Virus dans ma boîte hotmail !
Résolu/Fermé
Headl0ck
Messages postés
78
Date d'inscription
mercredi 22 juillet 2009
Statut
Membre
Dernière intervention
17 juillet 2014
-
8 sept. 2010 à 20:06
jacques.gache Messages postés 33453 Date d'inscription mardi 13 novembre 2007 Statut Contributeur sécurité Dernière intervention 25 janvier 2016 - 17 déc. 2010 à 23:02
jacques.gache Messages postés 33453 Date d'inscription mardi 13 novembre 2007 Statut Contributeur sécurité Dernière intervention 25 janvier 2016 - 17 déc. 2010 à 23:02
A voir également:
- Virus dans ma boîte hotmail !
- Se connecter à ma boite hotmail - Guide
- Hotmail - Accueil - Mail
- Créer une adresse hotmail - Guide
- Boite gmail saturée - Guide
- Boîte mail française gratuite - Guide
55 réponses
jacques.gache
Messages postés
33453
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 616
8 sept. 2010 à 21:33
8 sept. 2010 à 21:33
bonjour, passes usbfix, et puis postes un zhpdiag, merci
1) passes usbfix
* Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
* Telecharges et installes: http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
* Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisis "éxécuter en tant qu'administrateur" .
* choisi l'option 2 ( Suppression )
* Ton bureau disparaitra et le pc redémarrera .
* Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.
* Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
* Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Pendant son nettoyage, l'outil a récolté certains fichiers infectieux.
Nous vous demandons de nous les faire parvenir pour des futures mises à jour, ainsi que pour un meilleur traitement des infections.
Nous vous remercions pour votre contribution.
.UsbFix te proposera d'uploader un dossier compressé à cette adresse : https://www.ionos.fr/?affiliate_id=77097
Ce dossier a été créé par UsbFix et est enregistré sur ton bureau.
Merci de l'envoyer à l'adresse indiquée afin d'aider l'auteur de UsbFix dans ses recherches.
Merci d'avance pour ta contribution !!
2) postes un zhpdiag
Ouvre ce lien et télécharge ZHPDiag :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
cliques sur télécharger "celui de droite"
ou directement ici: https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
et si problème : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
tu vas en bas de la page et tu télécharges le premier tu et tu dézippes
Enregistres le sur ton Bureau.
Une fois le téléchargement achevé
pour XP, double-clique sur ZHPDiag
pour Vista,et seven tu fais un clic droit sur l'icône et exécute en tant qu'administrateur.
N'oublies pas de cocher la case qui permet de mettre un raccourci sur le Bureau.
/|\ l'outil a créé 2 icônes ZHPDiag et ZHPFix.
Double cliques sur le raccourci ZHPDiag sur ton Bureau pour XP sinon clique droit et en tant que administrateur !!
Clique sur le Tournevis puis sur Tous pour cocher toutes les cases des options.
Cliques sur la loupe pour lancer l'analyse.
Laisses l'outil travailler, il peut être assez long.
A la fin de l'analyse,clique sur l'appareil photo et enregistre le rapport sur ton Bureau.
Fermes ZHPDiag en fin d'analyse.
Pour me le transmettre clique sur ce lien :
http://www.cijoint.fr/index.php
Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\bureau\.ZHPDiag.txt
ou directement en choisissant bureau et ZHPDiag.txt clique dessus
Clique sur Ouvrir.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
1) passes usbfix
* Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
* Telecharges et installes: http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
* Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisis "éxécuter en tant qu'administrateur" .
* choisi l'option 2 ( Suppression )
* Ton bureau disparaitra et le pc redémarrera .
* Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.
* Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
* Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Pendant son nettoyage, l'outil a récolté certains fichiers infectieux.
Nous vous demandons de nous les faire parvenir pour des futures mises à jour, ainsi que pour un meilleur traitement des infections.
Nous vous remercions pour votre contribution.
.UsbFix te proposera d'uploader un dossier compressé à cette adresse : https://www.ionos.fr/?affiliate_id=77097
Ce dossier a été créé par UsbFix et est enregistré sur ton bureau.
Merci de l'envoyer à l'adresse indiquée afin d'aider l'auteur de UsbFix dans ses recherches.
Merci d'avance pour ta contribution !!
2) postes un zhpdiag
Ouvre ce lien et télécharge ZHPDiag :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
cliques sur télécharger "celui de droite"
ou directement ici: https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
et si problème : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
tu vas en bas de la page et tu télécharges le premier tu et tu dézippes
Enregistres le sur ton Bureau.
Une fois le téléchargement achevé
pour XP, double-clique sur ZHPDiag
pour Vista,et seven tu fais un clic droit sur l'icône et exécute en tant qu'administrateur.
N'oublies pas de cocher la case qui permet de mettre un raccourci sur le Bureau.
/|\ l'outil a créé 2 icônes ZHPDiag et ZHPFix.
Double cliques sur le raccourci ZHPDiag sur ton Bureau pour XP sinon clique droit et en tant que administrateur !!
Clique sur le Tournevis puis sur Tous pour cocher toutes les cases des options.
Cliques sur la loupe pour lancer l'analyse.
Laisses l'outil travailler, il peut être assez long.
A la fin de l'analyse,clique sur l'appareil photo et enregistre le rapport sur ton Bureau.
Fermes ZHPDiag en fin d'analyse.
Pour me le transmettre clique sur ce lien :
http://www.cijoint.fr/index.php
Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\bureau\.ZHPDiag.txt
ou directement en choisissant bureau et ZHPDiag.txt clique dessus
Clique sur Ouvrir.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
Headl0ck
Messages postés
78
Date d'inscription
mercredi 22 juillet 2009
Statut
Membre
Dernière intervention
17 juillet 2014
10 sept. 2010 à 11:44
10 sept. 2010 à 11:44
Ok, je vais suivre tes instructions. Cela dit, il y a juste quelque chose que je ne comprends pas, quand tu dis "post" le rapport usbfix, je le poste où exactement? =S
Je m'excuse, mais je ne suis pas la plus calée en informatique...
Je m'excuse, mais je ne suis pas la plus calée en informatique...
jacques.gache
Messages postés
33453
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 616
10 sept. 2010 à 17:31
10 sept. 2010 à 17:31
bonjour, tu le postes ici dans la discution , quand ton rapport est ouvert
. tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
. tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller
. tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
. tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller
Headl0ck
Messages postés
78
Date d'inscription
mercredi 22 juillet 2009
Statut
Membre
Dernière intervention
17 juillet 2014
12 sept. 2010 à 21:26
12 sept. 2010 à 21:26
Ok je m'y colle demain.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Headl0ck
Messages postés
78
Date d'inscription
mercredi 22 juillet 2009
Statut
Membre
Dernière intervention
17 juillet 2014
13 sept. 2010 à 12:17
13 sept. 2010 à 12:17
############################## | UsbFix 7.024 | [Suppression]
Utilisateur: Utilisateur (Administrateur) # PC-DE-UTILISATE [Acer, inc. Aspire 7730G]
Mis à jour le 09/09/10 par El Desaparecido / C_XX
Lancé à 12:12:19 | 13/09/2010
Site Web: http://www.teamxscript.org
Contact: FindyKill.Contact@gmail.com
CPU: Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz
CPU 2: Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 32-Bit) #
Internet Explorer 8.0.7600.16385
Pare-feu Windows: Activé
RAM -> 3067 Mo
C:\ (%systemdrive%) -> Disque fixe # 143 Go (33 Go libre(s) - 23%) [ACER] # NTFS
D:\ -> Disque fixe # 143 Go (34 Go libre(s) - 24%) [DATA] # NTFS
E:\ -> CD-ROM
################## | Éléments infectieux |
################## | Registre |
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Supprimé! HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore|DisableConfig
Supprimé! HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore|DisableSR
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoChangeStartMenu
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoClose
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoComputersNearMe
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDesktop
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoFileMenu
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoFind
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoFolderOptions
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoHardwareTab
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRecentDocsHistory
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRecentDocsMenu
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRecycleFiles
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoResolveSearch
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRun
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoShellSearchButton
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoTrayContextMenu
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoViewContextMenu
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoWinKeys
################## | Mountpoints2 |
################## | Listing |
[22/03/2010 - 15:42:56 | HD ] C:\$INPLACE.~TR
[13/09/2010 - 12:16:22 | SHD ] C:\$RECYCLE.BIN
[22/03/2010 - 16:48:16 | HD ] C:\$WINDOWS.~Q
[21/04/2009 - 17:26:57 | D ] C:\ACER
[21/04/2009 - 17:22:34 | D ] C:\ACERSW
[10/06/2009 - 23:42:20 | A | 24] C:\autoexec.bat
[10/01/2009 - 18:42:41 | AD ] C:\book
[22/03/2010 - 16:00:17 | SHD ] C:\Boot
[14/07/2009 - 03:38:58 | RASH | 383562] C:\bootmgr
[22/03/2010 - 16:00:19 | RASH | 8192] C:\BOOTSECT.BAK
[10/06/2009 - 23:42:20 | A | 10] C:\config.sys
[14/07/2009 - 06:53:55 | SHD ] C:\Documents and Settings
[13/09/2010 - 11:55:09 | ASH | 2411880448] C:\hiberfil.sys
[17/08/2010 - 11:59:36 | D ] C:\Hotspot Shield
[10/01/2009 - 17:17:36 | D ] C:\Intel
[10/01/2009 - 17:46:54 | RHD ] C:\MSOCache
[08/09/2010 - 22:11:01 | D ] C:\NVIDIA
[22/03/2010 - 17:19:11 | D ] C:\OEM
[13/09/2010 - 11:55:14 | ASH | 3215843328] C:\pagefile.sys
[14/07/2009 - 04:37:05 | D ] C:\PerfLogs
[08/09/2010 - 22:14:25 | RD ] C:\Program Files
[08/09/2010 - 22:16:08 | HD ] C:\ProgramData
[22/03/2010 - 17:04:19 | SHD ] C:\Recovery
[22/03/2010 - 17:23:24 | A | 3016] C:\RHDSetup.log
[22/03/2010 - 17:23:35 | A | 145] C:\setup.log
[10/09/2010 - 14:48:41 | SHD ] C:\System Volume Information
[13/09/2010 - 12:16:22 | D ] C:\UsbFix
[13/09/2010 - 12:12:22 | A | 4052] C:\UsbFix.txt
[22/03/2010 - 16:42:28 | RD ] C:\Users
[08/09/2010 - 23:06:05 | D ] C:\Windows
[13/09/2010 - 12:16:22 | SHD ] D:\$RECYCLE.BIN
[28/11/2009 - 14:45:35 | RA | 528] D:\MediaID.bin
[13/12/2009 - 20:06:26 | D ] D:\PC-DE-UTILISATE
[03/02/2009 - 16:06:11 | SHD ] D:\System Volume Information
################## | Vaccin |
C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
################## | E.O.F |
Utilisateur: Utilisateur (Administrateur) # PC-DE-UTILISATE [Acer, inc. Aspire 7730G]
Mis à jour le 09/09/10 par El Desaparecido / C_XX
Lancé à 12:12:19 | 13/09/2010
Site Web: http://www.teamxscript.org
Contact: FindyKill.Contact@gmail.com
CPU: Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz
CPU 2: Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 32-Bit) #
Internet Explorer 8.0.7600.16385
Pare-feu Windows: Activé
RAM -> 3067 Mo
C:\ (%systemdrive%) -> Disque fixe # 143 Go (33 Go libre(s) - 23%) [ACER] # NTFS
D:\ -> Disque fixe # 143 Go (34 Go libre(s) - 24%) [DATA] # NTFS
E:\ -> CD-ROM
################## | Éléments infectieux |
################## | Registre |
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr
Supprimé! HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore|DisableConfig
Supprimé! HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore|DisableSR
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoChangeStartMenu
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoClose
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoComputersNearMe
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDesktop
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoFileMenu
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoFind
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoFolderOptions
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoHardwareTab
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRecentDocsHistory
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRecentDocsMenu
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRecycleFiles
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoResolveSearch
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRun
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoShellSearchButton
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoTrayContextMenu
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoViewContextMenu
Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoWinKeys
################## | Mountpoints2 |
################## | Listing |
[22/03/2010 - 15:42:56 | HD ] C:\$INPLACE.~TR
[13/09/2010 - 12:16:22 | SHD ] C:\$RECYCLE.BIN
[22/03/2010 - 16:48:16 | HD ] C:\$WINDOWS.~Q
[21/04/2009 - 17:26:57 | D ] C:\ACER
[21/04/2009 - 17:22:34 | D ] C:\ACERSW
[10/06/2009 - 23:42:20 | A | 24] C:\autoexec.bat
[10/01/2009 - 18:42:41 | AD ] C:\book
[22/03/2010 - 16:00:17 | SHD ] C:\Boot
[14/07/2009 - 03:38:58 | RASH | 383562] C:\bootmgr
[22/03/2010 - 16:00:19 | RASH | 8192] C:\BOOTSECT.BAK
[10/06/2009 - 23:42:20 | A | 10] C:\config.sys
[14/07/2009 - 06:53:55 | SHD ] C:\Documents and Settings
[13/09/2010 - 11:55:09 | ASH | 2411880448] C:\hiberfil.sys
[17/08/2010 - 11:59:36 | D ] C:\Hotspot Shield
[10/01/2009 - 17:17:36 | D ] C:\Intel
[10/01/2009 - 17:46:54 | RHD ] C:\MSOCache
[08/09/2010 - 22:11:01 | D ] C:\NVIDIA
[22/03/2010 - 17:19:11 | D ] C:\OEM
[13/09/2010 - 11:55:14 | ASH | 3215843328] C:\pagefile.sys
[14/07/2009 - 04:37:05 | D ] C:\PerfLogs
[08/09/2010 - 22:14:25 | RD ] C:\Program Files
[08/09/2010 - 22:16:08 | HD ] C:\ProgramData
[22/03/2010 - 17:04:19 | SHD ] C:\Recovery
[22/03/2010 - 17:23:24 | A | 3016] C:\RHDSetup.log
[22/03/2010 - 17:23:35 | A | 145] C:\setup.log
[10/09/2010 - 14:48:41 | SHD ] C:\System Volume Information
[13/09/2010 - 12:16:22 | D ] C:\UsbFix
[13/09/2010 - 12:12:22 | A | 4052] C:\UsbFix.txt
[22/03/2010 - 16:42:28 | RD ] C:\Users
[08/09/2010 - 23:06:05 | D ] C:\Windows
[13/09/2010 - 12:16:22 | SHD ] D:\$RECYCLE.BIN
[28/11/2009 - 14:45:35 | RA | 528] D:\MediaID.bin
[13/12/2009 - 20:06:26 | D ] D:\PC-DE-UTILISATE
[03/02/2009 - 16:06:11 | SHD ] D:\System Volume Information
################## | Vaccin |
C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
################## | E.O.F |
Headl0ck
Messages postés
78
Date d'inscription
mercredi 22 juillet 2009
Statut
Membre
Dernière intervention
17 juillet 2014
13 sept. 2010 à 12:49
13 sept. 2010 à 12:49
http://www.cijoint.fr/cjlink.php?file=cj201009/cijHeoxct2.txt
Et voilà, tout est fait.
Et voilà, tout est fait.
jacques.gache
Messages postés
33453
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 616
13 sept. 2010 à 21:12
13 sept. 2010 à 21:12
bonjour, tu fais ce qui suit , merci
1) fixe cette ligne avec zhpfix
. Copie la ligne suivante en GRAS
[HKCU\Software\AppDataLow\Toolbar]
. Lance ZHPFix de Nicolas Coolman qui se trouve sur ton bureau
. Pour XP, double-clique sur ZHPFix
. pour Vista et seven, faire un clic droit sur l'icône et exécute en tant qu'administrateur.
. Clique sur l'icone représentant la lettre H (« coller les lignes Helper »)
Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .
Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.
. cliques sur OK
. Clique sur « Tous », puis sur « Nettoyer »
. Copie/colle la totalité du rapport dans ta prochaine réponse
tu le trouveras dans le dossier de zhpdiag dans program files sous le nom de ZHPFixReport
2) fais un examen complet de ton pc avec malwarebytes
!! ATTENTION !!! près de 2 heures de scan !!!
Télécharge Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installation, alors télécharge le ici :COMCTL32.OCX
. enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. si le pare-feu demande l'autorisation de se connecter pour malwarebytes, acceptes
. rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, cliques sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. redemarre le pc si il le fait pas lui même
. une fois redémarré double-cliques sur malwarebytes
. rends toi dans l'onglet rapport/log
. tu cliques dessus pour l'afficher une fois affiché
. tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
. tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller
Si tu as besoin d'aide regarde ce tutoriel :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
1) fixe cette ligne avec zhpfix
. Copie la ligne suivante en GRAS
[HKCU\Software\AppDataLow\Toolbar]
. Lance ZHPFix de Nicolas Coolman qui se trouve sur ton bureau
. Pour XP, double-clique sur ZHPFix
. pour Vista et seven, faire un clic droit sur l'icône et exécute en tant qu'administrateur.
. Clique sur l'icone représentant la lettre H (« coller les lignes Helper »)
Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .
Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.
. cliques sur OK
. Clique sur « Tous », puis sur « Nettoyer »
. Copie/colle la totalité du rapport dans ta prochaine réponse
tu le trouveras dans le dossier de zhpdiag dans program files sous le nom de ZHPFixReport
2) fais un examen complet de ton pc avec malwarebytes
!! ATTENTION !!! près de 2 heures de scan !!!
Télécharge Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installation, alors télécharge le ici :COMCTL32.OCX
. enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. si le pare-feu demande l'autorisation de se connecter pour malwarebytes, acceptes
. rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, cliques sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. redemarre le pc si il le fait pas lui même
. une fois redémarré double-cliques sur malwarebytes
. rends toi dans l'onglet rapport/log
. tu cliques dessus pour l'afficher une fois affiché
. tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
. tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller
Si tu as besoin d'aide regarde ce tutoriel :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Headl0ck
Messages postés
78
Date d'inscription
mercredi 22 juillet 2009
Statut
Membre
Dernière intervention
17 juillet 2014
18 sept. 2010 à 14:02
18 sept. 2010 à 14:02
Rapport de ZHPFix v1.12.3149 par Nicolas Coolman, Update du 11/09/2010
Fichier d'export Registre : C:\ZHPExportRegistry-18-09-2010-14-00-52.txt
Run by Utilisateur at 18/09/2010 14:00:52
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact : nicolascoolman@yahoo.fr
========== Clé(s) du Registre ==========
HKCU\Software\AppDataLow\Toolbar => Clé supprimée avec succès
========== Récapitulatif ==========
1 : Clé(s) du Registre
End of the scan
Voilà le rapport de ZHPfix.
Fichier d'export Registre : C:\ZHPExportRegistry-18-09-2010-14-00-52.txt
Run by Utilisateur at 18/09/2010 14:00:52
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact : nicolascoolman@yahoo.fr
========== Clé(s) du Registre ==========
HKCU\Software\AppDataLow\Toolbar => Clé supprimée avec succès
========== Récapitulatif ==========
1 : Clé(s) du Registre
End of the scan
Voilà le rapport de ZHPfix.
Headl0ck
Messages postés
78
Date d'inscription
mercredi 22 juillet 2009
Statut
Membre
Dernière intervention
17 juillet 2014
18 sept. 2010 à 18:55
18 sept. 2010 à 18:55
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Version de la base de données: 4645
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
18/09/2010 18:48:55
mbam-log-2010-09-18 (18-48-55).txt
Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 351419
Temps écoulé: 2 heure(s), 5 minute(s), 16 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 16
Fichier(s) infecté(s): 170
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\seapi.seinterface (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{95df3a30-bc7b-47c5-8aef-bcd149142217} (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{131f521b-9a5d-466c-9049-37ee2b354e6d} (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fdaeab93-6dc0-4a63-81c6-95c88ed36f6a} (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fdaeab93-6dc0-4a63-81c6-95c88ed36f6a} (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{fdaeab93-6dc0-4a63-81c6-95c88ed36f6a} (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seapi.seinterface.1 (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sogouexplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\file\shell\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\htmlfile\shell\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HTTP\shell\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\https\shell\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mhtmlfile\shell\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sogouexplorer.assocfile.htm (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sogouexplorer.http (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xmlfile\shell\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SogouExplorer.exe (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\DailyBackup (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\FavIcon (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Skin (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Webkit (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Webkit\Cache (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Webkit\UserScripts (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\Skin (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\UserInstruct (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\UserInstruct\laan (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\UserInstruct\laan\smart (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\UserInstruct\laan\smart\tween (Adware.Sogou) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\SogouExplorer\seapi.dll (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\sogou_explorer_silent_2.0.0.1070_2180.exe (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\Uninstall.exe (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouInput\5.0.1.4193\sogou_explorer_silent_2.0.0.929_2144.exe (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\abw (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\adbdata.dat (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\CommCfg.xml (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Config.xml (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\configlocal.xml (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\dew (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Favorite2.dat (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\FormData.dat (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\HistoryUrl.db (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\MCPattern.db (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Misc.db (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Openpage.xml (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\playevent.pat (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\se_setup.ini (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\uhistory.db (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\UserId.enc (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\videopattern (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\DailyBackup\Favorite2.dat.2010.07.14.17 (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\DailyBackup\Favorite2.dat.2010.07.18.01 (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\FavIcon\default_page.ico (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\FavIcon\https_assure.ameli.fr_443_fav.ico (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\FavIcon\http_acerfr.oberon-media.com_80_fav.ico (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\FavIcon\http_ameli-direct.ameli.fr_80_fav.ico (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\FavIcon\http_cece.recettes.over-blog.com_80_fav.ico (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\FavIcon\http_fr.udark.com_80_fav.ico (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\FavIcon\http_gilmoregirls.monrezo.be_80_fav.ico (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\FavIcon\http_ie.sogou.com_80_fav.ico (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\FavIcon\http_rad.msn.com_80_fav.ico (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\FavIcon\http_www.ameli.fr_80_fav.ico (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\FavIcon\http_www.facebook.com_80_fav.ico (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\FavIcon\http_www.gowindowslive.com_80_fav.ico (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Skin\?????IE???.seskin (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Skin\?????`Chrome'?.seskin (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Skin\????????.seskin (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Skin\???????????.seskin (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Webkit\Cookies (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Webkit\VisitedLinks (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Webkit\Cache\data_0 (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Webkit\Cache\data_1 (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Webkit\Cache\data_2 (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Webkit\Cache\data_3 (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Webkit\Cache\f_000002 (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Webkit\Cache\f_000003 (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Webkit\Cache\f_000004 (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Webkit\Cache\f_000005 (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Webkit\Cache\index (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\adbrule.dat (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\browser.conf (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\changelog.txt (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\CmdLineParser.dll (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\crashrpt.exe (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\Dialog.dll (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\DialogCore.dll (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\LICENSE (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\p2pclient.dll (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\p4pshare.dll (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\pxpnet.dll (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\seacc.dll (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\ShareClient.dll (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\site.url (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\SnapShoter.dll (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\SoDaLib.dll (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\SogouExplorer.exe (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\sogounet.dll (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\TridentCore.dll (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\video_acc.dll (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\WebkitCore.dll (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\webkit_plugins_file.xml (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\Skin\????? 2010.seskin (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\baidu.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\baiduc.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\checkbox.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\checkbox1.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\checkbox2.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\close.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\close.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\default.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\default.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\default_page.ico (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\fenge.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\google.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\googlec.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\guding1.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\guding2.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\help.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\ie.css (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\ie.js (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\iframe.html (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\iframe_wk.html (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\index1.html (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\index2.html (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\logo.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\none.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\q1.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\q2.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\rbg.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\rbg0.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\rbg2.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\rbg3.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\reset.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\sb.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\selmenu.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\set.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\setcancel.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\setok.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\shadow1.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\shadow2.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\sogou.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\sogouc.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\space.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\tran1.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\tran2.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\tran3.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\wk.css (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\wk.js (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\baidu_logo.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\google_logo.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\index.html (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\pic_daohang.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\pic_kongbai.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\pic_sousuo.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\pic_zuiai.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\pic_zuiai_1.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\pic_zuiai_2.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\sogou_logo.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_body_bg.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_btn_daohang.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_btn_daohang_hit.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_btn_kongbai.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_btn_kongbai_hit.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_btn_light.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_btn_qita.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_btn_queding.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_btn_queding_hit.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_btn_queding_hover.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_btn_sousuo.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_btn_sousuo_hit.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_btn_zidingyi.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_btn_zidingyi_hit.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_btn_zuiai.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_btn_zuiai_hit.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_checkbox_checked.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_checkbox_hover.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_checkbox_normal.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_daohang_logo_bg.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_ico_home.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_stage_arrow_daohang.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_stage_arrow_kongbai.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_stage_arrow_sousuo.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_stage_arrow_zidingyi.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_stage_arrow_zuiai.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_stage_main.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_text_1.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_zidingyi_dizhikuang.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_zidingyi_icon.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_zidingyi_text.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\s_baidu_logo.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\s_google_logo.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\s_sogou_logo.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\UserInstruct\download.swf (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\UserInstruct\passport.swf (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\UserInstruct\passport_20.swf (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\UserInstruct\swichcore.swf (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\UserInstruct\tabscroll.swf (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\UserInstruct\videoExtract.swf (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\UserInstruct\videoOnTop.swf (Adware.Sogou) -> Quarantined and deleted successfully.
Et voilà le reste! J'espère que j'aurais bien tout fait.
www.malwarebytes.org
Version de la base de données: 4645
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
18/09/2010 18:48:55
mbam-log-2010-09-18 (18-48-55).txt
Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 351419
Temps écoulé: 2 heure(s), 5 minute(s), 16 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 16
Fichier(s) infecté(s): 170
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\seapi.seinterface (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{95df3a30-bc7b-47c5-8aef-bcd149142217} (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{131f521b-9a5d-466c-9049-37ee2b354e6d} (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fdaeab93-6dc0-4a63-81c6-95c88ed36f6a} (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fdaeab93-6dc0-4a63-81c6-95c88ed36f6a} (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{fdaeab93-6dc0-4a63-81c6-95c88ed36f6a} (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seapi.seinterface.1 (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sogouexplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\file\shell\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\htmlfile\shell\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\HTTP\shell\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\https\shell\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mhtmlfile\shell\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sogouexplorer.assocfile.htm (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sogouexplorer.http (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xmlfile\shell\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SogouExplorer.exe (Adware.Sogou) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\DailyBackup (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\FavIcon (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Skin (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Webkit (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Webkit\Cache (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Webkit\UserScripts (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\Skin (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\UserInstruct (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\UserInstruct\laan (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\UserInstruct\laan\smart (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\UserInstruct\laan\smart\tween (Adware.Sogou) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\SogouExplorer\seapi.dll (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\sogou_explorer_silent_2.0.0.1070_2180.exe (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\Uninstall.exe (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouInput\5.0.1.4193\sogou_explorer_silent_2.0.0.929_2144.exe (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\abw (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\adbdata.dat (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\CommCfg.xml (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Config.xml (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\configlocal.xml (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\dew (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Favorite2.dat (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\FormData.dat (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\HistoryUrl.db (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\MCPattern.db (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Misc.db (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Openpage.xml (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\playevent.pat (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\se_setup.ini (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\uhistory.db (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\UserId.enc (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\videopattern (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\DailyBackup\Favorite2.dat.2010.07.14.17 (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\DailyBackup\Favorite2.dat.2010.07.18.01 (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\FavIcon\default_page.ico (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\FavIcon\https_assure.ameli.fr_443_fav.ico (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\FavIcon\http_acerfr.oberon-media.com_80_fav.ico (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\FavIcon\http_ameli-direct.ameli.fr_80_fav.ico (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\FavIcon\http_cece.recettes.over-blog.com_80_fav.ico (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\FavIcon\http_fr.udark.com_80_fav.ico (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\FavIcon\http_gilmoregirls.monrezo.be_80_fav.ico (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\FavIcon\http_ie.sogou.com_80_fav.ico (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\FavIcon\http_rad.msn.com_80_fav.ico (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\FavIcon\http_www.ameli.fr_80_fav.ico (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\FavIcon\http_www.facebook.com_80_fav.ico (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\FavIcon\http_www.gowindowslive.com_80_fav.ico (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Skin\?????IE???.seskin (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Skin\?????`Chrome'?.seskin (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Skin\????????.seskin (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Skin\???????????.seskin (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Webkit\Cookies (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Webkit\VisitedLinks (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Webkit\Cache\data_0 (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Webkit\Cache\data_1 (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Webkit\Cache\data_2 (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Webkit\Cache\data_3 (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Webkit\Cache\f_000002 (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Webkit\Cache\f_000003 (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Webkit\Cache\f_000004 (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Webkit\Cache\f_000005 (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Users\Utilisateur\AppData\Roaming\SogouExplorer\Webkit\Cache\index (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\adbrule.dat (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\browser.conf (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\changelog.txt (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\CmdLineParser.dll (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\crashrpt.exe (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\Dialog.dll (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\DialogCore.dll (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\LICENSE (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\p2pclient.dll (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\p4pshare.dll (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\pxpnet.dll (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\seacc.dll (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\ShareClient.dll (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\site.url (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\SnapShoter.dll (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\SoDaLib.dll (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\SogouExplorer.exe (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\sogounet.dll (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\TridentCore.dll (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\video_acc.dll (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\WebkitCore.dll (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\webkit_plugins_file.xml (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\Skin\????? 2010.seskin (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\baidu.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\baiduc.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\checkbox.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\checkbox1.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\checkbox2.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\close.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\close.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\default.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\default.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\default_page.ico (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\fenge.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\google.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\googlec.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\guding1.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\guding2.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\help.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\ie.css (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\ie.js (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\iframe.html (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\iframe_wk.html (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\index1.html (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\index2.html (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\logo.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\none.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\q1.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\q2.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\rbg.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\rbg0.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\rbg2.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\rbg3.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\reset.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\sb.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\selmenu.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\set.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\setcancel.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\setok.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\shadow1.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\shadow2.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\sogou.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\sogouc.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\space.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\tran1.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\tran2.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\tran3.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\wk.css (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Local\wk.js (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\baidu_logo.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\google_logo.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\index.html (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\pic_daohang.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\pic_kongbai.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\pic_sousuo.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\pic_zuiai.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\pic_zuiai_1.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\pic_zuiai_2.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\sogou_logo.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_body_bg.jpg (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_btn_daohang.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_btn_daohang_hit.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_btn_kongbai.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_btn_kongbai_hit.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_btn_light.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_btn_qita.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_btn_queding.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_btn_queding_hit.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_btn_queding_hover.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_btn_sousuo.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_btn_sousuo_hit.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_btn_zidingyi.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_btn_zidingyi_hit.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_btn_zuiai.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_btn_zuiai_hit.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_checkbox_checked.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_checkbox_hover.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_checkbox_normal.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_daohang_logo_bg.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_ico_home.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_stage_arrow_daohang.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_stage_arrow_kongbai.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_stage_arrow_sousuo.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_stage_arrow_zidingyi.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_stage_arrow_zuiai.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_stage_main.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_text_1.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_zidingyi_dizhikuang.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_zidingyi_icon.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\start_zidingyi_text.gif (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\s_baidu_logo.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\s_google_logo.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\StartPage\Selector\s_sogou_logo.png (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\UserInstruct\download.swf (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\UserInstruct\passport.swf (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\UserInstruct\passport_20.swf (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\UserInstruct\swichcore.swf (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\UserInstruct\tabscroll.swf (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\UserInstruct\videoExtract.swf (Adware.Sogou) -> Quarantined and deleted successfully.
C:\Program Files\SogouExplorer\UserInstruct\videoOnTop.swf (Adware.Sogou) -> Quarantined and deleted successfully.
Et voilà le reste! J'espère que j'aurais bien tout fait.
jacques.gache
Messages postés
33453
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 616
18 sept. 2010 à 21:26
18 sept. 2010 à 21:26
ok , voila un bon nettoyage de fait !! lol !!
tu fais list&kill"em comme expliqué , merci
A) passes lis&kill"em option Search
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)
Télécharge List_Kill'em et enregistre le sur ton bureau
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis l'option Search
un icone blanc et noir va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
un autre rouge et noir te servira a desinstaller le prog a la fin de la desinfection.
laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan
Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
B) list&kill"em option Clean
Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
choisis l'Option Clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
colle le contenu dans ta reponse
tu fais list&kill"em comme expliqué , merci
A) passes lis&kill"em option Search
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)
Télécharge List_Kill'em et enregistre le sur ton bureau
double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
une fois terminée , clic sur "terminer" et le programme se lancera seul
choisis l'option Search
un icone blanc et noir va s'afficher sur le bureau , il te servira à relancer le programme par la suite.
un autre rouge et noir te servira a desinstaller le prog a la fin de la desinfection.
laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.
un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , , il s'auto supprimera a la fin du scan
Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"
B) list&kill"em option Clean
Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :
choisis l'Option Clean
ton PC va redemarrer,
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
colle le contenu dans ta reponse
Headl0ck
Messages postés
78
Date d'inscription
mercredi 22 juillet 2009
Statut
Membre
Dernière intervention
17 juillet 2014
19 sept. 2010 à 16:51
19 sept. 2010 à 16:51
J'ai installé list&killem, mais une fois que j'appuie sur l'option search, il me met "windows ne trouve pas 'list'em.bat'. Vérifiez que vous avez entré le nom correct puis réessayez".
Que faire?
Que faire?
jacques.gache
Messages postés
33453
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 616
19 sept. 2010 à 17:01
19 sept. 2010 à 17:01
tu le lance biens avec un clique droit et en tantque admininstrateur ??
désinstalles le et réinstalles le de nouveau et fais attention que ton anti-virus eta autre protection soit à l'arrêt car il peuvent le bloquer en partie !!
désinstalles le et réinstalles le de nouveau et fais attention que ton anti-virus eta autre protection soit à l'arrêt car il peuvent le bloquer en partie !!
Headl0ck
Messages postés
78
Date d'inscription
mercredi 22 juillet 2009
Statut
Membre
Dernière intervention
17 juillet 2014
19 sept. 2010 à 18:00
19 sept. 2010 à 18:00
Je l'ai réinstallé, en désactivant bien tout, et il m'affiche toujours le même message. Aucun des autres options ne semblent fonctionner....
jacques.gache
Messages postés
33453
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 616
19 sept. 2010 à 18:23
19 sept. 2010 à 18:23
ok je vais demander à gen-hacman le pourquoi !!
peux tu mez poster un nouveau zhpdiag pour faire le point sur le pc et ses infections si il en reste , merci
Double cliques sur le raccourci ZHPDiag sur ton Bureau pour XP sinon clique droit et en tant que administrateur !!
Clique sur le Tournevis puis sur Tous pour cocher toutes les cases des options.
Cliques sur la loupe pour lancer l'analyse.
Laisses l'outil travailler, il peut être assez long.
A la fin de l'analyse,clique sur l'appareil photo et enregistre le rapport sur ton Bureau.
Fermes ZHPDiag en fin d'analyse.
Pour me le transmettre clique sur ce lien :
http://www.cijoint.fr/index.php
Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\bureau\.ZHPDiag.txt
ou directement en choisissant bureau et ZHPDiag.txt clique dessus
Clique sur Ouvrir.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
peux tu mez poster un nouveau zhpdiag pour faire le point sur le pc et ses infections si il en reste , merci
Double cliques sur le raccourci ZHPDiag sur ton Bureau pour XP sinon clique droit et en tant que administrateur !!
Clique sur le Tournevis puis sur Tous pour cocher toutes les cases des options.
Cliques sur la loupe pour lancer l'analyse.
Laisses l'outil travailler, il peut être assez long.
A la fin de l'analyse,clique sur l'appareil photo et enregistre le rapport sur ton Bureau.
Fermes ZHPDiag en fin d'analyse.
Pour me le transmettre clique sur ce lien :
http://www.cijoint.fr/index.php
Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\bureau\.ZHPDiag.txt
ou directement en choisissant bureau et ZHPDiag.txt clique dessus
Clique sur Ouvrir.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
Headl0ck
Messages postés
78
Date d'inscription
mercredi 22 juillet 2009
Statut
Membre
Dernière intervention
17 juillet 2014
19 sept. 2010 à 20:46
19 sept. 2010 à 20:46
http://www.cijoint.fr/cjlink.php?file=cj201009/cij007LeIl.txt
Et voilà!
Et voilà!
jacques.gache
Messages postés
33453
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 616
19 sept. 2010 à 21:49
19 sept. 2010 à 21:49
ok j'ai pas de nouvelle de gen hackman !!
mais je me demande ce que tu fais avec cela sur ton pc Nero 9 keygen.rar tu as cracké néro et la il faut pas être surpris d'avoir des problèmes !!! https://forum.malekal.com/viewtopic.php?t=893&start=
sinon la tu fais cela :
1) fixes ces 2 lignes avec zhpfix
. Copie les lignes suivantes en GRAS
[HKCU\Software\AppDataLow\Software\PriceGong]
O61 - LFC:Last File Created 19/09/2010 - 02:53:37 ---A- C:\Users\All Users\Nero\Nero BackItUp 4\Cache\BIUAC26.txt [918]
. Lance ZHPFix de Nicolas Coolman qui se trouve sur ton bureau
. Pour XP, double-clique sur ZHPFix
. pour Vista et seven, faire un clic droit sur l'icône et exécute en tant qu'administrateur.
. Clique sur l'icone représentant la lettre H (« coller les lignes Helper »)
Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .
Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.
. cliques sur OK
. Clique sur « Tous », puis sur « Nettoyer »
. Copie/colle la totalité du rapport dans ta prochaine réponse
tu le trouveras dans le dossier de zhpdiag dans program files sous le nom de ZHPFixReport
2) passes toolbar S&D vu la collection de toolbar
Télécharge ToolBar-S&D ( Merci à Eric_71, Angeldark, Sham_Rock et XmichouX )
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3
si problème :
http://eric71.geekstogo.com/tools/ToolBarSD.exe
Lances l'installation du programme en exécutant le fichier téléchargé.
Double-clique maintenant sur le raccourci de Toolbar-S&D.
Sélectionnes la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
Postes le rapport généré. (C:\TB.txt)
mais je me demande ce que tu fais avec cela sur ton pc Nero 9 keygen.rar tu as cracké néro et la il faut pas être surpris d'avoir des problèmes !!! https://forum.malekal.com/viewtopic.php?t=893&start=
sinon la tu fais cela :
1) fixes ces 2 lignes avec zhpfix
. Copie les lignes suivantes en GRAS
[HKCU\Software\AppDataLow\Software\PriceGong]
O61 - LFC:Last File Created 19/09/2010 - 02:53:37 ---A- C:\Users\All Users\Nero\Nero BackItUp 4\Cache\BIUAC26.txt [918]
. Lance ZHPFix de Nicolas Coolman qui se trouve sur ton bureau
. Pour XP, double-clique sur ZHPFix
. pour Vista et seven, faire un clic droit sur l'icône et exécute en tant qu'administrateur.
. Clique sur l'icone représentant la lettre H (« coller les lignes Helper »)
Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .
Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.
. cliques sur OK
. Clique sur « Tous », puis sur « Nettoyer »
. Copie/colle la totalité du rapport dans ta prochaine réponse
tu le trouveras dans le dossier de zhpdiag dans program files sous le nom de ZHPFixReport
2) passes toolbar S&D vu la collection de toolbar
Télécharge ToolBar-S&D ( Merci à Eric_71, Angeldark, Sham_Rock et XmichouX )
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3
si problème :
http://eric71.geekstogo.com/tools/ToolBarSD.exe
Lances l'installation du programme en exécutant le fichier téléchargé.
Double-clique maintenant sur le raccourci de Toolbar-S&D.
Sélectionnes la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
Postes le rapport généré. (C:\TB.txt)
Headl0ck
Messages postés
78
Date d'inscription
mercredi 22 juillet 2009
Statut
Membre
Dernière intervention
17 juillet 2014
19 sept. 2010 à 22:50
19 sept. 2010 à 22:50
Alors, oui effectivement, je n'aurais jamais dû cracké Nero, j'ai supprimé tout le programme sur mon ordi et compris le keygen etc.
Là j'ai essayé de faire Zhpfix, mais alors qu'il commençait à nettoyer, il y a une page bleue qui s'est affiché du genre 'il y a eu un problème, veuillez redémarrer pour éviter les dommages etc" Tu sais les pages où tu peux pas utiliser ta souris. Fin bref, j'ai redémarré sans soucis, mais c'est peut être parce que j'avais iTunes qui marchait ou un truc du genre donc je recommencerais demain.
Merci beaucoup de m'aider en tout cas.
Là j'ai essayé de faire Zhpfix, mais alors qu'il commençait à nettoyer, il y a une page bleue qui s'est affiché du genre 'il y a eu un problème, veuillez redémarrer pour éviter les dommages etc" Tu sais les pages où tu peux pas utiliser ta souris. Fin bref, j'ai redémarré sans soucis, mais c'est peut être parce que j'avais iTunes qui marchait ou un truc du genre donc je recommencerais demain.
Merci beaucoup de m'aider en tout cas.
jacques.gache
Messages postés
33453
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 616
20 sept. 2010 à 18:00
20 sept. 2010 à 18:00
ok tu fais toolsbar , et puis tu pourras faire list&kill"em , gen-hackman que je remerci , viens de me donné une soultion pour le lancer , il faus le lancerdepuis le dossier d'installation , pour cela tu suis le chemin C:\Programmes\List_Kill'em\List'em.bat (l'engrenange)
le .bat n'est pas toujours affiché regarde sur la capture d'écran je l'ai mis en surbrillant http://www.cijoint.fr/cjlink.php?file=cj201009/cijJqi6udp.jpg
la tu cliques droit dessus et en tant que administrateur
le .bat n'est pas toujours affiché regarde sur la capture d'écran je l'ai mis en surbrillant http://www.cijoint.fr/cjlink.php?file=cj201009/cijJqi6udp.jpg
la tu cliques droit dessus et en tant que administrateur
Headl0ck
Messages postés
78
Date d'inscription
mercredi 22 juillet 2009
Statut
Membre
Dernière intervention
17 juillet 2014
23 sept. 2010 à 18:29
23 sept. 2010 à 18:29
Rapport de ZHPFix v1.12.3149 par Nicolas Coolman, Update du 11/09/2010
Fichier d'export Registre :
Run by Utilisateur at 23/09/2010 18:28:41
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact : nicolascoolman@yahoo.fr
========== Clé(s) du Registre ==========
HKCU\Software\AppDataLow\Software\PriceGong => Clé absente
========== Fichier(s) ==========
c:\users\all users\nero\nero backitup 4\cache\biuac26.txt => Supprimé et mis en quarantaine
========== Récapitulatif ==========
1 : Clé(s) du Registre
1 : Fichier(s)
End of the scan
Voilà le compte rendu de ZhpFix
Fichier d'export Registre :
Run by Utilisateur at 23/09/2010 18:28:41
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact : nicolascoolman@yahoo.fr
========== Clé(s) du Registre ==========
HKCU\Software\AppDataLow\Software\PriceGong => Clé absente
========== Fichier(s) ==========
c:\users\all users\nero\nero backitup 4\cache\biuac26.txt => Supprimé et mis en quarantaine
========== Récapitulatif ==========
1 : Clé(s) du Registre
1 : Fichier(s)
End of the scan
Voilà le compte rendu de ZhpFix
Headl0ck
Messages postés
78
Date d'inscription
mercredi 22 juillet 2009
Statut
Membre
Dernière intervention
17 juillet 2014
23 sept. 2010 à 19:03
23 sept. 2010 à 19:03
¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.0.6 ¤¤¤¤¤¤¤¤¤¤
User : Utilisateur (Administrateurs)
Update on 18/09/2010 by g3n-h@ckm@n ::::: 15.20
Start at: 18:38:40 | 23/09/2010
Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 32-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Enabled
C:\ -> Disque fixe local | 142,54 Go (36,34 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 142,54 Go (34,34 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
Boot: Normal
¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer
C:\Windows\System32\smss.exe ---- 808 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\Windows\system32\csrss.exe ---- 3836 Ko ---- Normal ---- %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ----
C:\Windows\system32\wininit.exe ---- 3532 Ko ---- High ---- wininit.exe ----
C:\Windows\system32\csrss.exe ---- 12052 Ko ---- Normal ---- %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ----
C:\Windows\system32\services.exe ---- 7684 Ko ---- Normal ---- C:\Windows\system32\services.exe ----
C:\Windows\system32\lsass.exe ---- 9508 Ko ---- Normal ---- C:\Windows\system32\lsass.exe ----
C:\Windows\system32\lsm.exe ---- 3284 Ko ---- Normal ---- C:\Windows\system32\lsm.exe ----
C:\Windows\system32\svchost.exe ---- 7496 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k DcomLaunch ----
C:\Windows\system32\nvvsvc.exe ---- 2724 Ko ---- Normal ---- C:\Windows\system32\nvvsvc.exe ---- NVIDIA Corporation
C:\Windows\system32\svchost.exe ---- 7008 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k RPCSS ----
C:\Windows\System32\svchost.exe ---- 17604 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted ----
C:\Windows\System32\svchost.exe ---- 61580 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted ----
C:\Windows\system32\svchost.exe ---- 35288 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k netsvcs ----
C:\Windows\system32\winlogon.exe ---- 4876 Ko ---- High ---- winlogon.exe ----
C:\Windows\system32\svchost.exe ---- 12384 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalService ----
C:\Windows\system32\svchost.exe ---- 12576 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k NetworkService ----
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe ---- 724 Ko ---- Normal ---- "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" ---- ALWIL Software
C:\Program Files\Alwil Software\Avast4\ashServ.exe ---- 32140 Ko ---- High ---- "C:\Program Files\Alwil Software\Avast4\ashServ.exe" ---- ALWIL Software
C:\Windows\system32\rundll32.exe ---- 7408 Ko ---- Normal ---- C:\Windows\system32\rundll32.exe C:\Windows\system32\NVSVC.DLL,nvsvcInitialize ----
C:\Windows\system32\Dwm.exe ---- 24820 Ko ---- High ---- "C:\Windows\system32\Dwm.exe" ----
C:\Windows\Explorer.EXE ---- 60144 Ko ---- Normal ---- C:\Windows\Explorer.EXE ----
C:\Windows\System32\spoolsv.exe ---- 10440 Ko ---- Normal ---- C:\Windows\System32\spoolsv.exe ----
C:\Windows\system32\svchost.exe ---- 13004 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork ----
C:\Windows\system32\taskhost.exe ---- 7768 Ko ---- Normal ---- "taskhost.exe" ----
C:\Program Files\LSI SoftModem\agrsmsvc.exe ---- 2248 Ko ---- Normal ---- "C:\Program Files\LSI SoftModem\agrsmsvc.exe" ----
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe ---- 3884 Ko ---- Normal ---- "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" ---- Apple Inc.
C:\Program Files\Bonjour\mDNSResponder.exe ---- 5160 Ko ---- Normal ---- "C:\Program Files\Bonjour\mDNSResponder.exe" ---- Apple Inc.
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe ---- 4724 Ko ---- Normal ---- "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe" ----
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ---- 9324 Ko ---- Above Normal ---- "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ---- Synaptics Incorporated
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ---- 3292 Ko ---- Normal ---- "C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe" ---- CyberLink
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe ---- 5096 Ko ---- Normal ---- "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe" ---- EGIS TECHNOLOGY INC.
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ---- 17848 Ko ---- Normal ---- "C:\Program Files\Acer\Empowering Technology\Service\ETService.exe" ----
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe ---- 9348 Ko ---- Normal ---- "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" ---- Realtek Semiconductor Corp
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe ---- 9460 Ko ---- Normal ---- "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" ----
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ---- 3768 Ko ---- Normal ---- "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" ---- NewTech Infosystems, Inc
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe ---- 11452 Ko ---- Below Normal ---- "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" ----
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe ---- 10728 Ko ---- Normal ---- "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" ----
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe ---- 15936 Ko ---- Normal ---- "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe" ---- EGIS TECHNOLOGY INC.
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ---- 7000 Ko ---- Normal ---- "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup ---- Google Inc
C:\Windows\system32\svchost.exe ---- 10824 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation ----
C:\Program Files\Common Files\LightScribe\LSSrvc.exe ---- 3328 Ko ---- Normal ---- "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" ----
C:\Acer\Mobility Center\MobilityService.exe ---- 10284 Ko ---- Normal ---- "C:\Acer\Mobility Center\MobilityService.exe" -p ----
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe ---- 7400 Ko ---- Normal ---- "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe" ---- NewTech Infosystems, Inc
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe ---- 6288 Ko ---- Normal ---- "C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe" ---- Intel Corporation
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe ---- 8384 Ko ---- Normal ---- "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" ----
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ---- 5636 Ko ---- Normal ---- "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe" ----
C:\Windows\PLFSetI.exe ---- 7232 Ko ---- Normal ---- "C:\Windows\PLFSetI.exe" ----
C:\Program Files\Cyberlink\Shared files\RichVideo.exe ---- 3500 Ko ---- Normal ---- "C:\Program Files\Cyberlink\Shared files\RichVideo.exe" ---- CyberLink
C:\Windows\system32\svchost.exe ---- 4504 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k imgsvc ----
C:\Program Files\Alwil Software\Avast4\ashDisp.exe ---- 2112 Ko ---- Normal ---- "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" ---- ALWIL Software
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe ---- 5420 Ko ---- Normal ---- "C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe" ---- Intel Corporation
C:\Users\UTILIS~1\AppData\Local\Temp\RtkBtMnt.exe ---- 4120 Ko ---- Normal ---- C:\Users\UTILIS~1\AppData\Local\Temp\RtkBtMnt.exe ----
C:\Windows\system32\SearchIndexer.exe ---- 17216 Ko ---- Normal ---- C:\Windows\system32\SearchIndexer.exe /Embedding ----
C:\Windows\System32\svchost.exe ---- 15616 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k Akamai ----
C:\Windows\system32\wbem\wmiprvse.exe ---- 5652 Ko ---- Normal ---- C:\Windows\system32\wbem\wmiprvse.exe ----
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe ---- 2456 Ko ---- Normal ---- "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service ---- ALWIL Software
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe ---- 71520 Ko ---- Normal ---- "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service ---- ALWIL Software
C:\Windows\system32\svchost.exe ---- 4900 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted ----
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe ---- 2688 Ko ---- Above Normal ---- "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe" ---- Synaptics Incorporated
C:\Program Files\Launch Manager\QtZgAcer.EXE ---- 12536 Ko ---- Normal ---- "C:\Program Files\Launch Manager\QtZgAcer.EXE" ---- Dritek System Inc.
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe ---- 21636 Ko ---- Normal ---- "C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe" ----
C:\Program Files\Common Files\Java\Java Update\jusched.exe ---- 7044 Ko ---- Normal ---- "C:\Program Files\Common Files\Java\Java Update\jusched.exe" ---- Sun Microsystems, Inc.
C:\Program Files\iTunes\iTunesHelper.exe ---- 12008 Ko ---- Normal ---- "C:\Program Files\iTunes\iTunesHelper.exe" ---- Apple Inc.
C:\Program Files\SFR\Kit\9props.exe ---- 7232 Ko ---- Normal ---- "C:\Program Files\SFR\Kit\9props.exe" /trayicon ---- Societe Francaise de Radiotelephone (SFR)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe ---- 5740 Ko ---- Normal ---- "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background ---- Microsoft Corporation
C:\Program Files\Windows Media Player\wmpnetwk.exe ---- 9856 Ko ---- Normal ---- "C:\Program Files\Windows Media Player\wmpnetwk.exe" ----
C:\Windows\ehome\ehmsas.exe ---- 4824 Ko ---- Normal ---- C:\Windows\ehome\ehmsas.exe -Embedding ----
C:\Windows\system32\wbem\unsecapp.exe ---- 4852 Ko ---- Normal ---- C:\Windows\system32\wbem\unsecapp.exe -Embedding ----
C:\Program Files\Safari\Safari.exe ---- 270408 Ko ---- Normal ---- "C:\Program Files\Safari\Safari.exe" ---- Apple Inc.
C:\Windows\System32\svchost.exe ---- 12052 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalServicePeerNet ----
C:\Program Files\iPod\bin\iPodService.exe ---- 5376 Ko ---- Normal ---- "C:\Program Files\iPod\bin\iPodService.exe" ---- Apple Inc.
C:\Program Files\iTunes\iTunes.exe ---- 63676 Ko ---- Normal ---- "C:\Program Files\iTunes\iTunes.exe" ---- Apple Inc.
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe ---- 9440 Ko ---- Normal ---- "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe" --pipe \.\pipe\30104375-138042886893986088 --parentPipe ---- Apple Inc.
C:\Windows\system32\conhost.exe ---- 2832 Ko ---- Normal ---- \??\C:\Windows\system32\conhost.exe ----
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe ---- 4812 Ko ---- Normal ---- "C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe" ---- Apple Inc.
C:\Windows\system32\conhost.exe ---- 2848 Ko ---- Normal ---- \??\C:\Windows\system32\conhost.exe ----
C:\Windows\system32\taskhost.exe ---- 5704 Ko ---- Normal ---- "taskhost.exe" ----
C:\Windows\system32\wbem\wmiprvse.exe ---- 8960 Ko ---- Normal ---- C:\Windows\system32\wbem\wmiprvse.exe ----
C:\Windows\system32\DllHost.exe ---- 4144 Ko ---- Normal ---- C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} ----
C:\Windows\system32\DllHost.exe ---- 3648 Ko ---- Normal ---- C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} ----
C:\Windows\System32\cmd.exe ---- 2760 Ko ---- Normal ---- "C:\Windows\System32\cmd.exe" /C "C:\Program Files\List_Kill'em\List'em.bat" ----
C:\Windows\system32\conhost.exe ---- 4768 Ko ---- Normal ---- \??\C:\Windows\system32\conhost.exe ----
C:\Program Files\List_Kill'em\pv.exe ---- 5048 Ko ---- Normal ---- pv -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ----
¤¤¤¤¤¤¤¤¤¤ Keys "Run" ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Connexion SFR 9props.exe = "C:\Program Files\SFR\Kit\9props.exe" /trayicon
ehTray.exe = C:\Windows\ehome\ehTray.exe
msnmsgr = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
Skytel = C:\Program Files\Realtek\Audio\HDA\Skytel.exe
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
AdobeCS4ServiceManager = "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
ArcadeDeluxeAgent = "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
BkupTray = "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
CLMLServer = "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
eAudio = "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
eDataSecurity Loader = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
Google Desktop Search = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
IAAnotif = C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
PlayMovie = "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
PLFSetI = C:\Windows\PLFSetI.exe
avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
LManager = C:\Program Files\Launch Manager\QtZgAcer.EXE
ePower_DMC = C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
Malwarebytes Anti-Malware (reboot) = "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
ClassicShell = 0 (0x0)
ClearRecentDocsOnExit = 0 (0x0)
DisableFavoritesDirChange = 0 (0x0)
DisableMyMusicDirChange = 0 (0x0)
DisableMyPicturesDirChange = 0 (0x0)
DisablePersonalDirChange = 0 (0x0)
EnforceShellExtensionSecurity = 0 (0x0)
ForceActiveDesktopOn = 0 (0x0)
ForceStartMenuLogoff = 0 (0x0)
HideClock = 0 (0x0)
LinkResolveIgnoreLinkInfo = 0 (0x0)
LockTaskbar = 0 (0x0)
NoActiveDesktop = 0 (0x0)
NoAddPrinter = 0 (0x0)
NoBandCustomize = 0 (0x0)
NoCDBurning = 0 (0x0)
NoChangeAnimation = 0 (0x0)
NoChangeKeyboardNavigationIndicators = 0 (0x0)
NoCommonGroups = 0 (0x0)
NoControlPanel = 0 (0x0)
NoDeletePrinter = 0 (0x0)
NoDevMgrUpdate = 0 (0x0)
NoDFSTab = 0 (0x0)
NoDisconnect = 0 (0x0)
NoDriveAutoRun = 3 (0x3)
NoExpandedNewMenu = 0 (0x0)
NoFavoritesMenu = 0 (0x0)
NoFileAssociate = 0 (0x0)
NoFileUrl = 0 (0x0)
NoInstrumentation = 0 (0x0)
NoLogOff = 0 (0x0)
NoLowDiskSpaceChecks = 0 (0x0)
NoManageMyComputerVerb = 0 (0x0)
NoNetConnectDisconnect = 0 (0x0)
NoNetHood = 0 (0x0)
NoNetworkConnections = 0 (0x0)
NoPrinters = 0 (0x0)
NoPropertiesMyComputer = 0 (0x0)
NoPropertiesRecycleBin = 0 (0x0)
NoRecentDocsNetHood = 0 (0x0)
NoResolveTrack = 0 (0x0)
NoRunasInstallPrompt = 0 (0x0)
NoSaveSettings = 0 (0x0)
NoSecurityTab = 0 (0x0)
NoSetFolders = 0 (0x0)
NoSetTaskbar = 0 (0x0)
NoSharedDocuments = 0 (0x0)
NoSimpleStartMenu = 0 (0x0)
NoSMConfigurePrograms = 0 (0x0)
NoSMHelp = 0 (0x0)
NoSMMyDocs = 0 (0x0)
NoSMMyPictures = 0 (0x0)
NoStartBanner = 00000000
NoStartMenuEjectPC = 0 (0x0)
NoStartMenuMFUprogramsList = 0 (0x0)
NoStartMenuMorePrograms = 0 (0x0)
NoStartMenuMyMusic = 0 (0x0)
NoStartMenuNetworkPlaces = 0 (0x0)
NoStartMenuPinnedList = 0 (0x0)
NoStartMenuSubFolders = 0 (0x0)
NoThemesTab = 0 (0x0)
NoToolbarCustomize = 0 (0x0)
NoToolbarsOnTaskbar = 0 (0x0)
NoTrayItemsDisplay = 0 (0x0)
NoUserNameInStartMenu = 0 (0x0)
NoViewOnDrive = 0 (0x0)
NoWindowsUpdate = 0 (0x0)
PromptRunasInstallNetPath = 0 (0x0)
RestrictRun = 0 (0x0)
SpecifyDefaultButtons = 0 (0x0)
StartMenuLogoff = 0 (0x0)
NoDriveTypeAutoRun = 0 (0x0)
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\RestrictRun
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
BindDirectlyToPropertySetStorage = 0 (0x0)
NoWelcomeScreen = 0 (0x0)
NoDriveAutoRun = 3 (0x3)
NoDriveTypeAutoRun = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS = C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
Shell = Explorer.exe
Userinit = C:\Windows\system32\Userinit.exe,
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{1E54D648-B804-468d-BC78-4AFFED8E262F}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3C3901C5-3455-3E0A-A214-0B093A5070A6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤
[@ = ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8C7ADD44-D01F-4D04-B525-AE372B98AFD2}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8BC5F882-EFE6-40E0-AECF-CDC6791EC1F9}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E5C5E9FB-51FC-43A4-AC60-98C5DA45736E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F9B32C93-3710-4B9C-B826-5B7ED521CEA4}: DhcpNameServer=10.8.40.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8BC5F882-EFE6-40E0-AECF-CDC6791EC1F9}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E5C5E9FB-51FC-43A4-AC60-98C5DA45736E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F9B32C93-3710-4B9C-B826-5B7ED521CEA4}: DhcpNameServer=10.8.40.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8BC5F882-EFE6-40E0-AECF-CDC6791EC1F9}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E5C5E9FB-51FC-43A4-AC60-98C5DA45736E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F9B32C93-3710-4B9C-B826-5B7ED521CEA4}: DhcpNameServer=10.8.40.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\Windows\System32\blank.htm
Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\Windows\system32\blank.htm
Search Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2fbr%2faccess%2fallinone.asp%3f
¤¤¤¤¤ Proxy Internet Explorer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyHttp1.1 = 1 (0x1)
ProxyEnable = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Proxy Firefox ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ TaskCache ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\Apple]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\Microsoft]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\RealUpgradeLogonTaskS-1-5-21-3661891078-3325026079-2944221735-1000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\RealUpgradeScheduledTaskS-1-5-21-3661891078-3325026079-2944221735-1000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\WPD]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{7C678882-E37D-47C0-ACF6-FFF7552345B5}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{9C2D18A9-2962-4547-949F-0B764EA032F9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{DC59AA66-2B10-47C2-BBBB-501D81F8792E}]
¤¤¤¤¤¤¤¤¤¤ IFEO ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DllNXOptions]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IEInstal.exe]
¤¤¤¤¤¤¤¤¤¤ File Protection ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection]
KnownDllList = nlhtml.dll
¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤
[MD5.338c86357871c167a96ab976519bf59e] - C:\Windows\System32\drivers\atapi.sys
[MD5.338c86357871c167a96ab976519bf59e] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[MD5.338c86357871c167a96ab976519bf59e] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
¤¤¤¤¤ Reference
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 338c86357871c167a96ab976519bf59e
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
¤¤¤¤¤¤¤¤¤¤ Explorer ¤¤¤¤¤¤¤¤¤¤
[MD5.2626fc9755be22f805d3cfa0ce3ee727] - C:\Windows\explorer.exe
[MD5.15bc38a7492befe831966adb477cf76f] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[MD5.b95eeb0f4e5efbf1038a35b3351cf047] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[MD5.2626fc9755be22f805d3cfa0ce3ee727] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[MD5.9ff6c4c91a3711c0a3b18f87b08b518d] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[MD5.c76153c7eca00fa852bb0c193378f917] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
¤¤¤¤¤¤¤¤¤¤ Winlogon ¤¤¤¤¤¤¤¤¤¤
[MD5.37cdb7e72eb66ba85a87cbe37e7f03fd] - C:\Windows\System32\winlogon.exe
[MD5.8ec6a4ab12b8f3759e21f8e3a388f2cf] - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[MD5.37cdb7e72eb66ba85a87cbe37e7f03fd] - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[MD5.3babe6767c78fbf5fb8435feed187f30] - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
¤¤¤¤¤¤¤¤¤¤ Drive ¤¤¤¤¤¤¤¤¤¤
D'fragmenteur de disque Microsoft
Copyright (c) 2007 Microsoft Corp.
Invocation de analyse sur ACER (C:)...
L'op'ration a r'ussi.
Post Defragmentation Report:
Informations sur le volumeÿ:
Taille du volume = 142,54 Go
Espace libre = 36,34 Go
Quantit' totale d'espace fragment' = 0%
Taille maximale d'espace libre = 2,66 Go
Remarqueÿ: les fragments de fichier de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.
Il n'est pas n'cessaire de d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Rogues Infections ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤
Present !! : C:\Program Files\DAEMON Tools Toolbar
Present !! : C:\Windows\System32\ACER.exe
Present !! : C:\Windows\Temp\gdF1EC.tmp
Present !! : C:\Windows\Temp\gdF42D.tmp
Present !! : C:\Windows\Temp\TS_6537.tmp
Present !! : C:\Windows\Temp\TS_8298.tmp
Present !! : C:\Windows\Temp\TS_8344.tmp
Present !! : C:\Windows\Temp\TS_8420.tmp
Present !! : C:\Windows\Temp\TS_897D.tmp
Present !! : C:\Windows\Temp\TS_8C0E.tmp
Present !! : C:\Windows\Temp\TS_8C8B.tmp
Present !! : C:\Windows\Temp\TS_90A2.tmp
Present !! : C:\Windows\Temp\TS_916D.tmp
Present !! : C:\Users\Utilisateur\AppData\Local\GDIPFONTCACHEV1.DAT
Present !! : C:\Users\Utilisateur\Local Settings\Temp\alm.log
Present !! : C:\Users\Utilisateur\Local Settings\Temp\amt.log
Present !! : C:\Users\Utilisateur\Local Settings\Temp\~6D.tmp
Present !! : C:\Users\Utilisateur\LOCAL Settings\Temp\FlashPlayerUpdate.exe
Present !! : C:\Users\Utilisateur\LOCAL Settings\Temp\RtkBtMnt.exe
Present !! : C:\Users\Utilisateur\LOCAL Settings\Temp\Softonic_France.exe
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar : {32099AAC-C132-4136-9E9A-4E364A424E17}
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoAddPrinter
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoActiveDesktop
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoChangeKeyboardNavigationIndicators
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDisconnect
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoFileAssociate
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoLogoff
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoSetFolders
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoSMMyPictures
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoStartMenuMyMusic
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoViewOnDrive
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoWindowsUpdate
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System : NoDispBackgroundPage
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System : NoDispCPL
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System : NoDispScrSavPage
Present !! : "HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"
Present !! : "HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}
Present !! : HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}
Present !! : HKLM\Software\Conduit
FEATURE_BROWSER_EMULATION | svchost :
====================================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-23 18:50:18
Windows 6.1.7600 FAT NTAPI
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1 (0x1)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 19:02:15,73
Voilà celui de listandkillem
User : Utilisateur (Administrateurs)
Update on 18/09/2010 by g3n-h@ckm@n ::::: 15.20
Start at: 18:38:40 | 23/09/2010
Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 32-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Enabled
C:\ -> Disque fixe local | 142,54 Go (36,34 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 142,54 Go (34,34 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
Boot: Normal
¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer
C:\Windows\System32\smss.exe ---- 808 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\Windows\system32\csrss.exe ---- 3836 Ko ---- Normal ---- %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ----
C:\Windows\system32\wininit.exe ---- 3532 Ko ---- High ---- wininit.exe ----
C:\Windows\system32\csrss.exe ---- 12052 Ko ---- Normal ---- %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ----
C:\Windows\system32\services.exe ---- 7684 Ko ---- Normal ---- C:\Windows\system32\services.exe ----
C:\Windows\system32\lsass.exe ---- 9508 Ko ---- Normal ---- C:\Windows\system32\lsass.exe ----
C:\Windows\system32\lsm.exe ---- 3284 Ko ---- Normal ---- C:\Windows\system32\lsm.exe ----
C:\Windows\system32\svchost.exe ---- 7496 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k DcomLaunch ----
C:\Windows\system32\nvvsvc.exe ---- 2724 Ko ---- Normal ---- C:\Windows\system32\nvvsvc.exe ---- NVIDIA Corporation
C:\Windows\system32\svchost.exe ---- 7008 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k RPCSS ----
C:\Windows\System32\svchost.exe ---- 17604 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted ----
C:\Windows\System32\svchost.exe ---- 61580 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted ----
C:\Windows\system32\svchost.exe ---- 35288 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k netsvcs ----
C:\Windows\system32\winlogon.exe ---- 4876 Ko ---- High ---- winlogon.exe ----
C:\Windows\system32\svchost.exe ---- 12384 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalService ----
C:\Windows\system32\svchost.exe ---- 12576 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k NetworkService ----
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe ---- 724 Ko ---- Normal ---- "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" ---- ALWIL Software
C:\Program Files\Alwil Software\Avast4\ashServ.exe ---- 32140 Ko ---- High ---- "C:\Program Files\Alwil Software\Avast4\ashServ.exe" ---- ALWIL Software
C:\Windows\system32\rundll32.exe ---- 7408 Ko ---- Normal ---- C:\Windows\system32\rundll32.exe C:\Windows\system32\NVSVC.DLL,nvsvcInitialize ----
C:\Windows\system32\Dwm.exe ---- 24820 Ko ---- High ---- "C:\Windows\system32\Dwm.exe" ----
C:\Windows\Explorer.EXE ---- 60144 Ko ---- Normal ---- C:\Windows\Explorer.EXE ----
C:\Windows\System32\spoolsv.exe ---- 10440 Ko ---- Normal ---- C:\Windows\System32\spoolsv.exe ----
C:\Windows\system32\svchost.exe ---- 13004 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork ----
C:\Windows\system32\taskhost.exe ---- 7768 Ko ---- Normal ---- "taskhost.exe" ----
C:\Program Files\LSI SoftModem\agrsmsvc.exe ---- 2248 Ko ---- Normal ---- "C:\Program Files\LSI SoftModem\agrsmsvc.exe" ----
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe ---- 3884 Ko ---- Normal ---- "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" ---- Apple Inc.
C:\Program Files\Bonjour\mDNSResponder.exe ---- 5160 Ko ---- Normal ---- "C:\Program Files\Bonjour\mDNSResponder.exe" ---- Apple Inc.
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe ---- 4724 Ko ---- Normal ---- "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe" ----
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ---- 9324 Ko ---- Above Normal ---- "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ---- Synaptics Incorporated
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ---- 3292 Ko ---- Normal ---- "C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe" ---- CyberLink
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe ---- 5096 Ko ---- Normal ---- "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe" ---- EGIS TECHNOLOGY INC.
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ---- 17848 Ko ---- Normal ---- "C:\Program Files\Acer\Empowering Technology\Service\ETService.exe" ----
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe ---- 9348 Ko ---- Normal ---- "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" ---- Realtek Semiconductor Corp
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe ---- 9460 Ko ---- Normal ---- "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" ----
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ---- 3768 Ko ---- Normal ---- "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" ---- NewTech Infosystems, Inc
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe ---- 11452 Ko ---- Below Normal ---- "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" ----
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe ---- 10728 Ko ---- Normal ---- "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe" ----
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe ---- 15936 Ko ---- Normal ---- "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe" ---- EGIS TECHNOLOGY INC.
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ---- 7000 Ko ---- Normal ---- "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup ---- Google Inc
C:\Windows\system32\svchost.exe ---- 10824 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation ----
C:\Program Files\Common Files\LightScribe\LSSrvc.exe ---- 3328 Ko ---- Normal ---- "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" ----
C:\Acer\Mobility Center\MobilityService.exe ---- 10284 Ko ---- Normal ---- "C:\Acer\Mobility Center\MobilityService.exe" -p ----
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe ---- 7400 Ko ---- Normal ---- "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe" ---- NewTech Infosystems, Inc
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe ---- 6288 Ko ---- Normal ---- "C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe" ---- Intel Corporation
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe ---- 8384 Ko ---- Normal ---- "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" ----
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe ---- 5636 Ko ---- Normal ---- "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe" ----
C:\Windows\PLFSetI.exe ---- 7232 Ko ---- Normal ---- "C:\Windows\PLFSetI.exe" ----
C:\Program Files\Cyberlink\Shared files\RichVideo.exe ---- 3500 Ko ---- Normal ---- "C:\Program Files\Cyberlink\Shared files\RichVideo.exe" ---- CyberLink
C:\Windows\system32\svchost.exe ---- 4504 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k imgsvc ----
C:\Program Files\Alwil Software\Avast4\ashDisp.exe ---- 2112 Ko ---- Normal ---- "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" ---- ALWIL Software
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe ---- 5420 Ko ---- Normal ---- "C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe" ---- Intel Corporation
C:\Users\UTILIS~1\AppData\Local\Temp\RtkBtMnt.exe ---- 4120 Ko ---- Normal ---- C:\Users\UTILIS~1\AppData\Local\Temp\RtkBtMnt.exe ----
C:\Windows\system32\SearchIndexer.exe ---- 17216 Ko ---- Normal ---- C:\Windows\system32\SearchIndexer.exe /Embedding ----
C:\Windows\System32\svchost.exe ---- 15616 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k Akamai ----
C:\Windows\system32\wbem\wmiprvse.exe ---- 5652 Ko ---- Normal ---- C:\Windows\system32\wbem\wmiprvse.exe ----
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe ---- 2456 Ko ---- Normal ---- "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service ---- ALWIL Software
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe ---- 71520 Ko ---- Normal ---- "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service ---- ALWIL Software
C:\Windows\system32\svchost.exe ---- 4900 Ko ---- Normal ---- C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted ----
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe ---- 2688 Ko ---- Above Normal ---- "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe" ---- Synaptics Incorporated
C:\Program Files\Launch Manager\QtZgAcer.EXE ---- 12536 Ko ---- Normal ---- "C:\Program Files\Launch Manager\QtZgAcer.EXE" ---- Dritek System Inc.
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe ---- 21636 Ko ---- Normal ---- "C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe" ----
C:\Program Files\Common Files\Java\Java Update\jusched.exe ---- 7044 Ko ---- Normal ---- "C:\Program Files\Common Files\Java\Java Update\jusched.exe" ---- Sun Microsystems, Inc.
C:\Program Files\iTunes\iTunesHelper.exe ---- 12008 Ko ---- Normal ---- "C:\Program Files\iTunes\iTunesHelper.exe" ---- Apple Inc.
C:\Program Files\SFR\Kit\9props.exe ---- 7232 Ko ---- Normal ---- "C:\Program Files\SFR\Kit\9props.exe" /trayicon ---- Societe Francaise de Radiotelephone (SFR)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe ---- 5740 Ko ---- Normal ---- "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background ---- Microsoft Corporation
C:\Program Files\Windows Media Player\wmpnetwk.exe ---- 9856 Ko ---- Normal ---- "C:\Program Files\Windows Media Player\wmpnetwk.exe" ----
C:\Windows\ehome\ehmsas.exe ---- 4824 Ko ---- Normal ---- C:\Windows\ehome\ehmsas.exe -Embedding ----
C:\Windows\system32\wbem\unsecapp.exe ---- 4852 Ko ---- Normal ---- C:\Windows\system32\wbem\unsecapp.exe -Embedding ----
C:\Program Files\Safari\Safari.exe ---- 270408 Ko ---- Normal ---- "C:\Program Files\Safari\Safari.exe" ---- Apple Inc.
C:\Windows\System32\svchost.exe ---- 12052 Ko ---- Normal ---- C:\Windows\System32\svchost.exe -k LocalServicePeerNet ----
C:\Program Files\iPod\bin\iPodService.exe ---- 5376 Ko ---- Normal ---- "C:\Program Files\iPod\bin\iPodService.exe" ---- Apple Inc.
C:\Program Files\iTunes\iTunes.exe ---- 63676 Ko ---- Normal ---- "C:\Program Files\iTunes\iTunes.exe" ---- Apple Inc.
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe ---- 9440 Ko ---- Normal ---- "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe" --pipe \.\pipe\30104375-138042886893986088 --parentPipe ---- Apple Inc.
C:\Windows\system32\conhost.exe ---- 2832 Ko ---- Normal ---- \??\C:\Windows\system32\conhost.exe ----
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe ---- 4812 Ko ---- Normal ---- "C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe" ---- Apple Inc.
C:\Windows\system32\conhost.exe ---- 2848 Ko ---- Normal ---- \??\C:\Windows\system32\conhost.exe ----
C:\Windows\system32\taskhost.exe ---- 5704 Ko ---- Normal ---- "taskhost.exe" ----
C:\Windows\system32\wbem\wmiprvse.exe ---- 8960 Ko ---- Normal ---- C:\Windows\system32\wbem\wmiprvse.exe ----
C:\Windows\system32\DllHost.exe ---- 4144 Ko ---- Normal ---- C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} ----
C:\Windows\system32\DllHost.exe ---- 3648 Ko ---- Normal ---- C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} ----
C:\Windows\System32\cmd.exe ---- 2760 Ko ---- Normal ---- "C:\Windows\System32\cmd.exe" /C "C:\Program Files\List_Kill'em\List'em.bat" ----
C:\Windows\system32\conhost.exe ---- 4768 Ko ---- Normal ---- \??\C:\Windows\system32\conhost.exe ----
C:\Program Files\List_Kill'em\pv.exe ---- 5048 Ko ---- Normal ---- pv -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ----
¤¤¤¤¤¤¤¤¤¤ Keys "Run" ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Connexion SFR 9props.exe = "C:\Program Files\SFR\Kit\9props.exe" /trayicon
ehTray.exe = C:\Windows\ehome\ehTray.exe
msnmsgr = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
Skytel = C:\Program Files\Realtek\Audio\HDA\Skytel.exe
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
AdobeCS4ServiceManager = "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
ArcadeDeluxeAgent = "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
BkupTray = "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
CLMLServer = "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
eAudio = "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
eDataSecurity Loader = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
Google Desktop Search = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
IAAnotif = C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
PlayMovie = "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
PLFSetI = C:\Windows\PLFSetI.exe
avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
LManager = C:\Program Files\Launch Manager\QtZgAcer.EXE
ePower_DMC = C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
Malwarebytes Anti-Malware (reboot) = "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
ClassicShell = 0 (0x0)
ClearRecentDocsOnExit = 0 (0x0)
DisableFavoritesDirChange = 0 (0x0)
DisableMyMusicDirChange = 0 (0x0)
DisableMyPicturesDirChange = 0 (0x0)
DisablePersonalDirChange = 0 (0x0)
EnforceShellExtensionSecurity = 0 (0x0)
ForceActiveDesktopOn = 0 (0x0)
ForceStartMenuLogoff = 0 (0x0)
HideClock = 0 (0x0)
LinkResolveIgnoreLinkInfo = 0 (0x0)
LockTaskbar = 0 (0x0)
NoActiveDesktop = 0 (0x0)
NoAddPrinter = 0 (0x0)
NoBandCustomize = 0 (0x0)
NoCDBurning = 0 (0x0)
NoChangeAnimation = 0 (0x0)
NoChangeKeyboardNavigationIndicators = 0 (0x0)
NoCommonGroups = 0 (0x0)
NoControlPanel = 0 (0x0)
NoDeletePrinter = 0 (0x0)
NoDevMgrUpdate = 0 (0x0)
NoDFSTab = 0 (0x0)
NoDisconnect = 0 (0x0)
NoDriveAutoRun = 3 (0x3)
NoExpandedNewMenu = 0 (0x0)
NoFavoritesMenu = 0 (0x0)
NoFileAssociate = 0 (0x0)
NoFileUrl = 0 (0x0)
NoInstrumentation = 0 (0x0)
NoLogOff = 0 (0x0)
NoLowDiskSpaceChecks = 0 (0x0)
NoManageMyComputerVerb = 0 (0x0)
NoNetConnectDisconnect = 0 (0x0)
NoNetHood = 0 (0x0)
NoNetworkConnections = 0 (0x0)
NoPrinters = 0 (0x0)
NoPropertiesMyComputer = 0 (0x0)
NoPropertiesRecycleBin = 0 (0x0)
NoRecentDocsNetHood = 0 (0x0)
NoResolveTrack = 0 (0x0)
NoRunasInstallPrompt = 0 (0x0)
NoSaveSettings = 0 (0x0)
NoSecurityTab = 0 (0x0)
NoSetFolders = 0 (0x0)
NoSetTaskbar = 0 (0x0)
NoSharedDocuments = 0 (0x0)
NoSimpleStartMenu = 0 (0x0)
NoSMConfigurePrograms = 0 (0x0)
NoSMHelp = 0 (0x0)
NoSMMyDocs = 0 (0x0)
NoSMMyPictures = 0 (0x0)
NoStartBanner = 00000000
NoStartMenuEjectPC = 0 (0x0)
NoStartMenuMFUprogramsList = 0 (0x0)
NoStartMenuMorePrograms = 0 (0x0)
NoStartMenuMyMusic = 0 (0x0)
NoStartMenuNetworkPlaces = 0 (0x0)
NoStartMenuPinnedList = 0 (0x0)
NoStartMenuSubFolders = 0 (0x0)
NoThemesTab = 0 (0x0)
NoToolbarCustomize = 0 (0x0)
NoToolbarsOnTaskbar = 0 (0x0)
NoTrayItemsDisplay = 0 (0x0)
NoUserNameInStartMenu = 0 (0x0)
NoViewOnDrive = 0 (0x0)
NoWindowsUpdate = 0 (0x0)
PromptRunasInstallNetPath = 0 (0x0)
RestrictRun = 0 (0x0)
SpecifyDefaultButtons = 0 (0x0)
StartMenuLogoff = 0 (0x0)
NoDriveTypeAutoRun = 0 (0x0)
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\RestrictRun
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
BindDirectlyToPropertySetStorage = 0 (0x0)
NoWelcomeScreen = 0 (0x0)
NoDriveAutoRun = 3 (0x3)
NoDriveTypeAutoRun = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS = C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
Shell = Explorer.exe
Userinit = C:\Windows\system32\Userinit.exe,
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{1E54D648-B804-468d-BC78-4AFFED8E262F}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{E77F23EB-E7AB-4502-8F37-247DBAF1A147}]
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3C3901C5-3455-3E0A-A214-0B093A5070A6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]
¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤
[@ = ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8C7ADD44-D01F-4D04-B525-AE372B98AFD2}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8BC5F882-EFE6-40E0-AECF-CDC6791EC1F9}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E5C5E9FB-51FC-43A4-AC60-98C5DA45736E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F9B32C93-3710-4B9C-B826-5B7ED521CEA4}: DhcpNameServer=10.8.40.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8BC5F882-EFE6-40E0-AECF-CDC6791EC1F9}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E5C5E9FB-51FC-43A4-AC60-98C5DA45736E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F9B32C93-3710-4B9C-B826-5B7ED521CEA4}: DhcpNameServer=10.8.40.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8BC5F882-EFE6-40E0-AECF-CDC6791EC1F9}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E5C5E9FB-51FC-43A4-AC60-98C5DA45736E}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F9B32C93-3710-4B9C-B826-5B7ED521CEA4}: DhcpNameServer=10.8.40.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\Windows\System32\blank.htm
Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\Windows\system32\blank.htm
Search Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2fbr%2faccess%2fallinone.asp%3f
¤¤¤¤¤ Proxy Internet Explorer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyHttp1.1 = 1 (0x1)
ProxyEnable = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Proxy Firefox ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ TaskCache ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\Apple]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\Microsoft]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\RealUpgradeLogonTaskS-1-5-21-3661891078-3325026079-2944221735-1000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\RealUpgradeScheduledTaskS-1-5-21-3661891078-3325026079-2944221735-1000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\WPD]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{7C678882-E37D-47C0-ACF6-FFF7552345B5}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{9C2D18A9-2962-4547-949F-0B764EA032F9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\schedule\taskcache\tree\{DC59AA66-2B10-47C2-BBBB-501D81F8792E}]
¤¤¤¤¤¤¤¤¤¤ IFEO ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DllNXOptions]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IEInstal.exe]
¤¤¤¤¤¤¤¤¤¤ File Protection ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection]
KnownDllList = nlhtml.dll
¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!
¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤
[MD5.338c86357871c167a96ab976519bf59e] - C:\Windows\System32\drivers\atapi.sys
[MD5.338c86357871c167a96ab976519bf59e] - C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[MD5.338c86357871c167a96ab976519bf59e] - C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
¤¤¤¤¤ Reference
Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 338c86357871c167a96ab976519bf59e
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C
¤¤¤¤¤¤¤¤¤¤ Explorer ¤¤¤¤¤¤¤¤¤¤
[MD5.2626fc9755be22f805d3cfa0ce3ee727] - C:\Windows\explorer.exe
[MD5.15bc38a7492befe831966adb477cf76f] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[MD5.b95eeb0f4e5efbf1038a35b3351cf047] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[MD5.2626fc9755be22f805d3cfa0ce3ee727] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[MD5.9ff6c4c91a3711c0a3b18f87b08b518d] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[MD5.c76153c7eca00fa852bb0c193378f917] - C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
¤¤¤¤¤¤¤¤¤¤ Winlogon ¤¤¤¤¤¤¤¤¤¤
[MD5.37cdb7e72eb66ba85a87cbe37e7f03fd] - C:\Windows\System32\winlogon.exe
[MD5.8ec6a4ab12b8f3759e21f8e3a388f2cf] - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[MD5.37cdb7e72eb66ba85a87cbe37e7f03fd] - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[MD5.3babe6767c78fbf5fb8435feed187f30] - C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
¤¤¤¤¤¤¤¤¤¤ Drive ¤¤¤¤¤¤¤¤¤¤
D'fragmenteur de disque Microsoft
Copyright (c) 2007 Microsoft Corp.
Invocation de analyse sur ACER (C:)...
L'op'ration a r'ussi.
Post Defragmentation Report:
Informations sur le volumeÿ:
Taille du volume = 142,54 Go
Espace libre = 36,34 Go
Quantit' totale d'espace fragment' = 0%
Taille maximale d'espace libre = 2,66 Go
Remarqueÿ: les fragments de fichier de plus de 64ÿMo ne sont pas inclus dans les statistiques de fragmentation.
Il n'est pas n'cessaire de d'fragmenter ce volume.
¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Rogues Infections ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤
Present !! : C:\Program Files\DAEMON Tools Toolbar
Present !! : C:\Windows\System32\ACER.exe
Present !! : C:\Windows\Temp\gdF1EC.tmp
Present !! : C:\Windows\Temp\gdF42D.tmp
Present !! : C:\Windows\Temp\TS_6537.tmp
Present !! : C:\Windows\Temp\TS_8298.tmp
Present !! : C:\Windows\Temp\TS_8344.tmp
Present !! : C:\Windows\Temp\TS_8420.tmp
Present !! : C:\Windows\Temp\TS_897D.tmp
Present !! : C:\Windows\Temp\TS_8C0E.tmp
Present !! : C:\Windows\Temp\TS_8C8B.tmp
Present !! : C:\Windows\Temp\TS_90A2.tmp
Present !! : C:\Windows\Temp\TS_916D.tmp
Present !! : C:\Users\Utilisateur\AppData\Local\GDIPFONTCACHEV1.DAT
Present !! : C:\Users\Utilisateur\Local Settings\Temp\alm.log
Present !! : C:\Users\Utilisateur\Local Settings\Temp\amt.log
Present !! : C:\Users\Utilisateur\Local Settings\Temp\~6D.tmp
Present !! : C:\Users\Utilisateur\LOCAL Settings\Temp\FlashPlayerUpdate.exe
Present !! : C:\Users\Utilisateur\LOCAL Settings\Temp\RtkBtMnt.exe
Present !! : C:\Users\Utilisateur\LOCAL Settings\Temp\Softonic_France.exe
¤¤¤¤¤¤¤¤¤¤ Keys :
Present !! : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar : {32099AAC-C132-4136-9E9A-4E364A424E17}
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoAddPrinter
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoActiveDesktop
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoChangeKeyboardNavigationIndicators
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDisconnect
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoFileAssociate
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoLogoff
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoSetFolders
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoSMMyPictures
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoStartMenuMyMusic
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoViewOnDrive
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoWindowsUpdate
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System : NoDispBackgroundPage
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System : NoDispCPL
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System : NoDispScrSavPage
Present !! : "HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"
Present !! : "HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"
Present !! : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}
Present !! : HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}
Present !! : HKLM\Software\Conduit
FEATURE_BROWSER_EMULATION | svchost :
====================================
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-23 18:50:18
Windows 6.1.7600 FAT NTAPI
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
kernel: MBR read successfully
user & kernel MBR OK
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1 (0x1)
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
End of scan : 19:02:15,73
Voilà celui de listandkillem