Connexion internet lente

je l'ai envoyé

http://www.cijoint.fr/cjlink.php?file=cj201008/cij5AaNh01.doc

c'est suffisant ou je dois continuer la suite du rapport?

la suite (il manque encore 3 pages)
http://www.cijoint.fr/cjlink.php?file=cj201008/cijjQKEj49.doc

et la fin:
http://www.cijoint.fr/cjlink.php?file=cj201008/cijBSR75wu.doc

voila, tout y est
le début en page 1 et tout le reste sur les liens ci-joints
merci encore beaucoup de ton aide

pas grand chose car ils sont dans un format inadapté pour moi

j'aurai preferé le bloc note

néanmoins j'ai vu de quoi te demander de faire combofix

ca me fait peur combofix
il n'y a pas d'autre solution?

contre les infections, il faut passer l'outil adapté

ce n'est pas une question de gout

suis les instructions pas à pas, et ca se passera bien

je n'arrive pas a déconnecter mon antispyware avg

c'est ce que j'ai fait, mais quand je lance combofix il me dit que c'est pas déco

fais le en mode sans echec

https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php

ca me fait pareil en mode sans echec...

bon j'ai désinstallé avg temporairement, j'ai fait combofix, mais il affiche pas de rapport a la fin
j'ai recherché combofix.txt, et il y a juste ca dedans:

ComboFix 10-08-29.04 - vincent 31/08/2010 17:43:05.1.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.2047.1022 [GMT 2:00]
Lancé depuis: C:\Users\vincent\Downloads\ComboFix.exe
AV: Emsisoft Anti-Malware *On-access scanning disabled* (Outdated) {0F8591BB-342B-4493-91C3-4E948ED21255}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

c'est bon, j'ai le rapport:
ComboFix 10-08-29.04 - vincent 31/08/2010 21:46:10.2.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.2047.1077 [GMT 2:00]
Lancé depuis: c:\users\vincent\Downloads\ComboFix.exe
AV: Emsisoft Anti-Malware *On-access scanning disabled* (Outdated) {0F8591BB-342B-4493-91C3-4E948ED21255}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\scrrnfr.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-07-28 au 2010-08-31 ))))))))))))))))))))))))))))))))))))
.

2010-08-31 20:01 . 2010-08-31 20:02 -------- d-----w- c:\users\vincent\AppData\Local\temp
2010-08-31 20:01 . 2010-08-31 20:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-31 19:08 . 2010-08-31 19:08 -------- d-----w- C:\$AVG
2010-08-31 19:07 . 2010-08-31 19:33 -------- d-----w- c:\programdata\avg9
2010-08-30 21:40 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-08-30 21:40 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-08-29 20:10 . 2010-08-29 20:11 -------- d-----w- c:\program files\Veetle
2010-08-29 17:08 . 2010-08-31 19:42 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-08-28 17:33 . 2010-08-29 20:27 -------- d-----w- c:\program files\List_Kill'em
2010-08-28 16:20 . 2010-08-28 16:28 -------- d-----w- c:\program files\ZHPDiag
2010-08-28 15:49 . 2010-08-28 15:49 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-28 11:11 . 2010-08-28 11:11 -------- d-----w- c:\users\vincent\AppData\Roaming\Malwarebytes
2010-08-28 11:11 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-28 11:10 . 2010-08-28 11:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-28 11:10 . 2010-08-28 11:10 -------- d-----w- c:\programdata\Malwarebytes
2010-08-28 11:10 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-27 17:39 . 2010-08-27 17:38 3330048 ----a-w- C:\DSLtest2102.exe
2010-08-25 14:45 . 2010-08-25 14:45 79368 ----a-w- c:\users\vincent\AppData\Roaming\Real\Update\setup3.12\RUP\vista.exe
2010-08-25 14:45 . 2010-08-25 14:45 73344 ----a-w- c:\users\vincent\AppData\Roaming\Real\Update\setup3.12\RUP\inst_config\gtapi_v6.dll
2010-08-25 14:45 . 2010-08-25 14:45 64000 ----a-w- c:\users\vincent\AppData\Roaming\Real\Update\setup3.12\RUP\inst_config\gcapi_dll.dll
2010-08-25 14:45 . 2010-08-25 14:45 52288 ----a-w- c:\users\vincent\AppData\Roaming\Real\Update\setup3.12\RUP\inst_config\gtapi.dll
2010-08-25 14:45 . 2010-08-25 14:45 122880 ----a-w- c:\users\vincent\AppData\Roaming\Real\Update\setup3.12\RUP\inst_config\compat.dll
2010-08-24 12:17 . 2010-08-24 12:17 456200 ----a-w- c:\users\vincent\AppData\Roaming\Real\Update\setup3.12\setup.exe
2010-08-23 07:59 . 2010-08-23 08:03 -------- d-----w- c:\program files\TicTacPhoto - Nocibe
2010-08-23 07:29 . 2010-08-23 07:45 -------- d-----w- C:\photos normandie
2010-08-06 15:39 . 2010-08-06 15:46 -------- d-----w- C:\foto avant normandie

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-31 19:52 . 2007-06-02 18:37 699984 ----a-w- c:\windows\system32\perfh00C.dat
2010-08-31 19:52 . 2007-06-02 18:37 121814 ----a-w- c:\windows\system32\perfc00C.dat
2010-08-31 19:07 . 2009-03-30 16:37 -------- d-----w- c:\program files\AVG
2010-08-31 15:23 . 2008-10-16 14:31 680 ----a-w- c:\users\vincent\AppData\Local\d3d9caps.dat
2010-08-31 14:54 . 2008-05-19 17:22 -------- d-----w- c:\programdata\Google Updater
2010-08-29 20:27 . 2007-11-06 15:22 -------- d-----w- c:\program files\PDF Password Cracker Pro v3.0
2010-08-29 16:19 . 2008-08-19 11:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-28 15:50 . 2007-09-16 07:43 -------- d-----w- c:\program files\Lavasoft
2010-08-28 15:50 . 2007-09-16 07:43 -------- d-----w- c:\programdata\Lavasoft
2010-08-27 20:28 . 2010-02-07 21:51 -------- d-----w- c:\users\vincent\AppData\Roaming\vlc
2010-08-26 12:47 . 2009-03-10 17:41 -------- d-----w- c:\program files\Steam
2010-08-25 14:45 . 2009-03-10 17:41 -------- d-----w- c:\program files\Common Files\Steam
2010-08-23 08:00 . 2007-08-23 14:37 132784 ----a-w- c:\users\vincent\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-23 15:22 . 2010-07-29 07:13 1496064 ----a-w- c:\users\vincent\AppData\Roaming\Mozilla\Firefox\Profiles\eo1swzrf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-07-23 15:22 . 2010-07-29 07:13 43008 ----a-w- c:\users\vincent\AppData\Roaming\Mozilla\Firefox\Profiles\eo1swzrf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-07-23 15:22 . 2010-07-29 07:13 338944 ----a-w- c:\users\vincent\AppData\Roaming\Mozilla\Firefox\Profiles\eo1swzrf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-07-23 15:22 . 2010-07-29 07:13 346112 ----a-w- c:\users\vincent\AppData\Roaming\Mozilla\Firefox\Profiles\eo1swzrf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-07-20 18:45 . 2010-04-11 19:08 -------- d-----w- c:\users\vincent\AppData\Roaming\FA3A4BCAD51E982E1BAF604FB2A202DF
2010-07-20 18:45 . 2010-01-21 07:36 -------- d-----w- c:\program files\Camfrog
2010-07-06 13:11 . 2007-06-02 09:24 -------- d-----w- c:\program files\Google
2010-07-06 12:53 . 2010-07-06 12:53 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb41D3.tmp.exe
1999-04-06 12:27 . 1999-04-06 12:27 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
2009-12-04 17:58 . 2009-12-04 17:58 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-06-02 18:48 . 2007-06-02 18:48 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-19 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-06-02 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 4468736]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-04 30192]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-14 98304]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 13:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 04:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RayV]
2008-09-07 15:30 3708200 ----a-w- c:\program files\RayV\RayV\RayV.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-05-07 16:51 1826816 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
2007-05-03 13:44 1116728 ----a-w- c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 00:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
2007-02-20 16:20 28672 ----a-w- c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 136176]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2007-01-08 449024]
R3 DTVFW;LITE-ON DVB-T USB adapter firmware;c:\windows\system32\DRIVERS\dtvfw.sys [x]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-04 30192]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-05-29 234864]
R3 usbdtv;LITE-ON DVB-T (PID=F001) receiver;c:\windows\system32\Drivers\usbdtv.sys [x]
R3 ZDPSp60;ZDPSp60 NDIS Protocol Driver;c:\windows\system32\Drivers\ZDPSp60.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2010-07-28 1935656]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-15 172032]
S2 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [2010-07-06 188416]
S2 lxbc_device;lxbc_device;c:\windows\system32\lxbccoms.exe [2007-03-15 537520]
S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2010-06-28 71008]


--- Autres Services/Pilotes en mémoire ---

*Deregistered* - emuohzyk
.
Contenu du dossier 'Tâches planifiées'

2010-08-31 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-06-02 16:38]

2010-08-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-02 06:27]

2010-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 13:11]

2010-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-06 13:11]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.orange.fr/
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: {02916216-3C9E-4E25-A80B-69849623BDF0} = 192.168.1.1
DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - hxxp://bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
FF - ProfilePath - c:\users\vincent\AppData\Roaming\Mozilla\Firefox\Profiles\eo1swzrf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Amazon.fr
FF - prefs.js: browser.startup.homepage - hxxp://www.orange.fr/|about:blank
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=fr&q=
FF - component: c:\users\vincent\AppData\Roaming\Mozilla\Firefox\Profiles\eo1swzrf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\npCpVod.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -

MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-osCheck - c:\program files\Norton Internet Security\osCheck.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-31 22:02
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85B83B4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x82675d1f
\Driver\ACPI -> acpi.sys @ 0x804699d6
\Driver\atapi -> ataport.SYS @ 0x806da9ae
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\emuohzyk]

.
Heure de fin: 2010-08-31 22:05:55
ComboFix-quarantined-files.txt 2010-08-31 20:05

Avant-CF: 39 923 326 976 octets libres
Après-CF: 39 962 894 336 octets libres

- - End Of File - - 8EEBF33F277B91B9CD1CDC2BE3636EB7


Voila
dit moi ce que tu en penses
encore merci!!!

tu penses qu'on va réussir ou pas?
quel est le pb???

je pense toujours qu'on va réussir

une infection mbr
un proxy
des fichiers bizarres

et avec defogger tu penses que ca sera suffisant?

non

c'est juste pour ne pas géner l'action de gmer

et gmer sera suffisant?

et le 2ème:
* Table <#compact-table>
* Tabulated <#compact-tabulated>
* CSV <#compact-csv>
* HTML <#compact-html>
* BBCode <#compact-bbcode>
* Show positives only

Antivirus Version Last update Result
AhnLab-V3 2010.09.05.00 2010.09.04 -
AntiVir 8.2.4.50 2010.09.03 -
Antiy-AVL 2.0.3.7 2010.09.03 -
Authentium 5.2.0.5 2010.09.04 -
Avast 4.8.1351.0 2010.09.05 -
Avast5 5.0.594.0 2010.09.05 -
AVG 9.0.0.851 2010.09.05 -
BitDefender 7.2 2010.09.05 -
CAT-QuickHeal 11.00 2010.09.03 -
ClamAV 0.96.2.0-git 2010.09.05 -
Comodo 5978 2010.09.05 -
DrWeb 5.0.2.03300 2010.09.05 -
Emsisoft 5.0.0.37 2010.09.05 -
eSafe 7.0.17.0 2010.09.01 -
eTrust-Vet 36.1.7835 2010.09.03 -
F-Prot 4.6.1.107 2010.09.01 -
F-Secure 9.0.15370.0 2010.09.05 -
Fortinet 4.1.143.0 2010.09.05 -
GData 21 2010.09.05 -
Ikarus T3.1.1.88.0 2010.09.05 -
Jiangmin 13.0.900 2010.09.05 -
K7AntiVirus 9.63.2442 2010.09.04 -
Kaspersky 7.0.0.125 2010.09.05 -
McAfee 5.400.0.1158 2010.09.05 -
McAfee-GW-Edition 2010.1B 2010.09.05 -
Microsoft 1.6103 2010.09.05 -
NOD32 5424 2010.09.05 -
Norman 6.05.11 2010.09.05 -
nProtect 2010-09-05.01 2010.09.05 -
Panda 10.0.2.7 2010.09.05 -
PCTools 7.0.3.5 2010.09.05 -
Prevx 3.0 2010.09.05 -
Rising 22.63.06.00 2010.09.05 -
Sophos 4.57.0 2010.09.05 -
Sunbelt 6834 2010.09.05 -
SUPERAntiSpyware 4.40.0.1006 2010.09.05 -
Symantec 20101.1.1.7 2010.09.05 -
TheHacker 6.5.2.1.364 2010.09.05 -
TrendMicro 9.120.0.1004 2010.09.05 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.05 -
VBA32 3.12.14.0 2010.09.03 -
ViRobot 2010.8.31.4017 2010.09.05 -
VirusBuster 12.64.17.1 2010.09.04 -

*MD5:* 479b74ca731e1434416cbd22a21d1610
*SHA1:* b83957a0db6545c564fab44d4e180765fdf94e52
*SHA256:* f87450d80e9bc04edd2d0c5172016bc629029744745a8b9be9558ddd6b05592c
*File size:* 73344 bytes
*Scan date:* 2010-09-05 13:55:53 (UTC)

Antivirus Version Last update Result

AhnLab-V3 2010.09.05.00 2010.09.04 -

AntiVir 8.2.4.50 2010.09.03 -

Antiy-AVL 2.0.3.7 2010.09.03 -

Authentium 5.2.0.5 2010.09.04 -

Avast 4.8.1351.0 2010.09.05 -

Avast5 5.0.594.0 2010.09.05 -

AVG 9.0.0.851 2010.09.05 -

BitDefender 7.2 2010.09.05 -

CAT-QuickHeal 11.00 2010.09.03 -

ClamAV 0.96.2.0-git 2010.09.05 -

Comodo 5978 2010.09.05 -

DrWeb 5.0.2.03300 2010.09.05 -

Emsisoft 5.0.0.37 2010.09.05 -

eSafe 7.0.17.0 2010.09.01 -

eTrust-Vet 36.1.7835 2010.09.03 -

F-Prot 4.6.1.107 2010.09.01 -

F-Secure 9.0.15370.0 2010.09.05 -

Fortinet 4.1.143.0 2010.09.05 -

GData 21 2010.09.05 -

Ikarus T3.1.1.88.0 2010.09.05 -

Jiangmin 13.0.900 2010.09.05 -

K7AntiVirus 9.63.2442 2010.09.04 -

Kaspersky 7.0.0.125 2010.09.05 -

McAfee 5.400.0.1158 2010.09.05 -

McAfee-GW-Edition 2010.1B 2010.09.05 -

Microsoft 1.6103 2010.09.05 -

NOD32 5424 2010.09.05 -

Norman 6.05.11 2010.09.05 -

nProtect 2010-09-05.01 2010.09.05 -

Panda 10.0.2.7 2010.09.05 -

PCTools 7.0.3.5 2010.09.05 -

Prevx 3.0 2010.09.05 -

Rising 22.63.06.00 2010.09.05 -

Sophos 4.57.0 2010.09.05 -

Sunbelt 6834 2010.09.05 -

SUPERAntiSpyware 4.40.0.1006 2010.09.05 -

Symantec 20101.1.1.7 2010.09.05 -

TheHacker 6.5.2.1.364 2010.09.05 -

TrendMicro 9.120.0.1004 2010.09.05 -

TrendMicro-HouseCall 9.120.0.1004 2010.09.05 -

VBA32 3.12.14.0 2010.09.03 -

ViRobot 2010.8.31.4017 2010.09.05 -

VirusBuster 12.64.17.1 2010.09.04 -

MD5: 479b74ca731e1434416cbd22a21d1610

SHA1: b83957a0db6545c564fab44d4e180765fdf94e52

SHA256: f87450d80e9bc04edd2d0c5172016bc629029744745a8b9be9558ddd6b05592c

File size: 73344 bytes

Scan date: 2010-09-05 13:55:53 (UTC)

"Antivirus", "Version", "Last update", "Result"
"AhnLab-V3", "2010.09.05.00", "2010.09.04", "-"
"AntiVir", "8.2.4.50", "2010.09.03", "-"
"Antiy-AVL", "2.0.3.7", "2010.09.03", "-"
"Authentium", "5.2.0.5", "2010.09.04", "-"
"Avast", "4.8.1351.0", "2010.09.05", "-"
"Avast5", "5.0.594.0", "2010.09.05", "-"
"AVG", "9.0.0.851", "2010.09.05", "-"
"BitDefender", "7.2", "2010.09.05", "-"
"CAT-QuickHeal", "11.00", "2010.09.03", "-"
"ClamAV", "0.96.2.0-git", "2010.09.05", "-"
"Comodo", "5978", "2010.09.05", "-"
"DrWeb", "5.0.2.03300", "2010.09.05", "-"
"Emsisoft", "5.0.0.37", "2010.09.05", "-"
"eSafe", "7.0.17.0", "2010.09.01", "-"
"eTrust-Vet", "36.1.7835", "2010.09.03", "-"
"F-Prot", "4.6.1.107", "2010.09.01", "-"
"F-Secure", "9.0.15370.0", "2010.09.05", "-"
"Fortinet", "4.1.143.0", "2010.09.05", "-"
"GData", "21", "2010.09.05", "-"
"Ikarus", "T3.1.1.88.0", "2010.09.05", "-"
"Jiangmin", "13.0.900", "2010.09.05", "-"
"K7AntiVirus", "9.63.2442", "2010.09.04", "-"
"Kaspersky", "7.0.0.125", "2010.09.05", "-"
"McAfee", "5.400.0.1158", "2010.09.05", "-"
"McAfee-GW-Edition", "2010.1B", "2010.09.05", "-"
"Microsoft", "1.6103", "2010.09.05", "-"
"NOD32", "5424", "2010.09.05", "-"
"Norman", "6.05.11", "2010.09.05", "-"
"nProtect", "2010-09-05.01", "2010.09.05", "-"
"Panda", "10.0.2.7", "2010.09.05", "-"
"PCTools", "7.0.3.5", "2010.09.05", "-"
"Prevx", "3.0", "2010.09.05", "-"
"Rising", "22.63.06.00", "2010.09.05", "-"
"Sophos", "4.57.0", "2010.09.05", "-"
"Sunbelt", "6834", "2010.09.05", "-"
"SUPERAntiSpyware", "4.40.0.1006", "2010.09.05", "-"
"Symantec", "20101.1.1.7", "2010.09.05", "-"
"TheHacker", "6.5.2.1.364", "2010.09.05", "-"
"TrendMicro", "9.120.0.1004", "2010.09.05", "-"
"TrendMicro-HouseCall", "9.120.0.1004", "2010.09.05", "-"
"VBA32", "3.12.14.0", "2010.09.03", "-"
"ViRobot", "2010.8.31.4017", "2010.09.05", "-"
"VirusBuster", "12.64.17.1", "2010.09.04", "-"
"MD5", "479b74ca731e1434416cbd22a21d1610"
"SHA1", "b83957a0db6545c564fab44d4e180765fdf94e52"
"SHA256",
"f87450d80e9bc04edd2d0c5172016bc629029744745a8b9be9558ddd6b05592c"
"File size", "73344 bytes"
"Scan date", "2010-09-05 13:55:53 (UTC)"

<table id="filescan">
<tr>
<th>Antivirus</th>
<th>Version</th>
<th>Last update</th>
<th>Result</th>
</tr>
<tr>
<td>AhnLab-V3</td>
<td>2010.09.05.00</td>
<td>2010.09.04</td>
<td>-</td>
</tr>
<tr>
<td>AntiVir</td>
<td>8.2.4.50</td>
<td>2010.09.03</td>
<td>-</td>
</tr>
<tr>
<td>Antiy-AVL</td>
<td>2.0.3.7</td>
<td>2010.09.03</td>
<td>-</td>
</tr>
<tr>
<td>Authentium</td>
<td>5.2.0.5</td>
<td>2010.09.04</td>
<td>-</td>
</tr>
<tr>
<td>Avast</td>
<td>4.8.1351.0</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>Avast5</td>
<td>5.0.594.0</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>AVG</td>
<td>9.0.0.851</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>BitDefender</td>
<td>7.2</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>CAT-QuickHeal</td>
<td>11.00</td>
<td>2010.09.03</td>
<td>-</td>
</tr>
<tr>
<td>ClamAV</td>
<td>0.96.2.0-git</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>Comodo</td>
<td>5978</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>DrWeb</td>
<td>5.0.2.03300</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>Emsisoft</td>
<td>5.0.0.37</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>eSafe</td>
<td>7.0.17.0</td>
<td>2010.09.01</td>
<td>-</td>
</tr>
<tr>
<td>eTrust-Vet</td>
<td>36.1.7835</td>
<td>2010.09.03</td>
<td>-</td>
</tr>
<tr>
<td>F-Prot</td>
<td>4.6.1.107</td>
<td>2010.09.01</td>
<td>-</td>
</tr>
<tr>
<td>F-Secure</td>
<td>9.0.15370.0</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>Fortinet</td>
<td>4.1.143.0</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>GData</td>
<td>21</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>Ikarus</td>
<td>T3.1.1.88.0</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>Jiangmin</td>
<td>13.0.900</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>K7AntiVirus</td>
<td>9.63.2442</td>
<td>2010.09.04</td>
<td>-</td>
</tr>
<tr>
<td>Kaspersky</td>
<td>7.0.0.125</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>McAfee</td>
<td>5.400.0.1158</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>McAfee-GW-Edition</td>
<td>2010.1B</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>Microsoft</td>
<td>1.6103</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>NOD32</td>
<td>5424</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>Norman</td>
<td>6.05.11</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>nProtect</td>
<td>2010-09-05.01</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>Panda</td>
<td>10.0.2.7</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>PCTools</td>
<td>7.0.3.5</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>Prevx</td>
<td>3.0</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>Rising</td>
<td>22.63.06.00</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>Sophos</td>
<td>4.57.0</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>Sunbelt</td>
<td>6834</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>SUPERAntiSpyware</td>
<td>4.40.0.1006</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>Symantec</td>
<td>20101.1.1.7</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>TheHacker</td>
<td>6.5.2.1.364</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>TrendMicro</td>
<td>9.120.0.1004</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>TrendMicro-HouseCall</td>
<td>9.120.0.1004</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>VBA32</td>
<td>3.12.14.0</td>
<td>2010.09.03</td>
<td>-</td>
</tr>
<tr>
<td>ViRobot</td>
<td>2010.8.31.4017</td>
<td>2010.09.05</td>
<td>-</td>
</tr>
<tr>
<td>VirusBuster</td>
<td>12.64.17.1</td>
<td>2010.09.04</td>
<td>-</td>
</tr>
<table>

<table id="fileinfo">
<tr>
<th>Additional information</th>
</tr>
<tr>
<td><strong>MD5:</strong> 479b74ca731e1434416cbd22a21d1610</td>
</tr>
<tr>
<td><strong>SHA1:</strong>
b83957a0db6545c564fab44d4e180765fdf94e52</td>
</tr>
<tr>
<td><strong>SHA256:</strong>
f87450d80e9bc04edd2d0c5172016bc629029744745a8b9be9558ddd6b05592c</td>
</tr>
<tr>
<td><strong>File size:</strong> 73344 bytes</td>
</tr>
<tr>
<td><strong>Scan date:</strong> 2010-09-05 13:55:53 (UTC)</td>
</tr>
</table>
[i]Antivirus results/i
AhnLab-V3 - 2010.09.05.00 - 2010.09.04 - -
AntiVir - 8.2.4.50 - 2010.09.03 - -
Antiy-AVL - 2.0.3.7 - 2010.09.03 - -
Authentium - 5.2.0.5 - 2010.09.04 - -
Avast - 4.8.1351.0 - 2010.09.05 - -
Avast5 - 5.0.594.0 - 2010.09.05 - -
AVG - 9.0.0.851 - 2010.09.05 - -
BitDefender - 7.2 - 2010.09.05 - -
CAT-QuickHeal - 11.00 - 2010.09.03 - -
ClamAV - 0.96.2.0-git - 2010.09.05 - -
Comodo - 5978 - 2010.09.05 - -
DrWeb - 5.0.2.03300 - 2010.09.05 - -
Emsisoft - 5.0.0.37 - 2010.09.05 - -
eSafe - 7.0.17.0 - 2010.09.01 - -
eTrust-Vet - 36.1.7835 - 2010.09.03 - -
F-Prot - 4.6.1.107 - 2010.09.01 - -
F-Secure - 9.0.15370.0 - 2010.09.05 - -
Fortinet - 4.1.143.0 - 2010.09.05 - -
GData - 21 - 2010.09.05 - -
Ikarus - T3.1.1.88.0 - 2010.09.05 - -
Jiangmin - 13.0.900 - 2010.09.05 - -
K7AntiVirus - 9.63.2442 - 2010.09.04 - -
Kaspersky - 7.0.0.125 - 2010.09.05 - -
McAfee - 5.400.0.1158 - 2010.09.05 - -
McAfee-GW-Edition - 2010.1B - 2010.09.05 - -
Microsoft - 1.6103 - 2010.09.05 - -
NOD32 - 5424 - 2010.09.05 - -
Norman - 6.05.11 - 2010.09.05 - -
nProtect - 2010-09-05.01 - 2010.09.05 - -
Panda - 10.0.2.7 - 2010.09.05 - -
PCTools - 7.0.3.5 - 2010.09.05 - -
Prevx - 3.0 - 2010.09.05 - -
Rising - 22.63.06.00 - 2010.09.05 - -
Sophos - 4.57.0 - 2010.09.05 - -
Sunbelt - 6834 - 2010.09.05 - -
SUPERAntiSpyware - 4.40.0.1006 - 2010.09.05 - -
Symantec - 20101.1.1.7 - 2010.09.05 - -
TheHacker - 6.5.2.1.364 - 2010.09.05 - -
TrendMicro - 9.120.0.1004 - 2010.09.05 - -
TrendMicro-HouseCall - 9.120.0.1004 - 2010.09.05 - -
VBA32 - 3.12.14.0 - 2010.09.03 - -
ViRobot - 2010.8.31.4017 - 2010.09.05 - -
VirusBuster - 12.64.17.1 - 2010.09.04 - -
[i]File info:/i
MD5: 479b74ca731e1434416cbd22a21d1610
SHA1: b83957a0db6545c564fab44d4e180765fdf94e52
SHA256: f87450d80e9bc04edd2d0c5172016bc629029744745a8b9be9558ddd6b05592c
File size: 73344 bytes
Scan date: 2010-09-05 13:55:53 (UTC)

¤¤¤¤¤¤¤¤¤¤ Proxy_Kill by Gen-Hackman

¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤


¤¤¤¤¤¤¤¤¤¤ Firefox ¤¤¤¤¤¤¤¤¤¤

Deleted : user_pref("network.proxy.http", "localhost");
Deleted : user_pref("network.proxy.http_port", 9666);



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

voici le rapport:
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.0.3 ¤¤¤¤¤¤¤¤¤¤

User : vincent (Administrateurs)
Update on 05/09/2010 by g3n-h@ckm@n ::::: 08.15
Start at: 20:10:42 | 05/09/2010

Intel(R) Pentium(R) D CPU 3.00GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6000 32-bit) #
Internet Explorer 7.0.6000.16757
Windows Firewall Status : Disabled
AV : AVG Anti-Virus Free 9.0 [ (!) Disabled | Updated ]

C:\ -> Disque fixe local | 141,04 Go (39,99 Go free) [HDD] | NTFS
D:\ -> Disque amovible
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque CD-ROM

Boot: Normal

¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer


C:\Windows\System32\smss.exe ---- 660 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\Windows\system32\csrss.exe ---- 9092 Ko ---- Normal ---- C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\Windows\system32\wininit.exe ---- 3776 Ko ---- High ---- wininit.exe ----
C:\Windows\system32\csrss.exe ---- 7456 Ko ---- Normal ---- C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\Program Files\AVG\AVG9\avgchsvx.exe ---- 20108 Ko ---- Normal ---- "C:\Program Files\AVG\AVG9\avgchsvx.exe" ---- AVG Technologies
C:\Program Files\AVG\AVG9\avgrsx.exe ---- 688 Ko ---- Normal ---- "C:\Program Files\AVG\AVG9\avgrsx.exe" ---- AVG Technologies
C:\Windows\system32\services.exe ---- 7528 Ko ---- Normal ---- C:\Windows\system32\services.exe ----
C:\Windows\system32\lsass.exe ---- 2344 Ko ---- Normal ---- C:\Windows\system32\lsass.exe ----
C:\Windows\system32\lsm.exe ---- 4852 Ko ---- Normal ---- C:\Windows\system32\lsm.exe ----
C:\Program Files\AVG\AVG9\avgcsrvx.exe ---- 444 Ko ---- Normal ---- /pipeName=43517a76-ccd5-4640-9e14-32c5f2abf13b /coreSdkOptions=30 /logConfFile="C:\ProgramData\avg9\temp\d67a55dd-afee-4185-b135-c04dc8e12df6-27c-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files\AVG\AVG9\" /tempPath="C:\ProgramData\avg9\temp\" ---- AVG Technologies
C:\Windows\system32\svchost.exe ---- 6412 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k DcomLaunch ----
C:\Windows\system32\winlogon.exe ---- 4860 Ko ---- High ---- winlogon.exe ----
C:\Windows\system32\svchost.exe ---- 6752 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k rpcss ----
C:\Windows\system32\atiesrxx.exe ---- 3140 Ko ---- Normal ---- C:\Windows\system32\atiesrxx.exe ----
C:\Windows\System32\svchost.exe ---- 10832 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted ----
C:\Windows\System32\svchost.exe ---- 71408 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted ----
C:\Windows\system32\svchost.exe ---- 101376 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k netsvcs ----
C:\Windows\system32\SLsvc.exe ---- 3780 Ko ---- Normal ---- C:\Windows\system32\SLsvc.exe ----
C:\Windows\system32\atieclxx.exe ---- 4232 Ko ---- Normal ---- atieclxx ----
C:\Windows\system32\svchost.exe ---- 11548 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalService ----
C:\Windows\system32\svchost.exe ---- 12760 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k NetworkService ----
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe ---- 1468 Ko ---- Normal ---- "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe" ---- Lavasoft AB
C:\Windows\system32\Dwm.exe ---- 41784 Ko ---- High ---- "C:\Windows\system32\Dwm.exe" ----
C:\Windows\Explorer.EXE ---- 68788 Ko ---- Normal ---- C:\Windows\Explorer.EXE ----
C:\Windows\RtHDVCpl.exe ---- 5468 Ko ---- Normal ---- "C:\Windows\RtHDVCpl.exe" ----
C:\Program Files\AVG\AVG9\avgtray.exe ---- 4704 Ko ---- Normal ---- "C:\Program Files\AVG\AVG9\avgtray.exe" ---- AVG Technologies
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ---- 2104 Ko ---- Normal ---- "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ---- Google Inc
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe ---- 4376 Ko ---- Normal ---- "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM" ----
C:\Windows\System32\spoolsv.exe ---- 11100 Ko ---- Normal ---- C:\Windows\System32\spoolsv.exe ----
C:\Windows\system32\taskeng.exe ---- 5088 Ko ---- Below Normal ---- taskeng.exe {3724AB17-76B8-44E6-9570-81121F84866D} ----
C:\Windows\system32\svchost.exe ---- 11904 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork ----
C:\Program Files\Google\Update\GoogleUpdate.exe ---- 2596 Ko ---- Normal ---- "C:\Program Files\Google\Update\GoogleUpdate.exe" /c ---- Google Inc
C:\Windows\system32\taskeng.exe ---- 9368 Ko ---- Normal ---- taskeng.exe {1FB695A0-E498-44AD-81CE-D77031235E7B} ----
C:\Program Files\AVG\AVG9\avgwdsvc.exe ---- 2596 Ko ---- Normal ---- "C:\Program Files\AVG\AVG9\avgwdsvc.exe" ---- AVG Technologies
C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe ---- 16408 Ko ---- Normal ---- "C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe" ----
C:\Windows\system32\lxbccoms.exe ---- 4072 Ko ---- High ---- C:\Windows\system32\lxbccoms.exe -service ---- Lexmark International, Inc.
C:\Windows\system32\Taskmgr.exe ---- 10348 Ko ---- High ---- "Taskmgr.exe" ----
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe ---- 14776 Ko ---- Normal ---- "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0 ----
C:\Program Files\AVG\AVG9\avgnsx.exe ---- 1656 Ko ---- Normal ---- "C:\Program Files\AVG\AVG9\avgnsx.exe" ---- AVG Technologies
C:\Windows\System32\svchost.exe ---- 3912 Ko ---- Normal ---- "C:\Windows\System32\svchost.exe" ----
C:\Windows\system32\svchost.exe ---- 4552 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted ----
C:\Windows\system32\svchost.exe ---- 5384 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k imgsvc ----
C:\Windows\System32\svchost.exe ---- 2856 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k WerSvcGroup ----
C:\Windows\system32\SearchIndexer.exe ---- 22020 Ko ---- Normal ---- C:\Windows\system32\SearchIndexer.exe /Embedding ----
C:\Windows\system32\WUDFHost.exe ---- 5324 Ko ---- Normal ---- "C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-d630fb14-8fa1-473f-b32c-6d0e53795515 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-11c99913-bfa3-4853-aaf5-6fe20a3c38b4 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-5fb59b88-55d6-4516-80ae-164f8181e376 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:153e39ae-4f7a-45bd-a5b0-4f8d623251fc ----
C:\Windows\System32\svchost.exe ---- 3288 Ko ---- Normal ---- "C:\Windows\System32\svchost.exe" ----
C:\Program Files\Windows Media Player\wmpnetwk.exe ---- 11224 Ko ---- Normal ---- "C:\Program Files\Windows Media Player\wmpnetwk.exe" ----
C:\Windows\system32\wuauclt.exe ---- 7840 Ko ---- Normal ---- "C:\Windows\system32\wuauclt.exe" ---- Microsoft Windows Component Publisher
C:\Windows\system32\conime.exe ---- 4244 Ko ---- Normal ---- C:\Windows\system32\conime.exe ----
C:\Program Files\Mozilla Firefox\firefox.exe ---- 138680 Ko ---- Normal ---- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "https://www.virustotal.com/gui/" ---- Mozilla Corporation
C:\Program Files\Mozilla Firefox\plugin-container.exe ---- 28544 Ko ---- Normal ---- "C:\Program Files\Mozilla Firefox\plugin-container.exe" --channel=2804.abdd160.2009799849 "C:\Windows\system32\Macromed\Flash\NPSWF32.dll" 2804 plugin \.\pipe\gecko-crash-server-pipe.2804 ---- Mozilla Corporation
C:\Windows\system32\SearchProtocolHost.exe ---- 9088 Ko ---- Idle ---- "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe10_ Global\UsGthrCtrlFltPipeMssGthrPipe10 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot) " "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" ----
C:\Windows\system32\SearchFilterHost.exe ---- 5980 Ko ---- Idle ---- "C:\Windows\system32\SearchFilterHost.exe" 0 668 672 680 65536 676 ----
C:\Windows\system32\cmd.exe ---- 3548 Ko ---- Normal ---- C:\Windows\system32\cmd.exe /K List'em.bat ----
C:\Windows\system32\wbem\wmiprvse.exe ---- 8556 Ko ---- Normal ---- C:\Windows\system32\wbem\wmiprvse.exe ----
C:\Program Files\List_Kill'em\pv.exe ---- 5220 Ko ---- Normal ---- pv -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ----


¤¤¤¤¤¤¤¤¤¤ Keys "Run" ¤¤¤¤¤¤¤¤¤¤

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
swg = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Windows Defender = %ProgramFiles%\Windows Defender\MSASCui.exe -hide
RtHDVCpl = RtHDVCpl.exe
Google Desktop Search = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
StartCCC = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
AVG9_TRAY = C:\PROGRA~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
ConsentPromptBehaviorAdmin = 2 (0x2)
ConsentPromptBehaviorUser = 1 (0x1)
EnableInstallerDetection = 1 (0x1)
EnableLUA = 1 (0x1)
EnableSecureUIAPaths = 1 (0x1)
EnableVirtualization = 1 (0x1)
PromptOnSecureDesktop = 1 (0x1)
ValidateAdminCodeSignatures = 0 (0x0)
dontdisplaylastusername = 0 (0x0)
legalnoticecaption =
legalnoticetext =
scforceoption = 0 (0x0)
shutdownwithoutlogon = 1 (0x1)
undockwithoutlogon = 1 (0x1)
FilterAdministratorToken = 0 (0x0)
DisableRegistryTools = 0 (0x0)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 0 (0x0)
NoDrives = 0 (0x0)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDrives = 0 (0x0)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS = C:\PROGRA~1\GOOGLE\GOOGLE~3\GOOGLEDESKTOPNETWORK3.DLL,AVGRSSTX.DLL C:\PROGRA~1\GOOGLE\GOOGLE~3\GOEC62~1.DLL

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
ReportBootOk = 1
Shell = Explorer.exe
Userinit = C:\Windows\system32\userinit.exe,
VmApplet = rundll32 shell32,Control_RunDLL "sysdm.cpl"
AutoRestartShell = 1 (0x1)
LegalNoticeCaption =
LegalNoticeText =
PowerdownAfterShutdown = 0
ShutdownWithoutLogon = 0
cachedlogonscount = 10
forceunlocklogon = 0 (0x0)
passwordexpirywarning = 14 (0xe)
Background = 0 0 0
DebugServerCommand = no
WinStationsDisabled = 0
DisableCAD = 1 (0x1)
scremoveoption = 0
ShutdownFlags = 43 (0x2b)
LegalNotice Text =
SFCDisable = 0 (0x0)
System =

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} =

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\PROGRA~1\ALLOCA~1\allocam.exe = C:\PROGRA~1\ALLOCA~1\allocam.exe:*:Enabled:Multi Video
C:\Program Files\BitTorrent\bittorrent.exe = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D6F45B3-9043-443D-A792-115447494D24}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{B8BE5E93-A60C-4D26-A2DC-220313175592}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{C3F79A2B-B9B4-4A66-B012-3EE46475B072}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A}]

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{166B1BCA-3F9C-11CF-8075-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{233C1507-6A77-46A4-9443-F871F945D258}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A202491-F00D-11cf-87CC-0020AFEECF20}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AAC3F1F0-5649-4670-A698-F1523729F015}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]

¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤

HKLM\SYSTEM\CCS\Services\Tcpip\..\{02916216-3C9E-4E25-A80B-69849623BDF0}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{02916216-3C9E-4E25-A80B-69849623BDF0}: NameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{02916216-3C9E-4E25-A80B-69849623BDF0}: NameServer=192.168.1.1


¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = %SystemRoot%\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.orange.fr/portail
Local Page = C:\Windows\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

¤¤¤¤¤ Proxy Internet Explorer

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0 (0x0)


¤¤¤¤¤¤¤¤¤¤ Proxy Firefox ¤¤¤¤¤¤¤¤¤¤


¤¤¤¤¤¤¤¤¤¤ TaskCache ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\Apple]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\Extension de garantie]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\Google Software Updater]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\GoogleUpdateTaskMachineCore]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\GoogleUpdateTaskMachineUA]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\Microsoft]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{01BE72C6-CF2A-481E-A56C-AAC36BC9DEE3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{1BF0E12B-8B72-4597-85EE-8BC9ACB3CE12}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{53084B26-A5C1-4DE3-9E89-FCA282D602EF}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{62751448-39C6-4B54-9689-F65F1A4B10D6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{930D6A0E-6130-443C-A2C3-6823FC3BC932}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{AD693C9B-7AB8-4779-9D59-01F914773DD1}]

¤¤¤¤¤¤¤¤¤¤ IFEO ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cqw32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DllNXOptions]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IEInstal.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wpwin8.EXE]

¤¤¤¤¤¤¤¤¤¤ File Protection ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection]
KnownDllList = nlhtml.dll
SFCDisable = 0 (0x0)

¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤

C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\drivers\atapi.sys :
[MD5.4f4fcb8b6ea06784fb6d475b7ec7300f]
[SHA256.6202d85c9a75e3f01f5f94f069c4cd8a2b9295a182301eae5940ec3bc2c1d896]

C:\Windows\ERDNT\cache\atapi.sys :
[MD5.4f4fcb8b6ea06784fb6d475b7ec7300f]
[SHA256.6202d85c9a75e3f01f5f94f069c4cd8a2b9295a182301eae5940ec3bc2c1d896]

C:\Windows\SoftwareDistribution\Download\b2ee164db645e6bc8d77bb51f082e3b3\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys :
[MD5.2d9c903dc76a66813d350a562de40ed9]
[SHA256.82609f01a08c6842e4c17c077bb641c1429c0e6657964b7f2d114035e1bdcbf3]

C:\Windows\System32\drivers\atapi.sys :
[MD5.4f4fcb8b6ea06784fb6d475b7ec7300f]
[SHA256.6202d85c9a75e3f01f5f94f069c4cd8a2b9295a182301eae5940ec3bc2c1d896]

C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys :
[MD5.4f4fcb8b6ea06784fb6d475b7ec7300f]
[SHA256.6202d85c9a75e3f01f5f94f069c4cd8a2b9295a182301eae5940ec3bc2c1d896]

¤¤¤¤¤ Reference

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 338c86357871c167a96ab976519bf59e
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

¤¤¤¤¤¤¤¤¤¤ Drive ¤¤¤¤¤¤¤¤¤¤

D'fragmenteur de disque Windows
Copyright (c) 2006 Microsoft Corp.

Rapport d'analyse pour le volume C: HDD

Taille du volume = 141 Go
Espace libre = 40.00 Go
tendue d'espace libre la plus grande = 4.68 Go
Pourcentage de fragmentation des fichiers = 2 %

Remarqueÿ: sur les volumes NTFS, les fragments de fichiers de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.

Il n'est pas n'cessaire de d'fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤


¤¤¤¤¤¤¤¤¤¤ Rogues Infections ¤¤¤¤¤¤¤¤¤¤

Possible Rogue !! ::: C:\Users\vincent\AppData\Roaming\FA3A4BCAD51E982E1BAF604FB2A202DF\enemies-names.txt
Possible Rogue !! ::: C:\Users\vincent\AppData\Roaming\FA3A4BCAD51E982E1BAF604FB2A202DF\local.ini

¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤

Present !! : C:\ProgramData\LUUnInstall.LiveUpdate
Present !! : C:\ProgramData\LUUnInstall.LiveUpdate
Present !! : C:\ProgramData\LUUnInstall.LiveUpdate
Present !! : C:\ProgramData\LUUnInstall.LiveUpdate
Present !! : C:\Program Files\EoRezo
Present !! : C:\Windows\_delis32.ini
Present !! : C:\Windows\System32\~.inf
Present !! : C:\Windows\System32\~.tmp
Present !! : C:\Windows\System32\~.tmp
Present !! : C:\Windows\System32\SET755D.tmp
Present !! : C:\Windows\Temp\gd26A2.tmp
Present !! : C:\Windows\Temp\gd4681.tmp
Present !! : C:\Windows\Temp\gdFF06.tmp
Present !! : C:\Users\vincent\Nota Bene Professeur.exe
Present !! : C:\Users\vincent\SETUP1.EXE
Present !! : C:\Users\vincent\AppData\Local\bavbiw.bat
Present !! : C:\Users\vincent\AppData\Local\d3d9caps.dat
Present !! : C:\Users\vincent\AppData\Local\fusioncache.dat
Present !! : C:\Users\vincent\AppData\Local\GDIPFONTCACHEV1.DAT
Present !! : C:\Users\vincent\AppData\Roaming\EoRezo
Present !! : C:\Users\vincent\downloads\setup.exe
Present !! : C:\Users\vincent\Local Settings\Temp\mm1.mht
Present !! : C:\Users\vincent\Local Settings\Temp\mm2.mht
Present !! : C:\Users\vincent\Local Settings\Temp\mm3.mht
Present !! : C:\Users\vincent\Local Settings\Temp\mm4.mht
Present !! : C:\Users\vincent\LOCAL Settings\Temp\SearchWithGoogleUpdate.exe

¤¤¤¤¤¤¤¤¤¤ Keys :

Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives
Present !! : "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
Present !! : HKCR\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
Present !! : HKCR\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d}
Present !! : HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
Present !! : HKCU\SOFTWARE\EoRezo
Present !! : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
Present !! : HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
Present !! : HKLM\Software\Classes\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}

FEATURE_BROWSER_EMULATION | svchost :
====================================


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-05 20:36:19
Windows 6.0.6000 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85BECB4C]<<
kernel: MBR read successfully
user & kernel MBR OK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1 (0x1)
FirewallDisableNotify = 0 (0x0)
AntiVirusDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

End of scan : 20:37:03,49

le suivant:
http://www.cijoint.fr/cjlink.php?file=cj201009/cijQeX8UTU.txt

et le fichier more.txt:
http://www.cijoint.fr/cjlink.php?file=cj201009/cij5V4M8D8.txt

et ensuite le pb sera réglé ou pas??

fais déjà killem option clean et les MAJ

j'ai déja installé sp1
je dois vraiment installer le sp2?

à ton avis que vais je répondre !!!

ok ok...