Sujet Précédent Sujet Suivant

SOURIS BALLADEUSE

Résolu/Fermé
claude54 Messages postés 15 Date d'inscription vendredi 2 juin 2006 Statut Membre Dernière intervention 2 octobre 2010 - 29 sept. 2010 à 10:27
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 - 2 oct. 2010 à 16:44
Bonjour,




J'ai régulièrment ma souris qui se ballade sur l'écran. Après avoir scanné le disque avec un anti-virus et spybot, le problème semblait résolu. Mais cela revient !
Je me permets de déposer ci-dessous le log hijack.
Merci pour votre aide.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:14, on 29/09/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
F:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Microsoft Services] lsrv.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Services] lsrv.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] wupdate.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Windows Update] wupdate.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/26eeda77f90bf4f22105/netzip/RdxIE601_fr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4.com/binaries/IA/svcia32_FR_XP.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service Google Update (gupdate1ca4a47648693a0) (gupdate1ca4a47648693a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
A voir également:

22 réponses

  • 1
  • 2
Réponse 1 / 22
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
29 sept. 2010 à 12:16
salut

télécharge

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

a l'installation vérifie que mise a jour et lancer programme et scan complet sont bien cocher

Une fois a jour, le programme va se lancer; clic sur l'onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".

A la fin du scan clique sur Afficher les résultats

Vérifier si tout est coché et clic Supprimer la sélection

S'il t'es demandé de redémarrer >>> clique sur "Yes"

Et tu poste le rapport générer
0
Réponse 2 / 22
claude54 Messages postés 15 Date d'inscription vendredi 2 juin 2006 Statut Membre Dernière intervention 2 octobre 2010
1 oct. 2010 à 09:01
Bonjour,

ci-dessous le rapport.
MERCI
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

01/10/2010 08:34:37
mbam-log-2010-10-01 (08-34-37).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 615864
Temps écoulé: 6 heure(s), 34 minute(s), 46 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\Downloaded Program Files\syswbsvc32.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\tmlpcert2007 (Adware.EGDAccess) -> Quarantined and deleted successfully.

Ci-dessous un nouveau log hijack.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:47:18, on 01/10/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
F:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Microsoft Services] lsrv.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Services] lsrv.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] wupdate.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Windows Update] wupdate.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/26eeda77f90bf4f22105/netzip/RdxIE601_fr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} - http://scripts.dlv4.com/binaries/IA/svcia32_FR_XP.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab
O16 - DPF: {8B3B8135-9DAA-40E7-8941-962795F9C1CB} - https://www.afternic.com/domains/downloadv3.com
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service Google Update (gupdate1ca4a47648693a0) (gupdate1ca4a47648693a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
0
Réponse 3 / 22
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
1 oct. 2010 à 09:26
Bonjourrr

voyant s'il reste des residue de Adware.EGDAccess

Télécharge maintenant Navilog1 depuis-ce lien :

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite ( clic droit "exécuter en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation
Une fois l'installation terminée, fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis "Exécuter en tant qu'administrateur".

Au menu principal, fais le choix 1
Laisse toi guider et patiente.
Patiente jusqu'au message :

* "Analyse Termine le ..... "


Appuie sur une touche le bloc note va s'ouvrir.
Copie-colle l'intégralité du rapport dans une réponse.
Referme le bloc note
Le rapport fixnavi.txt est en outre sauvegardé dans %systemdrive%.
0
Réponse 4 / 22
claude54 Messages postés 15 Date d'inscription vendredi 2 juin 2006 Statut Membre Dernière intervention 2 octobre 2010
1 oct. 2010 à 09:47
Fix Navipromo version 4.0.9 commencé le 01/10/2010 9:34:29,01

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\navilog1

Mise à jour le 17.09.2010 à 16h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Mobile Intel(R) Pentium(R) 4 - M CPU 2.20GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A06
USER : claude ( Administrator )
BOOT : Normal boot

Antivirus : avast! Antivirus 5.0.83886757 (Activated)


A:\ (USB)
C:\ (Local Disk) - NTFS - Total:24 Go (Free:1 Go)
D:\ (Local Disk) - NTFS - Total:31 Go (Free:10 Go)
E:\ (CD or DVD)
F:\ (USB) - FAT32 - Total:3819 Mo (Free:2 Go)


Recherche executée en mode normal

Nettoyage exécuté au redémarrage de l'ordinateur




Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\claude\locals~1\Temp effectué !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

Certificat Egroup supprimé !



*** Scan terminé 01/10/2010 9:39:08,85 ***
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 22
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
1 oct. 2010 à 09:52
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est détecte a tort comme infection)

Télécharge ici :List_Kill'em de gen-hackman

http://sd-4.archive-host.com/membres/up/829108531491024/Mes_Tools/List_Killem_Install.exe

et enregistre le sur ton bureau

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "exécuter en tant que...."

sur le raccourci sur ton bureau pour lancer l'installation

Laisse coché :

Exécuter List_Kill'em

une fois terminée , clic sur "terminer" et le programme se lancera seul

Il commencera par télécharger et installer ses mises à jour , puis te donnera son menu

choisis l'option Search

laisse travailler l'outil

il se peut qu'une boite de dialogue s'ouvre , dans ce cas clique sur "OK" ou "Agrée"

à l'apparition de la fenêtre blanche , c'est un peu long , c'est normal ,c'est une recherche supplémentaire de fichiers cachés , le programme n'est pas bloqué.

Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'écran "COMPLETED"
0
Mstr Messages postés 9973 Date d'inscription lundi 11 janvier 2010 Statut Contributeur sécurité Dernière intervention 28 septembre 2015 1 890
1 oct. 2010 à 10:10
Salut !

Le MBAM n'était pas à jour, me trompes-je ? :D
0
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
1 oct. 2010 à 10:13
salut Mstr

tout a fait bien vue
0
Réponse 6 / 22
claude54 Messages postés 15 Date d'inscription vendredi 2 juin 2006 Statut Membre Dernière intervention 2 octobre 2010
1 oct. 2010 à 11:09
CI-dessous le résultat.
Pour info, je n'ai pas de connexion internet sur le poste infecté. J'ai emmené le pc au bureau, car quand le malwayre est actif, je ne maitrise plus la souris.
J'ai transité avec une clef USB.
C'est pour cela que l'une ou l'autre maj n'est pas faite.

¤¤¤¤¤¤¤¤¤¤ List'em by g3n-h@ckm@n 2.1.0.8 ¤¤¤¤¤¤¤¤¤¤

User : claude (Administrateurs)
Update on 29/09/2010 by g3n-h@ckm@n ::::: 15.00
Start at: 10:12:46 | 01/10/2010

Mobile Intel(R) Pentium(R) 4 - M CPU 2.20GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Disabled
AV : avast! Antivirus 5.0.83886757 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 24,41 Go (1,41 Go free) [XP] | NTFS
D:\ -> Disque fixe local | 31,48 Go (10,47 Go free) | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible | 3,73 Go (2,82 Go free) [KINGSTON] | FAT32

Boot: Normal

¤¤¤¤¤¤ Processes ------- Memory(Ko) ------- Priority ------ Command ------- Signer


C:\WINDOWS\System32\smss.exe ---- 400 Ko ---- Normal ---- \SystemRoot\System32\smss.exe ----
C:\WINDOWS\system32\csrss.exe ---- 4112 Ko ---- Normal ---- C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ----
C:\WINDOWS\system32\winlogon.exe ---- 4268 Ko ---- High ---- winlogon.exe ----
C:\WINDOWS\system32\services.exe ---- 4152 Ko ---- Normal ---- C:\WINDOWS\system32\services.exe ----
C:\WINDOWS\system32\lsass.exe ---- 1716 Ko ---- Normal ---- C:\WINDOWS\system32\lsass.exe ----
C:\WINDOWS\system32\svchost.exe ---- 4904 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k DcomLaunch ----
C:\WINDOWS\system32\svchost.exe ---- 4052 Ko ---- Normal ---- C:\WINDOWS\system32\svchost -k rpcss ----
C:\WINDOWS\System32\svchost.exe ---- 21528 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k netsvcs ----
C:\WINDOWS\System32\svchost.exe ---- 6256 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k NetworkService ----
C:\WINDOWS\System32\svchost.exe ---- 3740 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k LocalService ----
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe ---- 5456 Ko ---- Normal ---- "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" ---- ALWIL Software
C:\WINDOWS\Explorer.EXE ---- 25752 Ko ---- Normal ---- C:\WINDOWS\Explorer.EXE ----
C:\WINDOWS\system32\spoolsv.exe ---- 4856 Ko ---- Normal ---- C:\WINDOWS\system32\spoolsv.exe ----
C:\WINDOWS\System32\svchost.exe ---- 3296 Ko ---- Normal ---- C:\WINDOWS\System32\svchost.exe -k LocalService ----
C:\Program Files\Java\jre6\bin\jqs.exe ---- 1392 Ko ---- Idle ---- "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" ---- Sun Microsystems, Inc.
C:\WINDOWS\System32\nvsvc32.exe ---- 1992 Ko ---- Normal ---- C:\WINDOWS\System32\nvsvc32.exe ----
C:\WINDOWS\System32\wdfmgr.exe ---- 1692 Ko ---- Normal ---- C:\WINDOWS\System32\wdfmgr.exe ----
C:\WINDOWS\System32\alg.exe ---- 3448 Ko ---- Normal ---- C:\WINDOWS\System32\alg.exe ----
C:\WINDOWS\System32\wbem\wmiapsrv.exe ---- 4456 Ko ---- Normal ---- C:\WINDOWS\System32\wbem\wmiapsrv.exe ----
C:\WINDOWS\system32\pctspk.exe ---- 3388 Ko ---- Normal ---- "C:\WINDOWS\system32\pctspk.exe" ----
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe ---- 4176 Ko ---- Normal ---- "C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe" -hide ----
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe ---- 200 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot ---- RealNetworks, Inc.
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe ---- 2196 Ko ---- Normal ---- "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" ---- Sun Microsystems, Inc.
C:\Program Files\QuickTime\qttask.exe ---- 2376 Ko ---- Normal ---- "C:\Program Files\QuickTime\qttask.exe" -atboottime ----
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe ---- 5484 Ko ---- Normal ---- "C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe" /nogui ---- ALWIL Software
C:\WINDOWS\system32\ctfmon.exe ---- 3224 Ko ---- Normal ---- "C:\WINDOWS\system32\ctfmon.exe" ----
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe ---- 87748 Ko ---- Idle ---- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ----
C:\WINDOWS\system32\wuauclt.exe ---- 4036 Ko ---- Normal ---- "C:\WINDOWS\system32\wuauclt.exe" ---- Microsoft Windows Component Publisher
C:\WINDOWS\system32\wscntfy.exe ---- 2320 Ko ---- Normal ---- C:\WINDOWS\system32\wscntfy.exe ----
C:\WINDOWS\system32\cmd.exe ---- 2684 Ko ---- Normal ---- C:\WINDOWS\system32\cmd.exe /K List'em.bat ----
C:\WINDOWS\system32\wbem\wmiprvse.exe ---- 6604 Ko ---- Normal ---- C:\WINDOWS\system32\wbem\wmiprvse.exe ----
C:\Program Files\List_Kill'em\pv.exe ---- 2640 Ko ---- Normal ---- pv -o"%f ---- %m Ko ---- %p ---- %l ---- %s" ----


¤¤¤¤¤¤¤¤¤¤ Keys "Run" ¤¤¤¤¤¤¤¤¤¤

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
Microsoft Services = lsrv.exe
Microsoft Windows Update = wupdate.exe
SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
PCTVOICE = pctspk.exe
Microsoft Services = lsrv.exe
nwiz = nwiz.exe /installquiet
AS00_Gear511 = C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
TkBellExe = "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched = "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
avast5 = C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM = "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

¤¤¤¤¤¤¤¤¤¤ Other System Keys ¤¤¤¤¤¤¤¤¤¤

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun = 145 (0x91)
NoLogoff = 0 (0x0)
NoClose = 0 (0x0)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting = 1 (0x1)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS =

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
Shell = Explorer.exe
Userinit = C:\WINDOWS\system32\userinit.exe,

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972} =

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
C:\Program Files\MSN Messenger\msnmsgr.exe = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0
C:\Program Files\Messenger\msmsgs.exe = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\WINDOWS\system32\sessmgr.exe = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Motorola\Software Update\msu.exe = C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\MSN Messenger\msnmsgr.exe = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0

¤¤¤¤¤¤¤¤¤¤ ActivX | COM ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\Microsoft XML Parser for Java]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{1F2F4C9E-6F09-47BC-970D-3C54734667FE}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{33564D57-0000-0010-8000-00AA00389B71}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{33564D57-9980-0010-8000-00AA00389B71}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{56336BCB-3D8A-11D6-A00B-0050DA18DE71}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{6414512B-B978-451D-A0D8-FCFDF33E833C}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{71DA2A4E-ACB3-4065-9E41-8BC42EABE427}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8B1BC605-C593-4865-8F5B-05517F0CD0BB}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8B3B8135-9DAA-40E7-8941-962795F9C1CB}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{B79A53C0-1DAC-4636-BACE-FD086A7A79BF}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}]
[HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{D27CDB6E-AE6D-11CF-96B8-444553540000}]

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\WriteRegStr]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{03F998B2-0E00-11D3-A498-00104B6EB52E}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{04d6265d-6b5d-41c3-9e7c-48be15919643}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A3320D6-C805-4280-B423-B665BDE33D8F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2D5974C5-5185-4f5b-80B6-28015ACDD74C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2eac6a2d-57a8-44d4-96f7-e32bab40ca5f}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5f3c70b3-ac2f-432c-8f9c-1624df61f54f}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9A394342-4A68-4EBA-85A6-55B559F4E700}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}]

¤¤¤¤¤¤¤¤¤¤ BHO ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

¤¤¤¤¤¤¤¤¤¤ DNS ¤¤¤¤¤¤¤¤¤¤

HKLM\SYSTEM\CCS\Services\Tcpip\..\{578F2172-1576-406C-8820-907B2C5CD4C6}: DhcpNameServer=192.168.10.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{619BE9A0-ECE3-49A1-8801-65308E2C383A}: DhcpNameServer=192.168.10.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{578F2172-1576-406C-8820-907B2C5CD4C6}: DhcpNameServer=192.168.10.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.10.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.10.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222


¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
Local Page = C:\windows\system32\blank.htm
Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.orange.fr/portail
Local Page = C:\windows\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

¤¤¤¤¤ Proxy Internet Explorer

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyHttp1.1 = 0 (0x0)
ProxyEnable = 0 (0x0)


¤¤¤¤¤¤¤¤¤¤ Proxy Firefox ¤¤¤¤¤¤¤¤¤¤


¤¤¤¤¤¤¤¤¤¤ TaskCache ¤¤¤¤¤¤¤¤¤¤


¤¤¤¤¤¤¤¤¤¤ IFEO ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\apitrap.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ASSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Cleanup.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cqw32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\divx.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\divxdec.ax]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DJSMAR00.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRMINST.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\enc98.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EncodeDivXExt.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EncryptPatchVer.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\front.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fullsoft.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GBROWSER.DLL]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htmlmarq.ocx]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\htmlmm.ocx]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\install.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ishscan.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ISSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\javai.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jvm.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\jvm_g.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\main123w.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mngreg32.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msci_uno.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscoree.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscorsvr.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mscorwks.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\msjava.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\mso.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVOPTRF.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NeVideoFX.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NPMLIC.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NSWSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\photohse.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PMSTE.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ppw32hlp.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\printhse.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\prwin8.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ps80.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\psdmt.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qfinder.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\qpw.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Salwrap.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup32.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\sevinst.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\symlcnet.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\tcore_ebook.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TFDTCTT8.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ua80.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\udtapi.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ums.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vb40032.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vbe6.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\wpwin8.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xlmlEN.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\xwsetup.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Your Image File Name Here without a path]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_INSTPGM.EXE]

¤¤¤¤¤¤¤¤¤¤ File Protection ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection]

¤¤¤¤¤¤¤¤¤¤ Safemode ¤¤¤¤¤¤¤¤¤¤

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal : OK !!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network : OK !!

¤¤¤¤¤¤¤¤¤¤ Atapi.sys ¤¤¤¤¤¤¤¤¤¤

[MD5.cdfe4411a69c224bd1d11b2da92dac51] - C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[MD5.9f3a2f5aa6875c72bf062c712cfa2674] - C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\atapi.sys
[MD5.cdfe4411a69c224bd1d11b2da92dac51] - C:\WINDOWS\system32\drivers\atapi.sys

¤¤¤¤¤ Reference

Win 2000_SP2 : ff953a8f08ca3f822127654375786bbe
Win 2000_SP4 : 8c718aa8c77041b3285d55a0ce980867
Win XP_32b : a64013e98426e1877cb653685c5c0009
Win XP_SP1_32b : 95b858761a00e1d4f81f79a0da019aca
Win XP_SP2_32b : CDFE4411A69C224BD1D11B2DA92DAC51
Win XP_SP3_32b : 9F3A2F5AA6875C72BF062C712CFA2674
Vista_32b : e03e8c99d15d0381e02743c36afc7c6f
Vista_SP1_32b : 2d9c903dc76a66813d350a562de40ed9
Vista_SP2_32b : 1F05B78AB91C9075565A9D8A4B880BC4
Vista_SP2_64b : 1898FAE8E07D97F2F6C2D5326C633FAC
Windows 7_32b : 338c86357871c167a96ab976519bf59e
Windows 7_64b : 02062C0B390B7729EDC9E69C680A6F3C

¤¤¤¤¤¤¤¤¤¤ Explorer ¤¤¤¤¤¤¤¤¤¤

[MD5.d0288319660edcfed07c7e74c4ea38a5] - C:\WINDOWS\explorer.exe
[MD5.2a7bd330924252a2fd80344fc949bb72] - C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[MD5.f2317622d29f9ff0f88aeecd5f60f0dd] - C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\explorer.exe
[MD5.d0288319660edcfed07c7e74c4ea38a5] - C:\WINDOWS\system32\dllcache\explorer.exe

¤¤¤¤¤¤¤¤¤¤ Winlogon ¤¤¤¤¤¤¤¤¤¤

[MD5.123eea158f74d0f67a51dcdf065d1091] - C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[MD5.dd73d6b9f6b4cb630cf35b438b540174] - C:\WINDOWS\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\winlogon.exe
[MD5.123eea158f74d0f67a51dcdf065d1091] - C:\WINDOWS\system32\winlogon.exe

¤¤¤¤¤¤¤¤¤¤ Drive ¤¤¤¤¤¤¤¤¤¤

D'fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
24,41 Go total, 1,41 Go libre (5%), 22% fragment' (fragmentation du fichier 37%)

Vous devriez d'fragmenter ce volume.

¤¤¤¤¤¤¤¤¤¤ Mountpoints2 ¤¤¤¤¤¤¤¤¤¤


¤¤¤¤¤¤¤¤¤¤ Rogues Infections ¤¤¤¤¤¤¤¤¤¤



¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤

[HKEY_CURRENT_USER\software\Adobe]
[HKEY_CURRENT_USER\software\ALWIL Software]
[HKEY_CURRENT_USER\software\America Online]
[HKEY_CURRENT_USER\software\Apple Computer, Inc.]
[HKEY_CURRENT_USER\software\Bspo]
[HKEY_CURRENT_USER\software\Ccuu]
[HKEY_CURRENT_USER\software\CDDB]
[HKEY_CURRENT_USER\software\Clients]
[HKEY_CURRENT_USER\software\Dell Computer Corporation]
[HKEY_CURRENT_USER\software\DivXNetworks]
[HKEY_CURRENT_USER\software\FRANCE TELECOM]
[HKEY_CURRENT_USER\software\Funk Software, Inc.]
[HKEY_CURRENT_USER\software\FusionSoft]
[HKEY_CURRENT_USER\software\Google]
[HKEY_CURRENT_USER\software\Intel]
[HKEY_CURRENT_USER\software\IZSoftware]
[HKEY_CURRENT_USER\software\JavaSoft]
[HKEY_CURRENT_USER\software\Lavalys]
[HKEY_CURRENT_USER\software\Linksys Group Inc.]
[HKEY_CURRENT_USER\software\Macromedia]
[HKEY_CURRENT_USER\software\Malwarebytes' Anti-Malware]
[HKEY_CURRENT_USER\software\Microsoft]
[HKEY_CURRENT_USER\software\Motorola]
[HKEY_CURRENT_USER\software\Mozilla]
[HKEY_CURRENT_USER\software\mozilla.org]
[HKEY_CURRENT_USER\software\MozillaPlugins]
[HKEY_CURRENT_USER\software\Netscape]
[HKEY_CURRENT_USER\software\Nico Mak Computing]
[HKEY_CURRENT_USER\software\Nmap]
[HKEY_CURRENT_USER\software\Novell]
[HKEY_CURRENT_USER\software\NVIDIA Corporation]
[HKEY_CURRENT_USER\software\ODBC]
[HKEY_CURRENT_USER\software\Policies]
[HKEY_CURRENT_USER\software\RealNetworks]
[HKEY_CURRENT_USER\software\Safer Networking Limited]
[HKEY_CURRENT_USER\software\SFX TEAM]
[HKEY_CURRENT_USER\software\Skyline]
[HKEY_CURRENT_USER\software\Skype]
[HKEY_CURRENT_USER\software\sponsoradulto]
[HKEY_CURRENT_USER\software\Sun Microsystems]
[HKEY_CURRENT_USER\software\TomTom]
[HKEY_CURRENT_USER\software\VB and VBA Program Settings]
[HKEY_CURRENT_USER\software\Visio RAS Script]
[HKEY_CURRENT_USER\software\WildTangent]
[HKEY_CURRENT_USER\software\Winamp]
[HKEY_CURRENT_USER\software\WinRAR SFX]
[HKEY_CURRENT_USER\software\WinZip Computing]
[HKEY_CURRENT_USER\software\WlanLib]
[HKEY_CURRENT_USER\software\Yahoo]
[HKEY_CURRENT_USER\software\YahooPartnerToolbar]
[HKEY_CURRENT_USER\software\Zone Labs]
[HKEY_CURRENT_USER\software\Classes]

[HKEY_LOCAL_MACHINE\software\Adobe]
[HKEY_LOCAL_MACHINE\software\Ahead]
[HKEY_LOCAL_MACHINE\software\ALWIL Software]
[HKEY_LOCAL_MACHINE\software\America Online]
[HKEY_LOCAL_MACHINE\software\Apple Computer, Inc.]
[HKEY_LOCAL_MACHINE\software\Bogosoft]
[HKEY_LOCAL_MACHINE\software\Bromax]
[HKEY_LOCAL_MACHINE\software\C07ft5Y]
[HKEY_LOCAL_MACHINE\software\CCleaner]
[HKEY_LOCAL_MACHINE\software\Classes]
[HKEY_LOCAL_MACHINE\software\Clients]
[HKEY_LOCAL_MACHINE\software\Dell Computer Corporation]
[HKEY_LOCAL_MACHINE\software\DivXNetworks]
[HKEY_LOCAL_MACHINE\software\FRANCE TELECOM]
[HKEY_LOCAL_MACHINE\software\FullCircle]
[HKEY_LOCAL_MACHINE\software\Funk Software, Inc.]
[HKEY_LOCAL_MACHINE\software\FusionSoft]
[HKEY_LOCAL_MACHINE\software\Futuremark]
[HKEY_LOCAL_MACHINE\software\Gemplus]
[HKEY_LOCAL_MACHINE\software\Google]
[HKEY_LOCAL_MACHINE\software\InstalledOptions]
[HKEY_LOCAL_MACHINE\software\InstallShield]
[HKEY_LOCAL_MACHINE\software\Intel]
[HKEY_LOCAL_MACHINE\software\JavaSoft]
[HKEY_LOCAL_MACHINE\software\JreMetrics]
[HKEY_LOCAL_MACHINE\software\lameme]
[HKEY_LOCAL_MACHINE\software\Lexmark]
[HKEY_LOCAL_MACHINE\software\Macromedia]
[HKEY_LOCAL_MACHINE\software\MadOnion.com]
[HKEY_LOCAL_MACHINE\software\Malwarebytes' Anti-Malware]
[HKEY_LOCAL_MACHINE\software\MetaStream]
[HKEY_LOCAL_MACHINE\software\Microsoft]
[HKEY_LOCAL_MACHINE\software\MINOLTA]
[HKEY_LOCAL_MACHINE\software\Motorola]
[HKEY_LOCAL_MACHINE\software\Mozilla]
[HKEY_LOCAL_MACHINE\software\Mozilla Thunderbird]
[HKEY_LOCAL_MACHINE\software\mozilla.org]
[HKEY_LOCAL_MACHINE\software\MozillaPlugins]
[HKEY_LOCAL_MACHINE\software\Novell]
[HKEY_LOCAL_MACHINE\software\NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\software\ODBC]
[HKEY_LOCAL_MACHINE\software\PCTEL]
[HKEY_LOCAL_MACHINE\software\PhotoFiltre]
[HKEY_LOCAL_MACHINE\software\Policies]
[HKEY_LOCAL_MACHINE\software\Program Groups]
[HKEY_LOCAL_MACHINE\software\RealNetworks]
[HKEY_LOCAL_MACHINE\software\RegisteredApplications]
[HKEY_LOCAL_MACHINE\software\RichFX]
[HKEY_LOCAL_MACHINE\software\Safer Networking Limited]
[HKEY_LOCAL_MACHINE\software\SAGEM]
[HKEY_LOCAL_MACHINE\software\Schlumberger]
[HKEY_LOCAL_MACHINE\software\Skyline]
[HKEY_LOCAL_MACHINE\software\Skype]
[HKEY_LOCAL_MACHINE\software\Symantec]
[HKEY_LOCAL_MACHINE\software\The Silicon Realms Toolworks]
[HKEY_LOCAL_MACHINE\software\TomTom]
[HKEY_LOCAL_MACHINE\software\TrendMicro]
[HKEY_LOCAL_MACHINE\software\VideoLAN]
[HKEY_LOCAL_MACHINE\software\Viewpoint]
[HKEY_LOCAL_MACHINE\software\WildTangent]
[HKEY_LOCAL_MACHINE\software\Windows]
[HKEY_LOCAL_MACHINE\software\Windows 3.1 Migration Status]
[HKEY_LOCAL_MACHINE\software\Xing Technology Corp.]
[HKEY_LOCAL_MACHINE\software\Yahoo]
[HKEY_LOCAL_MACHINE\software\Zone Labs]

¤¤¤¤¤¤¤¤¤¤ Files/folders ¤¤¤¤¤¤¤¤¤¤

Present !! : C:\Program Files\Fichiers communs\IRAABOUT.DLL
Present !! : C:\Program Files\Fichiers communs\IRALPTTR.DLL
Present !! : C:\Program Files\Fichiers communs\IRAMDMTR.DLL
Present !! : C:\Program Files\Fichiers communs\IRAREG.DLL
Present !! : C:\Program Files\Fichiers communs\IRASRIAL.DLL
Present !! : C:\Program Files\Fichiers communs\IRAWEBTR.DLL
Present !! : C:\Program Files\Internet Explorer\SET509.tmp
Present !! : C:\Program Files\Internet Explorer\SET5F5.tmp
Present !! : C:\WINDOWS\000001_.tmp
Present !! : C:\WINDOWS\002747_.tmp
Present !! : C:\WINDOWS\003391_.tmp
Present !! : C:\WINDOWS\003399_.tmp
Present !! : C:\WINDOWS\SET1B.tmp
Present !! : C:\WINDOWS\SET3.tmp
Present !! : C:\WINDOWS\SET433.tmp
Present !! : C:\WINDOWS\SET51F.tmp
Present !! : C:\WINDOWS\SET7.tmp
Present !! : C:\WINDOWS\SETD.tmp
Present !! : C:\WINDOWS\aucfg.ini
Present !! : C:\WINDOWS\patch.exe
Present !! : C:\WINDOWS\System32\_000103_.tmp.dll
Present !! : C:\WINDOWS\System32\_003829_.tmp.dll
Present !! : C:\WINDOWS\System32\_003830_.tmp.dll
Present !! : C:\WINDOWS\System32\_003831_.tmp.dll
Present !! : C:\WINDOWS\System32\_003832_.tmp.dll
Present !! : C:\WINDOWS\System32\_003838_.tmp.dll
Present !! : C:\WINDOWS\System32\_003839_.tmp.dll
Present !! : C:\WINDOWS\System32\_003840_.tmp.dll
Present !! : C:\WINDOWS\System32\_003841_.tmp.dll
Present !! : C:\WINDOWS\System32\_003842_.tmp.dll
Present !! : C:\WINDOWS\System32\_003843_.tmp.dll
Present !! : C:\WINDOWS\System32\_003844_.tmp.dll
Present !! : C:\WINDOWS\System32\_003845_.tmp.dll
Present !! : C:\WINDOWS\System32\_003846_.tmp.dll
Present !! : C:\WINDOWS\System32\_003847_.tmp.dll
Present !! : C:\WINDOWS\System32\_003848_.tmp.dll
Present !! : C:\WINDOWS\System32\_003849_.tmp.dll
Present !! : C:\WINDOWS\System32\_003851_.tmp.dll
Present !! : C:\WINDOWS\System32\_003852_.tmp.dll
Present !! : C:\WINDOWS\System32\_003853_.tmp.dll
Present !! : C:\WINDOWS\System32\_003855_.tmp.dll
Present !! : C:\WINDOWS\System32\_003858_.tmp.dll
Present !! : C:\WINDOWS\System32\_003859_.tmp.dll
Present !! : C:\WINDOWS\System32\_003862_.tmp.dll
Present !! : C:\WINDOWS\System32\_003863_.tmp.dll
Present !! : C:\WINDOWS\System32\_003864_.tmp.dll
Present !! : C:\WINDOWS\System32\_003865_.tmp.dll
Present !! : C:\WINDOWS\System32\_003866_.tmp.dll
Present !! : C:\WINDOWS\System32\_003867_.tmp.dll
Present !! : C:\WINDOWS\System32\_003869_.tmp.dll
Present !! : C:\WINDOWS\System32\_003870_.tmp.dll
Present !! : C:\WINDOWS\System32\_003871_.tmp.dll
Present !! : C:\WINDOWS\System32\_003872_.tmp.dll
Present !! : C:\WINDOWS\System32\_003873_.tmp.dll
Present !! : C:\WINDOWS\System32\_003874_.tmp.dll
Present !! : C:\WINDOWS\System32\_003875_.tmp.dll
Present !! : C:\WINDOWS\System32\_003876_.tmp.dll
Present !! : C:\WINDOWS\System32\_003878_.tmp.dll
Present !! : C:\WINDOWS\System32\_003879_.tmp.dll
Present !! : C:\WINDOWS\System32\_003880_.tmp.dll
Present !! : C:\WINDOWS\System32\_003881_.tmp.dll
Present !! : C:\WINDOWS\System32\_003882_.tmp.dll
Present !! : C:\WINDOWS\System32\_003884_.tmp.dll
Present !! : C:\WINDOWS\System32\_003885_.tmp.dll
Present !! : C:\WINDOWS\System32\_003887_.tmp.dll
Present !! : C:\WINDOWS\System32\_003888_.tmp.dll
Present !! : C:\WINDOWS\System32\_003889_.tmp.dll
Present !! : C:\WINDOWS\System32\_003890_.tmp.dll
Present !! : C:\WINDOWS\System32\_003892_.tmp.dll
Present !! : C:\WINDOWS\System32\_003895_.tmp.dll
Present !! : C:\WINDOWS\System32\_003896_.tmp.dll
Present !! : C:\WINDOWS\System32\_003900_.tmp.dll
Present !! : C:\WINDOWS\System32\_003901_.tmp.dll
Present !! : C:\WINDOWS\System32\_003903_.tmp.dll
Present !! : C:\WINDOWS\System32\_003906_.tmp.dll
Present !! : C:\WINDOWS\System32\_003908_.tmp.dll
Present !! : C:\WINDOWS\System32\_003909_.tmp.dll
Present !! : C:\WINDOWS\System32\_003910_.tmp.dll
Present !! : C:\WINDOWS\System32\_003911_.tmp.dll
Present !! : C:\WINDOWS\System32\_003914_.tmp.dll
Present !! : C:\WINDOWS\System32\_003915_.tmp.dll
Present !! : C:\WINDOWS\System32\_003916_.tmp.dll
Present !! : C:\WINDOWS\System32\_003917_.tmp.dll
Present !! : C:\WINDOWS\System32\_003918_.tmp.dll
Present !! : C:\WINDOWS\System32\_003923_.tmp.dll
Present !! : C:\WINDOWS\System32\drivers\_003801_.tmp.dll
Present !! : C:\WINDOWS\System32\drivers\_003810_.tmp.dll
Present !! : C:\WINDOWS\System32\SET100C.tmp
Present !! : C:\WINDOWS\System32\SET11B.tmp
Present !! : C:\WINDOWS\System32\SET11C.tmp
Present !! : C:\WINDOWS\System32\SET11E.tmp
Present !! : C:\WINDOWS\System32\SET120.tmp
Present !! : C:\WINDOWS\System32\SET122.tmp
Present !! : C:\WINDOWS\System32\SET124.tmp
Present !! : C:\WINDOWS\System32\SET125.tmp
Present !! : C:\WINDOWS\System32\SET126.tmp
Present !! : C:\WINDOWS\System32\SET127.tmp
Present !! : C:\WINDOWS\System32\SET129.tmp
Present !! : C:\WINDOWS\System32\SET12A.tmp
Present !! : C:\WINDOWS\System32\SET12B.tmp
Present !! : C:\WINDOWS\System32\SET12D.tmp
Present !! : C:\WINDOWS\System32\SET12E.tmp
Present !! : C:\WINDOWS\System32\SET132.tmp
Present !! : C:\WINDOWS\System32\SET133.tmp
Present !! : C:\WINDOWS\System32\SET134.tmp
Present !! : C:\WINDOWS\System32\SET136.tmp
Present !! : C:\WINDOWS\System32\SET137.tmp
Present !! : C:\WINDOWS\System32\SET138.tmp
Present !! : C:\WINDOWS\System32\SET139.tmp
Present !! : C:\WINDOWS\System32\SET13A.tmp
Present !! : C:\WINDOWS\System32\SET13C.tmp
Present !! : C:\WINDOWS\System32\SET13D.tmp
Present !! : C:\WINDOWS\System32\SET13E.tmp
Present !! : C:\WINDOWS\System32\SET13F.tmp
Present !! : C:\WINDOWS\System32\SET141.tmp
Present !! : C:\WINDOWS\System32\SET142.tmp
Present !! : C:\WINDOWS\System32\SET145.tmp
Present !! : C:\WINDOWS\System32\SET149.tmp
Present !! : C:\WINDOWS\System32\SET14A.tmp
Present !! : C:\WINDOWS\System32\SET14B.tmp
Present !! : C:\WINDOWS\System32\SET14C.tmp
Present !! : C:\WINDOWS\System32\SET14E.tmp
Present !! : C:\WINDOWS\System32\SET14F.tmp
Present !! : C:\WINDOWS\System32\SET150.tmp
Present !! : C:\WINDOWS\System32\SET151.tmp
Present !! : C:\WINDOWS\System32\SET152.tmp
Present !! : C:\WINDOWS\System32\SET153.tmp
Present !! : C:\WINDOWS\System32\SET155.tmp
Present !! : C:\WINDOWS\System32\SET156.tmp
Present !! : C:\WINDOWS\System32\SET157.tmp
Present !! : C:\WINDOWS\System32\SET158.tmp
Present !! : C:\WINDOWS\System32\SET159.tmp
Present !! : C:\WINDOWS\System32\SET15A.tmp
Present !! : C:\WINDOWS\System32\SET15B.tmp
Present !! : C:\WINDOWS\System32\SET15C.tmp
Present !! : C:\WINDOWS\System32\SET15D.tmp
Present !! : C:\WINDOWS\System32\SET15F.tmp
Present !! : C:\WINDOWS\System32\SET160.tmp
Present !! : C:\WINDOWS\System32\SET161.tmp
Present !! : C:\WINDOWS\System32\SET162.tmp
Present !! : C:\WINDOWS\System32\SET163.tmp
Present !! : C:\WINDOWS\System32\SET164.tmp
Present !! : C:\WINDOWS\System32\SET165.tmp
Present !! : C:\WINDOWS\System32\SET166.tmp
Present !! : C:\WINDOWS\System32\SET167.tmp
Present !! : C:\WINDOWS\System32\SET168.tmp
Present !! : C:\WINDOWS\System32\SET169.tmp
Present !! : C:\WINDOWS\System32\SET16A.tmp
Present !! : C:\WINDOWS\System32\SET170.tmp
Present !! : C:\WINDOWS\System32\SET175.tmp
Present !! : C:\WINDOWS\System32\SET176.tmp
Present !! : C:\WINDOWS\System32\SET177.tmp
Present !! : C:\WINDOWS\System32\SET178.tmp
Present !! : C:\WINDOWS\System32\SET179.tmp
Present !! : C:\WINDOWS\System32\SET17A.tmp
Present !! : C:\WINDOWS\System32\SET17B.tmp
Present !! : C:\WINDOWS\System32\SET17D.tmp
Present !! : C:\WINDOWS\System32\SET17E.tmp
Present !! : C:\WINDOWS\System32\SET180.tmp
Present !! : C:\WINDOWS\System32\SET182.tmp
Present !! : C:\WINDOWS\System32\SET183.tmp
Present !! : C:\WINDOWS\System32\SET185.tmp
Present !! : C:\WINDOWS\System32\SET186.tmp
Present !! : C:\WINDOWS\System32\SET189.tmp
Present !! : C:\WINDOWS\System32\SET18A.tmp
Present !! : C:\WINDOWS\System32\SET18D.tmp
Present !! : C:\WINDOWS\System32\SET18E.tmp
Present !! : C:\WINDOWS\System32\SET191.tmp
Present !! : C:\WINDOWS\System32\SET192.tmp
Present !! : C:\WINDOWS\System32\SET194.tmp
Present !! : C:\WINDOWS\System32\SET195.tmp
Present !! : C:\WINDOWS\System32\SET196.tmp
Present !! : C:\WINDOWS\System32\SET197.tmp
Present !! : C:\WINDOWS\System32\SET198.tmp
Present !! : C:\WINDOWS\System32\SET19A.tmp
Present !! : C:\WINDOWS\System32\SET19D.tmp
Present !! : C:\WINDOWS\System32\SET19E.tmp
Present !! : C:\WINDOWS\System32\SET19F.tmp
Present !! : C:\WINDOWS\System32\SET1A0.tmp
Present !! : C:\WINDOWS\System32\SET1A2.tmp
Present !! : C:\WINDOWS\System32\SET1A3.tmp
Present !! : C:\WINDOWS\System32\SET1A4.tmp
Present !! : C:\WINDOWS\System32\SET1A5.tmp
Present !! : C:\WINDOWS\System32\SET1A6.tmp
Present !! : C:\WINDOWS\System32\SET1AC.tmp
Present !! : C:\WINDOWS\System32\SET1B0.tmp
Present !! : C:\WINDOWS\System32\SET1B2.tmp
Present !! : C:\WINDOWS\System32\SET1B3.tmp
Present !! : C:\WINDOWS\System32\SET1B5.tmp
Present !! : C:\WINDOWS\System32\SET1B7.tmp
Present !! : C:\WINDOWS\System32\SET1B8.tmp
Present !! : C:\WINDOWS\System32\SET1BA.tmp
Present !! : C:\WINDOWS\System32\SET1BB.tmp
Present !! : C:\WINDOWS\System32\SET1BC.tmp
Present !! : C:\WINDOWS\System32\SET1BD.tmp
Present !! : C:\WINDOWS\System32\SET1BE.tmp
Present !! : C:\WINDOWS\System32\SET1BF.tmp
Present !! : C:\WINDOWS\System32\SET1C2.tmp
Present !! : C:\WINDOWS\System32\SET1C3.tmp
Present !! : C:\WINDOWS\System32\SET1C4.tmp
Present !! : C:\WINDOWS\System32\SET1C5.tmp
Present !! : C:\WINDOWS\System32\SET1C7.tmp
Present !! : C:\WINDOWS\System32\SET1C8.tmp
Present !! : C:\WINDOWS\System32\SET1C9.tmp
Present !! : C:\WINDOWS\System32\SET1CF.tmp
Present !! : C:\WINDOWS\System32\SET1D0.tmp
Present !! : C:\WINDOWS\System32\SET1D1.tmp
Present !! : C:\WINDOWS\System32\SET1D2.tmp
Present !! : C:\WINDOWS\System32\SET1D3.tmp
Present !! : C:\WINDOWS\System32\SET1D6.tmp
Present !! : C:\WINDOWS\System32\SET1D9.tmp
Present !! : C:\WINDOWS\System32\SET1DB.tmp
Present !! : C:\WINDOWS\System32\SET1DF.tmp
Present !! : C:\WINDOWS\System32\SET1E0.tmp
Present !! : C:\WINDOWS\System32\SET1E1.tmp
Present !! : C:\WINDOWS\System32\SET1E2.tmp
Present !! : C:\WINDOWS\System32\SET1E4.tmp
Present !! : C:\WINDOWS\System32\SET1E9.tmp
Present !! : C:\WINDOWS\System32\SET1EA.tmp
Present !! : C:\WINDOWS\System32\SET1EB.tmp
Present !! : C:\WINDOWS\System32\SET1EC.tmp
Present !! : C:\WINDOWS\System32\SET1EF.tmp
Present !! : C:\WINDOWS\System32\SET1F2.tmp
Present !! : C:\WINDOWS\System32\SET1F3.tmp
Present !! : C:\WINDOWS\System32\SET1F4.tmp
Present !! : C:\WINDOWS\System32\SET1F5.tmp
Present !! : C:\WINDOWS\System32\SET1F6.tmp
Present !! : C:\WINDOWS\System32\SET1F8.tmp
Present !! : C:\WINDOWS\System32\SET1FA.tmp
Present !! : C:\WINDOWS\System32\SET1FB.tmp
Present !! : C:\WINDOWS\System32\SET1FC.tmp
Present !! : C:\WINDOWS\System32\SET207.tmp
Present !! : C:\WINDOWS\System32\SET20B.tmp
Present !! : C:\WINDOWS\System32\SET20C.tmp
Present !! : C:\WINDOWS\System32\SET20D.tmp
Present !! : C:\WINDOWS\System32\SET20F.tmp
Present !! : C:\WINDOWS\System32\SET211.tmp
Present !! : C:\WINDOWS\System32\SET214.tmp
Present !! : C:\WINDOWS\System32\SET215.tmp
Present !! : C:\WINDOWS\System32\SET216.tmp
Present !! : C:\WINDOWS\System32\SET218.tmp
Present !! : C:\WINDOWS\System32\SET219.tmp
Present !! : C:\WINDOWS\System32\SET21A.tmp
Present !! : C:\WINDOWS\System32\SET21C.tmp
Present !! : C:\WINDOWS\System32\SET21D.tmp
Present !! : C:\WINDOWS\System32\SET21E.tmp
Present !! : C:\WINDOWS\System32\SET220.tmp
Present !! : C:\WINDOWS\System32\SET221.tmp
Present !! : C:\WINDOWS\System32\SET224.tmp
Present !! : C:\WINDOWS\System32\SET226.tmp
Present !! : C:\WINDOWS\System32\SET227.tmp
Present !! : C:\WINDOWS\System32\SET228.tmp
Present !! : C:\WINDOWS\System32\SET229.tmp
Present !! : C:\WINDOWS\System32\SET22C.tmp
Present !! : C:\WINDOWS\System32\SET22D.tmp
Present !! : C:\WINDOWS\System32\SET22E.tmp
Present !! : C:\WINDOWS\System32\SET22F.tmp
Present !! : C:\WINDOWS\System32\SET230.tmp
Present !! : C:\WINDOWS\System32\SET233.tmp
Present !! : C:\WINDOWS\System32\SET234.tmp
Present !! : C:\WINDOWS\System32\SET235.tmp
Present !! : C:\WINDOWS\System32\SET236.tmp
Present !! : C:\WINDOWS\System32\SET237.tmp
Present !! : C:\WINDOWS\System32\SET239.tmp
Present !! : C:\WINDOWS\System32\SET23A.tmp
Present !! : C:\WINDOWS\System32\SET23B.tmp
Present !! : C:\WINDOWS\System32\SET23D.tmp
Present !! : C:\WINDOWS\System32\SET23E.tmp
Present !! : C:\WINDOWS\System32\SET23F.tmp
Present !! : C:\WINDOWS\System32\SET241.tmp
Present !! : C:\WINDOWS\System32\SET242.tmp
Present !! : C:\WINDOWS\System32\SET243.tmp
Present !! : C:\WINDOWS\System32\SET244.tmp
Present !! : C:\WINDOWS\System32\SET245.tmp
Present !! : C:\WINDOWS\System32\SET24A.tmp
Present !! : C:\WINDOWS\System32\SET24B.tmp
Present !! : C:\WINDOWS\System32\SET24C.tmp
Present !! : C:\WINDOWS\System32\SET250.tmp
Present !! : C:\WINDOWS\System32\SET251.tmp
Present !! : C:\WINDOWS\System32\SET252.tmp
Present !! : C:\WINDOWS\System32\SET253.tmp
Present !! : C:\WINDOWS\System32\SET255.tmp
Present !! : C:\WINDOWS\System32\SET258.tmp
Present !! : C:\WINDOWS\System32\SET25A.tmp
Present !! : C:\WINDOWS\System32\SET25B.tmp
Present !! : C:\WINDOWS\System32\SET25D.tmp
Present !! : C:\WINDOWS\System32\SET25E.tmp
Present !! : C:\WINDOWS\System32\SET25F.tmp
Present !! : C:\WINDOWS\System32\SET260.tmp
Present !! : C:\WINDOWS\System32\SET261.tmp
Present !! : C:\WINDOWS\System32\SET262.tmp
Present !! : C:\WINDOWS\System32\SET263.tmp
Present !! : C:\WINDOWS\System32\SET265.tmp
Present !! : C:\WINDOWS\System32\SET266.tmp
Present !! : C:\WINDOWS\System32\SET267.tmp
Present !! : C:\WINDOWS\System32\SET26C.tmp
Present !! : C:\WINDOWS\System32\SET26D.tmp
Present !! : C:\WINDOWS\System32\SET26E.tmp
Present !! : C:\WINDOWS\System32\SET26F.tmp
Present !! : C:\WINDOWS\System32\SET272.tmp
Present !! : C:\WINDOWS\System32\SET278.tmp
Present !! : C:\WINDOWS\System32\SET279.tmp
Present !! : C:\WINDOWS\System32\SET27C.tmp
Present !! : C:\WINDOWS\System32\SET27D.tmp
Present !! : C:\WINDOWS\System32\SET280.tmp
Present !! : C:\WINDOWS\System32\SET282.tmp
Present !! : C:\WINDOWS\System32\SET284.tmp
Present !! : C:\WINDOWS\System32\SET285.tmp
Present !! : C:\WINDOWS\System32\SET286.tmp
Present !! : C:\WINDOWS\System32\SET287.tmp
Present !! : C:\WINDOWS\System32\SET288.tmp
Present !! : C:\WINDOWS\System32\SET289.tmp
Present !! : C:\WINDOWS\System32\SET28A.tmp
Present !! : C:\WINDOWS\System32\SET28E.tmp
Present !! : C:\WINDOWS\System32\SET28F.tmp
Present !! : C:\WINDOWS\System32\SET290.tmp
Present !! : C:\WINDOWS\System32\SET291.tmp
Present !! : C:\WINDOWS\System32\SET292.tmp
Present !! : C:\WINDOWS\System32\SET293.tmp
Present !! : C:\WINDOWS\System32\SET295.tmp
Present !! : C:\WINDOWS\System32\SET297.tmp
Present !! : C:\WINDOWS\System32\SET299.tmp
Present !! : C:\WINDOWS\System32\SET29A.tmp
Present !! : C:\WINDOWS\System32\SET29B.tmp
Present !! : C:\WINDOWS\System32\SET29F.tmp
Present !! : C:\WINDOWS\System32\SET2A1.tmp
Present !! : C:\WINDOWS\System32\SET2A5.tmp
Present !! : C:\WINDOWS\System32\SET2A6.tmp
Present !! : C:\WINDOWS\System32\SET2A9.tmp
Present !! : C:\WINDOWS\System32\SET2AA.tmp
Present !! : C:\WINDOWS\System32\SET2AC.tmp
Present !! : C:\WINDOWS\System32\SET2AD.tmp
Present !! : C:\WINDOWS\System32\SET2AE.tmp
Present !! : C:\WINDOWS\System32\SET2AF.tmp
Present !! : C:\WINDOWS\System32\SET2B2.tmp
Present !! : C:\WINDOWS\System32\SET2B3.tmp
Present !! : C:\WINDOWS\System32\SET2B4.tmp
Present !! : C:\WINDOWS\System32\SET2B7.tmp
Present !! : C:\WINDOWS\System32\SET2B9.tmp
Present !! : C:\WINDOWS\System32\SET2BA.tmp
Present !! : C:\WINDOWS\System32\SET2BC.tmp
Present !! : C:\WINDOWS\System32\SET2C1.tmp
Present !! : C:\WINDOWS\System32\SET2C7.tmp
Present !! : C:\WINDOWS\System32\SET2CA.tmp
Present !! : C:\WINDOWS\System32\SET2CB.tmp
Present !! : C:\WINDOWS\System32\SET2CC.tmp
Present !! : C:\WINDOWS\System32\SET2CF.tmp
Present !! : C:\WINDOWS\System32\SET2D1.tmp
Present !! : C:\WINDOWS\System32\SET2D4.tmp
Present !! : C:\WINDOWS\System32\SET2D6.tmp
Present !! : C:\WINDOWS\System32\SET2D7.tmp
Present !! : C:\WINDOWS\System32\SET2DA.tmp
Present !! : C:\WINDOWS\System32\SET2DB.tmp
Present !! : C:\WINDOWS\System32\SET2DC.tmp
Present !! : C:\WINDOWS\System32\SET2DD.tmp
Present !! : C:\WINDOWS\System32\SET2DE.tmp
Present !! : C:\WINDOWS\System32\SET2DF.tmp
Present !! : C:\WINDOWS\System32\SET2E1.tmp
Present !! : C:\WINDOWS\System32\SET2E2.tmp
Present !! : C:\WINDOWS\System32\SET2E3.tmp
Present !! : C:\WINDOWS\System32\SET2E4.tmp
Present !! : C:\WINDOWS\System32\SET2E5.tmp
Present !! : C:\WINDOWS\System32\SET2E7.tmp
Present !! : C:\WINDOWS\System32\SET2E8.tmp
Present !! : C:\WINDOWS\System32\SET2E9.tmp
Present !! : C:\WINDOWS\System32\SET2EC.tmp
Present !! : C:\WINDOWS\System32\SET2EF.tmp
Present !! : C:\WINDOWS\System32\SET2F0.tmp
Present !! : C:\WINDOWS\System32\SET2F1.tmp
Present !! : C:\WINDOWS\System32\SET2F5.tmp
Present !! : C:\WINDOWS\System32\SET2F7.tmp
Present !! : C:\WINDOWS\System32\SET2F8.tmp
Present !! : C:\WINDOWS\System32\SET2F9.tmp
Present !! : C:\WINDOWS\System32\SET2FE.tmp
Present !! : C:\WINDOWS\System32\SET2FF.tmp
Present !! : C:\WINDOWS\System32\SET300.tmp
Present !! : C:\WINDOWS\System32\SET302.tmp
Present !! : C:\WINDOWS\System32\SET305.tmp
Present !! : C:\WINDOWS\System32\SET306.tmp
Present !! : C:\WINDOWS\System32\SET308.tmp
Present !! : C:\WINDOWS\System32\SET309.tmp
Present !! : C:\WINDOWS\System32\SET30A.tmp
Present !! : C:\WINDOWS\System32\SET30B.tmp
Present !! : C:\WINDOWS\System32\SET30D.tmp
Present !! : C:\WINDOWS\System32\SET30F.tmp
Present !! : C:\WINDOWS\System32\SET310.tmp
Present !! : C:\WINDOWS\System32\SET313.tmp
Present !! : C:\WINDOWS\System32\SET314.tmp
Present !! : C:\WINDOWS\System32\SET317.tmp
Present !! : C:\WINDOWS\System32\SET318.tmp
Present !! : C:\WINDOWS\System32\SET319.tmp
Present !! : C:\WINDOWS\System32\SET31A.tmp
Present !! : C:\WINDOWS\System32\SET321.tmp
Present !! : C:\WINDOWS\System32\SET323.tmp
Present !! : C:\WINDOWS\System32\SET324.tmp
Present !! : C:\WINDOWS\System32\SET327.tmp
Present !! : C:\WINDOWS\System32\SET32D.tmp
Present !! : C:\WINDOWS\System32\SET32E.tmp
Present !! : C:\WINDOWS\System32\SET32F.tmp
Present !! : C:\WINDOWS\System32\SET332.tmp
Present !! : C:\WINDOWS\System32\SET333.tmp
Present !! : C:\WINDOWS\System32\SET335.tmp
Present !! : C:\WINDOWS\System32\SET337.tmp
Present !! : C:\WINDOWS\System32\SET338.tmp
Present !! : C:\WINDOWS\System32\SET33A.tmp
Present !! : C:\WINDOWS\System32\SET33E.tmp
Present !! : C:\WINDOWS\System32\SET340.tmp
Present !! : C:\WINDOWS\System32\SET341.tmp
Present !! : C:\WINDOWS\System32\SET342.tmp
Present !! : C:\WINDOWS\System32\SET344.tmp
Present !! : C:\WINDOWS\System32\SET345.tmp
Present !! : C:\WINDOWS\System32\SET34A.tmp
Present !! : C:\WINDOWS\System32\SET34B.tmp
Present !! : C:\WINDOWS\System32\SET34C.tmp
Present !! : C:\WINDOWS\System32\SET34D.tmp
Present !! : C:\WINDOWS\System32\SET34E.tmp
Present !! : C:\WINDOWS\System32\SET34F.tmp
Present !! : C:\WINDOWS\System32\SET350.tmp
Present !! : C:\WINDOWS\System32\SET351.tmp
Present !! : C:\WINDOWS\System32\SET352.tmp
Present !! : C:\WINDOWS\System32\SET353.tmp
Present !! : C:\WINDOWS\System32\SET354.tmp
Present !! : C:\WINDOWS\System32\SET356.tmp
Present !! : C:\WINDOWS\System32\SET357.tmp
Present !! : C:\WINDOWS\System32\SET358.tmp
Present !! : C:\WINDOWS\System32\SET35A.tmp
Present !! : C:\WINDOWS\System32\SET35C.tmp
Present !! : C:\WINDOWS\System32\SET35D.tmp
Present !! : C:\WINDOWS\System32\SET35E.tmp
Present !! : C:\WINDOWS\System32\SET362.tmp
Present !! : C:\WINDOWS\System32\SET363.tmp
Present !! : C:\WINDOWS\System32\SET36D.tmp
Present !! : C:\WINDOWS\System32\SET36F.tmp
Present !! : C:\WINDOWS\System32\SET371.tmp
Present !! : C:\WINDOWS\System32\SET372.tmp
Present !! : C:\WINDOWS\System32\SET373.tmp
Present !! : C:\WINDOWS\System32\SET377.tmp
Present !! : C:\WINDOWS\System32\SET37C.tmp
Present !! : C:\WINDOWS\System32\SET37D.tmp
Present !! : C:\WINDOWS\System32\SET37E.tmp
Present !! : C:\WINDOWS\System32\SET380.tmp
Present !! : C:\WINDOWS\System32\SET381.tmp
Present !! : C:\WINDOWS\System32\SET388.tmp
Present !! : C:\WINDOWS\System32\SET393.tmp
Present !! : C:\WINDOWS\System32\SET396.tmp
Present !! : C:\WINDOWS\System32\SET398.tmp
Present !! : C:\WINDOWS\System32\SET39B.tmp
Present !! : C:\WINDOWS\System32\SET39F.tmp
Present !! : C:\WINDOWS\System32\SET3A0.tmp
Present !! : C:\WINDOWS\System32\SET3A3.tmp
Present !! : C:\WINDOWS\System32\SET3A6.tmp
Present !! : C:\WINDOWS\System32\SET3A8.tmp
Present !! : C:\WINDOWS\System32\SET3AA.tmp
Present !! : C:\WINDOWS\System32\SET3AF.tmp
Present !! : C:\WINDOWS\System32\SET3B1.tmp
Present !! : C:\WINDOWS\System32\SET3B2.tmp
Present !! : C:\WINDOWS\System32\SET3B3.tmp
Present !! : C:\WINDOWS\System32\SET3B4.tmp
Present !! : C:\WINDOWS\System32\SET3B5.tmp
Present !! : C:\WINDOWS\System32\SET3B6.tmp
Present !! : C:\WINDOWS\System32\SET3B7.tmp
Present !! : C:\WINDOWS\System32\SET3BA.tmp
Present !! : C:\WINDOWS\System32\SET3BC.tmp
Present !! : C:\WINDOWS\System32\SET3BD.tmp
Present !! : C:\WINDOWS\System32\SET3BF.tmp
Present !! : C:\WINDOWS\System32\SET3C2.tmp
Present !! : C:\WINDOWS\System32\SET3C4.tmp
Present !! : C:\WINDOWS\System32\SET3C7.tmp
Present !! : C:\WINDOWS\System32\SET3C9.tmp
Present !! : C:\WINDOWS\System32\SET3CA.tmp
Present !! : C:\WINDOWS\System32\SET3CB.tmp
Present !! : C:\WINDOWS\System32\SET3CF.tmp
Present !! : C:\WINDOWS\System32\SET3D2.tmp
Present !! : C:\WINDOWS\System32\SET3D8.tmp
Present !! : C:\WINDOWS\System32\SET3E0.tmp
Present !! : C:\WINDOWS\System32\SET3E2.tmp
Present !! : C:\WINDOWS\System32\SET3E6.tmp
Present !! : C:\WINDOWS\System32\SET3E8.tmp
Present !! : C:\WINDOWS\System32\SET3E9.tmp
Present !! : C:\WINDOWS\System32\SET3EB.tmp
Present !! : C:\WINDOWS\System32\SET3EC.tmp
Present !! : C:\WINDOWS\System32\SET3ED.tmp
Present !! : C:\WINDOWS\System32\SET3EE.tmp
Present !! : C:\WINDOWS\System32\SET3F1.tmp
Pres
0
Réponse 7 / 22
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
Modifié par benurrr le 1/10/2010 à 11:25
ton rapport n'est pas complet mais tu peut passer l'option clean y'a du monde a virer

Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau.
mais cette fois-ci :

choisis l'option CLEAN

laisse travailler l'outil.

en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

colle le contenu dans ta réponse

Par Manque De Curiosité On Risque De Mourir Ignorant;Tu es libre de penser que tu es C..,
Mais C.. de penser que ­tu es libre...Merci a australe13
0
Réponse 8 / 22
claude54 Messages postés 15 Date d'inscription vendredi 2 juin 2006 Statut Membre Dernière intervention 2 octobre 2010
1 oct. 2010 à 12:14
C-dessous le rapport


¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.0.8 ¤¤¤¤¤¤¤¤¤¤

User : claude (Administrateurs)
Update on 29/09/2010 by g3n-h@ckm@n ::::: 15.00
Start at: 11:29:17 | 01/10/2010

Mobile Intel(R) Pentium(R) 4 - M CPU 2.20GHz
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Disabled
AV : avast! Antivirus 5.0.83886757 [ (!) Disabled | Updated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 24,41 Go (6,99 Go free) [XP] | NTFS
D:\ -> Disque fixe local | 31,48 Go (10,47 Go free) | NTFS
E:\ -> Disque CD-ROM

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\Program Files\Fichiers communs\IRAABOUT.DLL
Quarantined & Deleted !! : C:\Program Files\Fichiers communs\IRALPTTR.DLL
Quarantined & Deleted !! : C:\Program Files\Fichiers communs\IRAMDMTR.DLL
Quarantined & Deleted !! : C:\Program Files\Fichiers communs\IRAREG.DLL
Quarantined & Deleted !! : C:\Program Files\Fichiers communs\IRASRIAL.DLL
Quarantined & Deleted !! : C:\Program Files\Fichiers communs\IRAWEBTR.DLL
Quarantined & Deleted !! : C:\Program Files\Internet Explorer\SET509.tmp
Quarantined & Deleted !! : C:\Program Files\Internet Explorer\SET5F5.tmp
Quarantined & Deleted !! : C:\WINDOWS\000001_.tmp
Quarantined & Deleted !! : C:\WINDOWS\002747_.tmp
Quarantined & Deleted !! : C:\WINDOWS\003391_.tmp
Quarantined & Deleted !! : C:\WINDOWS\003399_.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET1B.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET3.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET433.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET51F.tmp
Quarantined & Deleted !! : C:\WINDOWS\SET7.tmp
Quarantined & Deleted !! : C:\WINDOWS\SETD.tmp
Quarantined & Deleted !! : C:\WINDOWS\aucfg.ini
Quarantined & Deleted !! : C:\WINDOWS\patch.exe

Quarantined & Deleted !! : C:\WINDOWS\System32\_000103_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003829_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003830_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003831_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003832_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003838_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003839_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003840_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003841_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003842_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003843_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003844_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003845_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003846_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003847_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003848_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003849_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003851_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003852_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003853_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003855_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003858_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003859_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003862_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003863_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003864_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003865_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003866_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003867_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003869_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003870_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003871_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003872_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003873_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003874_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003875_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003876_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003878_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003879_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003880_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003881_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003882_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003884_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003885_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003887_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003888_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003889_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003890_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003892_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003895_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003896_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003900_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003901_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003903_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003906_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003908_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003909_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003910_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003911_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003914_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003915_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003916_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003917_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003918_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\_003923_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\_003801_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\_003810_.tmp.dll
Quarantined & Deleted !! : C:\WINDOWS\System32\SET176.tmp
Quarantined & Deleted !! : C:\WINDOWS\System32\tmp.reg
Quarantined & Deleted !! : C:\Documents and Settings\claude\err.log

¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤

127.0.0.1 localhost

¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤

Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run : Microsoft Services
Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run : Microsoft Windows Update
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run : Microsoft Services
Deleted : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run : Microsoft Services
Deleted : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run : Microsoft Update
Deleted : HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run : Microsoft Windows Update
Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoClose
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoLogoff
Deleted : "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{71DA2A4E-ACB3-4065-9E41-8BC42EABE427}"
Deleted : "HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8B3B8135-9DAA-40E7-8941-962795F9C1CB}"
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NPF
Deleted : HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NPF
Deleted : HKLM\SYSTEM\ControlSet001\Services\NPF

¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr/?ocid=iehp
Local Page = C:\WINDOWS\system32\blank.htm
Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirewallOverride = 0 (0x0)
FirewallDisableNotify = 0 (0x0)
AntiVirusDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
AntiVirusOverride = 0 (0x0)
FirstRunDisabled = 1 ()

¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤

Ndisuio : Start = 3
Ip6Fw : Start = 2
SharedAccess : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
anti-ver blaster : OK
Prefetch cleaned
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

FEATURE_BROWSER_EMULATION | svchost :
====================================


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys
kernel: MBR read successfully
user & kernel MBR OK




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 9 / 22
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
1 oct. 2010 à 13:04
poste un nouveau HijackThis
0
Réponse 10 / 22
claude54 Messages postés 15 Date d'inscription vendredi 2 juin 2006 Statut Membre Dernière intervention 2 octobre 2010
1 oct. 2010 à 13:48
voilà !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:43:21, on 01/10/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
F:\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/26eeda77f90bf4f22105/netzip/RdxIE601_fr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service Google Update (gupdate1ca4a47648693a0) (gupdate1ca4a47648693a0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
0
Réponse 11 / 22
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
1 oct. 2010 à 13:52
en va vacciner tes lecteur

Télécharge UsbFix de C_XX & Chiquitine29

http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe


(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

* Double clic sur "UsbFix.exe" présent sur ton bureau ( clic droit "exécuter en tant qu'administrateur" pour Vista & 7 )

* Choisis l'option F pour français et tape sur [entrée] .

* Choisis l'option 1 ( Recherche ) et tape sur [entrée] .

* Laisse travailler l'outil.

* Ensuite poste le rapport UsbFix.txt qui apparaitra.

* Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

* Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
Réponse 12 / 22
claude54 Messages postés 15 Date d'inscription vendredi 2 juin 2006 Statut Membre Dernière intervention 2 octobre 2010
1 oct. 2010 à 14:42
RAPPORT CLE1
############################## | UsbFix 7.027 | [Recherche]

Utilisateur: claude (Administrateur) # C840 [ ]
Mis à jour le 28/09/10 par El Desaparecido / C_XX
Lancé à 14:10:42 | 01/10/2010
Site Web: http://www.teamxscript.org
Contact: FindyKill.Contact@gmail.com

CPU: Mobile Intel(R) Pentium(R) 4 - M CPU 2.20GHz
Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 2
Internet Explorer 6.0.2900.2180

Pare-feu Windows: Désactivé /!\
Antivirus: avast! Antivirus 5.0.83886757 [(!) Disabled | Updated]
RAM -> 767 Mo
C:\ (%systemdrive%) -> Disque fixe # 24 Go (7 Go libre(s) - 28%) [XP] # NTFS
D:\ -> Disque fixe # 31 Go (10 Go libre(s) - 33%) [] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 4 Go (3 Go libre(s) - 76%) [KINGSTON] # FAT32

################## | Éléments infectieux |


Présent! C:\HiJackThis.exe
Présent! F:\HiJackThis.exe
Présent! F:\HJTInstall.exe

################## | Registre |


################## | Mountpoints2 |


################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F |


RAPPORT CLEF2

############################## | UsbFix 7.027 | [Recherche]

Utilisateur: claude (Administrateur) # C840 [ ]
Mis à jour le 28/09/10 par El Desaparecido / C_XX
Lancé à 14:37:12 | 01/10/2010
Site Web: http://www.teamxscript.org
Contact: FindyKill.Contact@gmail.com

CPU: Mobile Intel(R) Pentium(R) 4 - M CPU 2.20GHz
Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 2
Internet Explorer 6.0.2900.2180

Pare-feu Windows: Désactivé /!\
Antivirus: avast! Antivirus 5.0.83886757 [(!) Disabled | Updated]
RAM -> 767 Mo
C:\ (%systemdrive%) -> Disque fixe # 24 Go (7 Go libre(s) - 28%) [XP] # NTFS
D:\ -> Disque fixe # 31 Go (10 Go libre(s) - 33%) [] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 250 Mo (0 Mo libre(s) - 0%) [CLE USB] # FAT

################## | Éléments infectieux |


Présent! C:\HiJackThis.exe

################## | Registre |


################## | Mountpoints2 |


################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F |
0
Réponse 13 / 22
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
1 oct. 2010 à 17:52
pas d'infection on va juste vaccine

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe......) susceptibles d'avoir été infectés sans les ouvrir

(1) Double clic sur le raccourci UsbFix présent sur ton bureau

(2) Choisi l option 2 ( Suppression )

Ton bureau disparaitra et le pc redémarrera .

Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.

Ensuite poste le rapport UsbFix.txt qui apparaitra avec le bureau .

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
0
Réponse 14 / 22
claude54 Messages postés 15 Date d'inscription vendredi 2 juin 2006 Statut Membre Dernière intervention 2 octobre 2010
1 oct. 2010 à 21:04
############################## | UsbFix 7.027 | [Suppression]

Utilisateur: claude (Administrateur) # C840 [ ]
Mis à jour le 28/09/10 par El Desaparecido / C_XX
Lancé à 18:59:19 | 01/10/2010
Site Web: http://www.teamxscript.org
Contact: FindyKill.Contact@gmail.com

CPU: Mobile Intel(R) Pentium(R) 4 - M CPU 2.20GHz
Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 2
Internet Explorer 6.0.2900.2180

Pare-feu Windows: Activé
Antivirus: avast! Antivirus 5.0.83886757 [Enabled | Updated]
RAM -> 767 Mo
C:\ (%systemdrive%) -> Disque fixe # 24 Go (7 Go libre(s) - 28%) [XP] # NTFS
D:\ -> Disque fixe # 31 Go (10 Go libre(s) - 33%) [] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 4 Go (3 Go libre(s) - 76%) [KINGSTON] # FAT32
G:\ -> Disque amovible # 250 Mo (0 Mo libre(s) - 0%) [CLE USB] # FAT

################## | Éléments infectieux |


Supprimé! C:\HiJackThis.exe
Supprimé! F:\HiJackThis.exe
Supprimé! F:\HJTInstall.exe

################## | Registre |


################## | Mountpoints2 |


################## | Listing |

[01/10/2010 - 12:10:15 | A | 4] C:\AUTOEXEC.BAT
[01/10/2010 - 17:10:23 | RASHD ] C:\Autorun.inf
[12/02/2007 - 21:06:30 | RASH | 212] C:\boot.ini
[28/06/2002 - 21:34:11 | RASH | 4952] C:\Bootfont.bin
[01/10/2010 - 09:39:08 | A | 1258] C:\cleannavi.txt
[29/08/2010 - 12:26:23 | SHD ] C:\Config.Msi
[11/06/2004 - 16:40:43 | A | 0] C:\CONFIG.SYS
[28/08/2004 - 14:59:16 | D ] C:\DirectX
[02/12/2006 - 17:36:51 | D ] C:\Documents and Settings
[29/09/2010 - 10:11:14 | A | 6958] C:\hijackthis.log
[24/09/2010 - 20:56:43 | A | 17001840] C:\IE8-WindowsXP-x86-FRA.exe
[11/06/2004 - 16:40:43 | RASH | 0] C:\IO.SYS
[25/10/2005 - 19:17:26 | D ] C:\IRS
[01/10/2010 - 11:29:21 | D ] C:\Kill'em
[01/10/2010 - 11:29:20 | A | 65118] C:\List'em.txt
[21/08/2007 - 20:38:02 | D ] C:\LXKZ600
[11/06/2004 - 16:40:43 | RASH | 0] C:\MSDOS.SYS
[08/04/2010 - 20:12:47 | D ] C:\My Music
[01/10/2010 - 09:39:11 | AD ] C:\Navilog1
[08/07/2004 - 22:43:29 | D ] C:\network_tools
[12/02/2007 - 20:46:11 | RASH | 47564] C:\NTDETECT.COM
[10/09/2008 - 18:56:07 | RASH | 251712] C:\ntldr
[27/06/2010 - 08:24:00 | A | 0] C:\nvlog.txt
[01/10/2010 - 18:24:13 | ASH | 805306368] C:\pagefile.sys
[01/10/2010 - 10:12:18 | AD ] C:\Program Files
[24/09/2010 - 16:41:31 | A | 938] C:\rapport.txt
[14/05/2005 - 11:49:53 | SHD ] C:\RECYCLER
[07/07/2004 - 17:30:02 | A | 798215] C:\stinger.exe
[24/09/2010 - 10:45:42 | A | 17] C:\stinger.opt
[08/10/2007 - 19:28:45 | SHD ] C:\System Volume Information
[11/04/2005 - 18:27:41 | D ] C:\teleir
[08/07/2004 - 22:02:42 | D ] C:\thunderbird
[26/06/2010 - 10:51:09 | D ] C:\titi
[01/10/2010 - 20:48:07 | D ] C:\UsbFix
[01/10/2010 - 20:48:08 | A | 1006] C:\UsbFix.txt
[01/10/2010 - 11:30:06 | D ] C:\WINDOWS
[11/05/2008 - 22:23:41 | D ] D:\206
[03/06/2005 - 21:55:39 | D ] D:\ALLEMAND JULIEN
[24/09/2010 - 10:41:39 | D ] D:\ANAH
[24/09/2010 - 11:15:59 | D ] D:\ANDRE
[01/10/2010 - 17:10:28 | RASHD ] D:\Autorun.inf
[29/09/2008 - 22:19:29 | A | 167817] D:\bVieVerstLibre.pdf
[07/09/2007 - 09:26:35 | A | 42496] D:\carte_etudaint.doc
[30/12/2008 - 09:42:55 | A | 78336] D:\carte_etudaint_no-foto.doc
[03/10/2008 - 14:17:17 | A | 1707827] D:\CIMG2748.JPG
[03/10/2008 - 14:16:14 | A | 2002531] D:\CIMG2749.JPG
[03/10/2008 - 14:15:24 | A | 1930029] D:\CIMG2750.JPG
[03/10/2008 - 14:14:37 | A | 1949244] D:\CIMG2751.JPG
[27/09/2010 - 23:01:08 | D ] D:\claude
[24/09/2010 - 10:42:57 | D ] D:\claude2
[24/09/2010 - 10:42:01 | D ] D:\DELL
[03/06/2005 - 21:56:01 | D ] D:\DEVIS CHAUFFAGE
[03/06/2005 - 21:56:05 | D ] D:\divers
[16/07/2006 - 20:53:18 | A | 179712] D:\Doc2.doc
[16/07/2006 - 20:54:16 | A | 178688] D:\Doc_FIN.doc
[03/06/2005 - 21:56:47 | D ] D:\ERASMUS
[17/06/2010 - 17:06:20 | A | 23552] D:\gilbert weltzer.doc
[26/06/2010 - 10:53:41 | D ] D:\IMPOTS
[24/09/2010 - 11:58:42 | D ] D:\Julien
[24/09/2010 - 11:28:56 | D ] D:\JulienC
[27/08/2010 - 13:33:05 | A | 565760] D:\KOS.doc
[29/12/2006 - 14:59:54 | D ] D:\Marine
[12/08/2006 - 10:41:35 | RHD ] D:\MSOCache
[02/10/2006 - 18:00:32 | A | 113094] D:\PICT0021.JPG
[08/10/2006 - 20:33:42 | A | 98272] D:\PICT0022.JPG
[16/05/2005 - 11:23:34 | SHD ] D:\RECYCLER
[08/07/2005 - 20:04:34 | A | 4343296] D:\Recycling_fin5.doc
[24/09/2010 - 11:12:35 | D ] D:\RENEE
[11/05/2008 - 21:14:42 | D ] D:\seltz
[29/09/2008 - 20:46:01 | A | 24560] D:\src.pdf
[08/10/2007 - 19:28:45 | SHD ] D:\System Volume Information
[08/10/2006 - 21:05:51 | A | 16672] D:\tampon1.PNG
[24/09/2010 - 10:44:57 | D ] D:\titi
[01/10/2010 - 17:03:16 | A | 3714] D:\VolumeC.txt
[31/08/2010 - 19:07:42 | D ] F:\corse
[31/08/2010 - 19:18:56 | D ] F:\grand_mere_80ans
[29/09/2010 - 10:07:52 | D ] F:\backups
[01/10/2010 - 13:45:32 | A | 6899] F:\hijackthis.log
[29/09/2010 - 11:09:42 | A | 22148280] F:\antivir_workstation_winu_fr_h.exe
[29/09/2010 - 15:46:36 | A | 6153352] F:\mbam-setup.exe
[01/10/2010 - 08:46:14 | A | 1369] F:\mbam-log-2010-10-01 (08-34-37).txt
[01/10/2010 - 08:48:04 | A | 6958] F:\hijackthis2.log
[01/10/2010 - 09:31:02 | A | 231563] F:\Navilog1.exe
[01/10/2010 - 09:39:50 | A | 1258] F:\cleannavi.txt
[01/10/2010 - 10:09:18 | A | 3288193] F:\List_Killem_Install.exe
[01/10/2010 - 11:03:34 | A | 65103] F:\List'em.txt
[01/10/2010 - 12:10:18 | A | 9545] F:\Kill'em.txt
[01/10/2010 - 13:55:32 | A | 1206657] F:\UsbFix.exe
[01/10/2010 - 14:32:06 | A | 1090] F:\UsbFix.txt
[01/10/2010 - 14:40:56 | A | 1032] F:\UsbFix2.txt
[07/07/2010 - 16:46:58 | A | 296448] G:\Les effets de l'alcool.shs
[07/07/2010 - 16:47:30 | A | 358400] G:\Les effets du LSD.shs
[17/12/2004 - 16:23:22 | A | 624] G:\lmhosts
[22/12/2004 - 10:34:24 | A | 6382179] G:\ultrabackup_ultrabackup_4.2_francais_11206.exe
[20/06/2004 - 22:12:30 | A | 1433902] G:\UltraVNC-100-RC18-Setup.exe
[06/11/2002 - 15:24:36 | A | 9755648] G:\AcroReader51_FRA.exe
[01/06/2005 - 15:21:54 | A | 26105] G:\corinne.ldif
[07/06/2005 - 12:59:40 | D ] G:\IE6
[09/06/2005 - 07:50:38 | A | 1450045] G:\vaconsmr.exe
[12/01/2000 - 14:44:08 | A | 34304] G:\SHUTDOWN.EXE
[18/08/2004 - 11:21:48 | A | 73] G:\save disk E sdrdaf2.cmd
[27/08/2004 - 15:25:12 | A | 38] G:\Shutdown.cmd
[30/03/1999 - 19:38:22 | RA | 54544] G:\robocopy.exe
[26/03/2004 - 14:46:12 | A | 1153414] G:\windrvghost.exe
[13/06/2005 - 10:13:50 | A | 2978313] G:\everesthome201.exe
[02/03/2001 - 11:00:20 | A | 2246067] G:\powarc60f.exe
[01/10/2001 - 09:46:42 | A | 86016] G:\Dtset.exe
[07/01/2004 - 13:02:02 | A | 860] G:\Install.txt
[21/10/2002 - 10:16:00 | A | 12781464] G:\O2kSp3.exe
[10/08/2005 - 09:35:18 | A | 2539520] G:\wz90fr.exe
[09/09/2003 - 16:08:58 | A | 3015948] G:\seatools_enterprise_install.exe
[24/08/2005 - 18:22:52 | RA | 211] G:\Install.bat
[01/09/2005 - 14:35:42 | A | 141] G:\LDAP.txt
[04/10/2005 - 14:01:28 | A | 153088] G:\CV_BAMBERGER_JULIEN.doc
[04/10/2005 - 15:56:40 | A | 2502092] G:\egr0914 (M10517).crb
[08/11/2005 - 21:44:00 | D ] G:\jpeg
[15/11/2005 - 14:24:34 | A | 7921445] G:\srsc_53328_w2k.exe
[17/11/2005 - 14:57:42 | A | 2800] G:\corinne.birgaentzle.p12
[25/10/2005 - 07:08:42 | A | 7256768] G:\SkypeSetup.exe
[22/11/2005 - 12:14:36 | N | 7317922] G:\pm7_demo.exe
[02/12/2005 - 10:49:44 | A | 22016] G:\protection temps réel ou moniteur de base de registre.doc
[03/01/2006 - 15:26:22 | A | 3593218] G:\Support TCPIP.doc
[17/01/2006 - 08:34:28 | A | 19968] G:\PRUDENCE_VIE.doc
[10/01/2006 - 09:41:48 | A | 162] G:\~$de rectorati21.doc
[04/01/2006 - 08:18:46 | A | 20992] G:\procureur68-oct2005.doc
[02/01/2006 - 07:35:24 | A | 55808] G:\BA0500108 note aux préfets transparence.doc
[05/01/2006 - 15:33:46 | A | 104448] G:\ChrisGROUSSONfentretien-evaluation2005.doc
[04/01/2006 - 08:09:04 | A | 54272] G:\CR draf-direngreppal 280405.doc
[02/01/2006 - 07:46:20 | A | 35328] G:\constitution d'un ccc vitivinicoles Lorraine.doc
[02/01/2006 - 07:45:56 | A | 35328] G:\constitution d'un ccc vitivinicoles Alsace.doc
[02/01/2006 - 07:45:24 | A | 21504] G:\3C.V correspondants vitivinicoles.doc
[02/01/2006 - 07:44:38 | A | 43008] G:\CR réunion coordination des ctl-1.doc
[03/02/2006 - 12:15:52 | A | 19456] G:\Situation de Claude BAMBERGER.doc
[03/02/2006 - 15:31:30 | A | 20480] G:\technicien julien.doc
[15/02/2006 - 14:11:52 | D ] G:\util
[04/07/2005 - 10:01:54 | A | 31157248] G:\mozinstall-1.7.8fr-map-v6.exe
[20/12/2000 - 18:53:34 | A | 96420] G:\Win2PDF_1_10_by_DSI.zip
[16/02/2006 - 10:55:32 | D ] G:\sp3 for office 2000
[17/02/2006 - 10:24:06 | A | 11083] G:\bookmarks.html
[17/02/2006 - 11:49:10 | RD ] G:\Favoris
[08/06/2006 - 13:40:26 | D ] G:\perso1
[18/08/2006 - 10:27:36 | A | 343320] G:\a30844.exe
[06/09/2006 - 10:27:16 | SH | 9216] G:\Thumbs.db
[31/10/2006 - 14:35:16 | D ] G:\perso
[13/03/2007 - 14:44:14 | D ] G:\POLLUTION MODER
[29/03/2007 - 17:52:08 | A | 19456] G:\EXPORT2.xls
[02/04/2007 - 15:41:22 | A | 19456] G:\EXPORT.xls
[05/06/2009 - 09:14:10 | A | 31324] G:\HISTORY.TXT
[16/12/2009 - 15:06:06 | A | 880233] G:\TrueCrypt User Guide.pdf
[16/12/2009 - 15:06:06 | A | 26012] G:\License.txt
[16/12/2009 - 15:06:06 | A | 1369792] G:\TrueCrypt.exe
[16/12/2009 - 15:06:06 | A | 1525952] G:\TrueCrypt Format.exe
[16/12/2009 - 15:06:08 | A | 217664] G:\truecrypt.sys
[16/12/2009 - 15:06:08 | A | 221376] G:\truecrypt-x64.sys
[16/12/2009 - 14:56:44 | A | 3189144] G:\TrueCrypt Setup.exe
[16/12/2009 - 15:16:52 | A | 409600] G:\PART_CHIF
[18/12/2009 - 10:02:28 | D ] G:\TrueCrypt
[18/12/2009 - 11:36:16 | AH | 0] G:\SFS68.tmp
[15/06/2009 - 16:01:50 | A | 242443] G:\Language.fr.xml
[11/03/2007 - 18:35:44 | A | 1256] G:\Readme.txt
[07/07/2010 - 16:47:30 | AH | 79520] G:\SFS18.tmp

################## | Vaccin |

C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
F:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
G:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)

################## | Upload |

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_C840.zip
https://www.ionos.fr/?affiliate_id=77097
Merci de votre contribution.

################## | E.O.F |
0
Réponse 15 / 22
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
1 oct. 2010 à 21:12
> Télécharge Dr.Web CureIt sur ton Bureau :

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

- Double clique <drweb-cureit.exe> et ensuite clique sur <Analyse>;
- Clique <Ok> à l'invite de l'analyse rapide. S'il trouve des processus infectés alors clique le bouton <Oui>.
- Lorsque le scan rapide est terminé, clique sur le menu <Options> puis <Changer la configuration> ; Choisis l'onglet <Scanner>, et décoche <Analyse heuristique>. Clique ensuite sur <Ok>.
- De retour à la fenêtre principale : clique pour activer <Analyse complète>
- Clique le bouton avec flèche verte sur la droite, et le scan débutera.
- Clique <Oui> pour tout à l'invite "Désinfecter ?" lorsqu'un fichier est détecté, et ensuite clique "Désinfecter".
- Lorsque le scan sera complété, regarde si tu peux cliquer sur l' icône, adjacente aux fichiers détectés (plusieurs feuilles l'une sur l'autres). Si oui, alors clique dessus et ensuite clique sur l'icône <Suivant>, au dessous, et choisis <Déplacer en quarantaine l'objet indésirable>.
- Du menu principal de l'outil, au haut à gauche, clique sur le menu <Fichier> et choisis <Enregistrer le rapport>. Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv
- Ferme Dr.Web Cureit
- Redémarre ton ordi (important car certains fichiers peuvent être déplacés/réparés au redémarrage).
- Suite au redémarrage, poste (Copie/Colle) le contenu du rapport de Dr.Web dans ta prochaine réponse.

içi un tuto

https://forums.cnetfrance.fr/tutoriels-securite-informatique/179557-dr-web-cureit-le-tutoriel
0
Réponse 16 / 22
claude54 Messages postés 15 Date d'inscription vendredi 2 juin 2006 Statut Membre Dernière intervention 2 octobre 2010
2 oct. 2010 à 09:27
RegUBP2b-claude.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Supprimé.;
Process.exe;C:\Documents and Settings\claude\Bureau\SmitfraudFix;Tool.Killproc.3;Irréparable.Quarantaine.;
restart.exe;C:\Documents and Settings\claude\Bureau\SmitfraudFix;Tool.ShutDown.14;Irréparable.Quarantaine.;
Proc_end.exe;C:\Program Files\List_Kill'em;Tool.Killproc.3;Irréparable.Quarantaine.;
Prt.exe;C:\Program Files\List_Kill'em;Program.FPort.20;Irréparable.Quarantaine.;
Process.exe;C:\titi\SmitfraudFix;Tool.Killproc.3;Irréparable.Quarantaine.;
restart.exe;C:\titi\SmitfraudFix;Tool.ShutDown.14;Irréparable.Quarantaine.;
Process.exe;D:\titi\SmitfraudFix;Tool.Killproc.3;Irréparable.Quarantaine.;
restart.exe;D:\titi\SmitfraudFix;Tool.ShutDown.14;Irréparable.Quarantaine.;
0
Réponse 17 / 22
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
2 oct. 2010 à 10:10
salut

ok faux positive sa commence a allez mieux

fait une mise a jour malwarbyte et lance un scan complet
0
Réponse 18 / 22
claude54 Messages postés 15 Date d'inscription vendredi 2 juin 2006 Statut Membre Dernière intervention 2 octobre 2010
2 oct. 2010 à 13:20
pour info :
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4733

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

02/10/2010 12:52:05
mbam-log-2010-10-02 (12-52-05).txt

Type d'examen: Examen complet (C:\|D:\|F:\|)
Elément(s) analysé(s): 292213
Temps écoulé: 2 heure(s), 31 minute(s), 23 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 19 / 22
claude54 Messages postés 15 Date d'inscription vendredi 2 juin 2006 Statut Membre Dernière intervention 2 octobre 2010
2 oct. 2010 à 13:28
Merci beaucoup pour votre disponibilité et votre diligence, même le week-end.
Espérant que ce post puisse profiter à d'autres internautes.
Très enrichissant, à défaut de formater le disque, solution de facilité.

salutations.
0
Réponse 20 / 22
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
Modifié par benurrr le 2/10/2010 à 15:02
Télécharge DelFix sur ton bureau.

http://sd-1.archive-host.com/membres/up/17959594961240255/DelFix.exe

Lance le, tape 2 puis valide en appuyant sur [Entrée]

Patiente pendant le scan jusqu'à l'ouverture du rapport.

Copie/Colle le contenu du rapport dans ta prochaine réponse.

Note : Le rapport se trouve également sous C:\DelFixSearch
Par Manque De Curiosité On Risque De Mourir Ignorant;Tu es libre de penser que tu es C..,
Mais C.. de penser que ­tu es libre...Merci a australe13
0

Discussions similaires

j'ai perdu la clé usb de la souris sans fils
enimarix -
titou337 -

1 réponse
Roulette de souris qui change le son ???
parasteur -
leprobambii -

35 réponses
bouton CPI sur ma souris
taz -
O.Mustapha -

16 réponses
Logiciel Pour Configurer Les Bouton De Sa Souris ??? HELP
spezyful -
NASSIM2606 -

5 réponses
Comment changer le sens de la souris avec un double écran ?
Sviet531 -
Yt_mando -

51 réponses