Redirection ver site indésirables,Navigation

samuellevesque Messages postés 1 Statut Membre -  
 SAmuellevesque -
Bonjour J'ai un petit problème très désagréable qui est apparu depuis environ 2-3 semaine , Lorsque je démarre mon navigateur ( Google chrome ) , la fenêtre qui s ouvre est google , Je fait des recherches comme habituellement mais une fois sur 4 ( environ ) lorsque je clique sur le lien que google me donne au lieu d aller directement sur le site ( ex. www.youtube.com ) je me fait rediriger ver un autre site que je ne désire pas du tout consulter ... ( ex. www.scour.com ) ou bien ( www.urban-search.com ) se sont les deux plus fréquent ... < Sa me tape vraiment sur les nerfs et je cherche une solution >

Merci beaucoup d' avance

A voir également:

10 réponses

Réponse 1 / 10
Utilisateur anonyme
 
salut :

DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)

▶ Télécharge List_Kill'em et enregistre le sur ton bureau

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis l'option Search

un icone blanc et noir va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
un autre rouge et noir te servira a desinstaller le prog a la fin de la desinfection.

▶ laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan

▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"


0
SAmuellevesque
 
List'em by g3n-h@ckm@n 1.6.0.4

User : ordi (Administrateurs)
Update on 23/03/2010 by g3n-h@ckm@n ::::: 19.30
Start at: 11:30:10 | 2010-03-24

Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Disabled

C:\ -> Disque fixe local | 219,1 Go (154,68 Go free) [S3A6550D003FR] | NTFS
D:\ -> Disque fixe local | 5,99 Go (5,9 Go free) | NTFS
E:\ -> Disque CD-ROM

Boot: Normal


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\TweakNow PowerPack 2010\Module32\RAM2_XP.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Users\ordi\Program Files\DNA\btdna.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ZMatrix\matrix.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Users\ordi\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Users\ordi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ordi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ordi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\FirewallControlPanel.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\pv.exe

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
TOSCDSPD REG_SZ TOSCDSPD.EXE
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
BitTorrent DNA REG_SZ "C:\Users\ordi\Program Files\DNA\btdna.exe"
Sidebar REG_SZ C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
284962211 REG_SZ C:\Program Files\Toshiba Registration\Registration.exe /r "C:\Program Files\Toshiba Registration\Registration.rpd"
RocketDock REG_SZ "C:\Program Files\RocketDock\RocketDock.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
NDSTray.exe REG_SZ NDSTray.exe
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
RtHDVCpl REG_SZ RtHDVCpl.exe
Skytel REG_SZ Skytel.exe
LtMoh REG_SZ C:\Program Files\ltmoh\Ltmoh.exe
IgfxTray REG_SZ C:\Windows\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\Windows\system32\hkcmd.exe
Persistence REG_SZ C:\Windows\system32\igfxpers.exe
TPwrMain REG_EXPAND_SZ %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
SmoothView REG_EXPAND_SZ %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
00TCrdMain REG_EXPAND_SZ %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
SSBkgdUpdate REG_SZ "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
PaperPort PTD REG_SZ "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
IndexSearch REG_SZ "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
PPort11reminder REG_SZ "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
AppleSyncNotifier REG_SZ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
egui REG_SZ "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
RAM Idle Professional REG_SZ C:\Program Files\TweakNow PowerPack 2010\Module32\RAM2_XP.exe
Malwarebytes' Anti-Malware REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin REG_DWORD 2 (0x2)
ConsentPromptBehaviorUser REG_DWORD 1 (0x1)
EnableInstallerDetection REG_DWORD 1 (0x1)
EnableLUA REG_DWORD 1 (0x1)
EnableSecureUIAPaths REG_DWORD 1 (0x1)
EnableVirtualization REG_DWORD 1 (0x1)
PromptOnSecureDesktop REG_DWORD 1 (0x1)
ValidateAdminCodeSignatures REG_DWORD 0 (0x0)
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0 (0x0)
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)
FilterAdministratorToken REG_DWORD 0 (0x0)
EnableUIADesktopToggle REG_DWORD 0 (0x0)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
NoRecentDocsHistory REG_DWORD 1 (0x1)
ClearRecentDocsOnExit REG_DWORD 1 (0x1)
DisallowRun REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
BindDirectlyToPropertySetStorage REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
ReportBootOk REG_SZ 1
Shell REG_SZ explorer.exe
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
AutoRestartShell REG_DWORD 1 (0x1)
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ShutdownWithoutLogon REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0 (0x0)
passwordexpirywarning REG_DWORD 14 (0xe)
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
WinStationsDisabled REG_SZ 0
DisableCAD REG_DWORD 1 (0x1)
scremoveoption REG_SZ 0
ShutdownFlags REG_DWORD 39 (0x27)

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} REG_SZ Groove GFS Stub Execution Hook

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\Program Files\BitTorrent\bittorrent.exe REG_SZ C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

===============
ActivX controls
===============
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{0CCA191D-13A6-4E29-B746-314DEE697D83}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}]

===============
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

==============
BHO :
======
[<NO NAME> REG_SZ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0fc85f5d-6207-4515-a490-45a549d285c0}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

===
DNS
===

Description: Atheros AR5007EG Wireless Network Adapter
DNS Server Search Order: 205.151.67.6
DNS Server Search Order: 205.151.67.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C8CF0070-C2AC-4488-A83A-4C5F8F32DFB0}: DhcpNameServer=205.151.67.6 205.151.67.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D6E16C5B-0637-4F24-B36C-F81F6AA085A4}: DhcpNameServer=205.151.67.6 205.151.67.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C8CF0070-C2AC-4488-A83A-4C5F8F32DFB0}: DhcpNameServer=205.151.67.6 205.151.67.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D6E16C5B-0637-4F24-B36C-F81F6AA085A4}: DhcpNameServer=205.151.67.6 205.151.67.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C8CF0070-C2AC-4488-A83A-4C5F8F32DFB0}: DhcpNameServer=205.151.67.6 205.151.67.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D6E16C5B-0637-4F24-B36C-F81F6AA085A4}: DhcpNameServer=205.151.67.6 205.151.67.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=205.151.67.6 205.151.67.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=205.151.67.6 205.151.67.2
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=205.151.67.6 205.151.67.2

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.shoptoshiba.ca/welcome

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.google.ca/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3 ( OK = 3 )
EapHost : 0x3 ( OK = 2 )
Wlansvc : 0x2 ( OK = 2 )
SharedAccess : 0x4 ( OK = 2 )
windefend : 0x2 ( OK = 2 )
wuauserv : 0x2 ( OK = 2 )
wscsvc : 0x2 ( OK = 2 )

=========
Atapi.sys
=========

%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\System32\drivers\atapi.sys
##
19944,1f05b78ab91c9075565a9d8a4b880bc4,737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd,C:\Windows\System32\drivers\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
##
19944,1f05b78ab91c9075565a9d8a4b880bc4,737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd,C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
##
19048,4f4fcb8b6ea06784fb6d475b7ec7300f,6202d85c9a75e3f01f5f94f069c4cd8a2b9295a182301eae5940ec3bc2c1d896,C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
##
21560,2d9c903dc76a66813d350a562de40ed9,82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3,C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
##
21560,2d9c903dc76a66813d350a562de40ed9,82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3,C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
%%%% HASHDEEP-1.0
%%%% size,md5,sha256,filename
## Invoked from: C:\Program Files\List_Kill'em
## C:\> hashdeep.exe C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
##
19944,1f05b78ab91c9075565a9d8a4b880bc4,737be9f9376dab0ccdfed93ea6d67f0c432367ea63cd772a453485be769af3bd,C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

Référence :
==========

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 80C40F7FDFC376E4C5FEEC28B41C119E
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
Windows 7_32b_Ultimate : 338c86357871c167a96ab976519bf59e

=======
Drive :
=======

D'fragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.

Rapport d'analyse pour le volume C: S3A6550D003FR

Taille du volume = 219 Go
Espace libre = 155 Go
tendue d'espace libre la plus grande = 72.33 Go
Pourcentage de fragmentation des fichiers = 0 %

Remarqueÿ: sur les volumes NTFS, les fragments de fichiers de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.

Il n'est pas n'cessaire de d'fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Present !! : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Present !! : C:\Windows\System32\rezumatenoi.dat
Present !! : C:\Users\ordi\AppData\Local\d3d9caps.dat
Present !! : C:\Users\ordi\AppData\Local\GDIPFONTCACHEV1.DAT

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440}
Present !! : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
Present !! : HKEY_USERS\S-1-5-21-3480139496-3202527204-2071106357-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
Present !! : "HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"
Present !! : "HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}"
Present !! : "HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"
Present !! : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
Present !! : HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}

============

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-24 11:42:17
Windows 6.0.6002 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
RAM Idle Professional = C:\Program Files\TweakNow PowerPack 2010\Module32\RAM2_XP.exe?????????>?"C:\Program Files\TweakNow PowerPack 2010\Module32

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK





¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 11:47:19,78
0
SAmuellevesque
 
http://www.cijoint.fr/cjlink.php?file=cj201003/cijLLV2XWF.txt ( extra )
http://www.cijoint.fr/cjlink.php?file=cj201003/cijm377waB.txt ( OTL )
0
Réponse 2 / 10
Utilisateur anonyme
 
▶ Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :

▶ choisis l'Option Clean

ton PC va redemarrer,

laisse travailler l'outil.

en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

▶ colle le contenu dans ta reponse
0
Samuellevesque
 
Kill'em by g3n-h@ckm@n 1.6.0.4

User : ordi (Administrateurs)
Update on 23/03/2010 by g3n-h@ckm@n ::::: 19.30
Start at: 13:07:40 | 2010-03-24

Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 219,1 Go (154,83 Go free) [S3A6550D003FR] | NTFS
D:\ -> Disque fixe local | 5,99 Go (5,9 Go free) | NTFS
E:\ -> Disque CD-ROM


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Users\ordi\Documents\StyleSelector.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\runonce.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\List_Kill'em\ERUNT.EXE
C:\Program Files\List_Kill'em\pv.exe

Detections :
==========


¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\Program Files\Mozilla FireFox\Components\AskSearch.js

Quarantined & Deleted !! : C:\Windows\System32\rezumatenoi.dat
Quarantined & Deleted !! : C:\Users\ordi\AppData\Local\d3d9caps.dat
Quarantined & Deleted !! : C:\Users\ordi\AppData\Local\GDIPFONTCACHEV1.DAT
Deleted !! : C:\$Recycle.bin\S-1-5-21-3480139496-3202527204-2071106357-1000\$I5O1PL7.jpg
Deleted !! : C:\$Recycle.bin\S-1-5-21-3480139496-3202527204-2071106357-1000\$I6OPY8O.jpg
Deleted !! : C:\$Recycle.bin\S-1-5-21-3480139496-3202527204-2071106357-1000\$IOG5SVE.lnk
Deleted !! : C:\$Recycle.bin\S-1-5-21-3480139496-3202527204-2071106357-1000\$ROG5SVE.lnk

==============
host file OK !
==============

========
Registry
========

Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440}
Deleted : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
Deleted : "HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"
Deleted : "HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}"
Deleted : "HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"
Deleted : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
========
Services
=========

Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned
============

=================
anti-ver blaster : OK !!
=================

================
Prefetch cleaned
================



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤


< VRAIMENT MERCI BEAUCOUP DE M AIDER >
0
Réponse 3 / 10
Utilisateur anonyme
 
▶ Telecharge UsbFix

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir


▶ Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisis "éxécuter en tant qu'administrateur" .

▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

▶ Laisse travailler l outil.

▶ Ensuite post le rapport UsbFix.txt qui apparaitra.

Note : Le rapport UsbFix.txt est sauvegardé à la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
0
Samuel levesque
 
############################## | UsbFix V6.100 |

User : ordi (Administrateurs) # PC
Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 16:06:52 | 2010-03-24
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18882
Windows Firewall Status : Enabled

C:\ -> Disque fixe local # 219,1 Go (153,4 Go free) [S3A6550D003FR] # NTFS
D:\ -> Disque fixe local # 5,99 Go (5,9 Go free) # NTFS
E:\ -> Disque CD-ROM
G:\ -> Disque amovible # 946,69 Mo (707,48 Mo free) # FAT

################## | Elements infectieux |


################## | Registre |

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRecentDocsHistory"

################## | Mountpoints2 |


################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné !

################## | ! Fin du rapport # UsbFix V6.100 ! |

JE N EST AUCUN DISQUE DURE EXTERNE NI CLEF USB JUSTE UN CELLULAIRE DANS LEQUEL JE MET DE LA MUSIC ..
0
Réponse 4 / 10
Utilisateur anonyme
 
relance usbfix , option vaccination , puis option desinstallation

ensuite :

Télécharge OTL de OLDTimer

enregistre le sur ton Bureau.

▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

▶ Coche les 2 cases Lop et Purity

▶ Coche la case devant scan all users

▶ règle-le sur "60 Days"

▶ dans la colonne de gauche , mets tout sur "all"

ne modifie pas ceci :

"files created whithin" et "files modified whithin"

▶Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

▶▶▶ NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.

▶▶ Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 10
Utilisateur anonyme
 
? Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)

? clique sur Appliquer, puis OK.

N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :

C:\Windows\cbdcffcadbeebdb.exe
C:\Windows\System32\fcfe.sys
C:\Windows\System32\cbdcffcadbeebdb.dll

* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.

Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.

ensuite :

? clic droit "executer en tant qu'administrateur" sur OTL.exe pour le lancer.


?Copie la liste qui se trouve en gras ci-dessous,

? colle-la dans la zone sous Customs Scans/Fixes :


:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:OTL
IE - HKLM\..\URLSearchHook: {0fc85f5d-6207-4515-a490-45a549d285c0} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3480139496-3202527204-2071106357-1000\..\URLSearchHook: {0fc85f5d-6207-4515-a490-45a549d285c0} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3480139496-3202527204-2071106357-1000\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3480139496-3202527204-2071106357-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {0fc85f5d-6207-4515-a490-45a549d285c0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No CLSID value found.
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0fc85f5d-6207-4515-a490-45a549d285c0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKU\S-1-5-21-3480139496-3202527204-2071106357-1000..\Run: [TOSCDSPD] File not found
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3480139496-3202527204-2071106357-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3480139496-3202527204-2071106357-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O12 - Plugin for: .spop - File not found
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-ca.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldfr-ca.cab (Reg Error: Key error.)

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride"=1
"FirewallOverride"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=1
"FirewallOverride"=1

:commands
[emptytemp]
[start explorer]
[reboot]


? Clique sur RunFix pour lancer la suppression.


? Poste le rapport.

?G3?-?@¢??@?(TM)©®?
0
SAmuellevesque
 
((( C:\Windows\System32\cbdcffcadbeebdb.dll )))))
Fichier cbdcffcadbeebdb.dll reçu le 2010.03.25 18:15:08 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.03.25 -
AhnLab-V3 5.0.0.2 2010.03.25 -
AntiVir 7.10.5.215 2010.03.25 -
Antiy-AVL 2.0.3.7 2010.03.24 -
Authentium 5.2.0.5 2010.03.25 -
Avast 4.8.1351.0 2010.03.25 -
Avast5 5.0.332.0 2010.03.25 -
AVG 9.0.0.787 2010.03.25 -
BitDefender 7.2 2010.03.25 -
CAT-QuickHeal 10.00 2010.03.25 -
ClamAV 0.96.0.0-git 2010.03.25 -
Comodo 4382 2010.03.25 -
DrWeb 5.0.1.12222 2010.03.25 -
eSafe 7.0.17.0 2010.03.25 -
eTrust-Vet 35.2.7388 2010.03.25 -
F-Prot 4.5.1.85 2010.03.24 -
F-Secure 9.0.15370.0 2010.03.25 -
Fortinet 4.0.14.0 2010.03.24 -
GData 19 2010.03.25 -
Ikarus T3.1.1.80.0 2010.03.25 -
Jiangmin 13.0.900 2010.03.25 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.03.25 -
McAfee 5931 2010.03.25 -
McAfee+Artemis 5931 2010.03.25 -
McAfee-GW-Edition 6.8.5 2010.03.25 -
Microsoft 1.5605 2010.03.25 -
NOD32 4974 2010.03.25 -
Norman 6.04.10 2010.03.25 -
nProtect 2009.1.8.0 2010.03.25 -
Panda 10.0.2.2 2010.03.25 Suspicious file
PCTools 7.0.3.5 2010.03.25 -
Prevx 3.0 2010.03.25 -
Rising 22.40.03.04 2010.03.25 -
Sophos 4.52.0 2010.03.25 -
Sunbelt 6083 2010.03.25 -
Symantec 20091.2.0.41 2010.03.25 -
TheHacker 6.5.2.0.243 2010.03.25 -
TrendMicro 9.120.0.1004 2010.03.25 -
VBA32 3.12.12.2 2010.03.25 -
ViRobot 2010.3.25.2244 2010.03.25 -
VirusBuster 5.0.27.0 2010.03.25 -

Information additionnelle
File size: 95776 bytes
MD5...: 8fc2c729c1f432dd0dd145fb2f98f857
SHA1..: 16062a563eead8ceabdc4358695cf1e105fb85ae
SHA256: 4d5cc188650da654d026c268b1fcf7f4f5ec17385e46e8ffb0e8e0aa9d439f07
ssdeep: 1536:whwzASaLb4UJBmMoOmoBnnYD7q9u1A+PLCFHO8aDDZMzy73SZK9S4AY8M9x<br>mvANk:F3UJy3AZgpDtVjSZp6jxmvANpVIH<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0xf3ca<br>timedatestamp.....: 0x4b61b2c3 (Thu Jan 28 15:52:35 2010)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xfd0c 0xfe00 6.01 7251157f8a3df1c781aee8ef766ee7ad<br>.rdata 0x11000 0x5103 0x5200 6.33 7c1ebdb9459dd5afa19ac227f916df61<br>.data 0x17000 0x7b0 0x800 4.16 98b19ec6ffc0db699cf6515c7b2bb813<br>.rsrc 0x18000 0x368 0x400 2.83 ff48bd1d86e9568c4864e21fbdc9ff1b<br>.reloc 0x19000 0x1422 0x1600 5.40 c415e349f70906c28b36299c3c42e309<br><br>( 7 imports ) <br>> KERNEL32.dll: ResetEvent, lstrcmpW, lstrlenW, GetLocalTime, GetModuleFileNameW, GetWindowsDirectoryW, WideCharToMultiByte, MultiByteToWideChar, GetTempPathW, GetSystemInfo, GetVersionExW, CreateProcessW, DisableThreadLibraryCalls, lstrcpynW, DeleteFileW, MoveFileExW, SetFileAttributesW, GetFileSize, WriteFile, ReadFile, CreateFileW, FormatMessageW, LocalAlloc, lstrcpyW, LocalFree, GetLastError, SetEvent, lstrlenA, CreateThread, CreateEventW, WaitForSingleObject, Sleep, CancelWaitableTimer, CloseHandle, CreateWaitableTimerW, SetWaitableTimer, GetComputerNameW<br>> USER32.dll: wsprintfW, GetSystemMetrics, wsprintfA<br>> ADVAPI32.dll: RegEnumKeyExW, RegQueryInfoKeyW, RegCloseKey, RegSetValueExA, RegSetValueExW, RegQueryValueExA, RegQueryValueExW, RegCreateKeyExW, LogonUserW, ImpersonateLoggedOnUser<br>> WININET.dll: InternetCloseHandle, InternetOpenW, InternetReadFile, HttpQueryInfoW, HttpSendRequestW, InternetCrackUrlW, InternetConnectW, HttpOpenRequestW<br>> SHLWAPI.dll: StrChrW, StrToIntW, StrRChrW, StrStrW<br>> MSVCRT.dll: _adjust_fdiv, malloc, _initterm, free, __1type_info@@UAE@XZ, _onexit, __dllonexit, _CxxThrowException, strlen, strchr, memset, memcpy, _lrotr, _lrotl, __3@YAXPAX@Z, __CxxFrameHandler, __2@YAPAXI@Z<br>> MSVCP60.dll: _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ID@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, _find@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBEIPBDII@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, _erase@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@II@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, __0_Lockit@std@@QAE@XZ, __1_Lockit@std@@QAE@XZ, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, __C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ<br><br>( 1 exports ) <br>ss<br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)<br>Win32 Executable MS Visual C++ (generic) (26.2%)<br>Win32 Executable Generic (5.9%)<br>Win32 Dynamic Link Library (generic) (5.2%)<br>Generic Win/DOS Executable (1.3%)
sigcheck:<br>publisher....: <br>copyright....: Copyright ExTeam (c) 2009<br>product......: <br>description..: MyFile ext<br>original name: mext.dll<br>internal name: <br>file version.: 4, 1, 6, 1787<br>comments.....: <br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>

POUR ...
C:\Windows\cbdcffcadbeebdb.exe
C:\Windows\System32\fcfe.sys ILs me dise que les fichier sont en cour d utilisation et que je ne peut les Ouvrir ....
0
SAmuellevesque
 
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{0fc85f5d-6207-4515-a490-45a549d285c0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0fc85f5d-6207-4515-a490-45a549d285c0}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{7b13ec3e-999a-4b70-b9cb-2617b8323822} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ not found.
Registry value HKEY_USERS\S-1-5-21-3480139496-3202527204-2071106357-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0fc85f5d-6207-4515-a490-45a549d285c0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0fc85f5d-6207-4515-a490-45a549d285c0}\ not found.
Registry value HKEY_USERS\S-1-5-21-3480139496-3202527204-2071106357-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7b13ec3e-999a-4b70-b9cb-2617b8323822} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ not found.
Registry value HKEY_USERS\S-1-5-21-3480139496-3202527204-2071106357-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0fc85f5d-6207-4515-a490-45a549d285c0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0fc85f5d-6207-4515-a490-45a549d285c0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0fc85f5d-6207-4515-a490-45a549d285c0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0fc85f5d-6207-4515-a490-45a549d285c0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7b13ec3e-999a-4b70-b9cb-2617b8323822} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3480139496-3202527204-2071106357-1000\Software\Microsoft\Windows\CurrentVersion\Run\\TOSCDSPD deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_USERS\S-1-5-21-3480139496-3202527204-2071106357-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3480139496-3202527204-2071106357-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\.spop\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
C:\Windows\Downloaded Program Files\MSNPUpld.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\ not found.
Starting removal of ActiveX control {E77F23EB-E7AB-4502-8F37-247DBAF1A147}
C:\Windows\Downloaded Program Files\CONFLICT.1\MSNPUpld.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}\ not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride"|1 /E : value set successfully!
RApport OTL MErci :)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride"|1 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring"|0 /E : value set successfully!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\"AntiVirusOverride"|1 /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\"FirewallOverride"|1 /E!
========== FILES ==========
File\Folder C:\Documents and Settings\HP_Propriétaire\Bureau\catchme.zip not found.
File\Folder C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: 72485
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 548341 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Invité
->Temp folder emptied: 5784402 bytes
->Temporary Internet Files folder emptied: 23175780 bytes
->Java cache emptied: 26143697 bytes
->Flash cache emptied: 2303 bytes

User: ordi
->Temp folder emptied: 63131 bytes
->Temporary Internet Files folder emptied: 4706316 bytes
->Java cache emptied: 72596271 bytes
->FireFox cache emptied: 35939950 bytes
->Google Chrome cache emptied: 31316188 bytes
->Apple Safari cache emptied: 6152269 bytes
->Flash cache emptied: 1892727 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 54782303 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 251,00 mb


OTL by OldTimer - Version 3.1.37.3 log created on 03252010_144620

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
0
Réponse 6 / 10
Utilisateur anonyme
 
essaie en mode sans echec avec prise en charge reseau pour les deux autres fichiers

?G3?-?@¢??@?(TM)©®?
0
SAmuellevesque
 
Fichier cbdcffcadbeebdb.exe reçu le 2010.03.25 23:18:14 (UTC)
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.03.25 Trojan.Win32.Opus.ed!A2
AhnLab-V3 5.0.0.2 2010.03.25 -
AntiVir 7.10.5.225 2010.03.25 TR/Opus.ED
Antiy-AVL 2.0.3.7 2010.03.24 Trojan/Win32.Opus.gen
Authentium 5.2.0.5 2010.03.26 -
Avast 4.8.1351.0 2010.03.25 Win32:Malware-gen
Avast5 5.0.332.0 2010.03.25 Win32:Malware-gen
AVG 9.0.0.787 2010.03.25 SHeur3.IWI
BitDefender 7.2 2010.03.25 -
CAT-QuickHeal 10.00 2010.03.25 -
ClamAV 0.96.0.0-git 2010.03.25 -
Comodo 4385 2010.03.25 -
DrWeb 5.0.1.12222 2010.03.25 -
eSafe 7.0.17.0 2010.03.25 -
eTrust-Vet 35.2.7389 2010.03.25 -
F-Prot 4.5.1.85 2010.03.25 -
F-Secure 9.0.15370.0 2010.03.25 -
Fortinet 4.0.14.0 2010.03.24 -
GData 19 2010.03.25 Win32:Malware-gen
Ikarus T3.1.1.80.0 2010.03.25 -
Jiangmin 13.0.900 2010.03.25 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.03.25 -
McAfee 5931 2010.03.25 -
McAfee+Artemis 5931 2010.03.25 -
McAfee-GW-Edition 6.8.5 2010.03.25 Heuristic.BehavesLike.Win32.Worm.H
Microsoft 1.5605 2010.03.25 -
NOD32 4975 2010.03.25 -
Norman 6.04.10 2010.03.25 -
nProtect 2009.1.8.0 2010.03.25 -
Panda 10.0.2.2 2010.03.25 -
PCTools 7.0.3.5 2010.03.25 -
Prevx 3.0 2010.03.26 -
Rising 22.40.03.04 2010.03.25 -
Sophos 4.52.0 2010.03.26 -
Sunbelt 6088 2010.03.25 Trojan.Win32.Generic!SB.0
Symantec 20091.2.0.41 2010.03.25 Suspicious.Insight
TheHacker 6.5.2.0.245 2010.03.26 -
TrendMicro 9.120.0.1004 2010.03.25 -
VBA32 3.12.12.2 2010.03.25 -
ViRobot 2010.3.25.2244 2010.03.25 -
VirusBuster 5.0.27.0 2010.03.25 -

Information additionnelle
File size: 225312 bytes
MD5...: 678c94ed36a8a962d0d5ccbfb1efbbb9
SHA1..: f63e39d8cdbeb7abe0a1c67ab10a38f388c4825c
SHA256: cee9ae59a2c32e9ce8cf116764e44a2cf6a46fb53e114fec479d080a115ea8a1
ssdeep: 6144:BznQ04n7NGeh4a2h9RY+h48+OhCiES7zoOh:wUeex9t+oEM<br>
PEiD..: -
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0xfac6<br>timedatestamp.....: 0x4b61b2cf (Thu Jan 28 15:52:47 2010)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x10a4a 0x10c00 5.95 074362cade7f93330c0c407a9e62c7d6<br>.rdata 0x12000 0x24a88 0x24c00 6.43 0e7ebd4b613f493024304dd67e8c31c8<br>.data 0x37000 0xc08 0xc00 4.60 8247339ff09e6d688d9399b68d54165f<br>.rsrc 0x38000 0x628 0x800 3.60 d37319e94c335f1a52eceba3dc576f73<br><br>( 9 imports ) <br>> KERNEL32.dll: WinExec, GetShortPathNameW, SetCurrentDirectoryW, GetCurrentDirectoryW, lstrcmpiW, GetCommandLineW, SetErrorMode, CopyFileW, lstrcmpW, HeapFree, HeapReAlloc, HeapAlloc, GetComputerNameW, GetLocalTime, GetModuleFileNameW, GetSystemDirectoryW, GetWindowsDirectoryW, WideCharToMultiByte, MultiByteToWideChar, GetTempPathW, GetSystemInfo, GetVersionExW, ExitProcess, GetModuleHandleA, lstrcmpA, CreateToolhelp32Snapshot, Process32FirstW, OpenProcess, Process32NextW, WaitForSingleObject, GetExitCodeThread, CreateRemoteThread, LoadLibraryW, GetProcAddress, GetCurrentProcess, lstrlenW, lstrcpynW, SetFileAttributesW, GetFileSize, lstrlenA, CloseHandle, WriteFile, ReadFile, CreateFileW, FormatMessageW, LocalAlloc, lstrcpyW, LocalFree, GetLastError, GetProcessHeap, GetStartupInfoA<br>> USER32.dll: GetSystemMetrics, wsprintfW, IsCharAlphaW, wsprintfA<br>> ADVAPI32.dll: SetServiceStatus, LsaOpenPolicy, LsaNtStatusToWinError, LookupAccountNameW, LsaAddAccountRights, LsaClose, AllocateAndInitializeSid, LookupAccountSidW, FreeSid, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerW, OpenSCManagerW, CreateServiceW, OpenServiceW, StartServiceW, CloseServiceHandle, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegCreateKeyExW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken<br>> SHELL32.dll: CommandLineToArgvW<br>> WININET.dll: InternetConnectW, HttpOpenRequestW, InternetOpenW, InternetCloseHandle, InternetCrackUrlW, HttpSendRequestW<br>> SHLWAPI.dll: StrRChrW, StrStrW<br>> NETAPI32.dll: NetLocalGroupAddMembers, NetUserAdd<br>> MSVCRT.dll: _controlfp, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, memcpy, _lrotr, _lrotl, __3@YAXPAX@Z, __CxxFrameHandler, __2@YAPAXI@Z, memset, strchr, strlen, _CxxThrowException, _except_handler3, __dllonexit, _onexit, __1type_info@@UAE@XZ, _exit<br>> MSVCP60.dll: _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ID@Z, _npos@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@2IB, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, __0_Lockit@std@@QAE@XZ, __1_Lockit@std@@QAE@XZ, __Tidy@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@AAEX_N@Z, _append@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@PBDI@Z, __C@_1___Nullstr@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@CAPBDXZ@4DB, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ<br><br>( 0 exports ) <br>
RDS...: NSRL Reference Data Set<br>-
pdfid.: -
trid..: Win64 Executable Generic (80.9%)<br>Win32 Executable Generic (8.0%)<br>Win32 Dynamic Link Library (generic) (7.1%)<br>Generic Win/DOS Executable (1.8%)<br>DOS Executable Generic (1.8%)
sigcheck:<br>publisher....: MyFind<br>copyright....: Copyright MyFind (c) 2009<br>product......: <br>description..: MyFind File Protector<br>original name: MyFind<br>internal name: <br>file version.: 2, 3, 1, 3924<br>comments.....: <br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
packers (Antiy-AVL): Armadillo 1.71


SA MARCHER POUR CELUI LA AMIS POUR FCFE.SYS ILS ME DISE QUIL EST EN COUR DUTILISATION merci bcp de ton aide
0
Réponse 7 / 10
Utilisateur anonyme
 
? clic droit "executer en tant qu'administrateur" sur OTL.exe pour le lancer.


?Copie la liste qui se trouve en gras ci-dessous,

? colle-la dans la zone sous Customs Scans/Fixes :


:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:Files
C:\Windows\cbdcffcadbeebdb.exe
C:\Windows\System32\fcfe.sys
C:\Windows\System32\cbdcffcadbeebdb.dll

:commands
[emptytemp]
[start explorer]
[reboot]


? Clique sur RunFix pour lancer la suppression.


? Poste le rapport.

?G3?-?@¢??@?(TM)©®?
0
SAmuellvesque
 
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
Process msnmsgr.exe killed successfully!
No active process named Teatimer.exe was found!
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: 72485
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ordi
->Temp folder emptied: 76923934 bytes
->Temporary Internet Files folder emptied: 7275449 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 29889359 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1637 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32944250 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 140,00 mb


OTL by OldTimer - Version 3.1.37.3 log created on 03262010_114225

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Haha Merci beaucoup serieusement je comprend rien dutout de tout ske je fait :P je suis juste tes insttructions xD Une chance que tu est la Merci ! :)
0
Réponse 8 / 10
Utilisateur anonyme
 
?????????????????????????????????

En re-executant la meme manip avec ce en gras plus haut .......... tu veux bien recommencer stp ?
0
samuellevesque
 
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
Process msnmsgr.exe killed successfully!
No active process named Teatimer.exe was found!
========== FILES ==========
File move failed. C:\Windows\cbdcffcadbeebdb.exe scheduled to be moved on reboot.
File move failed. C:\Windows\System32\fcfe.sys scheduled to be moved on reboot.
C:\Windows\System32\cbdcffcadbeebdb.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: 72485
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ordi
->Temp folder emptied: 3982952 bytes
->Temporary Internet Files folder emptied: 367650 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6795783 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 434 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 11,00 mb


OTL by OldTimer - Version 3.1.37.3 log created on 03262010_122944

Files\Folders moved on Reboot...
File move failed. C:\Windows\cbdcffcadbeebdb.exe scheduled to be moved on reboot.
File move failed. C:\Windows\System32\fcfe.sys scheduled to be moved on reboot.

Registry entries deleted on Reboot...

JAi bien fait le compier coller
et voici ske sa done
0
Réponse 9 / 10
Utilisateur anonyme
 

/!\ ATTENTION SUIVRE SCRUPULEUSEMENT A LA LETTRE CES INDICATIONS/!\

▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur

________________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================

▶ On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Avant d'utiliser ComboFix :
______________________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°

▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!

▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

>> Reviens sur le forum, et

▶ copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

0
SAmuellevesque
 
ComboFix 10-03-26.01 - ordi 2010-03-26 15:36:04.1.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.2.1036.18.2037.996 [GMT -4:00]
Lancé depuis: c:\users\ordi\Documents\Downloads\Samuel.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\cbdcffcadbeebdb.exe
c:\windows\system32\cbdcffcadbeebdb.dll
c:\windows\system32\fcfe.sys
c:\windows\wpe pro.INI

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_fcfe
-------\Service_cbdcffcadbeebdb
-------\Service_fcfe


((((((((((((((((((((((((((((( Fichiers créés du 2010-02-26 au 2010-03-26 ))))))))))))))))))))))))))))))))))))
.

2010-03-26 19:43 . 2010-03-26 19:47 -------- d-----w- c:\users\ordi\AppData\Local\temp
2010-03-26 19:43 . 2010-03-26 19:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-26 19:43 . 2010-03-26 19:43 -------- d-----w- c:\users\72485\AppData\Local\temp
2010-03-25 23:19 . 2010-03-25 23:19 680 ----a-w- c:\users\ordi\AppData\Local\d3d9caps.dat
2010-03-25 20:25 . 2010-03-25 20:25 -------- d-----w- C:\Kill'em
2010-03-25 18:46 . 2010-03-25 18:46 -------- d-----w- C:\_OTL
2010-03-24 17:21 . 2010-03-24 17:21 114232 ----a-w- c:\users\ordi\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-24 15:18 . 2010-03-25 20:25 -------- d-----w- c:\program files\List_Kill'em
2010-03-24 01:04 . 2010-03-26 16:35 -------- d-----w- c:\users\ordi\AppData\Roaming\LimeWire
2010-03-24 01:04 . 2010-03-24 01:04 -------- d-----w- c:\program files\LimeWire
2010-03-24 00:34 . 2010-03-24 00:34 -------- d-----w- c:\program files\uTorrent
2010-03-24 00:32 . 2010-03-24 00:46 -------- d-----w- c:\users\ordi\AppData\Roaming\uTorrent
2010-03-24 00:25 . 2010-03-24 00:25 -------- d-----w- c:\program files\Jedisware, LLC
2010-03-23 23:50 . 2010-02-24 14:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-03-23 21:52 . 2010-03-23 22:46 -------- d-----w- c:\program files\TweakNow PowerPack 2010
2010-03-23 21:52 . 2010-03-23 21:52 -------- d-----w- c:\users\ordi\AppData\Roaming\TweakNow PowerPack 2010
2010-03-23 21:10 . 2010-03-23 21:10 1227776 ----a-w- c:\windows\system32\drivers\athr.sys
2010-03-23 21:07 . 2010-03-23 21:07 -------- d-----w- c:\windows\system32\sda
2010-03-23 21:07 . 2010-03-23 21:07 7367200 ----a-w- c:\windows\system32\RtsUStoricon.dll
2010-03-23 21:07 . 2010-03-23 21:07 313888 ----a-w- c:\windows\system32\RtsUStor.dll
2010-03-23 21:07 . 2010-03-23 21:07 181792 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2010-03-23 20:55 . 2010-03-23 20:55 -------- d-----w- c:\programdata\Uniblue
2010-03-23 20:11 . 2010-03-23 20:55 -------- d-----w- c:\users\ordi\AppData\Roaming\Uniblue
2010-03-23 20:10 . 2010-03-23 20:55 -------- d-----w- c:\program files\Uniblue
2010-03-21 21:53 . 2010-03-21 21:53 -------- d-----w- c:\users\ordi\AppData\Roaming\Malwarebytes
2010-03-21 21:53 . 2010-01-07 20:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-21 21:53 . 2010-03-21 21:53 -------- d-----w- c:\programdata\Malwarebytes
2010-03-21 21:52 . 2010-01-07 20:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-21 21:52 . 2010-03-21 21:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-20 23:10 . 2010-03-20 23:10 -------- d-----w- c:\users\ordi\AppData\Roaming\Thinstall
2010-03-20 23:10 . 2010-03-20 23:10 -------- d-----w- c:\users\ordi\AppData\Local\Thinstall
2010-03-15 17:17 . 2007-09-13 06:14 184320 ----a-w- c:\windows\system32\igfxres.dll
2010-03-14 00:54 . 2010-03-23 21:40 -------- d-----w- c:\users\ordi\AppData\Roaming\TweakNow PowerPack 2009
2010-03-14 00:34 . 2010-03-14 00:34 -------- d-----w- c:\programdata\McAfee
2010-03-13 01:43 . 2010-03-13 22:35 18849792 ----a-w- c:\windows\system32\imageres.dll
2010-03-13 01:21 . 2010-03-13 01:21 -------- d-----w- c:\programdata\Stardock
2010-03-13 01:20 . 2010-03-13 01:20 -------- d-----w- c:\program files\logon studio
2010-03-13 00:08 . 2010-03-13 00:08 -------- d-----w- c:\users\ordi\AppData\Roaming\CD Art Display
2010-03-13 00:08 . 2009-09-06 01:28 69632 ----a-w- c:\windows\cadSSaver.scr
2010-03-13 00:08 . 2003-01-27 19:27 94208 ----a-w- c:\windows\system32\wmpuice.dll
2010-03-12 03:55 . 2010-03-12 03:55 -------- d-----w- c:\users\ordi\AppData\Roaming\.ZMatrix
2010-03-12 03:55 . 2010-03-12 03:55 -------- d-----w- c:\program files\ZMatrix
2010-03-12 02:35 . 2010-03-12 02:35 -------- d-----w- c:\program files\RocketDock
2010-03-12 02:17 . 2010-03-12 02:17 -------- d-----w- c:\program files\7-Zip
2010-03-12 02:00 . 2010-03-12 02:07 -------- d-----w- c:\programdata\WinZip
2010-03-10 18:21 . 2010-03-13 23:21 -------- d-----w- c:\program files\CamStudio
2010-03-10 08:01 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-10 08:01 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-10 08:01 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-06 04:26 . 2010-03-06 04:26 -------- d-----w- c:\users\ordi\AppData\Roaming\MozillaControl
2010-03-06 04:03 . 2010-03-06 04:03 -------- d-----w- c:\users\ordi\AppData\Local\Mozilla
2010-03-06 03:14 . 2010-03-06 03:14 -------- d-----w- c:\windows\'Full Speed' Internet Booster + Performance Tests
2010-03-06 01:59 . 2010-03-06 01:59 -------- d-----w- c:\users\ordi\AppData\Roaming\Yahoo!
2010-03-06 01:59 . 2010-03-06 01:59 -------- d-----w- c:\programdata\Yahoo! Companion
2010-03-02 17:03 . 2005-05-26 20:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-02-27 18:00 . 2010-02-27 18:00 -------- d-----w- c:\users\ordi\AppData\Local\Apple_Inc

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-26 19:43 . 2009-05-09 03:25 -------- d-----w- c:\users\ordi\AppData\Roaming\DNA
2010-03-26 16:37 . 2008-01-21 08:40 669566 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-26 16:37 . 2008-01-21 08:40 123556 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-24 00:25 . 2010-03-24 00:25 1078 ----a-r- c:\users\ordi\AppData\Roaming\Microsoft\Installer\{3E175C63-14BA-4A53-A491-963A457AB5B0}\_910A135B66341129DF8D35.exe
2010-03-24 00:25 . 2010-03-24 00:25 1078 ----a-r- c:\users\ordi\AppData\Roaming\Microsoft\Installer\{3E175C63-14BA-4A53-A491-963A457AB5B0}\_7C7CF7AE464C442067FB2A.exe
2010-03-14 00:09 . 2008-09-27 22:03 -------- d-----w- c:\program files\Google
2010-03-10 08:25 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-10 08:07 . 2008-02-26 07:07 -------- d-----w- c:\programdata\Microsoft Help
2010-03-06 03:35 . 2008-08-12 03:50 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-06 03:02 . 2009-09-09 00:37 -------- d-----w- c:\program files\Common Files\Apple
2010-03-06 02:16 . 2008-02-26 06:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-05 14:51 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2010-03-05 02:44 . 2010-03-05 02:43 -------- d-----w- c:\users\ordi\AppData\Roaming\Multi File Downloader
2010-03-05 02:43 . 2010-03-05 02:43 -------- d-----w- c:\programdata\boost_interprocess
2010-02-12 23:25 . 2010-02-12 23:24 -------- d-----w- c:\program files\QuickTime
2010-01-31 20:55 . 2010-01-31 20:55 32768 ----a-w- c:\programdata\MGS\cache\_\_crt_keno.ed975aa9c9bb5e5ec89c8ffeee254e8a.dll
2010-01-31 20:55 . 2010-01-31 20:55 32834 ----a-w- c:\programdata\MGS\cache\_\_crt_baccarat.a090413d6195a12421945ded5707d93f.dll
2010-01-31 20:48 . 2010-01-31 20:48 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb30AF.tmp.exe
2010-01-25 12:00 . 2010-02-24 10:33 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 10:33 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 10:33 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 10:33 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 10:33 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 10:33 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 10:33 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 10:33 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:21 . 2010-02-24 10:33 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-23 09:26 . 2010-02-24 10:34 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-18 03:53 . 2010-01-18 03:53 213264 ----a-w- c:\programdata\MGS\cache\c\choosebonus.df815bbfb8ae7a29a353f0ae65e4af17.dll
2010-01-18 03:53 . 2010-01-18 03:53 323856 ----a-w- c:\programdata\MGS\cache\h\hitmancontractbonus.339a969d902930975b3194643e289fc9.dll
2010-01-18 03:37 . 2010-01-18 03:37 367747 ----a-w- c:\programdata\MGS\cache\m\mptleaderboard.91fac472d1ff352976950258719d35a2.dll
2010-01-18 03:37 . 2010-01-18 03:37 421888 ----a-w- c:\programdata\MGS\cache\l\lua51host.6c8dcc3e9f55da70bf5ccd67df48f256.dll
2010-01-18 03:18 . 2010-01-18 03:18 303204 ----a-w- c:\programdata\MGS\cache\m\mpvblackjackplugin.49e5f42fbdf0e1e2df5232e5ea419897.dll
2010-01-18 03:18 . 2010-01-18 03:18 311398 ----a-w- c:\programdata\MGS\cache\m\mpvblackjacktourxxx.e4ccb563efd75763602af7373fbd8cec.dll
2010-01-17 22:06 . 2010-01-17 22:06 327784 ----a-w- c:\programdata\MGS\cache\m\mpvtabletournamentlobby.fea1be7b63b308e9fdb6e8d4bd356052.dll
2010-01-17 18:02 . 2010-01-17 18:02 122880 ----a-w- c:\programdata\MGS\cache\f\frenchroulette.181434980597f8ff07c31ab5432ab080.dll
2010-01-17 18:01 . 2010-01-17 18:01 213090 ----a-w- c:\programdata\MGS\cache\m\mptleaderboard.5a678c57a8ed645b49592a1121fd619f.dll
2010-01-17 17:36 . 2010-01-17 17:36 262416 ----a-w- c:\programdata\MGS\cache\t\transition_temp.c6aaf42b66fa6688c8ea18a671984287.dll
2010-01-17 17:36 . 2010-01-17 17:36 655360 ----a-w- c:\programdata\MGS\cache\t\transition_flightzone.2d8aa10da872f1ac4a34a2122bf3c4b2.dll
2010-01-17 17:36 . 2010-01-17 17:36 483600 ----a-w- c:\programdata\MGS\cache\h\hilowbonus_tggg.10cdcb3e64c301c60db4d11d2d7781a4.dll
2010-01-17 17:36 . 2010-01-17 17:36 446736 ----a-w- c:\programdata\MGS\cache\h\hilowbonus.ecf70c1bd892c000f22ce30d5b0ba784.dll
2010-01-17 17:36 . 2010-01-17 17:36 958464 ----a-w- c:\programdata\MGS\cache\h\hilowbonus_flightzone.1173d08d2670eede892e3adf07022f08.dll
2010-01-17 17:27 . 2010-01-17 17:27 110864 ----a-w- c:\programdata\MGS\cache\t\type_3reelnormal1_2.6d58a1bcaf1d9165fa0b77fa9598b623.dll
2010-01-17 17:27 . 2010-01-17 17:27 909584 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_temp.05f0b16a67acb189be99508aa088d348.dll
2010-01-17 17:27 . 2010-01-17 17:27 1478656 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_septgao_09.1d5fda158c9a9d1dcbf9e88c5355d884.dll
2010-01-17 17:27 . 2010-01-17 17:27 1904753 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_tggg.6e62948f458013fa99694cc031068e8a.dll
2010-01-17 17:27 . 2010-01-17 17:27 829840 ----a-w- c:\programdata\MGS\cache\m\mptadvancedslots.039a84427e76ab4e1715f80765a76305.dll
2010-01-17 17:27 . 2010-01-17 17:27 1474560 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_wealthspa.548276e787b133afb9b912eb95b8b5c5.dll
2010-01-17 17:26 . 2010-01-17 17:26 823568 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_temp2.198f2a88c7f89c1d0b1ded39e546e22b.dll
2010-01-17 17:26 . 2010-01-17 17:26 1638400 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_summerholiday.19e3e7b6f28b2f036c0b87d00fc799b9.dll
2010-01-17 17:26 . 2010-01-17 17:26 823568 ----a-w- c:\programdata\MGS\cache\a\advancedslots1.d6634c03808be76623e7497fcb1eb424.dll
2010-01-17 17:26 . 2010-01-17 17:26 1478656 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_octgao_09.c2cbb8fc70fbf865a9d78d9a5874a4ce.dll
2010-01-17 17:26 . 2010-01-17 17:26 1626112 ----a-w- c:\programdata\MGS\cache\a\advancedslots1_flightzone.40d3a7b3fae72091b79e1759db110c70.dll
2010-01-17 17:26 . 2010-01-17 17:26 589824 ----a-w- c:\programdata\MGS\cache\b\bjgoldplugin.30ebac308b430f373d22851023dddb58.dll
2010-01-16 21:15 . 2010-01-16 21:15 266512 ----a-w- c:\programdata\MGS\cache\t\transition_tggg.399218aff849d2e187d4554dd62a73b6.dll
2010-01-16 21:15 . 2010-01-16 21:15 94208 ----a-w- c:\programdata\MGS\cache\l\lua51host.48a3eef79f6c47686708765ba7191022.dll
2010-01-16 21:15 . 2010-01-16 21:15 225280 ----a-w- c:\programdata\MGS\cache\m\myslot.14d73c530d6c095843c7fbfb86364c4e.dll
2010-01-16 21:15 . 2010-01-16 21:15 679936 ----a-w- c:\programdata\MGS\cache\t\transition_septgao_09.04686bb06cfe59ecb3f271eb95218422.dll
2010-01-16 21:15 . 2010-01-16 21:15 254224 ----a-w- c:\programdata\MGS\cache\t\transition.26c3e2ce55c7cca8b63e5e8d7b4627e4.dll
2010-01-16 21:15 . 2010-01-16 21:15 679936 ----a-w- c:\programdata\MGS\cache\t\transition_wealthspa.5a3f4e96415d8b3050681cdd275f3d88.dll
2010-01-16 21:15 . 2010-01-16 21:15 679936 ----a-w- c:\programdata\MGS\cache\t\transition_octgao_09.7768fe95f9efff3962c913196fe05f6a.dll
2010-01-16 21:06 . 2010-01-16 21:06 114960 ----a-w- c:\programdata\MGS\cache\t\type_5reelnormal3_4_5.07db0a5618a0565d7bde7a2766c54711.dll
2010-01-16 21:04 . 2010-01-16 21:04 233472 ----a-w- c:\programdata\MGS\cache\b\bjstrategyui1.5a2f52359fe99e4484435bbaf8f92b30.dll
2010-01-16 21:04 . 2010-01-16 21:04 589824 ----a-w- c:\programdata\MGS\cache\b\bjgoldplugin.794fbb37693eb8ea0687d012b6697332.dll
2010-01-16 21:04 . 2010-01-16 21:04 512000 ----a-w- c:\programdata\MGS\cache\b\bjgoldxxx.098a7b3de069b4b076bd8c2cc92131be.dll
2010-01-16 21:04 . 2010-01-16 21:04 413696 ----a-w- c:\programdata\MGS\cache\m\mhbjgoldplugin.5d832144ec1b88e6caeb7446bbe13d54.dll
2010-01-16 21:04 . 2010-01-16 21:04 233472 ----a-w- c:\programdata\MGS\cache\b\bjgoldstatsplugin.67546387f1af1fe46f021dbce8a072f4.dll
2010-01-16 21:04 . 2010-01-16 21:04 225280 ----a-w- c:\programdata\MGS\cache\b\bjgoldautoplayplugin.9e04124b2f25d98a562d14260b995f0c.dll
2010-01-16 21:04 . 2010-01-16 21:04 147456 ----a-w- c:\programdata\MGS\cache\b\bjstrategylogic1.cae96e5e68740973929725d2ac549cc0.dll
2010-01-16 21:04 . 2010-01-16 21:04 126976 ----a-w- c:\programdata\MGS\cache\m\mhbjstrategyui1.95a00a7e6658ab8736067b646ccd9783.dll
2010-01-16 21:04 . 2010-01-16 21:04 225280 ----a-w- c:\programdata\MGS\cache\m\mhbjgoldxxx.042cb38dc856800dc292666302eb33ed.dll
2010-01-16 19:16 . 2010-01-16 19:16 53342 ----a-w- c:\programdata\MGS\cache\b\blplugin.43df87da33698c32bca7a2698484452d.dll
2010-01-16 19:16 . 2010-01-16 19:16 163840 ----a-w- c:\programdata\MGS\cache\g\goldseries_euroroulette.c04add4a4ccdfa99acf5bc9050a74d69.dll
2010-01-16 19:16 . 2010-01-16 19:16 412685 ----a-w- c:\programdata\MGS\cache\g\goldseries_roulette.1edb0f45625215829abaaca345d96e06.dll
2010-01-16 19:13 . 2010-01-16 19:13 114688 ----a-w- c:\programdata\MGS\cache\e\euroroulette.fa2b524975a5d8bbc30203d094e2b084.dll
2010-01-16 19:05 . 2010-01-16 19:05 114688 ----a-w- c:\programdata\MGS\cache\u\usroulette.111677cc695657a0c9a392432a7a3d55.dll
2010-01-12 10:42 . 2010-01-12 10:42 241696 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2010-01-06 15:39 . 2010-02-24 10:33 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-24 10:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-24 10:33 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 10:33 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 10:33 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 10:33 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 13:30 . 2010-02-24 10:33 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-05 20:39 . 2009-12-03 14:27 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2010-01-02 17:49 . 2010-01-02 17:49 764168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-01-02 06:38 . 2010-01-22 07:10 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 07:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 07:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 07:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"BitTorrent DNA"="c:\users\ordi\Program Files\DNA\btdna.exe" [2009-11-08 323392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 129560]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-30 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"RAM Idle Professional"="c:\program files\TweakNow PowerPack 2010\Module32\RAM2_XP.exe" [2010-03-16 88320]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]

c:\users\ordi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
ZMatrix.lnk - c:\program files\ZMatrix\matrix.exe [2003-2-3 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"="1"
"FirewallOverride"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):95,ef,be,0e,01,37,ca,01

R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2007-10-30 937984]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2007-08-31 20352]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 95896]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-01-07 236368]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-01-07 19160]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-23 181792]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'

2010-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3480139496-3202527204-2071106357-1000Core.job
- c:\users\ordi\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-30 23:15]

2010-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3480139496-3202527204-2071106357-1000UA.job
- c:\users\ordi\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-30 23:15]

2010-03-26 c:\windows\Tasks\Malwarebytes' Scheduled Scan for ordi.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-03-21 20:07]

2010-03-26 c:\windows\Tasks\Malwarebytes' Scheduled Update for ordi.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-03-21 20:07]

2010-03-25 c:\windows\Tasks\User_Feed_Synchronization-{874652C3-A2AF-4F40-BD65-FBDC09A524B3}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.ca/webhp?sourceid=navclient&hl=fr&ie=UTF-8
mStart Page = hxxp://www.shoptoshiba.ca/welcome
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{0FC85F5D-6207-4515-A490-45A549D285C0} - (no file)
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-26 15:49
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
RAM Idle Professional = c:\program files\TweakNow PowerPack 2010\Module32\RAM2_XP.exe?????????>?"c:\program files\TweakNow PowerPack 2010\Module32

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Heure de fin: 2010-03-26 15:54:47 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-03-26 19:54

Avant-CF: 165 614 555 136 octets libres
Après-CF: 165 265 014 784 octets libres

- - End Of File - - 1A085550D725FB5810577D7EA7D29B85
0
Réponse 10 / 10
Utilisateur anonyme
 
ben je crois qu'on a gagné....;)
0
SAmuellevesque
 
Ca marché Woww !!!! Vraiment merci Beaucoup ! Pour etre franc ton support est exectionel , tu explique bien et en plus tu trouve des solution quimarche ! haha merci bonne journée :)
0

Discussions similaires

Colis en cours de transport vers votre site de livraison ?
Ninan_5568 -
JulieVdr -

7 réponses
il est en cours de transport vers votre site de livraison
3rin -
Afrikarnak -

4 réponses