbESD.dll
    FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----

    FF - user.js: browser.search.selectedEngine - GoogleCOM
    FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=

    FF - user.js: browser.sessionstore.resume_from_crash - false
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Run-NPSStartup - (no file)
    MSConfigStartUp-Acer Empowering Technology Monitor - c:\program files\Acer\Empowering Technology\SysMonitor.exe
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    MSConfigStartUp-ares - c:\program files\Ares\Ares.exe
    MSConfigStartUp-eDataSecurity Loader - c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
    MSConfigStartUp-EmpoweringTechnology - c:\program files\Acer\Empowering Technology\Framework.Launcher.exe
    MSConfigStartUp-Free Download Manager - c:\program files\Free Download Manager\fdm.exe
    MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
    MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
    MSConfigStartUp-Peer2Me - c:\program files\Peer2Me\Peer2Me.exe
    MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
    MSConfigStartUp-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
    AddRemove-LibUSB-Win32_is1 - c:\program files\LibUSB-Win32\unins000.exe

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-02-28 18:36
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\xayhimp]

    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Heure de fin: 2010-02-28 18:38:35
    ComboFix-quarantined-files.txt 2010-02-28 17:38

    Avant-CF: 20 241 543 168 octets libres
    Après-CF: 33 509 142 528 octets libres

    - - End Of File - - 2F7A94D05AF79A077229CF3628E67704
    0
    1. Utilisateur anonyme
       
      Re

      |==>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour cet ordinateur/!\<==|
      |===========>il est fort déconseillé de le transposer sur un autre ordinateur !<==========|
      -----------------------------------------------------------------------------------------------

      Toujours avec toutes les protections désactivées, fais ceci :

      • Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
      • Copie/colle dans le bloc-notes ce qui est entre les lignes ci dessous (sans les lignes) :

      ----------------------------------------------------------


      KillAll::

      Driver::

      File::
      c:\users\Alex\AppData\Local\Tee.exe
      c:\users\Alex\AppData\Local\e.exe
      c:\users\Alex\AppData\Roaming\rbuwzv.dat
      c:\windows\system32\Uninstal.exe
      Rootkit ::

      Folder::

      Services::

      Registry::
      -----------------------------------------------------------------

      • Enregistre ce fichier sur ton Bureau (et pas ailleurs !) Sous le nom CFScript.txt
      • Quitte le Bloc Notes

      • Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif

      • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
      • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
      • Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt

      @+
      0
  15. Kaz62820 Messages postés 31 Statut Membre 2
     
    je dois quitter le pc pour ce soir, je reviendrais demain matin vers 10 heures ^^
    0
  16. Kaz62820 Messages postés 31 Statut Membre 2
     
    Bonjour,

    alors ce matin de retour sur l'ordi je l'allume et paf ecran bleu il crash, il redemarre je fait "Demarrere windows normalement " et il se lance normalement c'ets normal ?

    voici le rapport de combofix :

    ComboFix 10-02-28.03 - Alex 01/03/2010 11:53:29.2.2 - x86
    Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.3070.2072 [GMT 1:00]
    Lancé depuis: C:\Users\Alex\AppData\Local\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
    Commutateurs utilisés :: C:\Users\Alex\Desktop\CFScript.txt
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    FILE ::
    "c:\users\Alex\AppData\Local\e.exe"
    "c:\users\Alex\AppData\Local\Tee.exe"
    "c:\users\Alex\AppData\Roaming\rbuwzv.dat"
    "c:\windows\system32\Uninstal.exe"
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Alex\AppData\Local\e.exe
    c:\users\Alex\AppData\Local\Tee.exe
    c:\users\Alex\AppData\Roaming\rbuwzv.dat
    c:\windows\system32\Uninstal.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-01 au 2010-03-01 ))))))))))))))))))))))))))))))))))))
    .

    2010-03-01 11:02:17 . 2010-03-01 11:05:25 -------- d-----w- C:\Users\Alex\AppData\Local\temp
    2010-03-01 11:02:17 . 2010-03-01 11:02:17 -------- d-----w- C:\Users\yvb2\AppData\Local\temp
    2010-03-01 11:02:17 . 2010-03-01 11:02:17 -------- d-----w- C:\Users\YVB\AppData\Local\temp
    2010-03-01 11:02:17 . 2010-03-01 11:02:17 -------- d-----w- C:\Users\Public\AppData\Local\temp
    2010-03-01 11:02:17 . 2010-03-01 11:02:17 -------- d-----w- C:\Users\Default\AppData\Local\temp
    2010-02-28 17:00:49 . 2010-02-28 17:00:50 148860 ----a-w- C:\UsbFix_Upload_Me_PC-DE-ALEX.zip
    2010-02-28 14:53:38 . 2010-01-07 15:07:14 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
    2010-02-28 14:53:35 . 2010-01-07 15:07:04 19160 ----a-w- C:\Windows\system32\drivers\mbam.sys
    2010-02-28 14:49:34 . 2010-02-28 17:00:50 -------- d-----w- C:\UsbFix
    2010-02-28 14:15:44 . 2010-02-28 14:16:12 -------- d-----w- C:\rsit
    2010-02-28 14:06:05 . 2010-02-28 14:17:43 -------- d-----w- C:\ToolBar SD
    2010-02-28 13:33:10 . 2010-02-28 13:33:10 -------- d-----w- C:\Program Files\Trend Micro
    2010-02-26 15:57:49 . 2010-02-26 15:57:49 29184 ----a-w- C:\Users\Alexe.exe
    2010-02-26 15:57:18 . 2010-02-26 15:57:18 29184 ----a-w- C:\Users\Ale.exe
    2010-02-24 21:36:59 . 2010-02-25 09:56:06 -------- d-----w- C:\Program Files\LucasArts
    2010-02-17 10:23:06 . 2010-02-17 10:23:06 -------- d-----w- C:\Users\Alex\AppData\Roaming\Malwarebytes
    2010-02-17 10:23:02 . 2010-02-28 14:53:40 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
    2010-02-17 10:23:02 . 2010-02-17 10:23:02 -------- d-----w- C:\ProgramData\Malwarebytes
    2010-02-07 12:44:42 . 2010-02-07 12:44:42 -------- d-----w- C:\Program Files\Paradox Interactive
    2010-02-07 12:33:50 . 2010-02-07 12:33:50 -------- d-----w- C:\Users\Alex\AppData\Roaming\F-Secure
    2010-02-06 12:37:09 . 2010-02-06 12:37:09 -------- d-----w- C:\Users\Alex\AppData\Roaming\e frontier
    2010-02-06 12:36:25 . 2010-02-06 12:36:25 -------- d-----w- C:\Program Files\e frontier
    2010-02-06 12:36:16 . 1998-10-29 15:45:06 306688 ----a-w- C:\Windows\IsUninst.exe
    2010-01-30 18:31:40 . 2010-03-01 10:51:35 -------- d-----w- C:\Users\Alex\AppData\Roaming\LimeWire
    2010-01-30 18:31:02 . 2010-01-30 18:31:14 -------- d-----w- C:\Program Files\LimeWire

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-02-28 21:09:21 . 2009-08-15 18:05:35 -------- d-----w- C:\Users\Alex\AppData\Roaming\Winamp
    2010-02-28 14:52:07 . 2009-01-25 16:07:48 -------- d-----w- C:\Program Files\mIRC
    2010-02-28 13:04:19 . 2009-04-27 18:59:36 138328 ----a-w- C:\Windows\system32\drivers\PnkBstrK.sys
    2010-02-28 13:04:10 . 2009-04-27 18:59:27 214816 ----a-w- C:\Windows\system32\PnkBstrB.exe
    2010-02-25 09:56:31 . 2008-03-16 21:20:19 -------- d--h--w- C:\Program Files\InstallShield Installation Information
    2010-02-20 09:09:18 . 2010-01-16 21:13:16 -------- d-----w- C:\Program Files\Wolfenstein - Enemy Territory
    2010-02-17 20:39:34 . 2009-01-27 23:42:23 -------- d-----w- C:\Users\Alex\AppData\Roaming\Notepad++
    2010-02-17 20:39:33 . 2009-11-04 11:11:20 -------- d-----w- C:\Program Files\PC Connectivity Solution
    2010-02-17 20:39:33 . 2009-08-15 18:06:08 -------- d-----w- C:\Program Files\Winamp Toolbar
    2010-02-17 20:39:33 . 2009-02-22 18:39:15 -------- d-----w- C:\ProgramData\FLEXnet
    2010-02-17 20:39:33 . 2009-02-22 18:31:55 -------- d-----w- C:\Program Files\Bonjour
    2010-02-17 20:39:33 . 2009-02-19 13:50:57 -------- d-----w- C:\Program Files\DAEMON Tools Lite
    2010-02-17 20:39:33 . 2009-01-25 18:53:05 -------- d-----w- C:\Program Files\ma-config.com
    2010-02-17 20:39:33 . 2008-03-16 21:59:17 -------- d-----w- C:\Program Files\Common Files\LightScribe
    2010-02-16 23:54:35 . 2010-02-16 23:54:35 16 ----a-w- C:\Users\Alex\AppData\Roaming\sgcpom.dat
    2010-02-14 10:33:35 . 2009-12-06 12:39:13 439816 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\setup.exe
    2010-02-11 20:56:23 . 2009-10-02 08:53:28 -------- d-----w- C:\Users\Alex\AppData\Roaming\Canon
    2010-02-11 02:14:56 . 2006-11-02 11:18:33 -------- d-----w- C:\Program Files\Windows Mail
    2010-02-10 08:50:18 . 2009-01-30 19:00:46 1 ----a-w- C:\Users\Alex\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-02-09 16:11:58 . 2009-01-25 14:56:40 102736 ----a-w- C:\Users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-02-07 01:39:11 . 2009-01-25 14:56:59 -------- d-----w- C:\Program Files\Google
    2010-02-03 17:47:26 . 2010-01-11 16:17:54 -------- d-----w- C:\Program Files\Yu-Gi-Oh Virtual Battle 5
    2010-01-29 22:07:58 . 2009-10-02 08:49:58 -------- d-----w- C:\Program Files\Canon
    2010-01-29 07:50:51 . 2010-01-29 07:50:51 -------- d-----w- C:\Program Files\ASIO4ALL v2
    2010-01-29 07:47:22 . 2009-02-08 20:20:43 -------- d-----w- C:\Program Files\VstPlugins
    2010-01-24 16:49:11 . 2009-01-31 11:38:47 -------- d-----w- C:\ProgramData\Messenger Plus!
    2010-01-24 16:41:06 . 2009-01-31 10:20:24 -------- d-----w- C:\Program Files\Messenger Plus! Live
    2010-01-23 08:48:01 . 2009-10-28 10:26:31 -------- d-----w- C:\Users\Alex\AppData\Roaming\uTorrent
    2010-01-22 18:14:24 . 2010-01-22 18:11:21 -------- d-----w- C:\Program Files\Image-Line
    2010-01-22 15:02:52 . 2010-01-22 15:02:52 -------- d-----w- C:\Users\Alex\AppData\Roaming\Syntrillium
    2010-01-22 15:02:17 . 2010-01-22 15:00:53 -------- d-----w- C:\Program Files\coolpro2
    2010-01-22 14:50:50 . 2010-01-22 14:50:46 -------- d-----w- C:\Program Files\Mp3DoctorPRO
    2010-01-22 14:06:39 . 2010-01-22 14:05:37 -------- d-----w- C:\Program Files\Kaiba Corp VDS
    2010-01-22 08:40:52 . 2010-01-22 08:35:42 33920 ----a-w- C:\Windows\system32\drivers\fsbts.sys
    2010-01-22 08:35:28 . 2008-01-21 07:23:37 676456 ----a-w- C:\Windows\system32\perfh00C.dat
    2010-01-22 08:35:28 . 2008-01-21 07:23:37 126594 ----a-w- C:\Windows\system32\perfc00C.dat
    2010-01-22 08:35:05 . 2010-01-22 08:29:25 -------- d-----w- C:\ProgramData\f-secure
    2010-01-22 08:34:29 . 2010-01-22 08:34:29 -------- d-----w- C:\ProgramData\eMule
    2010-01-22 08:34:13 . 2010-01-08 13:38:56 -------- d-----w- C:\Program Files\SFR
    2010-01-22 08:34:01 . 2010-01-22 08:33:58 -------- d-----w- C:\Program Files\eMule
    2010-01-22 08:33:25 . 2010-01-22 08:32:57 -------- d-----w- C:\ProgramData\fssg
    2010-01-20 18:03:13 . 2008-03-16 21:41:30 -------- d-----w- C:\ProgramData\Microsoft Help
    2010-01-20 18:01:40 . 2008-03-16 21:43:22 -------- d-----w- C:\Program Files\Microsoft Works
    2010-01-17 16:18:42 . 2010-01-17 16:18:42 -------- d-----w- C:\Program Files\Bodom-Child - RaBBi
    2010-01-15 15:53:19 . 2010-01-15 15:53:18 -------- d-----w- C:\Program Files\Metal-Yugioh
    2010-01-15 11:01:24 . 2010-01-15 11:01:23 -------- d-----w- C:\Program Files\Microsoft SQL Server
    2010-01-15 11:00:30 . 2009-01-27 10:17:59 195232 ----a-w- C:\ProgramData\Microsoft\VBExpress\9.0\1036\ResourceCache.dll
    2010-01-15 11:00:19 . 2009-01-27 10:17:31 416 ----a-w- C:\ProgramData\Microsoft\MSDN\9.0\1036\ResourceCache.dll
    2010-01-15 10:58:12 . 2010-01-10 13:44:12 -------- d-----w- C:\Program Files\Microsoft Visual Studio 9.0
    2010-01-14 20:56:29 . 2010-01-14 20:55:09 419 ----a-w- C:\Users\Alex\errorlog.tmp
    2010-01-14 20:24:29 . 2010-01-14 20:24:16 -------- d-----w- C:\Program Files\Celestia
    2010-01-14 10:12:06 . 2009-10-03 09:34:23 181120 ------w- C:\Windows\system32\MpSigStub.exe
    2010-01-13 18:15:50 . 2010-01-13 18:15:49 -------- d-----w- C:\Program Files\gPotato.eu
    2010-01-13 09:37:51 . 2010-01-13 09:29:33 -------- d-----w- C:\Program Files\NetBattle
    2010-01-11 21:49:11 . 2009-01-28 19:21:10 98744 ----a-w- C:\Windows\system32\GDIPFONTCACHEV1.DAT
    2010-01-11 16:32:21 . 2010-01-11 16:28:14 -------- d-----w- C:\Program Files\Royal-Yugi Online
    2010-01-09 16:12:25 . 2006-11-02 12:35:51 -------- d-----w- C:\Program Files\Windows Sidebar
    2010-01-09 16:12:25 . 2006-11-02 12:35:51 -------- d-----w- C:\Program Files\Windows Photo Gallery
    2010-01-09 16:12:25 . 2006-11-02 12:35:51 -------- d-----w- C:\Program Files\Windows Defender
    2010-01-09 16:12:25 . 2006-11-02 12:35:51 -------- d-----w- C:\Program Files\Windows Collaboration
    2010-01-09 16:12:25 . 2006-11-02 12:35:51 -------- d-----w- C:\Program Files\Windows Calendar
    2010-01-07 21:24:09 . 2009-10-31 13:00:08 -------- d-----w- C:\Program Files\Nvu
    2010-01-07 21:23:45 . 2009-10-28 08:11:45 -------- d-----w- C:\Program Files\FreeTime
    2010-01-07 21:23:11 . 2008-03-16 21:29:42 -------- d-----w- C:\Program Files\Acer GameZone
    2010-01-07 21:20:11 . 2009-12-06 13:48:47 -------- d-----w- C:\Program Files\MSN Password Recovery
    2010-01-07 21:19:37 . 2009-12-27 09:47:58 -------- d-----w- C:\Program Files\MadTracker
    2010-01-07 21:19:04 . 2009-08-28 20:27:07 -------- d-----w- C:\Program Files\mnProjects
    2010-01-07 21:18:11 . 2009-06-15 17:32:51 -------- d-----w- C:\ProgramData\Apple Computer
    2010-01-07 21:16:55 . 2009-12-27 09:58:14 -------- d-----w- C:\Program Files\REAPER
    2010-01-07 21:16:26 . 2009-12-26 20:55:11 -------- d-----w- C:\Program Files\Cakewalk
    2010-01-07 21:15:29 . 2009-01-31 10:40:10 -------- d-----w- C:\Program Files\MSECACHE
    2010-01-07 21:09:05 . 2009-06-15 17:31:09 -------- d-----w- C:\ProgramData\Apple
    2010-01-07 14:37:31 . 2009-01-25 16:07:48 -------- d-----w- C:\Users\Alex\AppData\Roaming\mIRC
    2009-12-30 14:33:39 . 2009-01-31 10:21:18 1356 ----a-w- C:\Users\Alex\AppData\Local\d3d9caps.dat
    2009-12-28 12:35:50 . 2010-02-10 08:44:35 11776 ----a-w- C:\Windows\system32\tsbyuv.dll
    2009-12-28 12:35:00 . 2010-02-10 08:44:36 1314816 ----a-w- C:\Windows\system32\quartz.dll
    2009-12-28 12:32:34 . 2010-02-10 08:44:35 22528 ----a-w- C:\Windows\system32\msyuv.dll
    2009-12-28 12:32:32 . 2010-02-10 08:44:35 31744 ----a-w- C:\Windows\system32\msvidc32.dll
    2009-12-28 12:32:32 . 2010-02-10 08:44:34 123904 ----a-w- C:\Windows\system32\msvfw32.dll
    2009-12-28 12:32:25 . 2010-02-10 08:44:35 13312 ----a-w- C:\Windows\system32\msrle32.dll
    2009-12-28 12:31:22 . 2010-02-10 08:44:35 82944 ----a-w- C:\Windows\system32\mciavi32.dll
    2009-12-28 12:31:01 . 2010-02-10 08:44:35 50176 ----a-w- C:\Windows\system32\iyuv_32.dll
    2009-12-28 12:28:43 . 2010-02-10 08:44:35 65024 ----a-w- C:\Windows\system32\avicap32.dll
    2009-12-28 12:28:43 . 2010-02-10 08:44:34 91136 ----a-w- C:\Windows\system32\avifil32.dll
    2009-12-18 13:05:50 . 2010-01-22 12:43:59 833024 ----a-w- C:\Windows\system32\wininet.dll
    2009-12-18 13:01:56 . 2010-01-22 12:43:55 78336 ----a-w- C:\Windows\system32\ieencode.dll
    2009-12-18 10:14:30 . 2010-01-22 12:43:56 26624 ----a-w- C:\Windows\system32\ieUnatt.exe
    2009-12-11 12:07:30 . 2010-02-10 08:44:48 301568 ----a-w- C:\Windows\system32\drivers\srv.sys
    2009-12-11 12:07:11 . 2010-02-10 08:44:47 98304 ----a-w- C:\Windows\system32\drivers\srvnet.sys
    2009-12-08 20:52:30 . 2010-02-10 08:44:38 897624 ----a-w- C:\Windows\system32\drivers\tcpip.sys
    2009-12-08 20:52:17 . 2010-02-10 08:44:44 3597912 ----a-w- C:\Windows\system32\ntkrnlpa.exe
    2009-12-08 20:52:16 . 2010-02-10 08:44:44 3546200 ----a-w- C:\Windows\system32\ntoskrnl.exe
    2009-12-06 20:41:01 . 2009-12-06 20:40:30 17614320 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\rp\RealPlayerSPGold_fr.exe
    2009-12-06 20:40:30 . 2009-12-06 20:40:27 8405312 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
    2009-12-06 20:39:55 . 2009-12-06 20:39:55 149000 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\chr_helper\LaunchHelper.exe
    2009-12-06 20:39:53 . 2009-12-06 20:39:49 10309448 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\chr\ChromeInstaller.exe
    2009-12-06 20:39:25 . 2009-12-06 20:39:25 79368 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\RUP\vista.exe
    2009-12-06 20:39:24 . 2009-12-06 20:39:24 64000 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\gcapi_dll.dll
    2009-12-06 20:39:24 . 2009-12-06 20:39:24 52288 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\gtapi.dll
    2009-12-06 20:39:24 . 2009-12-06 20:39:24 50688 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\fftbapi.dll
    .

    ------- Sigcheck -------

    [-] 2006-11-10 15:01:50 . 921D359C1168867B515C219ACCED9609 . 245248 . . [6.0.6000.16386 (vista_rtm.061101-2205)] . . C:\Windows\System32\shsvcs.dll
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2009-05-06 14:22:22 1262888]

    [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
    2009-10-15 08:53:58 165184 ----a-w- C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 02:32:56 1233920]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 14:44:52 3883856]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-25 14:57:04 68856]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-12-29 10:40:30 687560]
    "AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 17:05:22 102400]
    "Connexion SFR 9props.exe"="C:\Program Files\SFR\Kit\9props.exe" [2009-10-15 08:53:54 959808]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 21:17:42 52256]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2009-07-18 20:59:26 198160]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-09-17 07:55:00 13580832]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-09-17 07:55:00 92704]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-11-04 18:30:01 149280]
    "F-Secure Manager"="C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE" [2009-11-18 16:08:32 201128]
    "F-Secure TNB"="C:\Program Files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe" [2009-11-18 16:07:12 1655208]
    "Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 15:07:10 1394000]

    C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2009-12-16 503808]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "FilterAdministratorToken"= 1 (0x1)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HonorAutoRunSetting"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "HonorAutoRunSetting"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WiFi Station pour Livebox.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WiFi Station pour Livebox.lnk
    backup=C:\Windows\pss\WiFi Station pour Livebox.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
    path=C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
    backup=C:\Windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
    2008-04-25 20:36:20 28672 ----a-w- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2008-12-29 10:40:30 687560 ----a-w- C:\Program Files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2009-01-25 14:57:26 24064 ----a-w- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-07-26 14:44:52 3883856 ----a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2007-01-08 21:26:08 68640 ----a-w- C:\Program Files\Cyberlink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2008-01-29 10:51:52 4911104 ----a-w- C:\Windows\RtHDVCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2009-02-25 13:38:06 61440 ----a-w- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2008-06-10 03:27:04 144784 ----a-w- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2009-07-18 20:59:26 198160 ----a-w- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
    2008-01-29 08:03:46 303104 ----a-w- C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-21 02:33:00 1008184 ----a-w- C:\Program Files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
    2008-01-21 02:33:07 2153472 ----a-w- C:\Windows\System32\oobefldr.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1487363990-143758708-288422109-1000]
    "EnableNotificationsRef"=dword:00000001

    R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [22/01/2010 09:35:42 33920]
    R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files\SFR\Pack Sécurité\HIPS\drivers\fshs.sys [22/01/2010 09:34:46 69928]
    R1 FSES;F-Secure Email Scanning Driver;C:\Windows\System32\drivers\fses.sys [22/01/2010 09:35:26 37544]
    R1 FSFW;F-Secure Firewall Driver;C:\Windows\System32\drivers\fsdfw.sys [22/01/2010 09:35:22 72904]
    R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\SFR\Pack Sécurité\Anti-Virus\minifilter\fsvista.sys [22/01/2010 09:34:18 14248]
    R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 13:11:14 16384]
    R2 FsUsbExService;FsUsbExService;C:\Windows\System32\FsUsbExService.Exe [04/11/2009 12:12:04 233472]
    R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25/04/2008 21:36:20 45056]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25/04/2008 21:36:02 131072]
    R2 yksvc;Marvell Yukon Service;C:\Windows\System32\svchost.exe -k yksvcs [21/01/2008 03:33:13 21504]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\SFR\Pack Sécurité\Anti-Virus\minifilter\fsgk.sys [22/01/2010 09:34:18 107104]
    R3 FSORSPClient;F-Secure ORSP Client;C:\Program Files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe [22/01/2010 09:34:46 56000]
    R3 FsUsbExDisk;FsUsbExDisk;C:\Windows\System32\FsUsbExDisk.Sys [04/11/2009 12:12:04 36608]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;C:\Windows\System32\drivers\libusb0.sys [16/06/2009 08:00:02 28672]
    R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\System32\drivers\vcsvad.sys [09/10/2009 15:33:16 17792]
    S2 gupdate;Service Google Update (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [14/01/2010 21:31:42 135664]
    S3 ASPI;Advanced SCSI Programming Interface Driver;C:\Windows\System32\drivers\aspi32.sys [21/03/2009 20:24:10 25244]
    S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [25/01/2009 15:57:15 24064]
    S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [11/12/2009 15:43:30 238960]
    S3 netr73;Hercules Wireless USB Dongle Driver for Vista;C:\Windows\System32\drivers\netr73.sys [25/01/2009 16:03:14 256000]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
    S3 RDID1061;UA-4FX;C:\Windows\System32\drivers\Rdwm1061.sys [28/12/2009 18:36:34 146432]
    S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\Windows\System32\drivers\ScreamingBAudio.sys [06/04/2009 12:19:46 23064]
    S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\System32\drivers\ss_bbus.sys [04/11/2009 12:18:38 90112]
    S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\System32\drivers\ss_bmdfl.sys [04/11/2009 12:18:38 14976]
    S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\System32\drivers\ss_bmdm.sys [04/11/2009 12:18:38 121856]
    S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\SFR\Pack Sécurité\Anti-Virus\win2k\fsfilter.sys [22/01/2010 09:34:18 41640]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\SFR\Pack Sécurité\Anti-Virus\win2k\fsrec.sys [22/01/2010 09:34:18 27048]

    --- Autres Services/Pilotes en mémoire ---

    *NewlyCreated* - FSUSBEXDISK
    *Deregistered* - xayhimp

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    yksvcs REG_MULTI_SZ yksvc
    .
    Contenu du dossier 'Tâches planifiées'

    2010-03-01 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-14 20:31:42 . 2010-01-14 20:31:37]

    2010-03-01 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-14 20:31:42 . 2010-01-14 20:31:37]
    .
    .
    ------- Examen supplémentaire -------
    .
    uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
    mWindow Title =
    uInternet Settings,ProxyOverride = local;*.local
    IE: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    LSP: C:\Program Files\SFR\Pack Se9,curite9,\FSPS\program\FSLSP.DLL
    Trusted Zone: chat-land.org
    Trusted Zone: localhost
    FF - ProfilePath - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0sgj9159.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
    FF - prefs.js: browser.search.selectedEngine - GoogleCOM
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
    FF - component: C:\Program Files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
    FF - component: C:\Program Files\SFR\Pack Sécurité\NRS\litmus-ff@f-secure.com\components\litmus-ff.dll
    FF - component: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0sgj9159.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
    FF - component: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0sgj9159.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----

    FF - user.js: browser.search.selectedEngine - GoogleCOM
    FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=

    FF - user.js: browser.sessionstore.resume_from_crash - false
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    AddRemove-Patch RMXP 1.0.0.1 (V&S) - C:\Windows\system32\Uninstal.exe
    0
    1. Utilisateur anonyme
       
      Bonsoir

      Pour ton écran bleu ;note la première série de chiffres ;ça ressemble à ceci:

      Par exemple : "0x0000001D (0x000E00E0, 0XF83207D0, 0XF83204D0, OXF46E9F4F)".
      Parfois, l'intitulé est également indiqué.
      Par exemple : NO_SPIN_LOCK_AVAILABLE.


      ComboFix se copie sur le bureau.
      C:\Users\Alex\AppData\Local\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe

      Donc fait le;merci

      Ensuite;
      |==>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour cet ordinateur/!\<==|
      |===========>il est fort déconseillé de le transposer sur un autre ordinateur !<==========|
      -----------------------------------------------------------------------------------------------

      Toujours avec toutes les protections désactivées, fais ceci :

      • Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
      • Copie/colle dans le bloc-notes ce qui est entre les lignes ci dessous (sans les lignes) :

      ----------------------------------------------------------


      KillAll::

      Driver::

      File::
      C:\Users\Alexe.exe
      C:\Users\Ale.exe
      C:\Users\Alex\AppData\Roaming\sgcpom.dat

      Rootkit ::

      Folder::

      Services::

      Registry::
      -----------------------------------------------------------------

      • Enregistre ce fichier sur ton Bureau (et pas ailleurs !) Sous le nom CFScript.txt
      • Quitte le Bloc Notes

      • Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif

      • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
      • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
      • Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt


      @+
      0
  17. Kaz62820 Messages postés 31 Statut Membre 2
     
    ComboFix 10-03-01.01 - Alex 01/03/2010 20:35:30.3.2 - x86
    Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.3070.2160 [GMT 1:00]
    Lancé depuis: C:\Users\Alex\Desktop\ComboFix.exe
    Commutateurs utilisés :: C:\Users\Alex\Desktop\CFScript.txt
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    FILE ::
    "C:\Users\Ale.exe"
    "C:\Users\Alex\AppData\Roaming\sgcpom.dat"
    "C:\Users\Alexe.exe"
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Users\Ale.exe
    C:\Users\Alex\AppData\Roaming\avdrn.dat
    C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winesm32.exe
    C:\Users\Alex\AppData\Roaming\sgcpom.dat
    C:\Users\Alexe.exe
    .
    ---- Exécution préalable -------
    .
    c:\users\Alex\AppData\Local\e.exe
    c:\users\Alex\AppData\Local\Tee.exe
    c:\users\Alex\AppData\Roaming\rbuwzv.dat
    c:\windows\system32\Uninstal.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-01 au 2010-03-01 ))))))))))))))))))))))))))))))))))))
    .

    2010-03-01 19:42:48 . 2010-03-01 19:48:25 -------- d-----w- C:\Users\Alex\AppData\Local\temp
    2010-03-01 19:42:48 . 2010-03-01 19:42:48 -------- d-----w- C:\Users\yvb2\AppData\Local\temp
    2010-03-01 19:42:48 . 2010-03-01 19:42:48 -------- d-----w- C:\Users\YVB\AppData\Local\temp
    2010-03-01 19:42:48 . 2010-03-01 19:42:48 -------- d-----w- C:\Users\Public\AppData\Local\temp
    2010-03-01 19:42:48 . 2010-03-01 19:42:48 -------- d-----w- C:\Users\Default\AppData\Local\temp
    2010-03-01 19:42:48 . 2010-03-01 19:42:48 -------- d-----w- C:\Users\Brigitte\AppData\Local\temp
    2010-02-28 17:00:49 . 2010-02-28 17:00:50 148860 ----a-w- C:\UsbFix_Upload_Me_PC-DE-ALEX.zip
    2010-02-28 14:53:38 . 2010-01-07 15:07:14 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
    2010-02-28 14:53:35 . 2010-01-07 15:07:04 19160 ----a-w- C:\Windows\system32\drivers\mbam.sys
    2010-02-28 14:49:34 . 2010-02-28 17:00:50 -------- d-----w- C:\UsbFix
    2010-02-28 14:15:44 . 2010-02-28 14:16:12 -------- d-----w- C:\rsit
    2010-02-28 14:06:05 . 2010-02-28 14:17:43 -------- d-----w- C:\ToolBar SD
    2010-02-28 13:33:10 . 2010-02-28 13:33:10 -------- d-----w- C:\Program Files\Trend Micro
    2010-02-24 21:36:59 . 2010-02-25 09:56:06 -------- d-----w- C:\Program Files\LucasArts
    2010-02-17 10:23:06 . 2010-02-17 10:23:06 -------- d-----w- C:\Users\Alex\AppData\Roaming\Malwarebytes
    2010-02-17 10:23:02 . 2010-02-28 14:53:40 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
    2010-02-17 10:23:02 . 2010-02-17 10:23:02 -------- d-----w- C:\ProgramData\Malwarebytes
    2010-02-07 12:44:42 . 2010-02-07 12:44:42 -------- d-----w- C:\Program Files\Paradox Interactive
    2010-02-07 12:33:50 . 2010-02-07 12:33:50 -------- d-----w- C:\Users\Alex\AppData\Roaming\F-Secure
    2010-02-06 12:37:09 . 2010-02-06 12:37:09 -------- d-----w- C:\Users\Alex\AppData\Roaming\e frontier
    2010-02-06 12:36:25 . 2010-02-06 12:36:25 -------- d-----w- C:\Program Files\e frontier
    2010-02-06 12:36:16 . 1998-10-29 15:45:06 306688 ----a-w- C:\Windows\IsUninst.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-03-01 19:27:22 . 2010-01-30 18:31:40 -------- d-----w- C:\Users\Alex\AppData\Roaming\LimeWire
    2010-03-01 18:50:05 . 2009-10-02 08:53:28 -------- d-----w- C:\Users\Alex\AppData\Roaming\Canon
    2010-03-01 14:24:34 . 2009-04-27 18:59:27 214816 ----a-w- C:\Windows\system32\PnkBstrB.exe
    2010-03-01 14:22:40 . 2009-04-27 18:59:36 138328 ----a-w- C:\Windows\system32\drivers\PnkBstrK.sys
    2010-03-01 12:45:14 . 2010-03-01 12:45:10 12 ----a-w- C:\Users\Alex\AppData\Roaming\rbuwzv.dat
    2010-02-28 21:09:21 . 2009-08-15 18:05:35 -------- d-----w- C:\Users\Alex\AppData\Roaming\Winamp
    2010-02-28 14:52:07 . 2009-01-25 16:07:48 -------- d-----w- C:\Program Files\mIRC
    2010-02-25 09:56:31 . 2008-03-16 21:20:19 -------- d--h--w- C:\Program Files\InstallShield Installation Information
    2010-02-20 09:09:18 . 2010-01-16 21:13:16 -------- d-----w- C:\Program Files\Wolfenstein - Enemy Territory
    2010-02-17 20:39:34 . 2009-01-27 23:42:23 -------- d-----w- C:\Users\Alex\AppData\Roaming\Notepad++
    2010-02-17 20:39:33 . 2009-11-04 11:11:20 -------- d-----w- C:\Program Files\PC Connectivity Solution
    2010-02-17 20:39:33 . 2009-08-15 18:06:08 -------- d-----w- C:\Program Files\Winamp Toolbar
    2010-02-17 20:39:33 . 2009-02-22 18:39:15 -------- d-----w- C:\ProgramData\FLEXnet
    2010-02-17 20:39:33 . 2009-02-22 18:31:55 -------- d-----w- C:\Program Files\Bonjour
    2010-02-17 20:39:33 . 2009-02-19 13:50:57 -------- d-----w- C:\Program Files\DAEMON Tools Lite
    2010-02-17 20:39:33 . 2009-01-25 18:53:05 -------- d-----w- C:\Program Files\ma-config.com
    2010-02-17 20:39:33 . 2008-03-16 21:59:17 -------- d-----w- C:\Program Files\Common Files\LightScribe
    2010-02-14 10:33:35 . 2009-12-06 12:39:13 439816 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\setup.exe
    2010-02-11 02:14:56 . 2006-11-02 11:18:33 -------- d-----w- C:\Program Files\Windows Mail
    2010-02-10 08:50:18 . 2009-01-30 19:00:46 1 ----a-w- C:\Users\Alex\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-02-09 16:11:58 . 2009-01-25 14:56:40 102736 ----a-w- C:\Users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-02-07 01:39:11 . 2009-01-25 14:56:59 -------- d-----w- C:\Program Files\Google
    2010-02-03 17:47:26 . 2010-01-11 16:17:54 -------- d-----w- C:\Program Files\Yu-Gi-Oh Virtual Battle 5
    2010-01-30 18:31:14 . 2010-01-30 18:31:02 -------- d-----w- C:\Program Files\LimeWire
    2010-01-29 22:07:58 . 2009-10-02 08:49:58 -------- d-----w- C:\Program Files\Canon
    2010-01-29 07:50:51 . 2010-01-29 07:50:51 -------- d-----w- C:\Program Files\ASIO4ALL v2
    2010-01-29 07:47:22 . 2009-02-08 20:20:43 -------- d-----w- C:\Program Files\VstPlugins
    2010-01-24 16:49:11 . 2009-01-31 11:38:47 -------- d-----w- C:\ProgramData\Messenger Plus!
    2010-01-24 16:41:06 . 2009-01-31 10:20:24 -------- d-----w- C:\Program Files\Messenger Plus! Live
    2010-01-23 08:48:01 . 2009-10-28 10:26:31 -------- d-----w- C:\Users\Alex\AppData\Roaming\uTorrent
    2010-01-22 18:14:24 . 2010-01-22 18:11:21 -------- d-----w- C:\Program Files\Image-Line
    2010-01-22 15:02:52 . 2010-01-22 15:02:52 -------- d-----w- C:\Users\Alex\AppData\Roaming\Syntrillium
    2010-01-22 15:02:17 . 2010-01-22 15:00:53 -------- d-----w- C:\Program Files\coolpro2
    2010-01-22 14:50:50 . 2010-01-22 14:50:46 -------- d-----w- C:\Program Files\Mp3DoctorPRO
    2010-01-22 14:06:39 . 2010-01-22 14:05:37 -------- d-----w- C:\Program Files\Kaiba Corp VDS
    2010-01-22 08:40:52 . 2010-01-22 08:35:42 33920 ----a-w- C:\Windows\system32\drivers\fsbts.sys
    2010-01-22 08:35:28 . 2008-01-21 07:23:37 676456 ----a-w- C:\Windows\system32\perfh00C.dat
    2010-01-22 08:35:28 . 2008-01-21 07:23:37 126594 ----a-w- C:\Windows\system32\perfc00C.dat
    2010-01-22 08:35:05 . 2010-01-22 08:29:25 -------- d-----w- C:\ProgramData\f-secure
    2010-01-22 08:34:29 . 2010-01-22 08:34:29 -------- d-----w- C:\ProgramData\eMule
    2010-01-22 08:34:13 . 2010-01-08 13:38:56 -------- d-----w- C:\Program Files\SFR
    2010-01-22 08:34:01 . 2010-01-22 08:33:58 -------- d-----w- C:\Program Files\eMule
    2010-01-22 08:33:25 . 2010-01-22 08:32:57 -------- d-----w- C:\ProgramData\fssg
    2010-01-20 18:03:13 . 2008-03-16 21:41:30 -------- d-----w- C:\ProgramData\Microsoft Help
    2010-01-20 18:01:40 . 2008-03-16 21:43:22 -------- d-----w- C:\Program Files\Microsoft Works
    2010-01-17 16:18:42 . 2010-01-17 16:18:42 -------- d-----w- C:\Program Files\Bodom-Child - RaBBi
    2010-01-15 15:53:19 . 2010-01-15 15:53:18 -------- d-----w- C:\Program Files\Metal-Yugioh
    2010-01-15 11:01:24 . 2010-01-15 11:01:23 -------- d-----w- C:\Program Files\Microsoft SQL Server
    2010-01-15 11:00:30 . 2009-01-27 10:17:59 195232 ----a-w- C:\ProgramData\Microsoft\VBExpress\9.0\1036\ResourceCache.dll
    2010-01-15 11:00:19 . 2009-01-27 10:17:31 416 ----a-w- C:\ProgramData\Microsoft\MSDN\9.0\1036\ResourceCache.dll
    2010-01-15 10:58:12 . 2010-01-10 13:44:12 -------- d-----w- C:\Program Files\Microsoft Visual Studio 9.0
    2010-01-14 20:56:29 . 2010-01-14 20:55:09 419 ----a-w- C:\Users\Alex\errorlog.tmp
    2010-01-14 20:24:29 . 2010-01-14 20:24:16 -------- d-----w- C:\Program Files\Celestia
    2010-01-14 10:12:06 . 2009-10-03 09:34:23 181120 ------w- C:\Windows\system32\MpSigStub.exe
    2010-01-13 18:15:50 . 2010-01-13 18:15:49 -------- d-----w- C:\Program Files\gPotato.eu
    2010-01-13 09:37:51 . 2010-01-13 09:29:33 -------- d-----w- C:\Program Files\NetBattle
    2010-01-11 21:49:11 . 2009-01-28 19:21:10 98744 ----a-w- C:\Windows\system32\GDIPFONTCACHEV1.DAT
    2010-01-11 16:32:21 . 2010-01-11 16:28:14 -------- d-----w- C:\Program Files\Royal-Yugi Online
    2010-01-09 16:12:25 . 2006-11-02 12:35:51 -------- d-----w- C:\Program Files\Windows Sidebar
    2010-01-09 16:12:25 . 2006-11-02 12:35:51 -------- d-----w- C:\Program Files\Windows Photo Gallery
    2010-01-09 16:12:25 . 2006-11-02 12:35:51 -------- d-----w- C:\Program Files\Windows Defender
    2010-01-09 16:12:25 . 2006-11-02 12:35:51 -------- d-----w- C:\Program Files\Windows Collaboration
    2010-01-09 16:12:25 . 2006-11-02 12:35:51 -------- d-----w- C:\Program Files\Windows Calendar
    2010-01-07 21:24:09 . 2009-10-31 13:00:08 -------- d-----w- C:\Program Files\Nvu
    2010-01-07 21:23:45 . 2009-10-28 08:11:45 -------- d-----w- C:\Program Files\FreeTime
    2010-01-07 21:23:11 . 2008-03-16 21:29:42 -------- d-----w- C:\Program Files\Acer GameZone
    2010-01-07 21:20:11 . 2009-12-06 13:48:47 -------- d-----w- C:\Program Files\MSN Password Recovery
    2010-01-07 21:19:37 . 2009-12-27 09:47:58 -------- d-----w- C:\Program Files\MadTracker
    2010-01-07 21:19:04 . 2009-08-28 20:27:07 -------- d-----w- C:\Program Files\mnProjects
    2010-01-07 21:18:11 . 2009-06-15 17:32:51 -------- d-----w- C:\ProgramData\Apple Computer
    2010-01-07 21:16:55 . 2009-12-27 09:58:14 -------- d-----w- C:\Program Files\REAPER
    2010-01-07 21:16:26 . 2009-12-26 20:55:11 -------- d-----w- C:\Program Files\Cakewalk
    2010-01-07 21:15:29 . 2009-01-31 10:40:10 -------- d-----w- C:\Program Files\MSECACHE
    2010-01-07 21:09:05 . 2009-06-15 17:31:09 -------- d-----w- C:\ProgramData\Apple
    2010-01-07 14:37:31 . 2009-01-25 16:07:48 -------- d-----w- C:\Users\Alex\AppData\Roaming\mIRC
    2009-12-30 14:33:39 . 2009-01-31 10:21:18 1356 ----a-w- C:\Users\Alex\AppData\Local\d3d9caps.dat
    2009-12-28 12:35:50 . 2010-02-10 08:44:35 11776 ----a-w- C:\Windows\system32\tsbyuv.dll
    2009-12-28 12:35:00 . 2010-02-10 08:44:36 1314816 ----a-w- C:\Windows\system32\quartz.dll
    2009-12-28 12:32:34 . 2010-02-10 08:44:35 22528 ----a-w- C:\Windows\system32\msyuv.dll
    2009-12-28 12:32:32 . 2010-02-10 08:44:35 31744 ----a-w- C:\Windows\system32\msvidc32.dll
    2009-12-28 12:32:32 . 2010-02-10 08:44:34 123904 ----a-w- C:\Windows\system32\msvfw32.dll
    2009-12-28 12:32:25 . 2010-02-10 08:44:35 13312 ----a-w- C:\Windows\system32\msrle32.dll
    2009-12-28 12:31:22 . 2010-02-10 08:44:35 82944 ----a-w- C:\Windows\system32\mciavi32.dll
    2009-12-28 12:31:01 . 2010-02-10 08:44:35 50176 ----a-w- C:\Windows\system32\iyuv_32.dll
    2009-12-28 12:28:43 . 2010-02-10 08:44:35 65024 ----a-w- C:\Windows\system32\avicap32.dll
    2009-12-28 12:28:43 . 2010-02-10 08:44:34 91136 ----a-w- C:\Windows\system32\avifil32.dll
    2009-12-18 13:05:50 . 2010-01-22 12:43:59 833024 ----a-w- C:\Windows\system32\wininet.dll
    2009-12-18 13:01:56 . 2010-01-22 12:43:55 78336 ----a-w- C:\Windows\system32\ieencode.dll
    2009-12-18 10:14:30 . 2010-01-22 12:43:56 26624 ----a-w- C:\Windows\system32\ieUnatt.exe
    2009-12-11 12:07:30 . 2010-02-10 08:44:48 301568 ----a-w- C:\Windows\system32\drivers\srv.sys
    2009-12-11 12:07:11 . 2010-02-10 08:44:47 98304 ----a-w- C:\Windows\system32\drivers\srvnet.sys
    2009-12-08 20:52:30 . 2010-02-10 08:44:38 897624 ----a-w- C:\Windows\system32\drivers\tcpip.sys
    2009-12-08 20:52:17 . 2010-02-10 08:44:44 3597912 ----a-w- C:\Windows\system32\ntkrnlpa.exe
    2009-12-08 20:52:16 . 2010-02-10 08:44:44 3546200 ----a-w- C:\Windows\system32\ntoskrnl.exe
    2009-12-06 20:41:01 . 2009-12-06 20:40:30 17614320 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\rp\RealPlayerSPGold_fr.exe
    2009-12-06 20:40:30 . 2009-12-06 20:40:27 8405312 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
    2009-12-06 20:39:55 . 2009-12-06 20:39:55 149000 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\chr_helper\LaunchHelper.exe
    2009-12-06 20:39:53 . 2009-12-06 20:39:49 10309448 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\chr\ChromeInstaller.exe
    2009-12-06 20:39:25 . 2009-12-06 20:39:25 79368 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\RUP\vista.exe
    2009-12-06 20:39:24 . 2009-12-06 20:39:24 64000 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\gcapi_dll.dll
    .

    ------- Sigcheck -------

    [-] 2006-11-10 15:01:50 . 921D359C1168867B515C219ACCED9609 . 245248 . . [6.0.6000.16386 (vista_rtm.061101-2205)] . . C:\Windows\System32\shsvcs.dll
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2009-05-06 14:22:22 1262888]

    [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
    2009-10-15 08:53:58 165184 ----a-w- C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 02:32:56 1233920]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 14:44:52 3883856]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-25 14:57:04 68856]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-12-29 10:40:30 687560]
    "AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 17:05:22 102400]
    "Connexion SFR 9props.exe"="C:\Program Files\SFR\Kit\9props.exe" [2009-10-15 08:53:54 959808]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 21:17:42 52256]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2009-07-18 20:59:26 198160]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-09-17 07:55:00 13580832]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-09-17 07:55:00 92704]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-11-04 18:30:01 149280]
    "F-Secure Manager"="C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE" [2009-11-18 16:08:32 201128]
    "F-Secure TNB"="C:\Program Files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe" [2009-11-18 16:07:12 1655208]
    "Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 15:07:10 1394000]

    C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2009-12-16 503808]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "FilterAdministratorToken"= 1 (0x1)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HonorAutoRunSetting"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "HonorAutoRunSetting"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WiFi Station pour Livebox.lnk]
    path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WiFi Station pour Livebox.lnk
    backup=C:\Windows\pss\WiFi Station pour Livebox.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
    path=C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
    backup=C:\Windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
    2008-04-25 20:36:20 28672 ----a-w- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2008-12-29 10:40:30 687560 ----a-w- C:\Program Files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2009-01-25 14:57:26 24064 ----a-w- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-07-26 14:44:52 3883856 ----a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2007-01-08 21:26:08 68640 ----a-w- C:\Program Files\Cyberlink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2008-01-29 10:51:52 4911104 ----a-w- C:\Windows\RtHDVCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2009-02-25 13:38:06 61440 ----a-w- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2008-06-10 03:27:04 144784 ----a-w- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2009-07-18 20:59:26 198160 ----a-w- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
    2008-01-29 08:03:46 303104 ----a-w- C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-21 02:33:00 1008184 ----a-w- C:\Program Files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
    2008-01-21 02:33:07 2153472 ----a-w- C:\Windows\System32\oobefldr.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1487363990-143758708-288422109-1000]
    "EnableNotificationsRef"=dword:00000001

    R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [22/01/2010 09:35:42 33920]
    R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files\SFR\Pack Sécurité\HIPS\drivers\fshs.sys [22/01/2010 09:34:46 69928]
    R1 FSES;F-Secure Email Scanning Driver;C:\Windows\System32\drivers\fses.sys [22/01/2010 09:35:26 37544]
    R1 FSFW;F-Secure Firewall Driver;C:\Windows\System32\drivers\fsdfw.sys [22/01/2010 09:35:22 72904]
    R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\SFR\Pack Sécurité\Anti-Virus\minifilter\fsvista.sys [22/01/2010 09:34:18 14248]
    R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 13:11:14 16384]
    R2 FsUsbExService;FsUsbExService;C:\Windows\System32\FsUsbExService.Exe [04/11/2009 12:12:04 233472]
    R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25/04/2008 21:36:20 45056]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25/04/2008 21:36:02 131072]
    R2 yksvc;Marvell Yukon Service;C:\Windows\System32\svchost.exe -k yksvcs [21/01/2008 03:33:13 21504]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\SFR\Pack Sécurité\Anti-Virus\minifilter\fsgk.sys [22/01/2010 09:34:18 107104]
    R3 FSORSPClient;F-Secure ORSP Client;C:\Program Files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe [22/01/2010 09:34:46 55992]
    R3 FsUsbExDisk;FsUsbExDisk;C:\Windows\System32\FsUsbExDisk.Sys [04/11/2009 12:12:04 36608]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;C:\Windows\System32\drivers\libusb0.sys [16/06/2009 08:00:02 28672]
    R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\System32\drivers\vcsvad.sys [09/10/2009 15:33:16 17792]
    S2 gupdate;Service Google Update (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [14/01/2010 21:31:42 135664]
    S3 ASPI;Advanced SCSI Programming Interface Driver;C:\Windows\System32\drivers\aspi32.sys [21/03/2009 20:24:10 25244]
    S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [25/01/2009 15:57:15 24064]
    S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [11/12/2009 15:43:30 238960]
    S3 netr73;Hercules Wireless USB Dongle Driver for Vista;C:\Windows\System32\drivers\netr73.sys [25/01/2009 16:03:14 256000]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
    S3 RDID1061;UA-4FX;C:\Windows\System32\drivers\Rdwm1061.sys [28/12/2009 18:36:34 146432]
    S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\Windows\System32\drivers\ScreamingBAudio.sys [06/04/2009 12:19:46 23064]
    S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\System32\drivers\ss_bbus.sys [04/11/2009 12:18:38 90112]
    S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\System32\drivers\ss_bmdfl.sys [04/11/2009 12:18:38 14976]
    S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\System32\drivers\ss_bmdm.sys [04/11/2009 12:18:38 121856]
    S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\SFR\Pack Sécurité\Anti-Virus\win2k\fsfilter.sys [22/01/2010 09:34:18 41640]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\SFR\Pack Sécurité\Anti-Virus\win2k\fsrec.sys [22/01/2010 09:34:18 27048]

    --- Autres Services/Pilotes en mémoire ---

    *Deregistered* - xayhimp

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    yksvcs REG_MULTI_SZ yksvc
    .
    Contenu du dossier 'Tâches planifiées'

    2010-03-01 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-14 20:31:42 . 2010-01-14 20:31:37]

    2010-03-01 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-14 20:31:42 . 2010-01-14 20:31:37]
    .
    .
    ------- Examen supplémentaire -------
    .
    uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
    mWindow Title =
    uInternet Settings,ProxyOverride = local;*.local
    IE: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    LSP: C:\Program Files\SFR\Pack Se9,curite9,\FSPS\program\FSLSP.DLL
    Trusted Zone: chat-land.org
    Trusted Zone: localhost
    FF - ProfilePath - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0sgj9159.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
    FF - prefs.js: browser.search.selectedEngine - GoogleCOM
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
    FF - component: C:\Program Files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
    FF - component: C:\Program Files\SFR\Pack Sécurité\NRS\litmus-ff@f-secure.com\components\litmus-ff.dll
    FF - component: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0sgj9159.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
    FF - component: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0sgj9159.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
    FF - plugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files\ma-config.com\nphardwaredetection.dll
    FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
    FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
    FF - plugin: C:\Program Files\Opera\program\plugins\NPAdbESD.dll
    FF - plugin: C:\Program Files\Opera\program\plugins\npdivx32.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----

    FF - user.js: browser.search.selectedEngine - GoogleCOM
    FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=

    FF - user.js: browser.sessionstore.resume_from_crash - false
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-03-01 20:48:25
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85D221F8]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0x833ae322
    \Driver\ACPI -> acpi.sys @ 0x8073ad4c
    \Driver\atapi -> 0x85d221f8
    IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
    user & kernel MBR OK

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
    "ImagePath"="C:\Windows\system32\GameMon.des -service"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\xayhimp]

    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
    C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE
    C:\Program Files\SFR\Pack Sécurité\Anti-Virus\FSGK32.EXE
    C:\Program Files\SFR\Pack Sécurité\Common\FSHDLL32.EXE
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\PnkBstrB.exe
    C:\Program Files\Cyberlink\Shared files\RichVideo.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\SFR\Pack Sécurité\FWES\Program\fsdfwd.exe
    C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fssm32.exe
    C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsav32.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\conime.exe
    .
    **************************************************************************
    .
    Heure de fin: 2010-03-01 20:55:06 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-03-01 19:54:59
    ComboFix2.txt 2010-02-28 17:38:35
    0
    1. Utilisateur anonyme
       
      Re

      Un autre script:
      |==>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour cet ordinateur/!\<==|
      |===========>il est fort déconseillé de le transposer sur un autre ordinateur !<==========|
      -----------------------------------------------------------------------------------------------

      Toujours avec toutes les protections désactivées, fais ceci :

      • Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
      • Copie/colle dans le bloc-notes ce qui est entre les lignes ci dessous (sans les lignes) :

      ----------------------------------------------------------


      KillAll::

      Driver::

      File::
      C:\Users\Alex\AppData\Roaming\rbuwzv.dat
      C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\setup.exe
      C:\Program Files\Mp3DoctorPRO
      C:\Program Files\Kaiba Corp VDS
      C:\Program Files\Metal-Yugioh
      C:\Program Files\Royal-Yugi Online

      Rootkit ::

      Folder::

      Services::

      Registry::
      -----------------------------------------------------------------

      • Enregistre ce fichier sur ton Bureau (et pas ailleurs !) Sous le nom CFScript.txt
      • Quitte le Bloc Notes

      • Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif

      • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
      • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
      • Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt

      @+
      0
  18. Kaz62820 Messages postés 31 Statut Membre 2
     
    OK je vais le faire, mais j'aimerais savoir, y a encore beaucoup de truc comme ça a faire ? ^^
    0
    1. Utilisateur anonyme
       
      Re

      On verra après ce rapport;mais dans tous les cas il nous restera à effectuer différentes mises à jour et à supprimer tous les outils utilisés.
      Également un nettoyage du registre et des dossiers ainsi qu'une purge de la restauration;voilà.

      @+
      0
  19. Kaz62820 Messages postés 31 Statut Membre 2
     
    ComboFix 10-03-01.01 - Alex 01/03/2010 21:49:24.5.2 - x86
    Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.3070.2114 [GMT 1:00]
    Lancé depuis: c:\users\Alex\Desktop\ComboFix.exe
    Commutateurs utilisés :: c:\users\Alex\Desktop\CFScript.txt
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    FILE ::
    "c:\program files\Kaiba Corp VDS"
    "c:\program files\Metal-Yugioh"
    "c:\program files\Mp3DoctorPRO"
    "c:\program files\Royal-Yugi Online"
    "c:\users\Alex\AppData\Roaming\rbuwzv.dat"
    "c:\users\Alex\AppData\Roaming\Real\Update\setup3.09\setup.exe"
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Alex\AppData\Roaming\rbuwzv.dat
    c:\users\Alex\AppData\Roaming\Real\Update\setup3.09\setup.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-01 au 2010-03-01 ))))))))))))))))))))))))))))))))))))
    .

    2010-03-01 20:56 . 2010-03-01 20:58 -------- d-----w- c:\users\Alex\AppData\Local\temp
    2010-03-01 20:56 . 2010-03-01 20:56 -------- d-----w- c:\users\yvb2\AppData\Local\temp
    2010-03-01 20:56 . 2010-03-01 20:56 -------- d-----w- c:\users\YVB\AppData\Local\temp
    2010-03-01 20:56 . 2010-03-01 20:56 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-03-01 20:56 . 2010-03-01 20:56 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-03-01 20:56 . 2010-03-01 20:56 -------- d-----w- c:\users\Brigitte\AppData\Local\temp
    2010-02-28 17:00 . 2010-02-28 17:00 148860 ----a-w- C:\UsbFix_Upload_Me_PC-DE-ALEX.zip
    2010-02-28 14:53 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-02-28 14:53 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-28 14:49 . 2010-02-28 17:00 -------- d-----w- C:\UsbFix
    2010-02-28 14:15 . 2010-02-28 14:16 -------- d-----w- C:\rsit
    2010-02-28 14:06 . 2010-02-28 14:17 -------- d-----w- C:\ToolBar SD
    2010-02-28 13:33 . 2010-02-28 13:33 -------- d-----w- c:\program files\Trend Micro
    2010-02-24 21:36 . 2010-02-25 09:56 -------- d-----w- c:\program files\LucasArts
    2010-02-17 10:23 . 2010-02-17 10:23 -------- d-----w- c:\users\Alex\AppData\Roaming\Malwarebytes
    2010-02-17 10:23 . 2010-02-28 14:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-02-17 10:23 . 2010-02-17 10:23 -------- d-----w- c:\programdata\Malwarebytes
    2010-02-07 12:44 . 2010-02-07 12:44 -------- d-----w- c:\program files\Paradox Interactive
    2010-02-07 12:33 . 2010-02-07 12:33 -------- d-----w- c:\users\Alex\AppData\Roaming\F-Secure
    2010-02-06 12:37 . 2010-02-06 12:37 -------- d-----w- c:\users\Alex\AppData\Roaming\e frontier
    2010-02-06 12:36 . 2010-02-06 12:36 -------- d-----w- c:\program files\e frontier
    2010-02-06 12:36 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-03-01 20:40 . 2010-01-30 18:31 -------- d-----w- c:\users\Alex\AppData\Roaming\LimeWire
    2010-03-01 20:20 . 2009-10-02 08:53 -------- d-----w- c:\users\Alex\AppData\Roaming\Canon
    2010-03-01 14:24 . 2009-04-27 18:59 214816 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-03-01 14:22 . 2009-04-27 18:59 138328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2010-02-28 21:09 . 2009-08-15 18:05 -------- d-----w- c:\users\Alex\AppData\Roaming\Winamp
    2010-02-28 14:52 . 2009-01-25 16:07 -------- d-----w- c:\program files\mIRC
    2010-02-25 09:56 . 2008-03-16 21:20 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-02-20 09:09 . 2010-01-16 21:13 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory
    2010-02-17 20:39 . 2009-01-27 23:42 -------- d-----w- c:\users\Alex\AppData\Roaming\Notepad++
    2010-02-17 20:39 . 2009-11-04 11:11 -------- d-----w- c:\program files\PC Connectivity Solution
    2010-02-17 20:39 . 2009-08-15 18:06 -------- d-----w- c:\program files\Winamp Toolbar
    2010-02-17 20:39 . 2009-02-22 18:39 -------- d-----w- c:\programdata\FLEXnet
    2010-02-17 20:39 . 2009-02-22 18:31 -------- d-----w- c:\program files\Bonjour
    2010-02-17 20:39 . 2009-02-19 13:50 -------- d-----w- c:\program files\DAEMON Tools Lite
    2010-02-17 20:39 . 2009-01-25 18:53 -------- d-----w- c:\program files\ma-config.com
    2010-02-17 20:39 . 2008-03-16 21:59 -------- d-----w- c:\program files\Common Files\LightScribe
    2010-02-11 02:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-02-10 08:50 . 2009-01-30 19:00 1 ----a-w- c:\users\Alex\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2010-02-09 16:11 . 2009-01-25 14:56 102736 ----a-w- c:\users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-02-07 01:39 . 2009-01-25 14:56 -------- d-----w- c:\program files\Google
    2010-02-03 17:47 . 2010-01-11 16:17 -------- d-----w- c:\program files\Yu-Gi-Oh Virtual Battle 5
    2010-01-30 18:31 . 2010-01-30 18:31 -------- d-----w- c:\program files\LimeWire
    2010-01-29 22:07 . 2009-10-02 08:49 -------- d-----w- c:\program files\Canon
    2010-01-29 07:50 . 2010-01-29 07:50 -------- d-----w- c:\program files\ASIO4ALL v2
    2010-01-29 07:47 . 2009-02-08 20:20 -------- d-----w- c:\program files\VstPlugins
    2010-01-24 16:49 . 2009-01-31 11:38 -------- d-----w- c:\programdata\Messenger Plus!
    2010-01-24 16:41 . 2009-01-31 10:20 -------- d-----w- c:\program files\Messenger Plus! Live
    2010-01-23 08:48 . 2009-10-28 10:26 -------- d-----w- c:\users\Alex\AppData\Roaming\uTorrent
    2010-01-22 18:14 . 2010-01-22 18:11 -------- d-----w- c:\program files\Image-Line
    2010-01-22 15:02 . 2010-01-22 15:02 -------- d-----w- c:\users\Alex\AppData\Roaming\Syntrillium
    2010-01-22 15:02 . 2010-01-22 15:00 -------- d-----w- c:\program files\coolpro2
    2010-01-22 14:50 . 2010-01-22 14:50 -------- d-----w- c:\program files\Mp3DoctorPRO
    2010-01-22 14:06 . 2010-01-22 14:05 -------- d-----w- c:\program files\Kaiba Corp VDS
    2010-01-22 08:40 . 2010-01-22 08:35 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
    2010-01-22 08:35 . 2008-01-21 07:23 676456 ----a-w- c:\windows\system32\perfh00C.dat
    2010-01-22 08:35 . 2008-01-21 07:23 126594 ----a-w- c:\windows\system32\perfc00C.dat
    2010-01-22 08:35 . 2010-01-22 08:29 -------- d-----w- c:\programdata\f-secure
    2010-01-22 08:34 . 2010-01-22 08:34 -------- d-----w- c:\programdata\eMule
    2010-01-22 08:34 . 2010-01-08 13:38 -------- d-----w- c:\program files\SFR
    2010-01-22 08:34 . 2010-01-22 08:33 -------- d-----w- c:\program files\eMule
    2010-01-22 08:33 . 2010-01-22 08:32 -------- d-----w- c:\programdata\fssg
    2010-01-20 18:03 . 2008-03-16 21:41 -------- d-----w- c:\programdata\Microsoft Help
    2010-01-20 18:01 . 2008-03-16 21:43 -------- d-----w- c:\program files\Microsoft Works
    2010-01-17 16:18 . 2010-01-17 16:18 -------- d-----w- c:\program files\Bodom-Child - RaBBi
    2010-01-15 15:53 . 2010-01-15 15:53 -------- d-----w- c:\program files\Metal-Yugioh
    2010-01-15 11:01 . 2010-01-15 11:01 -------- d-----w- c:\program files\Microsoft SQL Server
    2010-01-15 11:00 . 2009-01-27 10:17 195232 ----a-w- c:\programdata\Microsoft\VBExpress\9.0\1036\ResourceCache.dll
    2010-01-15 11:00 . 2009-01-27 10:17 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1036\ResourceCache.dll
    2010-01-15 10:58 . 2010-01-10 13:44 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
    2010-01-14 20:56 . 2010-01-14 20:55 419 ----a-w- c:\users\Alex\errorlog.tmp
    2010-01-14 20:24 . 2010-01-14 20:24 -------- d-----w- c:\program files\Celestia
    2010-01-14 10:12 . 2009-10-03 09:34 181120 ------w- c:\windows\system32\MpSigStub.exe
    2010-01-13 18:15 . 2010-01-13 18:15 -------- d-----w- c:\program files\gPotato.eu
    2010-01-13 09:37 . 2010-01-13 09:29 -------- d-----w- c:\program files\NetBattle
    2010-01-11 21:49 . 2009-01-28 19:21 98744 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
    2010-01-11 16:32 . 2010-01-11 16:28 -------- d-----w- c:\program files\Royal-Yugi Online
    2010-01-09 16:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
    2010-01-09 16:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
    2010-01-09 16:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
    2010-01-09 16:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
    2010-01-09 16:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
    2010-01-07 21:24 . 2009-10-31 13:00 -------- d-----w- c:\program files\Nvu
    2010-01-07 21:23 . 2009-10-28 08:11 -------- d-----w- c:\program files\FreeTime
    2010-01-07 21:23 . 2008-03-16 21:29 -------- d-----w- c:\program files\Acer GameZone
    2010-01-07 21:20 . 2009-12-06 13:48 -------- d-----w- c:\program files\MSN Password Recovery
    2010-01-07 21:19 . 2009-12-27 09:47 -------- d-----w- c:\program files\MadTracker
    2010-01-07 21:19 . 2009-08-28 20:27 -------- d-----w- c:\program files\mnProjects
    2010-01-07 21:18 . 2009-06-15 17:32 -------- d-----w- c:\programdata\Apple Computer
    2010-01-07 21:16 . 2009-12-27 09:58 -------- d-----w- c:\program files\REAPER
    2010-01-07 21:16 . 2009-12-26 20:55 -------- d-----w- c:\program files\Cakewalk
    2010-01-07 21:15 . 2009-01-31 10:40 -------- d-----w- c:\program files\MSECACHE
    2010-01-07 21:09 . 2009-06-15 17:31 -------- d-----w- c:\programdata\Apple
    2010-01-07 14:37 . 2009-01-25 16:07 -------- d-----w- c:\users\Alex\AppData\Roaming\mIRC
    2009-12-30 14:33 . 2009-01-31 10:21 1356 ----a-w- c:\users\Alex\AppData\Local\d3d9caps.dat
    2009-12-28 12:35 . 2010-02-10 08:44 11776 ----a-w- c:\windows\system32\tsbyuv.dll
    2009-12-28 12:35 . 2010-02-10 08:44 1314816 ----a-w- c:\windows\system32\quartz.dll
    2009-12-28 12:32 . 2010-02-10 08:44 22528 ----a-w- c:\windows\system32\msyuv.dll
    2009-12-28 12:32 . 2010-02-10 08:44 31744 ----a-w- c:\windows\system32\msvidc32.dll
    2009-12-28 12:32 . 2010-02-10 08:44 123904 ----a-w- c:\windows\system32\msvfw32.dll
    2009-12-28 12:32 . 2010-02-10 08:44 13312 ----a-w- c:\windows\system32\msrle32.dll
    2009-12-28 12:31 . 2010-02-10 08:44 82944 ----a-w- c:\windows\system32\mciavi32.dll
    2009-12-28 12:31 . 2010-02-10 08:44 50176 ----a-w- c:\windows\system32\iyuv_32.dll
    2009-12-28 12:28 . 2010-02-10 08:44 65024 ----a-w- c:\windows\system32\avicap32.dll
    2009-12-28 12:28 . 2010-02-10 08:44 91136 ----a-w- c:\windows\system32\avifil32.dll
    2009-12-18 13:05 . 2010-01-22 12:43 833024 ----a-w- c:\windows\system32\wininet.dll
    2009-12-18 13:01 . 2010-01-22 12:43 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-12-18 10:14 . 2010-01-22 12:43 26624 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-12-11 12:07 . 2010-02-10 08:44 301568 ----a-w- c:\windows\system32\drivers\srv.sys
    2009-12-11 12:07 . 2010-02-10 08:44 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2009-12-08 20:52 . 2010-02-10 08:44 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2009-12-08 20:52 . 2010-02-10 08:44 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2009-12-08 20:52 . 2010-02-10 08:44 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
    2009-12-06 20:41 . 2009-12-06 20:40 17614320 ----a-w- c:\users\Alex\AppData\Roaming\Real\Update\setup3.09\rp\RealPlayerSPGold_fr.exe
    2009-12-06 20:40 . 2009-12-06 20:40 8405312 ----a-w- c:\users\Alex\AppData\Roaming\Real\Update\setup3.09\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
    2009-12-06 20:39 . 2009-12-06 20:39 149000 ----a-w- c:\users\Alex\AppData\Roaming\Real\Update\setup3.09\chr_helper\LaunchHelper.exe
    2009-12-06 20:39 . 2009-12-06 20:39 10309448 ----a-w- c:\users\Alex\AppData\Roaming\Real\Update\setup3.09\chr\ChromeInstaller.exe
    2009-12-06 20:39 . 2009-12-06 20:39 79368 ----a-w- c:\users\Alex\AppData\Roaming\Real\Update\setup3.09\RUP\vista.exe
    2009-12-06 20:39 . 2009-12-06 20:39 64000 ----a-w- c:\users\Alex\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\gcapi_dll.dll
    2009-12-06 20:39 . 2009-12-06 20:39 52288 ----a-w- c:\users\Alex\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\gtapi.dll
    2009-12-06 20:39 . 2009-12-06 20:39 50688 ----a-w- c:\users\Alex\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\fftbapi.dll
    .

    ------- Sigcheck -------

    [-] 2006-11-10 . 921D359C1168867B515C219ACCED9609 . 245248 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]

    [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
    2009-10-15 08:53 165184 ----a-w- c:\program files\SFR\Kit\SFRNavErrorHelper.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-25 68856]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
    "AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]
    "Connexion SFR 9props.exe"="c:\program files\SFR\Kit\9props.exe" [2009-10-15 959808]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-18 198160]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-04 149280]
    "F-Secure Manager"="c:\program files\SFR\Pack Sécurité\Common\FSM32.EXE" [2009-11-18 201128]
    "F-Secure TNB"="c:\program files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe" [2009-11-18 1655208]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

    c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "FilterAdministratorToken"= 1 (0x1)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HonorAutoRunSetting"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "HonorAutoRunSetting"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WiFi Station pour Livebox.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WiFi Station pour Livebox.lnk
    backup=c:\windows\pss\WiFi Station pour Livebox.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
    path=c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
    backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
    2008-04-25 20:36 28672 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2009-01-25 14:57 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2007-01-08 21:26 68640 ----a-w- c:\program files\Cyberlink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2008-01-29 10:51 4911104 ----a-w- c:\windows\RtHDVCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2009-02-25 13:38 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2008-06-10 03:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2009-07-18 20:59 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
    2008-01-29 08:03 303104 ----a-w- c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
    2008-01-21 02:33 2153472 ----a-w- c:\windows\System32\oobefldr.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1487363990-143758708-288422109-1000]
    "EnableNotificationsRef"=dword:00000001

    R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [22/01/2010 09:35 33920]
    R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\SFR\Pack Sécurité\HIPS\drivers\fshs.sys [22/01/2010 09:34 69928]
    R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [22/01/2010 09:35 37544]
    R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [22/01/2010 09:35 72904]
    R1 fsvista;F-Secure Vista Support Driver;c:\program files\SFR\Pack Sécurité\Anti-Virus\minifilter\fsvista.sys [22/01/2010 09:34 14248]
    R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 13:11 16384]
    R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [04/11/2009 12:12 233472]
    R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25/04/2008 21:36 45056]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25/04/2008 21:36 131072]
    R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe -k yksvcs [21/01/2008 03:33 21504]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\SFR\Pack Sécurité\Anti-Virus\minifilter\fsgk.sys [22/01/2010 09:34 107104]
    R3 FSORSPClient;F-Secure ORSP Client;c:\program files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe [22/01/2010 09:34 55992]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [04/11/2009 12:12 36608]
    R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\System32\drivers\libusb0.sys [16/06/2009 08:00 28672]
    R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\System32\drivers\vcsvad.sys [09/10/2009 15:33 17792]
    S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14/01/2010 21:31 135664]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\drivers\aspi32.sys [21/03/2009 20:24 25244]
    S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [25/01/2009 15:57 24064]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [11/12/2009 15:43 238960]
    S3 netr73;Hercules Wireless USB Dongle Driver for Vista;c:\windows\System32\drivers\netr73.sys [25/01/2009 16:03 256000]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 RDID1061;UA-4FX;c:\windows\System32\drivers\Rdwm1061.sys [28/12/2009 18:36 146432]
    S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [06/04/2009 12:19 23064]
    S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\System32\drivers\ss_bbus.sys [04/11/2009 12:18 90112]
    S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\System32\drivers\ss_bmdfl.sys [04/11/2009 12:18 14976]
    S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\System32\drivers\ss_bmdm.sys [04/11/2009 12:18 121856]
    S4 F-Secure Filter;F-Secure File System Filter;c:\program files\SFR\Pack Sécurité\Anti-Virus\win2k\fsfilter.sys [22/01/2010 09:34 41640]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\SFR\Pack Sécurité\Anti-Virus\win2k\fsrec.sys [22/01/2010 09:34 27048]

    --- Autres Services/Pilotes en mémoire ---

    *Deregistered* - xayhimp

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    yksvcs REG_MULTI_SZ yksvc
    .
    Contenu du dossier 'Tâches planifiées'

    2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 20:31]

    2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 20:31]
    .
    .
    ------- Examen supplémentaire -------
    .
    uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
    mWindow Title =
    uInternet Settings,ProxyOverride = local;*.local
    IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    LSP: c:\program files\SFR\Pack Se9,curite9,\FSPS\program\FSLSP.DLL
    Trusted Zone: chat-land.org
    Trusted Zone: localhost
    FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0sgj9159.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
    FF - prefs.js: browser.search.selectedEngine - GoogleCOM
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
    FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
    FF - component: c:\program files\SFR\Pack Sécurité\NRS\litmus-ff@f-secure.com\components\litmus-ff.dll
    FF - component: c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0sgj9159.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
    FF - component: c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0sgj9159.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
    FF - plugin: c:\program files\Opera\program\plugins\NPAdbESD.dll
    FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----

    FF - user.js: browser.search.selectedEngine - GoogleCOM
    FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=

    FF - user.js: browser.sessionstore.resume_from_crash - false
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-03-01 21:58
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85D221F8]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0x833b3322
    \Driver\ACPI -> acpi.sys @ 0x80744d4c
    \Driver\atapi -> 0x85d221f8
    IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
    user & kernel MBR OK

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\xayhimp]

    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="FirefoxHTML"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
    c:\program files\SFR\Pack Sécurité\Common\FSMA32.EXE
    c:\program files\SFR\Pack Sécurité\Anti-Virus\FSGK32.EXE
    c:\program files\SFR\Pack Sécurité\Common\FSHDLL32.EXE
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\PnkBstrB.exe
    c:\program files\Cyberlink\Shared files\RichVideo.exe
    c:\windows\system32\WUDFHost.exe
    c:\program files\SFR\Pack Sécurité\FWES\Program\fsdfwd.exe
    c:\program files\SFR\Pack Sécurité\Anti-Virus\fssm32.exe
    c:\program files\SFR\Pack Sécurité\Anti-Virus\fsav32.exe
    c:\windows\system32\conime.exe
    .
    **************************************************************************
    .
    Heure de fin: 2010-03-01 22:07:44 - La machine a redémarré
    ComboFix-quarantined-files.txt 2010-03-01 21:07
    ComboFix2.txt 2010-02-28 17:38

    Avant-CF: 32 589 983 744 octets libres
    Après-CF: 32 570 892 288 octets libres

    - - End Of File - - E5C97B20A7FAC9C454BDFFC2D7A63B41
    L'envoi a r‚ussi
    0
  20. Kaz62820 Messages postés 31 Statut Membre 2
     
    Bon voila ce matin j'allume mon ordi et paf ecran bleu pareil qu'hier

    J'ai pas pu noté le N° ça va trop vite, par contre j'ai ça :

    Signature du problème :
    Nom d’événement de problème: BlueScreen
    Version du système: 6.0.6001.2.1.0.768.2
    Identificateur de paramètres régionaux: 1036

    Informations supplémentaires sur le problème :
    BCCode: 50
    BCP1: E3D0EFF0
    BCP2: 00000000
    BCP3: 80755AB8
    BCP4: 00000002
    OS Version: 6_0_6001
    Service Pack: 1_0
    Product: 768_1

    Fichiers aidant à décrire le problème :
    C:\Windows\Minidump\Mini030210-01.dmp
    C:\Users\Alex\AppData\Local\temp\WER-38969-0.sysdata.xml
    C:\Users\Alex\AppData\Local\temp\WER4FC4.tmp.version.txt
    0
    1. Utilisateur anonyme
       
      Bonsoir

      Il me faut ce numéro pour savoir d'où vient le problème.

      Poursuivons:
      Télécharge mbr.exe de Gmer ici :
      http://www2.gmer.net/mbr/mbr.exe
      et enregistre le fichier sur le Bureau.

      Merci à Malekal pour le tutoriel :
      https://forum.malekal.com/viewtopic.php?f=58&t=10139

      Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
      Double clique sur mbr.exe
      Un rapport sera généré : mbr.log .
      Poste le ;merci

      En cas d'infection, ce message "MBR rootkit code detected" va apparaître.

      Dans le menu Démarrer- Exécuter tape : "%userprofile%\Bureau\mbr" -f
      Ne pas oublier les guillemets
      Dans le mbr.log cette ligne apparaîtra "original MBR restored successfully !"

      Réactive tes protections
      Poste ce rapport et supprimes-le ensuite.

      Pour vérifier

      Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
      Relance mbr.exe

      Réactive tes protections.

      Le nouveau mbr.log devrait être celui-ci :

      Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

      device: opened successfully

      user: MBR read successfully

      kernel: MBR read successfully

      user & kernel MBR OK

      @+
      0
  • 1
  • 2