Sujet Précédent Sujet Suivant

Problemes peut etre du a un virus

Fermé
Kaz62820 Messages postés 31 Date d'inscription dimanche 28 février 2010 Statut Membre Dernière intervention 6 mars 2010 - 28 févr. 2010 à 14:41
 Utilisateur anonyme - 6 mars 2010 à 13:00
Bonjour,

Voila depuis quelques temps, mon PC est plus lent que d'habitude, crash au demarrage (souvant du a un virus que je supprime ou a une mise a jour, tout rentre dans l'ordre apres une restauration)

AUssi Firefox met du temps a démarrer, et il y a le processus svchost qui me bouffe plein de ram.


Donc j'aimerais régler ces différents problemes avec votre aide svp, il y a sans doute des virus la dessous


Voici le rapport Hijacthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:33:38, on 28/02/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\FSGK32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\SFR\Pack Sécurité\Common\FSHDLL32.EXE
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\SFR\Kit\9props.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fssm32.exe
C:\Program Files\SFR\Pack Sécurité\FWES\Program\fsdfwd.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsav32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ww12.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ww12.cherche.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww12.cherche.us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ww12.cherche.us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://ww12.cherche.us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 69.16.243.105 L2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: ::1 localhost
O1 - Hosts: 69.16.243.105 L2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: ::1 localhost
O1 - Hosts: 69.16.243.105 L2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: ::1 localhost
O1 - Hosts: 69.16.243.105 L2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: ::1 localhost
O1 - Hosts: 69.16.243.105 L2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: ::1 localhost
O1 - Hosts: 69.16.243.105 L2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: ::1 localhost
O1 - Hosts: 69.16.243.105 L2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: ::1 localhost
O1 - Hosts: 69.16.243.105 L2authd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Mirar - {3532B267-CD81-4157-8EEF-FC9196B34EC3} - C:\Windows\system32\b178.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\SFR\Pack Sécurité\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Mirar - {3532B266-CD81-4157-8EEF-FC9196B34EC3} - C:\Windows\system32\b178.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\SFR\Pack Sécurité\NRS\iescript\baselitmus.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\SFR\Kit\9props.exe" /trayicon
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: winesm32.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Recherche avec cherche.us - C:\Users\Alex\scriptjava.html
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (Ma-Config control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
O23 - Service: Findbasic Service - Unknown owner - C:\ProgramData\Findbasic\findbasic121.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
A voir également:

31 réponses

  • 1
  • 2
Réponse 1 / 31
Utilisateur anonyme
28 févr. 2010 à 14:48
Bonjour

1)Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac
* Va dans démarrer puis panneau de configuration
* Double Clique sur l'icône "Comptes d'utilisateurs"
* Clique ensuite sur désactiver et valide.


2)Télécharge R-Hosts (de S!ri) à cette adresse : http://siri.urz.free.fr/RHosts.php

Clique sur " download ", puis télécharge le sur ton bureau

Exécute le puis clique sur restaurer

Confirme, puis quitte le programme.

3)Lance hijackthis ; ici : F:\LOGICIELS\HijackThis\MARTINI.exe


mais cette fois clic sur "Do a system scan only"

ensuite coches les cases sur la gauche des ces lignes :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww12.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ww12.cherche.us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.cherche.us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://ww12.cherche.us

;ensuite tu cliques sur la fenêtre "Fix cheked".
HijackThis va te demander de confirmer que tu veux supprimer ces éléments. Cliques sur Yes (Oui) ) .


Tuto ici:https://www.bleepingcomputer.com/tutorials/comment-utiliser-hijackthis/#RDiag


4)Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3 ou celui ci
http://eric71.geekstogo.com/tools/ToolBarSD.exe
Lors du scan coupe ta connexion internet.

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique ou (clic droit sous Vista) maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1. Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)

Poste les rapports au fur et à mesure;merci
@+
2
Réponse 2 / 31
Kaz62820 Messages postés 31 Date d'inscription dimanche 28 février 2010 Statut Membre Dernière intervention 6 mars 2010 2
28 févr. 2010 à 15:10
-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) Dual Core Processor 4450e )
BIOS : Default System BIOS
USER : Alex ( Not Administrator ! )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:113 Go (Free:19 Go)
D:\ (Local Disk) - NTFS - Total:170 Go (Free:169 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 28/02/2010|15:07 )

[ UAC => 0 ]

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\DAEMON Tools Toolbar
C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
C:\Users\Alex\AppData\Local\Temp\nsuBF9E.tmp

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Default_Secondary_Page_URL"="http://ww12.cherche.us"
"SearchMigratedDefaultURL"="http://ww12.cherche.us{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Bar"="http://www.mirarsearch.com/?useie5=1&q="


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\Alex\AppData\Local\Opera\Opera\profile\bt_metadata\AGE.OF.EMPIRES.III.FRENCH+Warchieps+AsianDynasties+Crack+Keys.dat
C:\Users\Alex\AppData\Local\Opera\Opera\profile\images\icecrack.deviantart.com.idx
C:\Users\Alex\AppData\Local\Temp\AGE OF EMPIRES III FRENCH+Warchieps+AsianDynasties+Crack+Keys.torrent
C:\Users\Alex\AppData\Local\Temp\MIDConverter_4.2___Crack.3715892.TPB.torrent
C:\Users\Alex\AppData\Roaming\uTorrent\AGE.OF.EMPIRES.III.FRENCH+Warchieps+AsianDynasties+Crack+Keys.torrent
C:\Users\Alex\Documents\Adobe_CS3_Master_Collection_(Keygen)
C:\Users\Alex\Documents\Adobe_CS3_Master_Collection_(Keygen)\adobe-master-cs3-keygen.exe
C:\Users\Alex\Documents\Adobe_CS3_Master_Collection_(Keygen)\Color_Finesse_serial.txt
C:\Users\Alex\Documents\Adobe_CS3_Master_Collection_(Keygen)\file_id.diz
C:\Users\Alex\Documents\Adobe_CS3_Master_Collection_(Keygen)\x-force.nfo


[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 28/02/2010|15:08 - Option : [1]

-----------\\ Fin du rapport a 15:08:27,91

Voila ^^
1
Utilisateur anonyme
28 févr. 2010 à 15:13
Re

1)Relance Toolbar-S&D en double-cliquant(ou clic droit sous Vista) sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".

! Ne ferme pas la fenêtre lors de la suppression !

Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

2)As tu fais le reste;si c'est le cas poste moi un RSIT pour contôle;merci:

Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

-> http://images.malwareremoval.com/random/RSIT.exe

! Déconnecte toi et ferme toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer.

Clic droit sous VISTA (exécuter en tant que…)

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

* Devant l'option "List files/folders created ..." , tu choisis : 2 months

* clique ensuite sur " Continue " pour lancer l'analyse ...


-> laisse faire le scan et ne touche pas au PC ...

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-notes).

Poste le contenu de " log.txt " (c'est celui qui apparaît à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : poste un rapport, puis l'autre dans la réponse suivante ...
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum ...
( Et si "log.txt" seul, ne passe pas non plus , fais le en 2 fois ... merci ... )

( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit


Poste les rapports au fur et à mesure;merci
@+
0
Réponse 3 / 31
Kaz62820 Messages postés 31 Date d'inscription dimanche 28 février 2010 Statut Membre Dernière intervention 6 mars 2010 2
28 févr. 2010 à 15:18
-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) Dual Core Processor 4450e )
BIOS : Default System BIOS
USER : Alex ( Not Administrator ! )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:113 Go (Free:19 Go)
D:\ (Local Disk) - NTFS - Total:170 Go (Free:169 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 28/02/2010|15:15 )

[ UAC => 1 ]

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
Supprime! - C:\Users\Alex\AppData\Local\Temp\nsuBF9E.tmp
Supprime! - C:\Program Files\DAEMON Tools Toolbar

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Default_Secondary_Page_URL"="http://ww12.cherche.us"
"SearchMigratedDefaultURL"="http://ww12.cherche.us{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Bar"="http://www.mirarsearch.com/?useie5=1&q="
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\Alex\AppData\Local\Opera\Opera\profile\bt_metadata\AGE.OF.EMPIRES.III.FRENCH+Warchieps+AsianDynasties+Crack+Keys.dat
C:\Users\Alex\AppData\Local\Opera\Opera\profile\images\icecrack.deviantart.com.idx
C:\Users\Alex\AppData\Local\Temp\AGE OF EMPIRES III FRENCH+Warchieps+AsianDynasties+Crack+Keys.torrent
C:\Users\Alex\AppData\Local\Temp\MIDConverter_4.2___Crack.3715892.TPB.torrent
C:\Users\Alex\AppData\Roaming\uTorrent\AGE.OF.EMPIRES.III.FRENCH+Warchieps+AsianDynasties+Crack+Keys.torrent
C:\Users\Alex\Documents\Adobe_CS3_Master_Collection_(Keygen)
C:\Users\Alex\Documents\Adobe_CS3_Master_Collection_(Keygen)\adobe-master-cs3-keygen.exe
C:\Users\Alex\Documents\Adobe_CS3_Master_Collection_(Keygen)\Color_Finesse_serial.txt
C:\Users\Alex\Documents\Adobe_CS3_Master_Collection_(Keygen)\file_id.diz
C:\Users\Alex\Documents\Adobe_CS3_Master_Collection_(Keygen)\x-force.nfo


[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 28/02/2010|15:08 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 28/02/2010|15:17 - Option : [2]

-----------\\ Fin du rapport a 15:17:43,88

Voila la partie 1 de faite, j'attend ta réponse pour lancer RSIT ^^
1
Utilisateur anonyme
28 févr. 2010 à 15:19
Re

C'est parti pour le RSIT ;)
0
Réponse 4 / 31
Kaz62820 Messages postés 31 Date d'inscription dimanche 28 février 2010 Statut Membre Dernière intervention 6 mars 2010 2
28 févr. 2010 à 15:01
Siri est incompatible avec vista ^^'
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 31
Kaz62820 Messages postés 31 Date d'inscription dimanche 28 février 2010 Statut Membre Dernière intervention 6 mars 2010 2
28 févr. 2010 à 15:23
Voici l'info.txt

info.txt logfile of random's system information tool 1.06 2010-02-28 15:16:12

======Uninstall list======

-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS2"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ExploitShield"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gadget"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ISP News"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure NRS"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ORSP Client"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
-->MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Download Manager 1.2 (Supprimer uniquement)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}
Adobe Reader 6.0.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A00000000001}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
Canon MP Navigator EX 1.0-->"C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon ScanGear Toolbox 3.0-->C:\Windows\IsUn040c.exe -f"C:\Program Files\Canon\ScanGear Toolbox Ver3\Uninst.isu" -c"C:\Program Files\Canon\ScanGear Toolbox Ver3\uninst.dll"
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
Celestia 1.6.0-->"C:\Program Files\Celestia\unins000.exe"
Cool Edit Pro 2.0-->C:\Program Files\coolpro2\cep2unin.exe
Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB945282)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB946040)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB946308)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB946344)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB947540)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB947789)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB948127)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB951708)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter Mobile-->C:\Program Files\DivX\DivXConverterMeUninstall.exe /CONVERTERME
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Europa Universalis III-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59C80C5E-8C92-40FF-B910-2BB5C7281F61}\Setup.exe" -l0x9
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
FL Studio 9-->C:\Program Files\Image-Line\FL Studio 9\uninstall.exe
Google Chrome-->"C:\Program Files\Google\Chrome\Application\4.0.249.89\Installer\setup.exe" --uninstall --system-level
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth-->MsiExec.exe /X{2EAF7E61-068E-11DF-953C-005056806466}
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
Hardcore-->C:\Program Files\Image-Line\Hardcore\uninstall.exe
Hercules WiFi Station for Livebox-->C:\Program Files\InstallShield Installation Information\{DECE22F4-EEDD-4615-BC56-2F4827FAD64B}\setup.exe -runfromtemp -l0x040c -removeonly
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
In Nomine 3.2-->"C:\Program Files\Paradox Interactive\Europa Universalis III\unins000.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
IntelliBOT V 2.0-->c:\Kotake\IntelliBOT V 2.0\Uninstal.exe
IziSpot 4-->MsiExec.exe /X{9BC9D542-3EAE-4310-8BDC-68A325596446}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kaiba Corp Virtual Duel System 1.16-->"C:\Program Files\Kaiba Corp VDS\unins000.exe"
K-Lite Codec Pack 3.9.0 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LibUSB-Win32-0.1.12.1-->"C:\Program Files\LibUSB-Win32\unins000.exe"
LimeWire 5.4.6-->"C:\Program Files\LimeWire\uninstall.exe"
Ma-Config.com-->MsiExec.exe /X{15CBA4AC-2298-40F1-98EB-529809999E04}
Manga Studio EX Demo 3.0-->C:\Windows\IsUninst.exe -f"C:\Program Files\e frontier\Manga Studio3 EX Demo\MS_EX3Demo.isu"
Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft SQL Server 2008 Management Objects-->MsiExec.exe /I{F5E87B12-3C27-452F-8E78-21D42164FD83}
Microsoft SQL Server Compact 3.5 SP1 - Français-->MsiExec.exe /I{58FD9176-17BF-4D9A-8773-5ECA2947D391}
Microsoft Visual Basic 2008 Express Edition with SP1 - FRA-->MsiExec.exe /X{EAF461BE-79BE-340B-AEBA-82D1230EC024}
Microsoft Visual Basic 2008 Express SP1 - Français-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition with SP1 - FRA\setup.exe
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - fra-->MsiExec.exe /X{484AB636-ADBC-3A85-AB82-41873BDD1083}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32-->MsiExec.exe /X{044F9133-B8D7-4d11-BF39-803FA20F5C8B}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
Mirar-->mshta.exe http://remove.getmirar.com/
mIRC-->"c:\kotake\intellibot v 2.0\bot.exe" -uninstall
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.0.18)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3Doctor PRO-->"C:\Program Files\Mp3DoctorPRO\unins000.exe"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MYO 1.9-->"C:\Program Files\Metal-Yugioh\unins000.exe"
NetBattle-->"C:\Program Files\NetBattle\unins000.exe"
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x040c
NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x040c
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{25E98ECB-5727-408E-B30A-2CAF86F5B310}
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
Opera 9.63-->MsiExec.exe /X{1BC4026B-1957-4514-9058-2B542557F143}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Outils de conception SQL Server Compact 3.5 SP1 - Français-->MsiExec.exe /X{A5D20C78-D226-4B41-A553-EEEBEB824853}
Pack Sécurité SFR-->"C:\Program Files\SFR\Pack Sécurité\FSGUI\PostInstall.exe" /tUnInstall
Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
PhotoNow!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" -uninstall
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
PowerDVD 7.0 with 5.1ch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Protectis-->"C:\Program Files\Protectis\unins000.exe"
QuickFreedom 1.2.0-->"C:\Program Files\QuickFreedom\unins000.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RGSS de RMXP version 1.0.1-->"C:\Program Files\Bodom-Child - RaBBi\RGSS\unins000.exe"
Royal-Yugi Online-->C:\Program Files\Royal-Yugi Online\Uninstal.exe
Sakura-->C:\Program Files\Image-Line\Sakura\uninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
Samsung Mobile Modem Device Software-->C:\Windows\system32\Samsung_USB_Drivers\7\SSECUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung New PC Studio USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{AF7E85DC-317C-47F5-810E-B82EE093A612}\setup.exe" -runfromtemp -l0x040c -removeonly
Samsung New PC Studio USB Driver Installer-->MsiExec.exe /I{AF7E85DC-317C-47F5-810E-B82EE093A612}
Samsung New PC Studio-->"C:\Program Files\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x040c -removeonly
Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A}
SAMSUNG USB Mobile Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6\SS_BUninstall.exe
SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}
Sawer-->C:\Program Files\Image-Line\Sawer\uninstall.exe
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
SFR - Kit de connexion-->C:\Program Files\SFR\Kit\uninstall.exe
SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}
Star Wars JK II Jedi Outcast Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD1513FC-273F-4744-8934-A6E5B1741E98}\Setup.exe"
Star Wars JK II Jedi Outcast-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{576E71DA-3000-48F6-9B21-B9A70D47DFCF}\Setup.exe"
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Word
0
Réponse 6 / 31
Kaz62820 Messages postés 31 Date d'inscription dimanche 28 février 2010 Statut Membre Dernière intervention 6 mars 2010 2
28 févr. 2010 à 15:24
Voici l'info.txt

info.txt logfile of random's system information tool 1.06 2010-02-28 15:16:12

======Uninstall list======

-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS2"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ExploitShield"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gadget"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ISP News"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure NRS"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ORSP Client"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
-->"C:\Program Files\SFR\Pack Sécurité\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
-->MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Download Manager 1.2 (Supprimer uniquement)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}
Adobe Reader 6.0.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A00000000001}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
Canon MP Navigator EX 1.0-->"C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini
Canon ScanGear Toolbox 3.0-->C:\Windows\IsUn040c.exe -f"C:\Program Files\Canon\ScanGear Toolbox Ver3\Uninst.isu" -c"C:\Program Files\Canon\ScanGear Toolbox Ver3\uninst.dll"
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
Celestia 1.6.0-->"C:\Program Files\Celestia\unins000.exe"
Cool Edit Pro 2.0-->C:\Program Files\coolpro2\cep2unin.exe
Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB945282)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB946040)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB946308)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB946344)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB947540)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB947789)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB948127)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
Correctif pour Microsoft Visual Basic 2008 Express SP1 - Français (KB951708)-->C:\Windows\system32\msiexec.exe /package {EAF461BE-79BE-340B-AEBA-82D1230EC024} /uninstall /qb+ REBOOTPROMPT=""
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter Mobile-->C:\Program Files\DivX\DivXConverterMeUninstall.exe /CONVERTERME
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Europa Universalis III-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59C80C5E-8C92-40FF-B910-2BB5C7281F61}\Setup.exe" -l0x9
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
FL Studio 9-->C:\Program Files\Image-Line\FL Studio 9\uninstall.exe
Google Chrome-->"C:\Program Files\Google\Chrome\Application\4.0.249.89\Installer\setup.exe" --uninstall --system-level
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth-->MsiExec.exe /X{2EAF7E61-068E-11DF-953C-005056806466}
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
Hardcore-->C:\Program Files\Image-Line\Hardcore\uninstall.exe
Hercules WiFi Station for Livebox-->C:\Program Files\InstallShield Installation Information\{DECE22F4-EEDD-4615-BC56-2F4827FAD64B}\setup.exe -runfromtemp -l0x040c -removeonly
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
In Nomine 3.2-->"C:\Program Files\Paradox Interactive\Europa Universalis III\unins000.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
IntelliBOT V 2.0-->c:\Kotake\IntelliBOT V 2.0\Uninstal.exe
IziSpot 4-->MsiExec.exe /X{9BC9D542-3EAE-4310-8BDC-68A325596446}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kaiba Corp Virtual Duel System 1.16-->"C:\Program Files\Kaiba Corp VDS\unins000.exe"
K-Lite Codec Pack 3.9.0 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LibUSB-Win32-0.1.12.1-->"C:\Program Files\LibUSB-Win32\unins000.exe"
LimeWire 5.4.6-->"C:\Program Files\LimeWire\uninstall.exe"
Ma-Config.com-->MsiExec.exe /X{15CBA4AC-2298-40F1-98EB-529809999E04}
Manga Studio EX Demo 3.0-->C:\Windows\IsUninst.exe -f"C:\Program Files\e frontier\Manga Studio3 EX Demo\MS_EX3Demo.isu"
Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft SQL Server 2008 Management Objects-->MsiExec.exe /I{F5E87B12-3C27-452F-8E78-21D42164FD83}
Microsoft SQL Server Compact 3.5 SP1 - Français-->MsiExec.exe /I{58FD9176-17BF-4D9A-8773-5ECA2947D391}
Microsoft Visual Basic 2008 Express Edition with SP1 - FRA-->MsiExec.exe /X{EAF461BE-79BE-340B-AEBA-82D1230EC024}
Microsoft Visual Basic 2008 Express SP1 - Français-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition with SP1 - FRA\setup.exe
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - fra-->MsiExec.exe /X{484AB636-ADBC-3A85-AB82-41873BDD1083}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32-->MsiExec.exe /X{044F9133-B8D7-4d11-BF39-803FA20F5C8B}
Microsoft Works-->MsiExec.exe /I{6B1CB38D-E2E4-4A30-933D-EFDEBA76AD9C}
Mirar-->mshta.exe http://remove.getmirar.com/
mIRC-->"c:\kotake\intellibot v 2.0\bot.exe" -uninstall
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
0
Réponse 7 / 31
Kaz62820 Messages postés 31 Date d'inscription dimanche 28 février 2010 Statut Membre Dernière intervention 6 mars 2010 2
28 févr. 2010 à 15:25
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.0.18)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3Doctor PRO-->"C:\Program Files\Mp3DoctorPRO\unins000.exe"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MYO 1.9-->"C:\Program Files\Metal-Yugioh\unins000.exe"
NetBattle-->"C:\Program Files\NetBattle\unins000.exe"
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
NTI Backup Now 5-->C:\Program Files\InstallShield Installation Information\{12EFA1A4-AC3B-443C-8143-237EDE760403}\setup.exe -runfromtemp -l0x040c
NTI Media Maker 8-->C:\Program Files\InstallShield Installation Information\{2413930C-8309-47A6-BC61-5EF27A4222BC}\setup.exe -runfromtemp -l0x040c
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{25E98ECB-5727-408E-B30A-2CAF86F5B310}
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
Opera 9.63-->MsiExec.exe /X{1BC4026B-1957-4514-9058-2B542557F143}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Outils de conception SQL Server Compact 3.5 SP1 - Français-->MsiExec.exe /X{A5D20C78-D226-4B41-A553-EEEBEB824853}
Pack Sécurité SFR-->"C:\Program Files\SFR\Pack Sécurité\FSGUI\PostInstall.exe" /tUnInstall
Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
PhotoNow!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" -uninstall
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
PowerDVD 7.0 with 5.1ch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Protectis-->"C:\Program Files\Protectis\unins000.exe"
QuickFreedom 1.2.0-->"C:\Program Files\QuickFreedom\unins000.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RGSS de RMXP version 1.0.1-->"C:\Program Files\Bodom-Child - RaBBi\RGSS\unins000.exe"
Royal-Yugi Online-->C:\Program Files\Royal-Yugi Online\Uninstal.exe
Sakura-->C:\Program Files\Image-Line\Sakura\uninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
Samsung Mobile Modem Device Software-->C:\Windows\system32\Samsung_USB_Drivers\7\SSECUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung New PC Studio USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{AF7E85DC-317C-47F5-810E-B82EE093A612}\setup.exe" -runfromtemp -l0x040c -removeonly
Samsung New PC Studio USB Driver Installer-->MsiExec.exe /I{AF7E85DC-317C-47F5-810E-B82EE093A612}
Samsung New PC Studio-->"C:\Program Files\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x040c -removeonly
Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A}
SAMSUNG USB Mobile Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6\SS_BUninstall.exe
SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}
Sawer-->C:\Program Files\Image-Line\Sawer\uninstall.exe
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
SFR - Kit de connexion-->C:\Program Files\SFR\Kit\uninstall.exe
SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}
Star Wars JK II Jedi Outcast Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD1513FC-273F-4744-8934-A6E5B1741E98}\Setup.exe"
Star Wars JK II Jedi Outcast-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{576E71DA-3000-48F6-9B21-B9A70D47DFCF}\Setup.exe"
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Word
0
Réponse 8 / 31
Kaz62820 Messages postés 31 Date d'inscription dimanche 28 février 2010 Statut Membre Dernière intervention 6 mars 2010 2
28 févr. 2010 à 15:26
et le log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Alex at 2010-02-28 15:21:35
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
System drive C: has 20 GB (17%) free of 116 GB
Total RAM: 3070 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:21:37, on 28/02/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\SFR\Kit\9props.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\conime.exe
C:\Users\Alex\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Alex.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Mirar - {3532B267-CD81-4157-8EEF-FC9196B34EC3} - C:\Windows\system32\b178.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\SFR\Pack Sécurité\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Mirar - {3532B266-CD81-4157-8EEF-FC9196B34EC3} - C:\Windows\system32\b178.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\SFR\Pack Sécurité\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\SFR\Kit\9props.exe" /trayicon
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: winesm32.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Recherche avec cherche.us - C:\Users\Alex\scriptjava.html
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (Ma-Config control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
O23 - Service: Findbasic Service - Unknown owner - C:\ProgramData\Findbasic\findbasic121.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
0
Réponse 9 / 31
Kaz62820 Messages postés 31 Date d'inscription dimanche 28 février 2010 Statut Membre Dernière intervention 6 mars 2010 2
28 févr. 2010 à 15:27
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-04 149280]
"F-Secure Manager"=C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE [2009-11-18 201128]
"F-Secure TNB"=C:\Program Files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe [2009-11-18 1655208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-25 68856]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-04-02 102400]
"Connexion SFR 9props.exe"=C:\Program Files\SFR\Kit\9props.exe [2009-10-15 959808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Program Files\Ares\Ares.exe -h []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [2008-04-25 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmpoweringTechnology]
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-01-25 24064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Peer2Me]
C:\Program Files\Peer2Me\Peer2Me.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-01-08 68640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2008-01-29 4911104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-07-18 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe [2008-01-29 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
oobefldr.dll,ShowWelcomeCenter []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WiFi Station pour Livebox.lnk]
C:\PROGRA~1\Hercules\WIFIST~1\WiFiLB.exe [2007-06-11 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2008-10-25 98696]

C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe
winesm32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - K:\sources\sperr32.exe x64


======File associations======

.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 2 months======

2010-02-28 15:15:44 ----D---- C:\rsit
2010-02-28 15:07:13 ----A---- C:\TB.txt
2010-02-28 15:06:05 ----D---- C:\ToolBar SD
2010-02-28 15:05:15 ----A---- C:\MyHosts.txt
2010-02-28 14:33:10 ----D---- C:\Program Files\Trend Micro
2010-02-24 22:36:59 ----D---- C:\Program Files\LucasArts
2010-02-17 11:23:06 ----D---- C:\Users\Alex\AppData\Roaming\Malwarebytes
2010-02-17 11:23:02 ----D---- C:\ProgramData\Malwarebytes
2010-02-17 11:23:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-10 09:44:44 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-10 09:44:44 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-10 09:44:36 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 09:44:35 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 09:44:35 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 09:44:35 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 09:44:35 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 09:44:35 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 09:44:35 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 09:44:35 ----A---- C:\Windows\system32\avicap32.dll
2010-02-10 09:44:34 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 09:44:34 ----A---- C:\Windows\system32\avifil32.dll
2010-02-07 13:44:42 ----D---- C:\Program Files\Paradox Interactive
2010-02-07 13:33:50 ----D---- C:\Users\Alex\AppData\Roaming\F-Secure
2010-02-06 13:37:09 ----D---- C:\Users\Alex\AppData\Roaming\e frontier
2010-02-06 13:36:25 ----D---- C:\Program Files\e frontier
2010-02-06 13:36:16 ----A---- C:\Windows\IsUninst.exe
2010-01-30 19:31:40 ----D---- C:\Users\Alex\AppData\Roaming\LimeWire
2010-01-30 19:31:02 ----D---- C:\Program Files\LimeWire
2010-01-29 08:50:51 ----D---- C:\Program Files\ASIO4ALL v2
2010-01-22 19:14:30 ----A---- C:\Windows\system32\rewire.dll
2010-01-22 19:11:21 ----D---- C:\Program Files\Image-Line
2010-01-22 16:02:52 ----D---- C:\Users\Alex\AppData\Roaming\Syntrillium
2010-01-22 16:00:53 ----D---- C:\Program Files\coolpro2
2010-01-22 15:50:46 ----D---- C:\Program Files\Mp3DoctorPRO
2010-01-22 15:05:37 ----D---- C:\Program Files\Kaiba Corp VDS
2010-01-22 13:44:01 ----A---- C:\Windows\system32\mshtml.dll
2010-01-22 13:44:00 ----A---- C:\Windows\system32\occache.dll
2010-01-22 13:43:59 ----A---- C:\Windows\system32\wininet.dll
2010-01-22 13:43:59 ----A---- C:\Windows\system32\urlmon.dll
2010-01-22 13:43:59 ----A---- C:\Windows\system32\ieframe.dll
2010-01-22 13:43:58 ----A---- C:\Windows\system32\ieapfltr.dll
2010-01-22 13:43:57 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-22 13:43:57 ----A---- C:\Windows\system32\iertutil.dll
2010-01-22 13:43:57 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-22 13:43:56 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-22 13:43:56 ----A---- C:\Windows\system32\iepeers.dll
2010-01-22 13:43:56 ----A---- C:\Windows\system32\ieaksie.dll
2010-01-22 13:43:55 ----A---- C:\Windows\system32\mstime.dll
2010-01-22 13:43:55 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-22 13:43:55 ----A---- C:\Windows\system32\ieencode.dll
2010-01-22 09:35:21 ----A---- C:\Windows\system32\msvcp50.dll
2010-01-22 09:34:29 ----D---- C:\ProgramData\eMule
2010-01-22 09:33:58 ----D---- C:\Program Files\eMule
2010-01-22 09:32:57 ----D---- C:\ProgramData\fssg
2010-01-22 09:29:25 ----D---- C:\ProgramData\f-secure
2010-01-17 17:18:42 ----D---- C:\Program Files\Bodom-Child - RaBBi
2010-01-16 22:13:16 ----D---- C:\Program Files\Wolfenstein - Enemy Territory
2010-01-15 16:53:18 ----D---- C:\Program Files\Metal-Yugioh
2010-01-15 12:01:23 ----D---- C:\Program Files\Microsoft SQL Server
2010-01-14 21:24:16 ----D---- C:\Program Files\Celestia
2010-01-13 19:15:49 ----D---- C:\Program Files\gPotato.eu
2010-01-13 14:31:54 ----A---- C:\Windows\system32\t2embed.dll
2010-01-13 14:31:54 ----A---- C:\Windows\system32\fontsub.dll
2010-01-13 10:29:34 ----A---- C:\Windows\system32\bass.dll
2010-01-13 10:29:33 ----D---- C:\Program Files\NetBattle
2010-01-11 22:53:13 ----D---- C:\Windows\Profiles
2010-01-11 17:28:14 ----D---- C:\Program Files\Royal-Yugi Online
2010-01-11 17:17:54 ----D---- C:\Program Files\Yu-Gi-Oh Virtual Battle 5
2010-01-10 14:44:12 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2010-01-10 14:32:28 ----A---- C:\Windows\psmplay.ini
2010-01-10 14:26:11 ----A---- C:\Windows\system32\Uninstal.exe
2010-01-09 09:04:28 ----D---- C:\Windows\system32\EventProviders
2010-01-09 09:04:26 ----D---- C:\a7d7f665ebd1e81d1e06649e6cccfb0c
2010-01-08 14:38:56 ----D---- C:\Program Files\SFR

======List of files/folders modified in the last 2 months======

2010-02-28 22:09:26 ----D---- C:\Windows\system32\config
2010-02-28 22:09:21 ----D---- C:\Windows\Tasks
2010-02-28 22:09:21 ----D---- C:\Windows\system32\spool
2010-02-28 22:09:21 ----D---- C:\Windows\system32\Msdtc
2010-02-28 22:09:21 ----D---- C:\Windows\system32\drivers
2010-02-28 22:09:21 ----D---- C:\Windows\system32\catroot2
2010-02-28 22:09:21 ----D---- C:\Windows\System32
2010-02-28 22:09:21 ----D---- C:\Windows\inf
2010-02-28 22:09:21 ----D---- C:\Users\Alex\AppData\Roaming\Winamp
2010-02-28 22:09:20 ----D---- C:\Windows\system32\wbem
2010-02-28 22:09:20 ----D---- C:\Windows\registration
2010-02-28 15:21:33 ----D---- C:\Windows\Temp
2010-02-28 15:17:05 ----D---- C:\Program Files
2010-02-28 15:06:07 ----D---- C:\Windows\Prefetch
2010-02-28 14:31:42 ----D---- C:\Program Files\Mozilla Firefox
2010-02-28 14:04:10 ----A---- C:\Windows\system32\PnkBstrB.exe
2010-02-28 13:10:17 ----D---- C:\Windows\Minidump
2010-02-28 13:10:12 ----D---- C:\Windows
2010-02-26 23:58:50 ----SHD---- C:\System Volume Information
2010-02-26 16:57:49 ----RD---- C:\Users
2010-02-25 14:37:05 ----SHD---- C:\Windows\Installer
2010-02-25 10:56:31 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-24 14:40:21 ----D---- C:\Program Files\mIRC
2010-02-17 21:39:34 ----D---- C:\Users\Alex\AppData\Roaming\Notepad++
2010-02-17 21:39:33 ----D---- C:\ProgramData\FLEXnet
2010-02-17 21:39:33 ----D---- C:\Program Files\Winamp Toolbar
2010-02-17 21:39:33 ----D---- C:\Program Files\PC Connectivity Solution
2010-02-17 21:39:33 ----D---- C:\Program Files\ma-config.com
2010-02-17 21:39:33 ----D---- C:\Program Files\DAEMON Tools Lite
2010-02-17 21:39:33 ----D---- C:\Program Files\Common Files\LightScribe
2010-02-17 21:39:33 ----D---- C:\Program Files\Bonjour
2010-02-17 21:37:16 ----D---- C:\Windows\system32\LogFiles
2010-02-17 12:35:16 ----D---- C:\Windows\new mario62
2010-02-17 11:23:02 ----HD---- C:\ProgramData
2010-02-11 21:56:23 ----D---- C:\Users\Alex\AppData\Roaming\Canon
2010-02-11 11:07:45 ----D---- C:\Windows\winsxs
2010-02-11 10:57:37 ----D---- C:\Windows\system32\catroot
2010-02-11 03:14:56 ----D---- C:\Program Files\Windows Mail
2010-02-09 17:09:43 ----RSD---- C:\Windows\Fonts
2010-02-07 02:39:11 ----D---- C:\Program Files\Google
2010-02-01 20:26:20 ----A---- C:\Windows\system32\mrt.exe
2010-01-31 19:36:42 ----A---- C:\Windows\SGTBox.INI
2010-01-29 23:07:58 ----D---- C:\Program Files\Canon
2010-01-29 08:47:22 ----D---- C:\Program Files\VstPlugins
2010-01-24 17:49:11 ----D---- C:\ProgramData\Messenger Plus!
2010-01-24 17:41:06 ----D---- C:\Program Files\Messenger Plus! Live
2010-01-23 09:48:01 ----D---- C:\Users\Alex\AppData\Roaming\uTorrent
2010-01-22 17:51:41 ----D---- C:\TEMP
2010-01-22 17:27:05 ----D---- C:\Program Files\Internet Explorer
2010-01-22 16:03:06 ----A---- C:\Windows\win.ini
2010-01-22 16:03:06 ----A---- C:\Windows\system.ini
2010-01-22 09:35:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-20 19:03:13 ----D---- C:\ProgramData\Microsoft Help
2010-01-20 19:03:11 ----RSD---- C:\Windows\assembly
2010-01-20 19:01:54 ----D---- C:\Program Files\Common Files\microsoft shared
2010-01-20 19:01:40 ----D---- C:\Program Files\Microsoft Works
2010-01-15 12:30:17 ----D---- C:\Windows\Microsoft.NET
2010-01-14 21:31:45 ----D---- C:\Windows\system32\Tasks
2010-01-14 11:12:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-01-11 22:53:24 ----SHD---- C:\$RECYCLE.BIN
2010-01-11 22:53:13 ----D---- C:\Program Files\Windows Media Player
2010-01-10 14:50:42 ----SHD---- C:\RECYCLER
2010-01-09 20:09:09 ----D---- C:\Windows\tracing
2010-01-09 19:19:37 ----D---- C:\Windows\ModemLogs
2010-01-09 17:12:33 ----D---- C:\Windows\system32\zh-TW
2010-01-09 17:12:33 ----D---- C:\Windows\system32\zh-CN
2010-01-09 17:12:33 ----D---- C:\Windows\system32\uk-UA
2010-01-09 17:12:33 ----D---- C:\Windows\system32\tr-TR
2010-01-09 17:12:33 ----D---- C:\Windows\system32\th-TH
2010-01-09 17:12:33 ----D---- C:\Windows\system32\sv-SE
2010-01-09 17:12:33 ----D---- C:\Windows\system32\sr-Latn-CS
2010-01-09 17:12:33 ----D---- C:\Windows\system32\SLUI
2010-01-09 17:12:33 ----D---- C:\Windows\system32\sl-SI
2010-01-09 17:12:33 ----D---- C:\Windows\system32\sk-SK
2010-01-09 17:12:33 ----D---- C:\Windows\system32\setup
2010-01-09 17:12:33 ----D---- C:\Windows\system32\ru-RU
2010-01-09 17:12:33 ----D---- C:\Windows\system32\RTCOM
2010-01-09 17:12:33 ----D---- C:\Windows\system32\ro-RO
2010-01-09 17:12:33 ----D---- C:\Windows\system32\pt-PT
2010-01-09 17:12:33 ----D---- C:\Windows\system32\pt-BR
2010-01-09 17:12:33 ----D---- C:\Windows\system32\pl-PL
2010-01-09 17:12:32 ----D---- C:\Windows\system32\oobe
2010-01-09 17:12:32 ----D---- C:\Windows\system32\nl-NL
2010-01-09 17:12:32 ----D---- C:\Windows\system32\nb-NO
2010-01-09 17:12:32 ----D---- C:\Windows\system32\migwiz
2010-01-09 17:12:32 ----D---- C:\Windows\system32\migration
2010-01-09 17:12:32 ----D---- C:\Windows\system32\lv-LV
2010-01-09 17:12:32 ----D---- C:\Windows\system32\lt-LT
2010-01-09 17:12:32 ----D---- C:\Windows\system32\ko-KR
2010-01-09 17:12:32 ----D---- C:\Windows\system32\ja-JP
2010-01-09 17:12:32 ----D---- C:\Windows\system32\it-IT
2010-01-09 17:12:31 ----D---- C:\Windows\system32\hu-HU
2010-01-09 17:12:31 ----D---- C:\Windows\system32\hr-HR
2010-01-09 17:12:31 ----D---- C:\Windows\system32\he-IL
2010-01-09 17:12:31 ----D---- C:\Windows\system32\fr-FR
2010-01-09 17:12:31 ----D---- C:\Windows\system32\fr
2010-01-09 17:12:31 ----D---- C:\Windows\system32\fi-FI
2010-01-09 17:12:31 ----D---- C:\Windows\system32\et-EE
2010-01-09 17:12:31 ----D---- C:\Windows\system32\es-ES
2010-01-09 17:12:31 ----D---- C:\Windows\system32\en-US
2010-01-09 17:12:31 ----D---- C:\Windows\system32\el-GR
2010-01-09 17:12:30 ----D---- C:\Windows\system32\de-DE
2010-01-09 17:12:30 ----D---- C:\Windows\system32\da-DK
2010-01-09 17:12:30 ----D---- C:\Windows\system32\cs-CZ
2010-01-09 17:12:30 ----D---- C:\Windows\system32\CodeIntegrity
2010-01-09 17:12:30 ----D---- C:\Windows\system32\bg-BG
2010-01-09 17:12:30 ----D---- C:\Windows\system32\ar-SA
2010-01-09 17:12:30 ----D---- C:\Windows\system32\AdvancedInstallers
2010-01-09 17:12:30 ----D---- C:\Windows\servicing
2010-01-09 17:12:30 ----D---- C:\Windows\rescache
2010-01-09 17:12:29 ----D---- C:\Windows\IME
2010-01-09 17:12:25 ----D---- C:\Program Files\Windows Sidebar
2010-01-09 17:12:25 ----D---- C:\Program Files\Windows Photo Gallery
2010-01-09 17:12:25 ----D---- C:\Program Files\Windows Defender
2010-01-09 17:12:25 ----D---- C:\Program Files\Windows Collaboration
2010-01-09 17:12:25 ----D---- C:\Program Files\Windows Calendar
2010-01-09 17:12:25 ----D---- C:\Program Files\Movie Maker
2010-01-09 17:12:25 ----D---- C:\Program Files\Common Files\System
2010-01-09 17:11:47 ----D---- C:\Windows\system32\XPSViewer
2010-01-09 17:11:47 ----D---- C:\Windows\system32\WCN
2010-01-09 14:21:29 ----SHD---- C:\Boot
2010-01-07 22:30:42 ----D---- C:\Users\Alex\AppData\Roaming\Desktopicon
2010-01-07 22:24:09 ----D---- C:\Program Files\Nvu
2010-01-07 22:23:45 ----D---- C:\Program Files\FreeTime
2010-01-07 22:23:11 ----D---- C:\Program Files\Acer GameZone
2010-01-07 22:20:11 ----D---- C:\Program Files\MSN Password Recovery
2010-01-07 22:19:37 ----D---- C:\Program Files\MadTracker
2010-01-07 22:19:04 ----D---- C:\Program Files\mnProjects
2010-01-07 22:18:50 ----D---- C:\Windows\system32\MAGIX
2010-01-07 22:18:11 ----D---- C:\ProgramData\Apple Computer
2010-01-07 22:16:55 ----D---- C:\Program Files\REAPER
2010-01-07 22:16:26 ----D---- C:\Program Files\Cakewalk
2010-01-07 22:15:29 ----D---- C:\Program Files\MSECACHE
2010-01-07 22:13:07 ----D---- C:\Program Files\Common Files
2010-01-07 22:12:50 ----DC---- C:\Windows\system32\DRVSTORE
2010-01-07 22:09:05 ----D---- C:\ProgramData\Apple
2010-01-07 15:37:31 ----D---- C:\Users\Alex\AppData\Roaming\mIRC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 F-Secure HIPS;F-Secure HIPS Driver; \??\C:\Program Files\SFR\Pack Sécurité\HIPS\drivers\fshs.sys [2009-11-18 69928]
R1 FSES;F-Secure Email Scanning Driver; C:\Windows\System32\drivers\fses.sys [2009-11-18 37544]
R1 FSFW;F-Secure Firewall Driver; C:\Windows\System32\drivers\fsdfw.sys [2009-11-18 72904]
R1 fsvista;F-Secure Vista Support Driver; \??\C:\Program Files\SFR\Pack Sécurité\Anti-Virus\minifilter\fsvista.sys [2009-11-18 14248]
R2 Aspi32;Aspi32; C:\Windows\system32\drivers\Aspi32.sys [1999-09-10 25244]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\SFR\Pack Sécurité\Anti-Virus\minifilter\fsgk.sys [2010-01-22 107104]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-30 2058528]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1; C:\Windows\system32\drivers\libusb0.sys [2007-03-20 28672]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-01-30 14848]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-17 7379872]
R3 StillCam;Pilote d'appareil photo numérique série; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]
R3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); C:\Windows\system32\DRIVERS\vcsvad.sys [2008-12-10 17792]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\Windows\System32\DRIVERS\ASPI32.sys [1999-09-10 25244]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-04-13 952832]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-02-25 4385792]
S3 aycb5z6w;aycb5z6w; C:\Windows\system32\drivers\aycb5z6w.sys []
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2008-01-21 93696]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2008-01-21 93696]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2009-12-11 14336]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 netr73;Hercules Wireless USB Dongle Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2007-01-31 256000]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RDID1061;UA-4FX; C:\Windows\system32\Drivers\rdwm1061.sys [2009-02-18 146432]
S3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\Windows\system32\drivers\ScreamingBAudio.sys [2009-04-06 23064]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 tapvpn;TAP VPN Adapter; C:\Windows\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
S3 UfasoftSnifDriver4;Ufasoft Snif Driver v4; \??\C:\Program Files\Ufasoft\Sniffer\usft_sn4.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys []
S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys []
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2009-04-21 312320]
S4 ahcix86s;ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 170000]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\SFR\Pack Sécurité\Anti-Virus\Win2K\FSfilter.sys [2009-11-18 41640]
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\SFR\Pack Sécurité\Anti-Virus\Win2K\FSrec.sys [2009-11-18 27048]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2009-02-25 733184]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe [2009-11-18 221608]
R2 FSMA;F-Secure Management Agent; C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE [2009-11-18 188840]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-03-31 233472]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-17 196608]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-08-14 75064]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2008-04-29 241734]
R2 yksvc;Marvell Yukon Service; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\SFR\Pack Sécurité\FWES\Program\fsdfwd.exe [2009-11-18 524712]
R3 FSORSPClient;F-Secure ORSP Client; C:\Program Files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe [2010-01-25 56000]
S2 Findbasic Service;Findbasic Service; C:\ProgramData\Findbasic\findbasic121.exe C:\Program Files\Findbasic\findbasic.dll Service []
S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-14 135664]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-02-22 654848]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-01-25 24064]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-28 182768]
S3 HssTrayService;Hotspot Shield Tray Service; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-12-11 238960]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2010-01-04 3404560]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-21 21504]

-----------------EOF-----------------
0
Utilisateur anonyme
28 févr. 2010 à 15:43
Re

1) # Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


Télécharge et install UsbFix de C_XX
Ici : : http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
Tutorial de Malekal_Morte si besoin, merci à lui : https://www.malekal.com/usbfix-supprimer-virus-usb/

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir


# Clic droit "Exécuter en tant qu'administrateur" sur le raccourci UsbFix présent sur ton bureau.

# Choisi l option 1 (Recherche)

# Laisse travailler l outil.

# Ensuite post le rapport UsbFix.txt qui apparaîtra.

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )


2)Télécharge Malwaresbytes anti malware ici
http://www.malwarebytes.org/mbam.php

* Installe le (choisis bien "français" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/

* Potasse le tuto pour te familiariser avec le prg :

https://forum.pcastuces.com/sujet.asp?f=31&s=3

(cela dis, il est très simple d’utilisation).

relance Malwaresbytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

* Lance Malwarebyte’s.

Fais un examen dit "Complet"

--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "Afficher les résultats" " .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " supprimer la sélection " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwaresbytes, le dernier en date)

Poste les rapports au fur et à mesure;merci
@+
0
Réponse 10 / 31
Kaz62820 Messages postés 31 Date d'inscription dimanche 28 février 2010 Statut Membre Dernière intervention 6 mars 2010 2
28 févr. 2010 à 17:41
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3806
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

28/02/2010 17:40:16
mbam-log-2010-02-28 (17-40-15).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Eléments examinés: 452531
Temps écoulé: 1 hour(s), 39 minute(s), 39 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 411

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{3532b266-cd81-4157-8eef-fc9196b34ec3} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3532b266-cd81-4157-8eef-fc9196b34ec3} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3532b266-cd81-4157-8eef-fc9196b34ec3} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3532b267-cd81-4157-8eef-fc9196b34ec3} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3532b267-cd81-4157-8eef-fc9196b34ec3} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3532b267-cd81-4157-8eef-fc9196b34ec3} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Findbasic Service (Adware.FindBasic) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Findbasic (Adware.FindBasic) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Recherche avec cherche.us (Redir.ChercheUs) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{3532b266-cd81-4157-8eef-fc9196b34ec3} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3532b266-cd81-4157-8eef-fc9196b34ec3} (Adware.Mirar) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\Alex\AppData\Local\Temp\93.exe (Adware.Mirar) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA8O8ASV.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA1ZBZF2.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\load[4].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\load[5].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\load[6].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\load[7].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\load[8].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\load[9].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA2OX79J.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA2QR7RZ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA2TECHV.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA2WMH23.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA34OAG1.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA34WQLB.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA3CI78J.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA3ELNCM.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA3IWT5A.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA3MG6L5.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA3RV8OV.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA3YDGQC.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA3ZIZRE.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA4PKQO1.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA4Y3SYN.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA53H90N.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA53ROW0.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA5QPSLS.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA5SY9IN.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA69Z8VU.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA6TYANN.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA80OP17.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA87NETG.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCANA318A.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCANE8JMM.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCANO0AF0.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAO0M1AW.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAOLHYUC.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAPERKQ1.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAPGO00B.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAPO0FYF.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAPPK3H4.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAPW1HY0.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAPWQJ6Z.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAQNZ11Y.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAR38A6R.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCARERL50.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCARXQOMN.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCASGK5M2.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCASUEJGQ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCASYSL6S.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCASZK20W.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCATWL8DQ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAURI3EV.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAVFMVDH.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAVT31OD.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAW0FZP9.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAW0RLMJ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAW84DJC.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAXNW8RD.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAXOLKUJ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAXP29EN.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAXQKK43.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAYLPSSS.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAZ0DE7R.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\load[10].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\load[11].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\load[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA02UVHM.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA0NTAIT.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA12JJ1R.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA12XP2O.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA15MJ1Z.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA1L17BW.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA92X813.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCA9YFKPK.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAAG4HU5.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAB16QOW.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCACHX4FS.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCACWUJKY.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCACY2PDK.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAE0ZEI4.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAE1JPVF.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAECYCLX.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAF1I6BF.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAFF9IA5.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAFMLXRW.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAGHRGE7.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAGZWFU8.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAHJH3L2.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAHV24NY.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAJFO7CG.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAJMTAW3.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAKHXED4.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAKN1GEC.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAKV2TZU.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAL4N9HX.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAMAWP87.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAMBL2LR.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAMF1O50.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAN65ZJL.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAN8NXYU.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\AG7KLLF1\loadCAUXGB5Y.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA1UO44D.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA9KXI9Y.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAJAQ7SJ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAW6YE11.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\load[6].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\load[7].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\load[8].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\load[9].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAK26RY5.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAKKDFOF.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAKQGKTV.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAKU7P03.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCALFL8PQ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCALHS9H3.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCALPPBRN.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCALVDM8I.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAMALHEL.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAMOIS5M.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAMP1LFN.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCANGIO6C.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAOUERR0.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAOVKZ7M.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAPH2IFY.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAPLW3H8.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAPQZXKW.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAQ0VN2V.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAQMHW8Q.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAR13UQL.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAR53D0S.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCARDQZ95.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAREY090.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCARX5S4P.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAS9KFMF.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCASEMP5Q.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCATFCWPE.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAU0TUUN.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAUEM27J.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAUO2PRQ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAUW75ZO.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAVFGYM5.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA1VPLT1.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA1XLVIA.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA232956.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA2IN0OE.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA2VNTF1.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA2ZHEXD.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA32JPO8.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA392JJQ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA3I0LQK.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA3NE384.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA43CSNX.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA49T3BX.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA4OYNWZ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA4RE1GF.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA4V4Y44.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA5OES3H.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA64OICH.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA6D2J53.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA6ITGJ5.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA7E1CLH.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA7I5UQS.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA7IYL1Z.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA7UEH6W.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA7WF54I.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA8CEQWI.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA8FWF2W.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAWG46CH.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAWU2EBF.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAXVNSUJ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAYGDOGV.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAYIHTFL.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAYQ843B.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAZ3A9DZ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\load[10].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\load[11].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\load[5].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA0S7NA8.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCA1C1I2P.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAA2VVZR.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAA9CDBE.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAAP7HOZ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAAPFUS2.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAB1EFKS.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAC89PJE.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCACBF8A4.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCACF1HCS.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAD9H1TH.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCADFSRNK.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAEEFI06.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAEGK7F3.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAEMPYA0.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAF4KPGG.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAFEPDIS.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAGALKHO.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAGFJYV9.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAH519IJ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAHYWTFY.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAI4PGI6.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAIN323F.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C48I2N3P\loadCAJ7ZTA9.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA3L0OW0.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCADEER89.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCALYSHBL.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAV65ZHX.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\load[10].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\load[11].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\load[4].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\load[5].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\load[6].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\load[7].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\load[8].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\load[9].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA3NTV78.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA3XN7MF.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA43MF94.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA4CB40A.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA4DWBED.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA4ZUJ2I.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA501RPW.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA5M4R21.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA6NN6E8.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA80ZA2I.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA85WNS4.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA981WJW.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA9OKT62.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA9ZWBUG.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAA3LQ2X.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAB4TNOM.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCABT592Q.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCACC9TB1.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAD7SDMF.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAMIJU4I.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAMMXJ2Y.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAMWHEBG.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAN44J8S.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAOEG9V0.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAOOSOKN.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAQ50W0R.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAQ7XLTV.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAQKSK13.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCARB0QCV.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCARH0BEY.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAS55KO6.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCASJONK1.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAT8IYQH.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCATDBHZW.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAUBK187.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAUIAKHV.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAUSB639.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAUZLEJH.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAV2JNP9.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCADJ37GW.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCADTV9N4.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAEBOCZR.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAEC1VF8.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAEFGI40.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAEHL3V5.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAFMDE2R.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAFNOE27.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAFQHQDP.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAG281OB.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAGD8697.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAGGJK8W.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAH7Q24E.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAHG723Q.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAI3KMZ1.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAISSYMP.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAJ4RB68.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAJ7JCZ0.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAKCSZZ0.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAKONO96.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAKZCOD2.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCALPK62P.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA0RVD2W.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA19B33D.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA1EXW3F.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA1IPIKN.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA1ISOQS.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA24609S.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA29QR2H.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA2NY5FT.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA3238R1.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA391YEC.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCA3IYT2G.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAVKQSP8.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAW6DHKU.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAW81808.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAWL1H1A.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAWL6URW.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAWPQS9E.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAWRIBUR.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAX34RTB.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAX8MPQT.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAXAVL10.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAXCPGYX.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAXDKLC4.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAXJ2F1J.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAXP7EWR.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAY1JHWS.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAYLO5DH.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\NPJPGDIE\loadCAZONSMA.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA49N5FJ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA95D9UB.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAGATYZS.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCARJIRXD.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\MediaPlayerUpgrade[1].exe (Adware.Mirar) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\MediaPlayerUpgrade[2].exe (Adware.Mirar) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\load[10].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\load[11].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\load[1].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\load[4].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\load[5].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\load[6].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\load[7].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\load[8].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\load[9].exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA99MR5P.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA9YUSK1.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAA1RE4M.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAAC3KWB.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAADYCMA.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAAJA7VC.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAB2F2IU.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAB73Z20.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCABFGQM4.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCABJE1DZ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCABTFCUZ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCABX1Z59.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAC2P191.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCACR1TZ3.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCADRSESL.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCADVGSML.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAG4NUQ9.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA1BSHB1.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA1K133O.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA1SOUCL.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA1WVXJ4.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA2C5TM8.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA2GTMLY.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA2ICT50.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA2L3B6C.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA2T5O3R.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA3GOF1F.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA3RWB6G.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAS04242.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCATTJIPA.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAU0S3YM.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAU1O045.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAUH86H9.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAUOI0XZ.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAVGYH7Y.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAVV9J20.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAXA4155.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAXL2IX0.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAXWYF0Y.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAY0X16X.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAYPX362.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAYVRE5I.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAYWQF7X.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAYY3F0W.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAZA4I6I.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAZDH5HL.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAZH0N0E.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAZMJA7X.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCAZMQADR.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA4MZ2PD.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA56KM0R.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA57DY5A.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\VP585PRL\loadCA5I7QXV.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\Fichiers Internet temp
0
Réponse 11 / 31
Kaz62820 Messages postés 31 Date d'inscription dimanche 28 février 2010 Statut Membre Dernière intervention 6 mars 2010 2
28 févr. 2010 à 17:42
############################## | UsbFix V6.097 |

User : Alex (Administrateurs) # PC-DE-ALEX
Update on 20/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 15:50:16 | 28/02/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Athlon(tm) Dual Core Processor 4450e
Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Disabled

C:\ -> Disque fixe local # 113,36 Go (19,23 Go free) [ACER] # NTFS
D:\ -> Disque fixe local # 170,08 Go (169,42 Go free) [Data] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque CD-ROM

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\FSGK32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\SFR\Pack Sécurité\Common\FSHDLL32.EXE
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\SFR\Kit\9props.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fssm32.exe
C:\Program Files\SFR\Pack Sécurité\FWES\Program\fsdfwd.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsav32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\mIRC\mirc.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## | Elements infectieux |

C:\Users\Alex\AppData\Local\Temp\93.exe
C:\Users\Alex\AppData\Local\Temp\das.exe
C:\Users\Alex\AppData\Local\Temp\e.exe
C:\Users\Alex\AppData\Local\Temp\e.exe
C:\Users\Alex\AppData\Local\Temp\xmlUpdater.exe

################## | Registre |


################## | Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\K
shell\AutoRun\command =K:\sources\sperr32.exe x64

################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné !

################## | ! Fin du rapport # UsbFix V6.097 ! |
0
Utilisateur anonyme
28 févr. 2010 à 17:49
Re

1)Vide la quarantaine de Malwaresbytes.

2) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

# Clic droit"exécuter en temps qu'administrateur" sur le raccourci UsbFix présent sur ton bureau

# choisi l option 2 (Suppression)

# Ton bureau disparaîtra et le pc redémarrera.

# Au redémarrage, UsbFix scannera ton pc, laisse travailler l outil.

# Ensuite post le rapport UsbFix.txt qui apparaîtra avec le bureau.

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:UsbFix.txt )

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

3)Poste un nouveau RSIT pur contrôle(il n'y aura que le log.txt)

Poste les rapports au fur et à mesure;merci

@+
0
Réponse 12 / 31
Kaz62820 Messages postés 31 Date d'inscription dimanche 28 février 2010 Statut Membre Dernière intervention 6 mars 2010 2
28 févr. 2010 à 18:03
Voici deja le usbfix


############################## | UsbFix V6.097 |

User : Alex (Administrateurs) # PC-DE-ALEX
Update on 20/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 17:55:29 | 28/02/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Athlon(tm) Dual Core Processor 4450e
Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Disabled

C:\ -> Disque fixe local # 113,36 Go (18,94 Go free) [ACER] # NTFS
D:\ -> Disque fixe local # 170,08 Go (169,42 Go free) [Data] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque CD-ROM

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\FSGK32.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\SFR\Pack Sécurité\Common\FSHDLL32.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fssm32.exe
C:\Program Files\SFR\Pack Sécurité\FWES\Program\fsdfwd.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsav32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## | Elements infectieux |

Supprimé ! C:\Users\Alex\AppData\Local\Temp\das.exe
Supprimé ! C:\Users\Alex\AppData\Local\Temp\e.exe
Supprimé ! C:\Users\Alex\AppData\Local\Temp\xmlUpdater.exe
Supprimé ! C:\$Recycle.Bin\S-1-5-21-1487363990-143758708-288422109-1000
Supprimé ! C:\$Recycle.Bin\S-1-5-21-1487363990-143758708-288422109-1001
Supprimé ! C:\$Recycle.Bin\S-1-5-21-1487363990-143758708-288422109-1002
Supprimé ! C:\$Recycle.Bin\S-1-5-21-1487363990-143758708-288422109-1003
Supprimé ! C:\$Recycle.Bin\S-1-5-21-1487363990-143758708-288422109-1004
Supprimé ! C:\$Recycle.Bin\S-1-5-21-1487363990-143758708-288422109-1005
Supprimé ! C:\$Recycle.Bin\S-1-5-21-1487363990-143758708-288422109-500
Supprimé ! D:\$Recycle.Bin\S-1-5-21-1487363990-143758708-288422109-1000

################## | Registre |


################## | Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\K\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[18/09/2006 22:43|--a------|24] C:\autoexec.bat
[11/04/2009 07:36|-rahs----|333257] C:\bootmgr
[18/09/2006 22:43|--a------|10] C:\config.sys
[25/01/2009 20:11|-rahs----|0] C:\IO.SYS
[25/01/2009 20:11|-rahs----|0] C:\MSDOS.SYS
[28/02/2010 15:05|--a------|241] C:\MyHosts.txt
[?|?|?] C:\pagefile.sys
[28/02/2010 15:17|--a------|3046] C:\TB.txt
[28/02/2010 18:00|--a------|4429] C:\UsbFix.txt

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

################## | Upload |

Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_PC-DE-ALEX.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .
0
Réponse 13 / 31
Kaz62820 Messages postés 31 Date d'inscription dimanche 28 février 2010 Statut Membre Dernière intervention 6 mars 2010 2
28 févr. 2010 à 18:06
Logfile of random's system information tool 1.06 (written by random/random)
Run by Alex at 2010-02-28 18:04:51
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
System drive C: has 19 GB (17%) free of 116 GB
Total RAM: 3070 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:04, on 28/02/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\svchost.exe
C:\Users\Alex\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Alex.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\SFR\Pack Sécurité\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\SFR\Pack Sécurité\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\SFR\Kit\9props.exe" /trayicon
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: winesm32.exe
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O15 - Trusted Zone: *.chat-land.org
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (Ma-Config control) - http://fichiers.touslesdrivers.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Desktop Manager 5.7.808.7150 (GoogleDesktopManager-080708-050100) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
0
Utilisateur anonyme
28 févr. 2010 à 18:11
Re

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Ou ici : https://forospyware.com
>Renomme le pour l’enregistrer sur ton bureau en asdehi (tout simplement pour que l’infection ne le contre pas)
-> Double clique combofix.exe.(ou clic droit sous vista « exécuter en tant que… » )
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'Internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe ; (ou clic droit sous vista « exécuter en tant que… »)


- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

- Attention Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programme. Risque de figer l'ordinateur

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\ : risque de figer l'ordinateur (plantage complet)


::Si combofix détecte quelque chose et de demande a redémarrer tu acceptes

@+
0
Réponse 14 / 31
Kaz62820 Messages postés 31 Date d'inscription dimanche 28 février 2010 Statut Membre Dernière intervention 6 mars 2010 2
28 févr. 2010 à 18:39
ComboFix 10-02-27.04 - Alex 28/02/2010 18:26:39.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.3070.2213 [GMT 1:00]
Lancé depuis: c:\users\Alex\AppData\Local\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Royal-Yugi Online\bton\Desktop_.ini
c:\program files\Royal-Yugi Online\btonv\Desktop_.ini
c:\program files\Royal-Yugi Online\Field\Desktop_.ini
c:\program files\Royal-Yugi Online\Icon\Desktop_.ini
c:\program files\Royal-Yugi Online\Icon\ico_flags\Desktop_.ini
c:\users\Alex\Ae.exe
c:\users\Alex\AppDae.exe
c:\users\Alex\AppData\Local\Tempe.exe
c:\users\Alex\AppData\Roaming\.#
c:\users\Alex\AppData\Roaming\Desktopicon
c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winesm32.exe
c:\users\Alex\AppDatae.exe
c:\users\Alex\Appe.exe
c:\windows\2afbd66b-251d-4389-8ddb-6f8a3f253f1f.ocx
c:\windows\jestertb.dll
c:\windows\system32\6ffdbcaf-f6c1-42d3-a4a9-c7957224a70b.dll
c:\windows\system32\twain_32.dll
c:\windows\wpe pro.INI

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-01-28 au 2010-02-28 ))))))))))))))))))))))))))))))))))))
.

2010-02-28 17:35 . 2010-02-28 17:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-28 17:35 . 2010-02-28 17:35 -------- d-----w- c:\users\yvb2\AppData\Local\temp
2010-02-28 17:35 . 2010-02-28 17:35 -------- d-----w- c:\users\YVB\AppData\Local\temp
2010-02-28 17:35 . 2010-02-28 17:35 -------- d-----w- c:\users\Brigitte\AppData\Local\temp
2010-02-28 17:00 . 2010-02-28 17:00 148860 ----a-w- C:\UsbFix_Upload_Me_PC-DE-ALEX.zip
2010-02-17 10:23 . 2010-02-17 10:23 -------- d-----w- c:\programdata\Malwarebytes
2010-02-07 12:44 . 2010-02-07 12:44 -------- d-----w- c:\program files\Paradox Interactive
2010-02-07 12:33 . 2010-02-07 12:33 -------- d-----w- c:\users\Alex\AppData\Roaming\F-Secure
2010-02-06 12:37 . 2010-02-06 12:37 -------- d-----w- c:\users\Alex\AppData\Roaming\e frontier
2010-02-06 12:36 . 2010-02-06 12:36 -------- d-----w- c:\program files\e frontier
2010-02-06 12:36 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-01-30 18:31 . 2010-02-28 17:23 -------- d-----w- c:\users\Alex\AppData\Roaming\LimeWire
2010-01-30 18:31 . 2010-01-30 18:31 -------- d-----w- c:\program files\LimeWire

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-28 21:09 . 2009-08-15 18:05 -------- d-----w- c:\users\Alex\AppData\Roaming\Winamp
2010-02-28 14:53 . 2010-02-17 10:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-28 14:52 . 2009-01-25 16:07 -------- d-----w- c:\program files\mIRC
2010-02-28 13:33 . 2010-02-28 13:33 -------- d-----w- c:\program files\Trend Micro
2010-02-28 13:04 . 2009-04-27 18:59 138328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-28 13:04 . 2009-04-27 18:59 214816 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-26 16:02 . 2010-02-26 16:02 29184 ----a-w- c:\users\Alex\AppData\Local\Tee.exe
2010-02-26 16:01 . 2010-02-26 16:01 29184 ----a-w- c:\users\Alex\AppData\Local\e.exe
2010-02-26 15:54 . 2010-02-26 15:54 8 ----a-w- c:\users\Alex\AppData\Roaming\rbuwzv.dat
2010-02-25 09:56 . 2008-03-16 21:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-25 09:56 . 2010-02-24 21:36 -------- d-----w- c:\program files\LucasArts
2010-02-20 09:09 . 2010-01-16 21:13 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory
2010-02-17 20:39 . 2009-01-27 23:42 -------- d-----w- c:\users\Alex\AppData\Roaming\Notepad++
2010-02-17 20:39 . 2009-11-04 11:11 -------- d-----w- c:\program files\PC Connectivity Solution
2010-02-17 20:39 . 2009-08-15 18:06 -------- d-----w- c:\program files\Winamp Toolbar
2010-02-17 20:39 . 2009-02-22 18:39 -------- d-----w- c:\programdata\FLEXnet
2010-02-17 20:39 . 2009-02-22 18:31 -------- d-----w- c:\program files\Bonjour
2010-02-17 20:39 . 2009-02-19 13:50 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-17 20:39 . 2009-01-25 18:53 -------- d-----w- c:\program files\ma-config.com
2010-02-17 20:39 . 2008-03-16 21:59 -------- d-----w- c:\program files\Common Files\LightScribe
2010-02-17 10:23 . 2010-02-17 10:23 -------- d-----w- c:\users\Alex\AppData\Roaming\Malwarebytes
2010-02-16 23:54 . 2010-02-16 23:54 16 ----a-w- c:\users\Alex\AppData\Roaming\sgcpom.dat
2010-02-14 10:33 . 2009-12-06 12:39 439816 ----a-w- c:\users\Alex\AppData\Roaming\Real\Update\setup3.09\setup.exe
2010-02-11 20:56 . 2009-10-02 08:53 -------- d-----w- c:\users\Alex\AppData\Roaming\Canon
2010-02-11 02:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-10 08:50 . 2009-01-30 19:00 1 ----a-w- c:\users\Alex\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-09 16:11 . 2009-01-25 14:56 102736 ----a-w- c:\users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-07 01:39 . 2009-01-25 14:56 -------- d-----w- c:\program files\Google
2010-02-03 17:47 . 2010-01-11 16:17 -------- d-----w- c:\program files\Yu-Gi-Oh Virtual Battle 5
2010-01-29 22:07 . 2009-10-02 08:49 -------- d-----w- c:\program files\Canon
2010-01-29 07:50 . 2010-01-29 07:50 -------- d-----w- c:\program files\ASIO4ALL v2
2010-01-29 07:47 . 2009-02-08 20:20 -------- d-----w- c:\program files\VstPlugins
2010-01-24 16:49 . 2009-01-31 11:38 -------- d-----w- c:\programdata\Messenger Plus!
2010-01-24 16:41 . 2009-01-31 10:20 -------- d-----w- c:\program files\Messenger Plus! Live
2010-01-23 08:48 . 2009-10-28 10:26 -------- d-----w- c:\users\Alex\AppData\Roaming\uTorrent
2010-01-22 18:14 . 2010-01-22 18:11 -------- d-----w- c:\program files\Image-Line
2010-01-22 15:02 . 2010-01-22 15:02 -------- d-----w- c:\users\Alex\AppData\Roaming\Syntrillium
2010-01-22 15:02 . 2010-01-22 15:00 -------- d-----w- c:\program files\coolpro2
2010-01-22 14:50 . 2010-01-22 14:50 -------- d-----w- c:\program files\Mp3DoctorPRO
2010-01-22 14:06 . 2010-01-22 14:05 -------- d-----w- c:\program files\Kaiba Corp VDS
2010-01-22 08:40 . 2010-01-22 08:35 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2010-01-22 08:35 . 2008-01-21 07:23 676456 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-22 08:35 . 2008-01-21 07:23 126594 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-22 08:35 . 2010-01-22 08:29 -------- d-----w- c:\programdata\f-secure
2010-01-22 08:34 . 2010-01-22 08:34 -------- d-----w- c:\programdata\eMule
2010-01-22 08:34 . 2010-01-08 13:38 -------- d-----w- c:\program files\SFR
2010-01-22 08:34 . 2010-01-22 08:33 -------- d-----w- c:\program files\eMule
2010-01-22 08:33 . 2010-01-22 08:32 -------- d-----w- c:\programdata\fssg
2010-01-20 18:03 . 2008-03-16 21:41 -------- d-----w- c:\programdata\Microsoft Help
2010-01-20 18:01 . 2008-03-16 21:43 -------- d-----w- c:\program files\Microsoft Works
2010-01-17 16:18 . 2010-01-17 16:18 -------- d-----w- c:\program files\Bodom-Child - RaBBi
2010-01-15 15:53 . 2010-01-15 15:53 -------- d-----w- c:\program files\Metal-Yugioh
2010-01-15 11:01 . 2010-01-15 11:01 -------- d-----w- c:\program files\Microsoft SQL Server
2010-01-15 11:00 . 2009-01-27 10:17 195232 ----a-w- c:\programdata\Microsoft\VBExpress\9.0\1036\ResourceCache.dll
2010-01-15 11:00 . 2009-01-27 10:17 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1036\ResourceCache.dll
2010-01-15 10:58 . 2010-01-10 13:44 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-01-14 20:56 . 2010-01-14 20:55 419 ----a-w- c:\users\Alex\errorlog.tmp
2010-01-14 20:24 . 2010-01-14 20:24 -------- d-----w- c:\program files\Celestia
2010-01-14 10:12 . 2009-10-03 09:34 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 18:15 . 2010-01-13 18:15 -------- d-----w- c:\program files\gPotato.eu
2010-01-13 09:37 . 2010-01-13 09:29 -------- d-----w- c:\program files\NetBattle
2010-01-11 21:49 . 2009-01-28 19:21 98744 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-01-11 16:32 . 2010-01-11 16:28 -------- d-----w- c:\program files\Royal-Yugi Online
2010-01-10 13:26 . 2010-01-10 13:26 82993 ----a-w- c:\windows\system32\Uninstal.exe
2010-01-09 16:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2010-01-09 16:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2010-01-09 16:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2010-01-09 16:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2010-01-09 16:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2010-01-07 21:24 . 2009-10-31 13:00 -------- d-----w- c:\program files\Nvu
2010-01-07 21:23 . 2009-10-28 08:11 -------- d-----w- c:\program files\FreeTime
2010-01-07 21:23 . 2008-03-16 21:29 -------- d-----w- c:\program files\Acer GameZone
2010-01-07 21:20 . 2009-12-06 13:48 -------- d-----w- c:\program files\MSN Password Recovery
2010-01-07 21:19 . 2009-12-27 09:47 -------- d-----w- c:\program files\MadTracker
2010-01-07 21:19 . 2009-08-28 20:27 -------- d-----w- c:\program files\mnProjects
2010-01-07 21:18 . 2009-06-15 17:32 -------- d-----w- c:\programdata\Apple Computer
2010-01-07 21:16 . 2009-12-27 09:58 -------- d-----w- c:\program files\REAPER
2010-01-07 21:16 . 2009-12-26 20:55 -------- d-----w- c:\program files\Cakewalk
2010-01-07 21:15 . 2009-01-31 10:40 -------- d-----w- c:\program files\MSECACHE
2010-01-07 21:09 . 2009-06-15 17:31 -------- d-----w- c:\programdata\Apple
2010-01-07 15:07 . 2010-02-28 14:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2010-02-28 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 14:37 . 2009-01-25 16:07 -------- d-----w- c:\users\Alex\AppData\Roaming\mIRC
2009-12-30 14:33 . 2009-01-31 10:21 1356 ----a-w- c:\users\Alex\AppData\Local\d3d9caps.dat
2009-12-28 12:35 . 2010-02-10 08:44 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 08:44 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32 . 2010-02-10 08:44 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-10 08:44 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-10 08:44 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-10 08:44 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-10 08:44 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-10 08:44 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-10 08:44 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-28 12:28 . 2010-02-10 08:44 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-18 13:05 . 2010-01-22 12:43 833024 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 13:01 . 2010-01-22 12:43 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 10:14 . 2010-01-22 12:43 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-11 12:07 . 2010-02-10 08:44 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 12:07 . 2010-02-10 08:44 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:52 . 2010-02-10 08:44 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
.

------- Sigcheck -------

[-] 2006-11-10 . 921D359C1168867B515C219ACCED9609 . 245248 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
2009-10-15 08:53 165184 ----a-w- c:\program files\SFR\Kit\SFRNavErrorHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-25 68856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]
"Connexion SFR 9props.exe"="c:\program files\SFR\Kit\9props.exe" [2009-10-15 959808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-18 198160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-04 149280]
"F-Secure Manager"="c:\program files\SFR\Pack Sécurité\Common\FSM32.EXE" [2009-11-18 201128]
"F-Secure TNB"="c:\program files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe" [2009-11-18 1655208]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WiFi Station pour Livebox.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WiFi Station pour Livebox.lnk
backup=c:\windows\pss\WiFi Station pour Livebox.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
path=c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-25 20:36 28672 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-01-25 14:57 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-01-08 21:26 68640 ----a-w- c:\program files\Cyberlink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-29 10:51 4911104 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-25 13:38 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 03:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-07-18 20:59 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2008-01-29 08:03 303104 ----a-w- c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2008-01-21 02:33 2153472 ----a-w- c:\windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1487363990-143758708-288422109-1000]
"EnableNotificationsRef"=dword:00000001

R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [22/01/2010 09:35 33920]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\SFR\Pack Sécurité\HIPS\drivers\fshs.sys [22/01/2010 09:34 69928]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [22/01/2010 09:35 37544]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [22/01/2010 09:35 72904]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\SFR\Pack Sécurité\Anti-Virus\minifilter\fsvista.sys [22/01/2010 09:34 14248]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 13:11 16384]
R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [04/11/2009 12:12 233472]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25/04/2008 21:36 45056]
R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe -k yksvcs [21/01/2008 03:33 21504]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\SFR\Pack Sécurité\Anti-Virus\minifilter\fsgk.sys [22/01/2010 09:34 107104]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [04/11/2009 12:12 36608]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\System32\drivers\libusb0.sys [16/06/2009 08:00 28672]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\System32\drivers\vcsvad.sys [09/10/2009 15:33 17792]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [19/02/2009 13:00 721904]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14/01/2010 21:31 135664]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25/04/2008 21:36 131072]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\drivers\aspi32.sys [21/03/2009 20:24 25244]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe [22/01/2010 09:34 56000]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [25/01/2009 15:57 24064]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [11/12/2009 15:43 238960]
S3 netr73;Hercules Wireless USB Dongle Driver for Vista;c:\windows\System32\drivers\netr73.sys [25/01/2009 16:03 256000]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RDID1061;UA-4FX;c:\windows\System32\drivers\Rdwm1061.sys [28/12/2009 18:36 146432]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [06/04/2009 12:19 23064]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\System32\drivers\ss_bbus.sys [04/11/2009 12:18 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\System32\drivers\ss_bmdfl.sys [04/11/2009 12:18 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\System32\drivers\ss_bmdm.sys [04/11/2009 12:18 121856]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\SFR\Pack Sécurité\Anti-Virus\win2k\fsfilter.sys [22/01/2010 09:34 41640]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\SFR\Pack Sécurité\Anti-Virus\win2k\fsrec.sys [22/01/2010 09:34 27048]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - xayhimp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
yksvcs REG_MULTI_SZ yksvc
.
Contenu du dossier 'Tâches planifiées'

2010-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 20:31]

2010-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 20:31]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
mWindow Title =
uInternet Settings,ProxyOverride = local;*.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\program files\SFR\Pack Se9,curite9,\FSPS\program\FSLSP.DLL
Trusted Zone: chat-land.org
Trusted Zone: localhost
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0sgj9159.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - GoogleCOM
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\program files\SFR\Pack Sécurité\NRS\litmus-ff@f-secure.com\components\litmus-ff.dll
FF - component: c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0sgj9159.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0sgj9159.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Opera\program\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----

FF - user.js: browser.search.selectedEngine - GoogleCOM
FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=

FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-NPSStartup - (no file)
MSConfigStartUp-Acer Empowering Technology Monitor - c:\program files\Acer\Empowering Technology\SysMonitor.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-ares - c:\program files\Ares\Ares.exe
MSConfigStartUp-eDataSecurity Loader - c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
MSConfigStartUp-EmpoweringTechnology - c:\program files\Acer\Empowering Technology\Framework.Launcher.exe
MSConfigStartUp-Free Download Manager - c:\program files\Free Download Manager\fdm.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-Peer2Me - c:\program files\Peer2Me\Peer2Me.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
AddRemove-LibUSB-Win32_is1 - c:\program files\LibUSB-Win32\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-28 18:36
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\xayhimp]

.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2010-02-28 18:38:35
ComboFix-quarantined-files.txt 2010-02-28 17:38

Avant-CF: 20 241 543 168 octets libres
Après-CF: 33 509 142 528 octets libres

- - End Of File - - 2F7A94D05AF79A077229CF3628E67704
0
Utilisateur anonyme
28 févr. 2010 à 18:51
Re

|==>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour cet ordinateur/!\<==|
|===========>il est fort déconseillé de le transposer sur un autre ordinateur !<==========|
-----------------------------------------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

• Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
• Copie/colle dans le bloc-notes ce qui est entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------


KillAll::

Driver::

File::
c:\users\Alex\AppData\Local\Tee.exe
c:\users\Alex\AppData\Local\e.exe
c:\users\Alex\AppData\Roaming\rbuwzv.dat
c:\windows\system32\Uninstal.exe
Rootkit ::

Folder::

Services::

Registry::
-----------------------------------------------------------------

• Enregistre ce fichier sur ton Bureau (et pas ailleurs !) Sous le nom CFScript.txt
• Quitte le Bloc Notes

• Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif

• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt

@+
0
Réponse 15 / 31
Kaz62820 Messages postés 31 Date d'inscription dimanche 28 février 2010 Statut Membre Dernière intervention 6 mars 2010 2
28 févr. 2010 à 18:46
je dois quitter le pc pour ce soir, je reviendrais demain matin vers 10 heures ^^
0
Réponse 16 / 31
Kaz62820 Messages postés 31 Date d'inscription dimanche 28 février 2010 Statut Membre Dernière intervention 6 mars 2010 2
1 mars 2010 à 12:16
Bonjour,

alors ce matin de retour sur l'ordi je l'allume et paf ecran bleu il crash, il redemarre je fait "Demarrere windows normalement " et il se lance normalement c'ets normal ?


voici le rapport de combofix :

ComboFix 10-02-28.03 - Alex 01/03/2010 11:53:29.2.2 - x86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.3070.2072 [GMT 1:00]
Lancé depuis: C:\Users\Alex\AppData\Local\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
Commutateurs utilisés :: C:\Users\Alex\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Alex\AppData\Local\e.exe"
"c:\users\Alex\AppData\Local\Tee.exe"
"c:\users\Alex\AppData\Roaming\rbuwzv.dat"
"c:\windows\system32\Uninstal.exe"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Alex\AppData\Local\e.exe
c:\users\Alex\AppData\Local\Tee.exe
c:\users\Alex\AppData\Roaming\rbuwzv.dat
c:\windows\system32\Uninstal.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-01 au 2010-03-01 ))))))))))))))))))))))))))))))))))))
.

2010-03-01 11:02:17 . 2010-03-01 11:05:25 -------- d-----w- C:\Users\Alex\AppData\Local\temp
2010-03-01 11:02:17 . 2010-03-01 11:02:17 -------- d-----w- C:\Users\yvb2\AppData\Local\temp
2010-03-01 11:02:17 . 2010-03-01 11:02:17 -------- d-----w- C:\Users\YVB\AppData\Local\temp
2010-03-01 11:02:17 . 2010-03-01 11:02:17 -------- d-----w- C:\Users\Public\AppData\Local\temp
2010-03-01 11:02:17 . 2010-03-01 11:02:17 -------- d-----w- C:\Users\Default\AppData\Local\temp
2010-02-28 17:00:49 . 2010-02-28 17:00:50 148860 ----a-w- C:\UsbFix_Upload_Me_PC-DE-ALEX.zip
2010-02-28 14:53:38 . 2010-01-07 15:07:14 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-02-28 14:53:35 . 2010-01-07 15:07:04 19160 ----a-w- C:\Windows\system32\drivers\mbam.sys
2010-02-28 14:49:34 . 2010-02-28 17:00:50 -------- d-----w- C:\UsbFix
2010-02-28 14:15:44 . 2010-02-28 14:16:12 -------- d-----w- C:\rsit
2010-02-28 14:06:05 . 2010-02-28 14:17:43 -------- d-----w- C:\ToolBar SD
2010-02-28 13:33:10 . 2010-02-28 13:33:10 -------- d-----w- C:\Program Files\Trend Micro
2010-02-26 15:57:49 . 2010-02-26 15:57:49 29184 ----a-w- C:\Users\Alexe.exe
2010-02-26 15:57:18 . 2010-02-26 15:57:18 29184 ----a-w- C:\Users\Ale.exe
2010-02-24 21:36:59 . 2010-02-25 09:56:06 -------- d-----w- C:\Program Files\LucasArts
2010-02-17 10:23:06 . 2010-02-17 10:23:06 -------- d-----w- C:\Users\Alex\AppData\Roaming\Malwarebytes
2010-02-17 10:23:02 . 2010-02-28 14:53:40 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-17 10:23:02 . 2010-02-17 10:23:02 -------- d-----w- C:\ProgramData\Malwarebytes
2010-02-07 12:44:42 . 2010-02-07 12:44:42 -------- d-----w- C:\Program Files\Paradox Interactive
2010-02-07 12:33:50 . 2010-02-07 12:33:50 -------- d-----w- C:\Users\Alex\AppData\Roaming\F-Secure
2010-02-06 12:37:09 . 2010-02-06 12:37:09 -------- d-----w- C:\Users\Alex\AppData\Roaming\e frontier
2010-02-06 12:36:25 . 2010-02-06 12:36:25 -------- d-----w- C:\Program Files\e frontier
2010-02-06 12:36:16 . 1998-10-29 15:45:06 306688 ----a-w- C:\Windows\IsUninst.exe
2010-01-30 18:31:40 . 2010-03-01 10:51:35 -------- d-----w- C:\Users\Alex\AppData\Roaming\LimeWire
2010-01-30 18:31:02 . 2010-01-30 18:31:14 -------- d-----w- C:\Program Files\LimeWire

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-28 21:09:21 . 2009-08-15 18:05:35 -------- d-----w- C:\Users\Alex\AppData\Roaming\Winamp
2010-02-28 14:52:07 . 2009-01-25 16:07:48 -------- d-----w- C:\Program Files\mIRC
2010-02-28 13:04:19 . 2009-04-27 18:59:36 138328 ----a-w- C:\Windows\system32\drivers\PnkBstrK.sys
2010-02-28 13:04:10 . 2009-04-27 18:59:27 214816 ----a-w- C:\Windows\system32\PnkBstrB.exe
2010-02-25 09:56:31 . 2008-03-16 21:20:19 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2010-02-20 09:09:18 . 2010-01-16 21:13:16 -------- d-----w- C:\Program Files\Wolfenstein - Enemy Territory
2010-02-17 20:39:34 . 2009-01-27 23:42:23 -------- d-----w- C:\Users\Alex\AppData\Roaming\Notepad++
2010-02-17 20:39:33 . 2009-11-04 11:11:20 -------- d-----w- C:\Program Files\PC Connectivity Solution
2010-02-17 20:39:33 . 2009-08-15 18:06:08 -------- d-----w- C:\Program Files\Winamp Toolbar
2010-02-17 20:39:33 . 2009-02-22 18:39:15 -------- d-----w- C:\ProgramData\FLEXnet
2010-02-17 20:39:33 . 2009-02-22 18:31:55 -------- d-----w- C:\Program Files\Bonjour
2010-02-17 20:39:33 . 2009-02-19 13:50:57 -------- d-----w- C:\Program Files\DAEMON Tools Lite
2010-02-17 20:39:33 . 2009-01-25 18:53:05 -------- d-----w- C:\Program Files\ma-config.com
2010-02-17 20:39:33 . 2008-03-16 21:59:17 -------- d-----w- C:\Program Files\Common Files\LightScribe
2010-02-16 23:54:35 . 2010-02-16 23:54:35 16 ----a-w- C:\Users\Alex\AppData\Roaming\sgcpom.dat
2010-02-14 10:33:35 . 2009-12-06 12:39:13 439816 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\setup.exe
2010-02-11 20:56:23 . 2009-10-02 08:53:28 -------- d-----w- C:\Users\Alex\AppData\Roaming\Canon
2010-02-11 02:14:56 . 2006-11-02 11:18:33 -------- d-----w- C:\Program Files\Windows Mail
2010-02-10 08:50:18 . 2009-01-30 19:00:46 1 ----a-w- C:\Users\Alex\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-09 16:11:58 . 2009-01-25 14:56:40 102736 ----a-w- C:\Users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-07 01:39:11 . 2009-01-25 14:56:59 -------- d-----w- C:\Program Files\Google
2010-02-03 17:47:26 . 2010-01-11 16:17:54 -------- d-----w- C:\Program Files\Yu-Gi-Oh Virtual Battle 5
2010-01-29 22:07:58 . 2009-10-02 08:49:58 -------- d-----w- C:\Program Files\Canon
2010-01-29 07:50:51 . 2010-01-29 07:50:51 -------- d-----w- C:\Program Files\ASIO4ALL v2
2010-01-29 07:47:22 . 2009-02-08 20:20:43 -------- d-----w- C:\Program Files\VstPlugins
2010-01-24 16:49:11 . 2009-01-31 11:38:47 -------- d-----w- C:\ProgramData\Messenger Plus!
2010-01-24 16:41:06 . 2009-01-31 10:20:24 -------- d-----w- C:\Program Files\Messenger Plus! Live
2010-01-23 08:48:01 . 2009-10-28 10:26:31 -------- d-----w- C:\Users\Alex\AppData\Roaming\uTorrent
2010-01-22 18:14:24 . 2010-01-22 18:11:21 -------- d-----w- C:\Program Files\Image-Line
2010-01-22 15:02:52 . 2010-01-22 15:02:52 -------- d-----w- C:\Users\Alex\AppData\Roaming\Syntrillium
2010-01-22 15:02:17 . 2010-01-22 15:00:53 -------- d-----w- C:\Program Files\coolpro2
2010-01-22 14:50:50 . 2010-01-22 14:50:46 -------- d-----w- C:\Program Files\Mp3DoctorPRO
2010-01-22 14:06:39 . 2010-01-22 14:05:37 -------- d-----w- C:\Program Files\Kaiba Corp VDS
2010-01-22 08:40:52 . 2010-01-22 08:35:42 33920 ----a-w- C:\Windows\system32\drivers\fsbts.sys
2010-01-22 08:35:28 . 2008-01-21 07:23:37 676456 ----a-w- C:\Windows\system32\perfh00C.dat
2010-01-22 08:35:28 . 2008-01-21 07:23:37 126594 ----a-w- C:\Windows\system32\perfc00C.dat
2010-01-22 08:35:05 . 2010-01-22 08:29:25 -------- d-----w- C:\ProgramData\f-secure
2010-01-22 08:34:29 . 2010-01-22 08:34:29 -------- d-----w- C:\ProgramData\eMule
2010-01-22 08:34:13 . 2010-01-08 13:38:56 -------- d-----w- C:\Program Files\SFR
2010-01-22 08:34:01 . 2010-01-22 08:33:58 -------- d-----w- C:\Program Files\eMule
2010-01-22 08:33:25 . 2010-01-22 08:32:57 -------- d-----w- C:\ProgramData\fssg
2010-01-20 18:03:13 . 2008-03-16 21:41:30 -------- d-----w- C:\ProgramData\Microsoft Help
2010-01-20 18:01:40 . 2008-03-16 21:43:22 -------- d-----w- C:\Program Files\Microsoft Works
2010-01-17 16:18:42 . 2010-01-17 16:18:42 -------- d-----w- C:\Program Files\Bodom-Child - RaBBi
2010-01-15 15:53:19 . 2010-01-15 15:53:18 -------- d-----w- C:\Program Files\Metal-Yugioh
2010-01-15 11:01:24 . 2010-01-15 11:01:23 -------- d-----w- C:\Program Files\Microsoft SQL Server
2010-01-15 11:00:30 . 2009-01-27 10:17:59 195232 ----a-w- C:\ProgramData\Microsoft\VBExpress\9.0\1036\ResourceCache.dll
2010-01-15 11:00:19 . 2009-01-27 10:17:31 416 ----a-w- C:\ProgramData\Microsoft\MSDN\9.0\1036\ResourceCache.dll
2010-01-15 10:58:12 . 2010-01-10 13:44:12 -------- d-----w- C:\Program Files\Microsoft Visual Studio 9.0
2010-01-14 20:56:29 . 2010-01-14 20:55:09 419 ----a-w- C:\Users\Alex\errorlog.tmp
2010-01-14 20:24:29 . 2010-01-14 20:24:16 -------- d-----w- C:\Program Files\Celestia
2010-01-14 10:12:06 . 2009-10-03 09:34:23 181120 ------w- C:\Windows\system32\MpSigStub.exe
2010-01-13 18:15:50 . 2010-01-13 18:15:49 -------- d-----w- C:\Program Files\gPotato.eu
2010-01-13 09:37:51 . 2010-01-13 09:29:33 -------- d-----w- C:\Program Files\NetBattle
2010-01-11 21:49:11 . 2009-01-28 19:21:10 98744 ----a-w- C:\Windows\system32\GDIPFONTCACHEV1.DAT
2010-01-11 16:32:21 . 2010-01-11 16:28:14 -------- d-----w- C:\Program Files\Royal-Yugi Online
2010-01-09 16:12:25 . 2006-11-02 12:35:51 -------- d-----w- C:\Program Files\Windows Sidebar
2010-01-09 16:12:25 . 2006-11-02 12:35:51 -------- d-----w- C:\Program Files\Windows Photo Gallery
2010-01-09 16:12:25 . 2006-11-02 12:35:51 -------- d-----w- C:\Program Files\Windows Defender
2010-01-09 16:12:25 . 2006-11-02 12:35:51 -------- d-----w- C:\Program Files\Windows Collaboration
2010-01-09 16:12:25 . 2006-11-02 12:35:51 -------- d-----w- C:\Program Files\Windows Calendar
2010-01-07 21:24:09 . 2009-10-31 13:00:08 -------- d-----w- C:\Program Files\Nvu
2010-01-07 21:23:45 . 2009-10-28 08:11:45 -------- d-----w- C:\Program Files\FreeTime
2010-01-07 21:23:11 . 2008-03-16 21:29:42 -------- d-----w- C:\Program Files\Acer GameZone
2010-01-07 21:20:11 . 2009-12-06 13:48:47 -------- d-----w- C:\Program Files\MSN Password Recovery
2010-01-07 21:19:37 . 2009-12-27 09:47:58 -------- d-----w- C:\Program Files\MadTracker
2010-01-07 21:19:04 . 2009-08-28 20:27:07 -------- d-----w- C:\Program Files\mnProjects
2010-01-07 21:18:11 . 2009-06-15 17:32:51 -------- d-----w- C:\ProgramData\Apple Computer
2010-01-07 21:16:55 . 2009-12-27 09:58:14 -------- d-----w- C:\Program Files\REAPER
2010-01-07 21:16:26 . 2009-12-26 20:55:11 -------- d-----w- C:\Program Files\Cakewalk
2010-01-07 21:15:29 . 2009-01-31 10:40:10 -------- d-----w- C:\Program Files\MSECACHE
2010-01-07 21:09:05 . 2009-06-15 17:31:09 -------- d-----w- C:\ProgramData\Apple
2010-01-07 14:37:31 . 2009-01-25 16:07:48 -------- d-----w- C:\Users\Alex\AppData\Roaming\mIRC
2009-12-30 14:33:39 . 2009-01-31 10:21:18 1356 ----a-w- C:\Users\Alex\AppData\Local\d3d9caps.dat
2009-12-28 12:35:50 . 2010-02-10 08:44:35 11776 ----a-w- C:\Windows\system32\tsbyuv.dll
2009-12-28 12:35:00 . 2010-02-10 08:44:36 1314816 ----a-w- C:\Windows\system32\quartz.dll
2009-12-28 12:32:34 . 2010-02-10 08:44:35 22528 ----a-w- C:\Windows\system32\msyuv.dll
2009-12-28 12:32:32 . 2010-02-10 08:44:35 31744 ----a-w- C:\Windows\system32\msvidc32.dll
2009-12-28 12:32:32 . 2010-02-10 08:44:34 123904 ----a-w- C:\Windows\system32\msvfw32.dll
2009-12-28 12:32:25 . 2010-02-10 08:44:35 13312 ----a-w- C:\Windows\system32\msrle32.dll
2009-12-28 12:31:22 . 2010-02-10 08:44:35 82944 ----a-w- C:\Windows\system32\mciavi32.dll
2009-12-28 12:31:01 . 2010-02-10 08:44:35 50176 ----a-w- C:\Windows\system32\iyuv_32.dll
2009-12-28 12:28:43 . 2010-02-10 08:44:35 65024 ----a-w- C:\Windows\system32\avicap32.dll
2009-12-28 12:28:43 . 2010-02-10 08:44:34 91136 ----a-w- C:\Windows\system32\avifil32.dll
2009-12-18 13:05:50 . 2010-01-22 12:43:59 833024 ----a-w- C:\Windows\system32\wininet.dll
2009-12-18 13:01:56 . 2010-01-22 12:43:55 78336 ----a-w- C:\Windows\system32\ieencode.dll
2009-12-18 10:14:30 . 2010-01-22 12:43:56 26624 ----a-w- C:\Windows\system32\ieUnatt.exe
2009-12-11 12:07:30 . 2010-02-10 08:44:48 301568 ----a-w- C:\Windows\system32\drivers\srv.sys
2009-12-11 12:07:11 . 2010-02-10 08:44:47 98304 ----a-w- C:\Windows\system32\drivers\srvnet.sys
2009-12-08 20:52:30 . 2010-02-10 08:44:38 897624 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2009-12-08 20:52:17 . 2010-02-10 08:44:44 3597912 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2009-12-08 20:52:16 . 2010-02-10 08:44:44 3546200 ----a-w- C:\Windows\system32\ntoskrnl.exe
2009-12-06 20:41:01 . 2009-12-06 20:40:30 17614320 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\rp\RealPlayerSPGold_fr.exe
2009-12-06 20:40:30 . 2009-12-06 20:40:27 8405312 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2009-12-06 20:39:55 . 2009-12-06 20:39:55 149000 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\chr_helper\LaunchHelper.exe
2009-12-06 20:39:53 . 2009-12-06 20:39:49 10309448 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\chr\ChromeInstaller.exe
2009-12-06 20:39:25 . 2009-12-06 20:39:25 79368 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\RUP\vista.exe
2009-12-06 20:39:24 . 2009-12-06 20:39:24 64000 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\gcapi_dll.dll
2009-12-06 20:39:24 . 2009-12-06 20:39:24 52288 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\gtapi.dll
2009-12-06 20:39:24 . 2009-12-06 20:39:24 50688 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\fftbapi.dll
.

------- Sigcheck -------

[-] 2006-11-10 15:01:50 . 921D359C1168867B515C219ACCED9609 . 245248 . . [6.0.6000.16386 (vista_rtm.061101-2205)] . . C:\Windows\System32\shsvcs.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2009-05-06 14:22:22 1262888]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
2009-10-15 08:53:58 165184 ----a-w- C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 02:32:56 1233920]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 14:44:52 3883856]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-25 14:57:04 68856]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-12-29 10:40:30 687560]
"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 17:05:22 102400]
"Connexion SFR 9props.exe"="C:\Program Files\SFR\Kit\9props.exe" [2009-10-15 08:53:54 959808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 21:17:42 52256]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2009-07-18 20:59:26 198160]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-09-17 07:55:00 13580832]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-09-17 07:55:00 92704]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-11-04 18:30:01 149280]
"F-Secure Manager"="C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE" [2009-11-18 16:08:32 201128]
"F-Secure TNB"="C:\Program Files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe" [2009-11-18 16:07:12 1655208]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 15:07:10 1394000]

C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2009-12-16 503808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WiFi Station pour Livebox.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WiFi Station pour Livebox.lnk
backup=C:\Windows\pss\WiFi Station pour Livebox.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
path=C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
backup=C:\Windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-25 20:36:20 28672 ----a-w- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40:30 687560 ----a-w- C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-01-25 14:57:26 24064 ----a-w- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44:52 3883856 ----a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-01-08 21:26:08 68640 ----a-w- C:\Program Files\Cyberlink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-29 10:51:52 4911104 ----a-w- C:\Windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-25 13:38:06 61440 ----a-w- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 03:27:04 144784 ----a-w- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-07-18 20:59:26 198160 ----a-w- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2008-01-29 08:03:46 303104 ----a-w- C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33:00 1008184 ----a-w- C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2008-01-21 02:33:07 2153472 ----a-w- C:\Windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1487363990-143758708-288422109-1000]
"EnableNotificationsRef"=dword:00000001

R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [22/01/2010 09:35:42 33920]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files\SFR\Pack Sécurité\HIPS\drivers\fshs.sys [22/01/2010 09:34:46 69928]
R1 FSES;F-Secure Email Scanning Driver;C:\Windows\System32\drivers\fses.sys [22/01/2010 09:35:26 37544]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\System32\drivers\fsdfw.sys [22/01/2010 09:35:22 72904]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\SFR\Pack Sécurité\Anti-Virus\minifilter\fsvista.sys [22/01/2010 09:34:18 14248]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 13:11:14 16384]
R2 FsUsbExService;FsUsbExService;C:\Windows\System32\FsUsbExService.Exe [04/11/2009 12:12:04 233472]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25/04/2008 21:36:20 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25/04/2008 21:36:02 131072]
R2 yksvc;Marvell Yukon Service;C:\Windows\System32\svchost.exe -k yksvcs [21/01/2008 03:33:13 21504]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\SFR\Pack Sécurité\Anti-Virus\minifilter\fsgk.sys [22/01/2010 09:34:18 107104]
R3 FSORSPClient;F-Secure ORSP Client;C:\Program Files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe [22/01/2010 09:34:46 56000]
R3 FsUsbExDisk;FsUsbExDisk;C:\Windows\System32\FsUsbExDisk.Sys [04/11/2009 12:12:04 36608]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;C:\Windows\System32\drivers\libusb0.sys [16/06/2009 08:00:02 28672]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\System32\drivers\vcsvad.sys [09/10/2009 15:33:16 17792]
S2 gupdate;Service Google Update (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [14/01/2010 21:31:42 135664]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\Windows\System32\drivers\aspi32.sys [21/03/2009 20:24:10 25244]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [25/01/2009 15:57:15 24064]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [11/12/2009 15:43:30 238960]
S3 netr73;Hercules Wireless USB Dongle Driver for Vista;C:\Windows\System32\drivers\netr73.sys [25/01/2009 16:03:14 256000]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 RDID1061;UA-4FX;C:\Windows\System32\drivers\Rdwm1061.sys [28/12/2009 18:36:34 146432]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\Windows\System32\drivers\ScreamingBAudio.sys [06/04/2009 12:19:46 23064]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\System32\drivers\ss_bbus.sys [04/11/2009 12:18:38 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\System32\drivers\ss_bmdfl.sys [04/11/2009 12:18:38 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\System32\drivers\ss_bmdm.sys [04/11/2009 12:18:38 121856]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\SFR\Pack Sécurité\Anti-Virus\win2k\fsfilter.sys [22/01/2010 09:34:18 41640]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\SFR\Pack Sécurité\Anti-Virus\win2k\fsrec.sys [22/01/2010 09:34:18 27048]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - FSUSBEXDISK
*Deregistered* - xayhimp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
yksvcs REG_MULTI_SZ yksvc
.
Contenu du dossier 'Tâches planifiées'

2010-03-01 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-14 20:31:42 . 2010-01-14 20:31:37]

2010-03-01 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-14 20:31:42 . 2010-01-14 20:31:37]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
mWindow Title =
uInternet Settings,ProxyOverride = local;*.local
IE: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: C:\Program Files\SFR\Pack Se9,curite9,\FSPS\program\FSLSP.DLL
Trusted Zone: chat-land.org
Trusted Zone: localhost
FF - ProfilePath - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0sgj9159.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - GoogleCOM
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
FF - component: C:\Program Files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: C:\Program Files\SFR\Pack Sécurité\NRS\litmus-ff@f-secure.com\components\litmus-ff.dll
FF - component: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0sgj9159.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0sgj9159.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----

FF - user.js: browser.search.selectedEngine - GoogleCOM
FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=

FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHELINS SUPPRIMES - - - -

AddRemove-Patch RMXP 1.0.0.1 (V&S) - C:\Windows\system32\Uninstal.exe
0
Utilisateur anonyme
1 mars 2010 à 18:41
Bonsoir

Pour ton écran bleu ;note la première série de chiffres ;ça ressemble à ceci:

Par exemple : "0x0000001D (0x000E00E0, 0XF83207D0, 0XF83204D0, OXF46E9F4F)".
Parfois, l'intitulé est également indiqué.
Par exemple : NO_SPIN_LOCK_AVAILABLE.


ComboFix se copie sur le bureau.
C:\Users\Alex\AppData\Local\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe

Donc fait le;merci

Ensuite;
|==>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour cet ordinateur/!\<==|
|===========>il est fort déconseillé de le transposer sur un autre ordinateur !<==========|
-----------------------------------------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

• Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
• Copie/colle dans le bloc-notes ce qui est entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------


KillAll::

Driver::

File::
C:\Users\Alexe.exe
C:\Users\Ale.exe
C:\Users\Alex\AppData\Roaming\sgcpom.dat

Rootkit ::

Folder::

Services::

Registry::
-----------------------------------------------------------------

• Enregistre ce fichier sur ton Bureau (et pas ailleurs !) Sous le nom CFScript.txt
• Quitte le Bloc Notes

• Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif

• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt


@+
0
Réponse 17 / 31
Kaz62820 Messages postés 31 Date d'inscription dimanche 28 février 2010 Statut Membre Dernière intervention 6 mars 2010 2
1 mars 2010 à 20:56
ComboFix 10-03-01.01 - Alex 01/03/2010 20:35:30.3.2 - x86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.3070.2160 [GMT 1:00]
Lancé depuis: C:\Users\Alex\Desktop\ComboFix.exe
Commutateurs utilisés :: C:\Users\Alex\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"C:\Users\Ale.exe"
"C:\Users\Alex\AppData\Roaming\sgcpom.dat"
"C:\Users\Alexe.exe"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Ale.exe
C:\Users\Alex\AppData\Roaming\avdrn.dat
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winesm32.exe
C:\Users\Alex\AppData\Roaming\sgcpom.dat
C:\Users\Alexe.exe
.
---- Exécution préalable -------
.
c:\users\Alex\AppData\Local\e.exe
c:\users\Alex\AppData\Local\Tee.exe
c:\users\Alex\AppData\Roaming\rbuwzv.dat
c:\windows\system32\Uninstal.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-01 au 2010-03-01 ))))))))))))))))))))))))))))))))))))
.

2010-03-01 19:42:48 . 2010-03-01 19:48:25 -------- d-----w- C:\Users\Alex\AppData\Local\temp
2010-03-01 19:42:48 . 2010-03-01 19:42:48 -------- d-----w- C:\Users\yvb2\AppData\Local\temp
2010-03-01 19:42:48 . 2010-03-01 19:42:48 -------- d-----w- C:\Users\YVB\AppData\Local\temp
2010-03-01 19:42:48 . 2010-03-01 19:42:48 -------- d-----w- C:\Users\Public\AppData\Local\temp
2010-03-01 19:42:48 . 2010-03-01 19:42:48 -------- d-----w- C:\Users\Default\AppData\Local\temp
2010-03-01 19:42:48 . 2010-03-01 19:42:48 -------- d-----w- C:\Users\Brigitte\AppData\Local\temp
2010-02-28 17:00:49 . 2010-02-28 17:00:50 148860 ----a-w- C:\UsbFix_Upload_Me_PC-DE-ALEX.zip
2010-02-28 14:53:38 . 2010-01-07 15:07:14 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-02-28 14:53:35 . 2010-01-07 15:07:04 19160 ----a-w- C:\Windows\system32\drivers\mbam.sys
2010-02-28 14:49:34 . 2010-02-28 17:00:50 -------- d-----w- C:\UsbFix
2010-02-28 14:15:44 . 2010-02-28 14:16:12 -------- d-----w- C:\rsit
2010-02-28 14:06:05 . 2010-02-28 14:17:43 -------- d-----w- C:\ToolBar SD
2010-02-28 13:33:10 . 2010-02-28 13:33:10 -------- d-----w- C:\Program Files\Trend Micro
2010-02-24 21:36:59 . 2010-02-25 09:56:06 -------- d-----w- C:\Program Files\LucasArts
2010-02-17 10:23:06 . 2010-02-17 10:23:06 -------- d-----w- C:\Users\Alex\AppData\Roaming\Malwarebytes
2010-02-17 10:23:02 . 2010-02-28 14:53:40 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-17 10:23:02 . 2010-02-17 10:23:02 -------- d-----w- C:\ProgramData\Malwarebytes
2010-02-07 12:44:42 . 2010-02-07 12:44:42 -------- d-----w- C:\Program Files\Paradox Interactive
2010-02-07 12:33:50 . 2010-02-07 12:33:50 -------- d-----w- C:\Users\Alex\AppData\Roaming\F-Secure
2010-02-06 12:37:09 . 2010-02-06 12:37:09 -------- d-----w- C:\Users\Alex\AppData\Roaming\e frontier
2010-02-06 12:36:25 . 2010-02-06 12:36:25 -------- d-----w- C:\Program Files\e frontier
2010-02-06 12:36:16 . 1998-10-29 15:45:06 306688 ----a-w- C:\Windows\IsUninst.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-01 19:27:22 . 2010-01-30 18:31:40 -------- d-----w- C:\Users\Alex\AppData\Roaming\LimeWire
2010-03-01 18:50:05 . 2009-10-02 08:53:28 -------- d-----w- C:\Users\Alex\AppData\Roaming\Canon
2010-03-01 14:24:34 . 2009-04-27 18:59:27 214816 ----a-w- C:\Windows\system32\PnkBstrB.exe
2010-03-01 14:22:40 . 2009-04-27 18:59:36 138328 ----a-w- C:\Windows\system32\drivers\PnkBstrK.sys
2010-03-01 12:45:14 . 2010-03-01 12:45:10 12 ----a-w- C:\Users\Alex\AppData\Roaming\rbuwzv.dat
2010-02-28 21:09:21 . 2009-08-15 18:05:35 -------- d-----w- C:\Users\Alex\AppData\Roaming\Winamp
2010-02-28 14:52:07 . 2009-01-25 16:07:48 -------- d-----w- C:\Program Files\mIRC
2010-02-25 09:56:31 . 2008-03-16 21:20:19 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2010-02-20 09:09:18 . 2010-01-16 21:13:16 -------- d-----w- C:\Program Files\Wolfenstein - Enemy Territory
2010-02-17 20:39:34 . 2009-01-27 23:42:23 -------- d-----w- C:\Users\Alex\AppData\Roaming\Notepad++
2010-02-17 20:39:33 . 2009-11-04 11:11:20 -------- d-----w- C:\Program Files\PC Connectivity Solution
2010-02-17 20:39:33 . 2009-08-15 18:06:08 -------- d-----w- C:\Program Files\Winamp Toolbar
2010-02-17 20:39:33 . 2009-02-22 18:39:15 -------- d-----w- C:\ProgramData\FLEXnet
2010-02-17 20:39:33 . 2009-02-22 18:31:55 -------- d-----w- C:\Program Files\Bonjour
2010-02-17 20:39:33 . 2009-02-19 13:50:57 -------- d-----w- C:\Program Files\DAEMON Tools Lite
2010-02-17 20:39:33 . 2009-01-25 18:53:05 -------- d-----w- C:\Program Files\ma-config.com
2010-02-17 20:39:33 . 2008-03-16 21:59:17 -------- d-----w- C:\Program Files\Common Files\LightScribe
2010-02-14 10:33:35 . 2009-12-06 12:39:13 439816 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\setup.exe
2010-02-11 02:14:56 . 2006-11-02 11:18:33 -------- d-----w- C:\Program Files\Windows Mail
2010-02-10 08:50:18 . 2009-01-30 19:00:46 1 ----a-w- C:\Users\Alex\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-09 16:11:58 . 2009-01-25 14:56:40 102736 ----a-w- C:\Users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-07 01:39:11 . 2009-01-25 14:56:59 -------- d-----w- C:\Program Files\Google
2010-02-03 17:47:26 . 2010-01-11 16:17:54 -------- d-----w- C:\Program Files\Yu-Gi-Oh Virtual Battle 5
2010-01-30 18:31:14 . 2010-01-30 18:31:02 -------- d-----w- C:\Program Files\LimeWire
2010-01-29 22:07:58 . 2009-10-02 08:49:58 -------- d-----w- C:\Program Files\Canon
2010-01-29 07:50:51 . 2010-01-29 07:50:51 -------- d-----w- C:\Program Files\ASIO4ALL v2
2010-01-29 07:47:22 . 2009-02-08 20:20:43 -------- d-----w- C:\Program Files\VstPlugins
2010-01-24 16:49:11 . 2009-01-31 11:38:47 -------- d-----w- C:\ProgramData\Messenger Plus!
2010-01-24 16:41:06 . 2009-01-31 10:20:24 -------- d-----w- C:\Program Files\Messenger Plus! Live
2010-01-23 08:48:01 . 2009-10-28 10:26:31 -------- d-----w- C:\Users\Alex\AppData\Roaming\uTorrent
2010-01-22 18:14:24 . 2010-01-22 18:11:21 -------- d-----w- C:\Program Files\Image-Line
2010-01-22 15:02:52 . 2010-01-22 15:02:52 -------- d-----w- C:\Users\Alex\AppData\Roaming\Syntrillium
2010-01-22 15:02:17 . 2010-01-22 15:00:53 -------- d-----w- C:\Program Files\coolpro2
2010-01-22 14:50:50 . 2010-01-22 14:50:46 -------- d-----w- C:\Program Files\Mp3DoctorPRO
2010-01-22 14:06:39 . 2010-01-22 14:05:37 -------- d-----w- C:\Program Files\Kaiba Corp VDS
2010-01-22 08:40:52 . 2010-01-22 08:35:42 33920 ----a-w- C:\Windows\system32\drivers\fsbts.sys
2010-01-22 08:35:28 . 2008-01-21 07:23:37 676456 ----a-w- C:\Windows\system32\perfh00C.dat
2010-01-22 08:35:28 . 2008-01-21 07:23:37 126594 ----a-w- C:\Windows\system32\perfc00C.dat
2010-01-22 08:35:05 . 2010-01-22 08:29:25 -------- d-----w- C:\ProgramData\f-secure
2010-01-22 08:34:29 . 2010-01-22 08:34:29 -------- d-----w- C:\ProgramData\eMule
2010-01-22 08:34:13 . 2010-01-08 13:38:56 -------- d-----w- C:\Program Files\SFR
2010-01-22 08:34:01 . 2010-01-22 08:33:58 -------- d-----w- C:\Program Files\eMule
2010-01-22 08:33:25 . 2010-01-22 08:32:57 -------- d-----w- C:\ProgramData\fssg
2010-01-20 18:03:13 . 2008-03-16 21:41:30 -------- d-----w- C:\ProgramData\Microsoft Help
2010-01-20 18:01:40 . 2008-03-16 21:43:22 -------- d-----w- C:\Program Files\Microsoft Works
2010-01-17 16:18:42 . 2010-01-17 16:18:42 -------- d-----w- C:\Program Files\Bodom-Child - RaBBi
2010-01-15 15:53:19 . 2010-01-15 15:53:18 -------- d-----w- C:\Program Files\Metal-Yugioh
2010-01-15 11:01:24 . 2010-01-15 11:01:23 -------- d-----w- C:\Program Files\Microsoft SQL Server
2010-01-15 11:00:30 . 2009-01-27 10:17:59 195232 ----a-w- C:\ProgramData\Microsoft\VBExpress\9.0\1036\ResourceCache.dll
2010-01-15 11:00:19 . 2009-01-27 10:17:31 416 ----a-w- C:\ProgramData\Microsoft\MSDN\9.0\1036\ResourceCache.dll
2010-01-15 10:58:12 . 2010-01-10 13:44:12 -------- d-----w- C:\Program Files\Microsoft Visual Studio 9.0
2010-01-14 20:56:29 . 2010-01-14 20:55:09 419 ----a-w- C:\Users\Alex\errorlog.tmp
2010-01-14 20:24:29 . 2010-01-14 20:24:16 -------- d-----w- C:\Program Files\Celestia
2010-01-14 10:12:06 . 2009-10-03 09:34:23 181120 ------w- C:\Windows\system32\MpSigStub.exe
2010-01-13 18:15:50 . 2010-01-13 18:15:49 -------- d-----w- C:\Program Files\gPotato.eu
2010-01-13 09:37:51 . 2010-01-13 09:29:33 -------- d-----w- C:\Program Files\NetBattle
2010-01-11 21:49:11 . 2009-01-28 19:21:10 98744 ----a-w- C:\Windows\system32\GDIPFONTCACHEV1.DAT
2010-01-11 16:32:21 . 2010-01-11 16:28:14 -------- d-----w- C:\Program Files\Royal-Yugi Online
2010-01-09 16:12:25 . 2006-11-02 12:35:51 -------- d-----w- C:\Program Files\Windows Sidebar
2010-01-09 16:12:25 . 2006-11-02 12:35:51 -------- d-----w- C:\Program Files\Windows Photo Gallery
2010-01-09 16:12:25 . 2006-11-02 12:35:51 -------- d-----w- C:\Program Files\Windows Defender
2010-01-09 16:12:25 . 2006-11-02 12:35:51 -------- d-----w- C:\Program Files\Windows Collaboration
2010-01-09 16:12:25 . 2006-11-02 12:35:51 -------- d-----w- C:\Program Files\Windows Calendar
2010-01-07 21:24:09 . 2009-10-31 13:00:08 -------- d-----w- C:\Program Files\Nvu
2010-01-07 21:23:45 . 2009-10-28 08:11:45 -------- d-----w- C:\Program Files\FreeTime
2010-01-07 21:23:11 . 2008-03-16 21:29:42 -------- d-----w- C:\Program Files\Acer GameZone
2010-01-07 21:20:11 . 2009-12-06 13:48:47 -------- d-----w- C:\Program Files\MSN Password Recovery
2010-01-07 21:19:37 . 2009-12-27 09:47:58 -------- d-----w- C:\Program Files\MadTracker
2010-01-07 21:19:04 . 2009-08-28 20:27:07 -------- d-----w- C:\Program Files\mnProjects
2010-01-07 21:18:11 . 2009-06-15 17:32:51 -------- d-----w- C:\ProgramData\Apple Computer
2010-01-07 21:16:55 . 2009-12-27 09:58:14 -------- d-----w- C:\Program Files\REAPER
2010-01-07 21:16:26 . 2009-12-26 20:55:11 -------- d-----w- C:\Program Files\Cakewalk
2010-01-07 21:15:29 . 2009-01-31 10:40:10 -------- d-----w- C:\Program Files\MSECACHE
2010-01-07 21:09:05 . 2009-06-15 17:31:09 -------- d-----w- C:\ProgramData\Apple
2010-01-07 14:37:31 . 2009-01-25 16:07:48 -------- d-----w- C:\Users\Alex\AppData\Roaming\mIRC
2009-12-30 14:33:39 . 2009-01-31 10:21:18 1356 ----a-w- C:\Users\Alex\AppData\Local\d3d9caps.dat
2009-12-28 12:35:50 . 2010-02-10 08:44:35 11776 ----a-w- C:\Windows\system32\tsbyuv.dll
2009-12-28 12:35:00 . 2010-02-10 08:44:36 1314816 ----a-w- C:\Windows\system32\quartz.dll
2009-12-28 12:32:34 . 2010-02-10 08:44:35 22528 ----a-w- C:\Windows\system32\msyuv.dll
2009-12-28 12:32:32 . 2010-02-10 08:44:35 31744 ----a-w- C:\Windows\system32\msvidc32.dll
2009-12-28 12:32:32 . 2010-02-10 08:44:34 123904 ----a-w- C:\Windows\system32\msvfw32.dll
2009-12-28 12:32:25 . 2010-02-10 08:44:35 13312 ----a-w- C:\Windows\system32\msrle32.dll
2009-12-28 12:31:22 . 2010-02-10 08:44:35 82944 ----a-w- C:\Windows\system32\mciavi32.dll
2009-12-28 12:31:01 . 2010-02-10 08:44:35 50176 ----a-w- C:\Windows\system32\iyuv_32.dll
2009-12-28 12:28:43 . 2010-02-10 08:44:35 65024 ----a-w- C:\Windows\system32\avicap32.dll
2009-12-28 12:28:43 . 2010-02-10 08:44:34 91136 ----a-w- C:\Windows\system32\avifil32.dll
2009-12-18 13:05:50 . 2010-01-22 12:43:59 833024 ----a-w- C:\Windows\system32\wininet.dll
2009-12-18 13:01:56 . 2010-01-22 12:43:55 78336 ----a-w- C:\Windows\system32\ieencode.dll
2009-12-18 10:14:30 . 2010-01-22 12:43:56 26624 ----a-w- C:\Windows\system32\ieUnatt.exe
2009-12-11 12:07:30 . 2010-02-10 08:44:48 301568 ----a-w- C:\Windows\system32\drivers\srv.sys
2009-12-11 12:07:11 . 2010-02-10 08:44:47 98304 ----a-w- C:\Windows\system32\drivers\srvnet.sys
2009-12-08 20:52:30 . 2010-02-10 08:44:38 897624 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2009-12-08 20:52:17 . 2010-02-10 08:44:44 3597912 ----a-w- C:\Windows\system32\ntkrnlpa.exe
2009-12-08 20:52:16 . 2010-02-10 08:44:44 3546200 ----a-w- C:\Windows\system32\ntoskrnl.exe
2009-12-06 20:41:01 . 2009-12-06 20:40:30 17614320 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\rp\RealPlayerSPGold_fr.exe
2009-12-06 20:40:30 . 2009-12-06 20:40:27 8405312 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2009-12-06 20:39:55 . 2009-12-06 20:39:55 149000 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\chr_helper\LaunchHelper.exe
2009-12-06 20:39:53 . 2009-12-06 20:39:49 10309448 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\chr\ChromeInstaller.exe
2009-12-06 20:39:25 . 2009-12-06 20:39:25 79368 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\RUP\vista.exe
2009-12-06 20:39:24 . 2009-12-06 20:39:24 64000 ----a-w- C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\gcapi_dll.dll
.

------- Sigcheck -------

[-] 2006-11-10 15:01:50 . 921D359C1168867B515C219ACCED9609 . 245248 . . [6.0.6000.16386 (vista_rtm.061101-2205)] . . C:\Windows\System32\shsvcs.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2009-05-06 14:22:22 1262888]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
2009-10-15 08:53:58 165184 ----a-w- C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 02:32:56 1233920]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 14:44:52 3883856]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-25 14:57:04 68856]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-12-29 10:40:30 687560]
"AutoStartNPSAgent"="C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 17:05:22 102400]
"Connexion SFR 9props.exe"="C:\Program Files\SFR\Kit\9props.exe" [2009-10-15 08:53:54 959808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 21:17:42 52256]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2009-07-18 20:59:26 198160]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-09-17 07:55:00 13580832]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-09-17 07:55:00 92704]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-11-04 18:30:01 149280]
"F-Secure Manager"="C:\Program Files\SFR\Pack Sécurité\Common\FSM32.EXE" [2009-11-18 16:08:32 201128]
"F-Secure TNB"="C:\Program Files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe" [2009-11-18 16:07:12 1655208]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 15:07:10 1394000]

C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2009-12-16 503808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WiFi Station pour Livebox.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WiFi Station pour Livebox.lnk
backup=C:\Windows\pss\WiFi Station pour Livebox.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
path=C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
backup=C:\Windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-25 20:36:20 28672 ----a-w- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40:30 687560 ----a-w- C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-01-25 14:57:26 24064 ----a-w- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44:52 3883856 ----a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-01-08 21:26:08 68640 ----a-w- C:\Program Files\Cyberlink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-29 10:51:52 4911104 ----a-w- C:\Windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-25 13:38:06 61440 ----a-w- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 03:27:04 144784 ----a-w- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-07-18 20:59:26 198160 ----a-w- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2008-01-29 08:03:46 303104 ----a-w- C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33:00 1008184 ----a-w- C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2008-01-21 02:33:07 2153472 ----a-w- C:\Windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1487363990-143758708-288422109-1000]
"EnableNotificationsRef"=dword:00000001

R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [22/01/2010 09:35:42 33920]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files\SFR\Pack Sécurité\HIPS\drivers\fshs.sys [22/01/2010 09:34:46 69928]
R1 FSES;F-Secure Email Scanning Driver;C:\Windows\System32\drivers\fses.sys [22/01/2010 09:35:26 37544]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\System32\drivers\fsdfw.sys [22/01/2010 09:35:22 72904]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\SFR\Pack Sécurité\Anti-Virus\minifilter\fsvista.sys [22/01/2010 09:34:18 14248]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 13:11:14 16384]
R2 FsUsbExService;FsUsbExService;C:\Windows\System32\FsUsbExService.Exe [04/11/2009 12:12:04 233472]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25/04/2008 21:36:20 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25/04/2008 21:36:02 131072]
R2 yksvc;Marvell Yukon Service;C:\Windows\System32\svchost.exe -k yksvcs [21/01/2008 03:33:13 21504]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\SFR\Pack Sécurité\Anti-Virus\minifilter\fsgk.sys [22/01/2010 09:34:18 107104]
R3 FSORSPClient;F-Secure ORSP Client;C:\Program Files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe [22/01/2010 09:34:46 55992]
R3 FsUsbExDisk;FsUsbExDisk;C:\Windows\System32\FsUsbExDisk.Sys [04/11/2009 12:12:04 36608]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;C:\Windows\System32\drivers\libusb0.sys [16/06/2009 08:00:02 28672]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\System32\drivers\vcsvad.sys [09/10/2009 15:33:16 17792]
S2 gupdate;Service Google Update (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [14/01/2010 21:31:42 135664]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\Windows\System32\drivers\aspi32.sys [21/03/2009 20:24:10 25244]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [25/01/2009 15:57:15 24064]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [11/12/2009 15:43:30 238960]
S3 netr73;Hercules Wireless USB Dongle Driver for Vista;C:\Windows\System32\drivers\netr73.sys [25/01/2009 16:03:14 256000]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 RDID1061;UA-4FX;C:\Windows\System32\drivers\Rdwm1061.sys [28/12/2009 18:36:34 146432]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\Windows\System32\drivers\ScreamingBAudio.sys [06/04/2009 12:19:46 23064]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);C:\Windows\System32\drivers\ss_bbus.sys [04/11/2009 12:18:38 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);C:\Windows\System32\drivers\ss_bmdfl.sys [04/11/2009 12:18:38 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;C:\Windows\System32\drivers\ss_bmdm.sys [04/11/2009 12:18:38 121856]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\SFR\Pack Sécurité\Anti-Virus\win2k\fsfilter.sys [22/01/2010 09:34:18 41640]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\SFR\Pack Sécurité\Anti-Virus\win2k\fsrec.sys [22/01/2010 09:34:18 27048]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - xayhimp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
yksvcs REG_MULTI_SZ yksvc
.
Contenu du dossier 'Tâches planifiées'

2010-03-01 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-14 20:31:42 . 2010-01-14 20:31:37]

2010-03-01 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-14 20:31:42 . 2010-01-14 20:31:37]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
mWindow Title =
uInternet Settings,ProxyOverride = local;*.local
IE: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: C:\Program Files\SFR\Pack Se9,curite9,\FSPS\program\FSLSP.DLL
Trusted Zone: chat-land.org
Trusted Zone: localhost
FF - ProfilePath - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0sgj9159.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - GoogleCOM
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
FF - component: C:\Program Files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: C:\Program Files\SFR\Pack Sécurité\NRS\litmus-ff@f-secure.com\components\litmus-ff.dll
FF - component: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0sgj9159.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0sgj9159.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
FF - plugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: C:\Program Files\ma-config.com\nphardwaredetection.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: C:\Program Files\Opera\program\plugins\NPAdbESD.dll
FF - plugin: C:\Program Files\Opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----

FF - user.js: browser.search.selectedEngine - GoogleCOM
FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=

FF - user.js: browser.sessionstore.resume_from_crash - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-01 20:48:25
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85D221F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x833ae322
\Driver\ACPI -> acpi.sys @ 0x8073ad4c
\Driver\atapi -> 0x85d221f8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="C:\Windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\xayhimp]

.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Autres processus actifs ------------------------
.
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\FSGK32.EXE
C:\Program Files\SFR\Pack Sécurité\Common\FSHDLL32.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\SFR\Pack Sécurité\FWES\Program\fsdfwd.exe
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fssm32.exe
C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsav32.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\conime.exe
.
**************************************************************************
.
Heure de fin: 2010-03-01 20:55:06 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-03-01 19:54:59
ComboFix2.txt 2010-02-28 17:38:35
0
Utilisateur anonyme
1 mars 2010 à 21:25
Re

Un autre script:
|==>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour cet ordinateur/!\<==|
|===========>il est fort déconseillé de le transposer sur un autre ordinateur !<==========|
-----------------------------------------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

• Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
• Copie/colle dans le bloc-notes ce qui est entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------


KillAll::

Driver::

File::
C:\Users\Alex\AppData\Roaming\rbuwzv.dat
C:\Users\Alex\AppData\Roaming\Real\Update\setup3.09\setup.exe
C:\Program Files\Mp3DoctorPRO
C:\Program Files\Kaiba Corp VDS
C:\Program Files\Metal-Yugioh
C:\Program Files\Royal-Yugi Online

Rootkit ::

Folder::

Services::

Registry::
-----------------------------------------------------------------

• Enregistre ce fichier sur ton Bureau (et pas ailleurs !) Sous le nom CFScript.txt
• Quitte le Bloc Notes

• Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif

• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt

@+
0
Réponse 18 / 31
Kaz62820 Messages postés 31 Date d'inscription dimanche 28 février 2010 Statut Membre Dernière intervention 6 mars 2010 2
1 mars 2010 à 21:27
OK je vais le faire, mais j'aimerais savoir, y a encore beaucoup de truc comme ça a faire ? ^^
0
Utilisateur anonyme
1 mars 2010 à 21:45
Re

On verra après ce rapport;mais dans tous les cas il nous restera à effectuer différentes mises à jour et à supprimer tous les outils utilisés.
Également un nettoyage du registre et des dossiers ainsi qu'une purge de la restauration;voilà.

@+
0
Réponse 19 / 31
Kaz62820 Messages postés 31 Date d'inscription dimanche 28 février 2010 Statut Membre Dernière intervention 6 mars 2010 2
1 mars 2010 à 22:12
ComboFix 10-03-01.01 - Alex 01/03/2010 21:49:24.5.2 - x86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.33.1036.18.3070.2114 [GMT 1:00]
Lancé depuis: c:\users\Alex\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Alex\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\program files\Kaiba Corp VDS"
"c:\program files\Metal-Yugioh"
"c:\program files\Mp3DoctorPRO"
"c:\program files\Royal-Yugi Online"
"c:\users\Alex\AppData\Roaming\rbuwzv.dat"
"c:\users\Alex\AppData\Roaming\Real\Update\setup3.09\setup.exe"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Alex\AppData\Roaming\rbuwzv.dat
c:\users\Alex\AppData\Roaming\Real\Update\setup3.09\setup.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-01 au 2010-03-01 ))))))))))))))))))))))))))))))))))))
.

2010-03-01 20:56 . 2010-03-01 20:58 -------- d-----w- c:\users\Alex\AppData\Local\temp
2010-03-01 20:56 . 2010-03-01 20:56 -------- d-----w- c:\users\yvb2\AppData\Local\temp
2010-03-01 20:56 . 2010-03-01 20:56 -------- d-----w- c:\users\YVB\AppData\Local\temp
2010-03-01 20:56 . 2010-03-01 20:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-01 20:56 . 2010-03-01 20:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-01 20:56 . 2010-03-01 20:56 -------- d-----w- c:\users\Brigitte\AppData\Local\temp
2010-02-28 17:00 . 2010-02-28 17:00 148860 ----a-w- C:\UsbFix_Upload_Me_PC-DE-ALEX.zip
2010-02-28 14:53 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-28 14:53 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-28 14:49 . 2010-02-28 17:00 -------- d-----w- C:\UsbFix
2010-02-28 14:15 . 2010-02-28 14:16 -------- d-----w- C:\rsit
2010-02-28 14:06 . 2010-02-28 14:17 -------- d-----w- C:\ToolBar SD
2010-02-28 13:33 . 2010-02-28 13:33 -------- d-----w- c:\program files\Trend Micro
2010-02-24 21:36 . 2010-02-25 09:56 -------- d-----w- c:\program files\LucasArts
2010-02-17 10:23 . 2010-02-17 10:23 -------- d-----w- c:\users\Alex\AppData\Roaming\Malwarebytes
2010-02-17 10:23 . 2010-02-28 14:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-17 10:23 . 2010-02-17 10:23 -------- d-----w- c:\programdata\Malwarebytes
2010-02-07 12:44 . 2010-02-07 12:44 -------- d-----w- c:\program files\Paradox Interactive
2010-02-07 12:33 . 2010-02-07 12:33 -------- d-----w- c:\users\Alex\AppData\Roaming\F-Secure
2010-02-06 12:37 . 2010-02-06 12:37 -------- d-----w- c:\users\Alex\AppData\Roaming\e frontier
2010-02-06 12:36 . 2010-02-06 12:36 -------- d-----w- c:\program files\e frontier
2010-02-06 12:36 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-01 20:40 . 2010-01-30 18:31 -------- d-----w- c:\users\Alex\AppData\Roaming\LimeWire
2010-03-01 20:20 . 2009-10-02 08:53 -------- d-----w- c:\users\Alex\AppData\Roaming\Canon
2010-03-01 14:24 . 2009-04-27 18:59 214816 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-01 14:22 . 2009-04-27 18:59 138328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-28 21:09 . 2009-08-15 18:05 -------- d-----w- c:\users\Alex\AppData\Roaming\Winamp
2010-02-28 14:52 . 2009-01-25 16:07 -------- d-----w- c:\program files\mIRC
2010-02-25 09:56 . 2008-03-16 21:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-20 09:09 . 2010-01-16 21:13 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory
2010-02-17 20:39 . 2009-01-27 23:42 -------- d-----w- c:\users\Alex\AppData\Roaming\Notepad++
2010-02-17 20:39 . 2009-11-04 11:11 -------- d-----w- c:\program files\PC Connectivity Solution
2010-02-17 20:39 . 2009-08-15 18:06 -------- d-----w- c:\program files\Winamp Toolbar
2010-02-17 20:39 . 2009-02-22 18:39 -------- d-----w- c:\programdata\FLEXnet
2010-02-17 20:39 . 2009-02-22 18:31 -------- d-----w- c:\program files\Bonjour
2010-02-17 20:39 . 2009-02-19 13:50 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-17 20:39 . 2009-01-25 18:53 -------- d-----w- c:\program files\ma-config.com
2010-02-17 20:39 . 2008-03-16 21:59 -------- d-----w- c:\program files\Common Files\LightScribe
2010-02-11 02:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-10 08:50 . 2009-01-30 19:00 1 ----a-w- c:\users\Alex\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-09 16:11 . 2009-01-25 14:56 102736 ----a-w- c:\users\Alex\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-07 01:39 . 2009-01-25 14:56 -------- d-----w- c:\program files\Google
2010-02-03 17:47 . 2010-01-11 16:17 -------- d-----w- c:\program files\Yu-Gi-Oh Virtual Battle 5
2010-01-30 18:31 . 2010-01-30 18:31 -------- d-----w- c:\program files\LimeWire
2010-01-29 22:07 . 2009-10-02 08:49 -------- d-----w- c:\program files\Canon
2010-01-29 07:50 . 2010-01-29 07:50 -------- d-----w- c:\program files\ASIO4ALL v2
2010-01-29 07:47 . 2009-02-08 20:20 -------- d-----w- c:\program files\VstPlugins
2010-01-24 16:49 . 2009-01-31 11:38 -------- d-----w- c:\programdata\Messenger Plus!
2010-01-24 16:41 . 2009-01-31 10:20 -------- d-----w- c:\program files\Messenger Plus! Live
2010-01-23 08:48 . 2009-10-28 10:26 -------- d-----w- c:\users\Alex\AppData\Roaming\uTorrent
2010-01-22 18:14 . 2010-01-22 18:11 -------- d-----w- c:\program files\Image-Line
2010-01-22 15:02 . 2010-01-22 15:02 -------- d-----w- c:\users\Alex\AppData\Roaming\Syntrillium
2010-01-22 15:02 . 2010-01-22 15:00 -------- d-----w- c:\program files\coolpro2
2010-01-22 14:50 . 2010-01-22 14:50 -------- d-----w- c:\program files\Mp3DoctorPRO
2010-01-22 14:06 . 2010-01-22 14:05 -------- d-----w- c:\program files\Kaiba Corp VDS
2010-01-22 08:40 . 2010-01-22 08:35 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2010-01-22 08:35 . 2008-01-21 07:23 676456 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-22 08:35 . 2008-01-21 07:23 126594 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-22 08:35 . 2010-01-22 08:29 -------- d-----w- c:\programdata\f-secure
2010-01-22 08:34 . 2010-01-22 08:34 -------- d-----w- c:\programdata\eMule
2010-01-22 08:34 . 2010-01-08 13:38 -------- d-----w- c:\program files\SFR
2010-01-22 08:34 . 2010-01-22 08:33 -------- d-----w- c:\program files\eMule
2010-01-22 08:33 . 2010-01-22 08:32 -------- d-----w- c:\programdata\fssg
2010-01-20 18:03 . 2008-03-16 21:41 -------- d-----w- c:\programdata\Microsoft Help
2010-01-20 18:01 . 2008-03-16 21:43 -------- d-----w- c:\program files\Microsoft Works
2010-01-17 16:18 . 2010-01-17 16:18 -------- d-----w- c:\program files\Bodom-Child - RaBBi
2010-01-15 15:53 . 2010-01-15 15:53 -------- d-----w- c:\program files\Metal-Yugioh
2010-01-15 11:01 . 2010-01-15 11:01 -------- d-----w- c:\program files\Microsoft SQL Server
2010-01-15 11:00 . 2009-01-27 10:17 195232 ----a-w- c:\programdata\Microsoft\VBExpress\9.0\1036\ResourceCache.dll
2010-01-15 11:00 . 2009-01-27 10:17 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1036\ResourceCache.dll
2010-01-15 10:58 . 2010-01-10 13:44 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-01-14 20:56 . 2010-01-14 20:55 419 ----a-w- c:\users\Alex\errorlog.tmp
2010-01-14 20:24 . 2010-01-14 20:24 -------- d-----w- c:\program files\Celestia
2010-01-14 10:12 . 2009-10-03 09:34 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 18:15 . 2010-01-13 18:15 -------- d-----w- c:\program files\gPotato.eu
2010-01-13 09:37 . 2010-01-13 09:29 -------- d-----w- c:\program files\NetBattle
2010-01-11 21:49 . 2009-01-28 19:21 98744 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-01-11 16:32 . 2010-01-11 16:28 -------- d-----w- c:\program files\Royal-Yugi Online
2010-01-09 16:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2010-01-09 16:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2010-01-09 16:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2010-01-09 16:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2010-01-09 16:12 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2010-01-07 21:24 . 2009-10-31 13:00 -------- d-----w- c:\program files\Nvu
2010-01-07 21:23 . 2009-10-28 08:11 -------- d-----w- c:\program files\FreeTime
2010-01-07 21:23 . 2008-03-16 21:29 -------- d-----w- c:\program files\Acer GameZone
2010-01-07 21:20 . 2009-12-06 13:48 -------- d-----w- c:\program files\MSN Password Recovery
2010-01-07 21:19 . 2009-12-27 09:47 -------- d-----w- c:\program files\MadTracker
2010-01-07 21:19 . 2009-08-28 20:27 -------- d-----w- c:\program files\mnProjects
2010-01-07 21:18 . 2009-06-15 17:32 -------- d-----w- c:\programdata\Apple Computer
2010-01-07 21:16 . 2009-12-27 09:58 -------- d-----w- c:\program files\REAPER
2010-01-07 21:16 . 2009-12-26 20:55 -------- d-----w- c:\program files\Cakewalk
2010-01-07 21:15 . 2009-01-31 10:40 -------- d-----w- c:\program files\MSECACHE
2010-01-07 21:09 . 2009-06-15 17:31 -------- d-----w- c:\programdata\Apple
2010-01-07 14:37 . 2009-01-25 16:07 -------- d-----w- c:\users\Alex\AppData\Roaming\mIRC
2009-12-30 14:33 . 2009-01-31 10:21 1356 ----a-w- c:\users\Alex\AppData\Local\d3d9caps.dat
2009-12-28 12:35 . 2010-02-10 08:44 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 08:44 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32 . 2010-02-10 08:44 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-10 08:44 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-10 08:44 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-10 08:44 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-10 08:44 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-10 08:44 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-10 08:44 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-28 12:28 . 2010-02-10 08:44 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-18 13:05 . 2010-01-22 12:43 833024 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 13:01 . 2010-01-22 12:43 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 10:14 . 2010-01-22 12:43 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-11 12:07 . 2010-02-10 08:44 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 12:07 . 2010-02-10 08:44 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:52 . 2010-02-10 08:44 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:52 . 2010-02-10 08:44 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:52 . 2010-02-10 08:44 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-06 20:41 . 2009-12-06 20:40 17614320 ----a-w- c:\users\Alex\AppData\Roaming\Real\Update\setup3.09\rp\RealPlayerSPGold_fr.exe
2009-12-06 20:40 . 2009-12-06 20:40 8405312 ----a-w- c:\users\Alex\AppData\Roaming\Real\Update\setup3.09\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2009-12-06 20:39 . 2009-12-06 20:39 149000 ----a-w- c:\users\Alex\AppData\Roaming\Real\Update\setup3.09\chr_helper\LaunchHelper.exe
2009-12-06 20:39 . 2009-12-06 20:39 10309448 ----a-w- c:\users\Alex\AppData\Roaming\Real\Update\setup3.09\chr\ChromeInstaller.exe
2009-12-06 20:39 . 2009-12-06 20:39 79368 ----a-w- c:\users\Alex\AppData\Roaming\Real\Update\setup3.09\RUP\vista.exe
2009-12-06 20:39 . 2009-12-06 20:39 64000 ----a-w- c:\users\Alex\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\gcapi_dll.dll
2009-12-06 20:39 . 2009-12-06 20:39 52288 ----a-w- c:\users\Alex\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\gtapi.dll
2009-12-06 20:39 . 2009-12-06 20:39 50688 ----a-w- c:\users\Alex\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\fftbapi.dll
.

------- Sigcheck -------

[-] 2006-11-10 . 921D359C1168867B515C219ACCED9609 . 245248 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
2009-10-15 08:53 165184 ----a-w- c:\program files\SFR\Kit\SFRNavErrorHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-25 68856]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-02 102400]
"Connexion SFR 9props.exe"="c:\program files\SFR\Kit\9props.exe" [2009-10-15 959808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-18 198160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-04 149280]
"F-Secure Manager"="c:\program files\SFR\Pack Sécurité\Common\FSM32.EXE" [2009-11-18 201128]
"F-Secure TNB"="c:\program files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe" [2009-11-18 1655208]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WiFi Station pour Livebox.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WiFi Station pour Livebox.lnk
backup=c:\windows\pss\WiFi Station pour Livebox.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]
path=c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-25 20:36 28672 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-01-25 14:57 24064 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-01-08 21:26 68640 ----a-w- c:\program files\Cyberlink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-29 10:51 4911104 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-25 13:38 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 03:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-07-18 20:59 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2008-01-29 08:03 303104 ----a-w- c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2008-01-21 02:33 2153472 ----a-w- c:\windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1487363990-143758708-288422109-1000]
"EnableNotificationsRef"=dword:00000001

R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [22/01/2010 09:35 33920]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\SFR\Pack Sécurité\HIPS\drivers\fshs.sys [22/01/2010 09:34 69928]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [22/01/2010 09:35 37544]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [22/01/2010 09:35 72904]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\SFR\Pack Sécurité\Anti-Virus\minifilter\fsvista.sys [22/01/2010 09:34 14248]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 13:11 16384]
R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [04/11/2009 12:12 233472]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25/04/2008 21:36 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25/04/2008 21:36 131072]
R2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe -k yksvcs [21/01/2008 03:33 21504]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\SFR\Pack Sécurité\Anti-Virus\minifilter\fsgk.sys [22/01/2010 09:34 107104]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe [22/01/2010 09:34 55992]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [04/11/2009 12:12 36608]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\System32\drivers\libusb0.sys [16/06/2009 08:00 28672]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\System32\drivers\vcsvad.sys [09/10/2009 15:33 17792]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14/01/2010 21:31 135664]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\drivers\aspi32.sys [21/03/2009 20:24 25244]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [25/01/2009 15:57 24064]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [11/12/2009 15:43 238960]
S3 netr73;Hercules Wireless USB Dongle Driver for Vista;c:\windows\System32\drivers\netr73.sys [25/01/2009 16:03 256000]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RDID1061;UA-4FX;c:\windows\System32\drivers\Rdwm1061.sys [28/12/2009 18:36 146432]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [06/04/2009 12:19 23064]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\System32\drivers\ss_bbus.sys [04/11/2009 12:18 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\System32\drivers\ss_bmdfl.sys [04/11/2009 12:18 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\System32\drivers\ss_bmdm.sys [04/11/2009 12:18 121856]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\SFR\Pack Sécurité\Anti-Virus\win2k\fsfilter.sys [22/01/2010 09:34 41640]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\SFR\Pack Sécurité\Anti-Virus\win2k\fsrec.sys [22/01/2010 09:34 27048]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - xayhimp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
yksvcs REG_MULTI_SZ yksvc
.
Contenu du dossier 'Tâches planifiées'

2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 20:31]

2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-14 20:31]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.cherche.us/Result.php?client=pub-0420647136319153&cof=GIMP%3A009900%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A11%3BDIV%3A%23FFFFF0%3B&ie=ISO-8859-1&q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
mWindow Title =
uInternet Settings,ProxyOverride = local;*.local
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\program files\SFR\Pack Se9,curite9,\FSPS\program\FSLSP.DLL
Trusted Zone: chat-land.org
Trusted Zone: localhost
FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0sgj9159.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - GoogleCOM
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\program files\SFR\Pack Sécurité\NRS\litmus-ff@f-secure.com\components\litmus-ff.dll
FF - component: c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0sgj9159.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\0sgj9159.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Opera\program\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----

FF - user.js: browser.search.selectedEngine - GoogleCOM
FF - user.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=

FF - user.js: browser.sessionstore.resume_from_crash - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-01 21:58
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85D221F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x833b3322
\Driver\ACPI -> acpi.sys @ 0x80744d4c
\Driver\atapi -> 0x85d221f8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\xayhimp]

.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
c:\program files\SFR\Pack Sécurité\Common\FSMA32.EXE
c:\program files\SFR\Pack Sécurité\Anti-Virus\FSGK32.EXE
c:\program files\SFR\Pack Sécurité\Common\FSHDLL32.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\windows\system32\WUDFHost.exe
c:\program files\SFR\Pack Sécurité\FWES\Program\fsdfwd.exe
c:\program files\SFR\Pack Sécurité\Anti-Virus\fssm32.exe
c:\program files\SFR\Pack Sécurité\Anti-Virus\fsav32.exe
c:\windows\system32\conime.exe
.
**************************************************************************
.
Heure de fin: 2010-03-01 22:07:44 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-03-01 21:07
ComboFix2.txt 2010-02-28 17:38

Avant-CF: 32 589 983 744 octets libres
Après-CF: 32 570 892 288 octets libres

- - End Of File - - E5C97B20A7FAC9C454BDFFC2D7A63B41
L'envoi a r‚ussi
0
Réponse 20 / 31
Kaz62820 Messages postés 31 Date d'inscription dimanche 28 février 2010 Statut Membre Dernière intervention 6 mars 2010 2
2 mars 2010 à 10:50
Bon voila ce matin j'allume mon ordi et paf ecran bleu pareil qu'hier

J'ai pas pu noté le N° ça va trop vite, par contre j'ai ça :

Signature du problème :
Nom d’événement de problème: BlueScreen
Version du système: 6.0.6001.2.1.0.768.2
Identificateur de paramètres régionaux: 1036

Informations supplémentaires sur le problème :
BCCode: 50
BCP1: E3D0EFF0
BCP2: 00000000
BCP3: 80755AB8
BCP4: 00000002
OS Version: 6_0_6001
Service Pack: 1_0
Product: 768_1

Fichiers aidant à décrire le problème :
C:\Windows\Minidump\Mini030210-01.dmp
C:\Users\Alex\AppData\Local\temp\WER-38969-0.sysdata.xml
C:\Users\Alex\AppData\Local\temp\WER4FC4.tmp.version.txt
0
Utilisateur anonyme
2 mars 2010 à 19:37
Bonsoir

Il me faut ce numéro pour savoir d'où vient le problème.

Poursuivons:
Télécharge mbr.exe de Gmer ici :
http://www2.gmer.net/mbr/mbr.exe
et enregistre le fichier sur le Bureau.

Merci à Malekal pour le tutoriel :
https://forum.malekal.com/viewtopic.php?f=58&t=10139

Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
Double clique sur mbr.exe
Un rapport sera généré : mbr.log .
Poste le ;merci

En cas d'infection, ce message "MBR rootkit code detected" va apparaître.

Dans le menu Démarrer- Exécuter tape : "%userprofile%\Bureau\mbr" -f
Ne pas oublier les guillemets
Dans le mbr.log cette ligne apparaîtra "original MBR restored successfully !"

Réactive tes protections
Poste ce rapport et supprimes-le ensuite.

Pour vérifier

Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
Relance mbr.exe

Réactive tes protections.

Le nouveau mbr.log devrait être celui-ci :

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user & kernel MBR OK

@+
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Virus détecté
Koony -
MisteryBean -

6 réponses